File manager - Edit - /home/matthif/www/wp-content/languages/src.tar
Back
https-detection-20260607154209.php 0000666 00000013341 15226703612 0011776 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } Rating.php 0000666 00000003402 15226703612 0006510 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; /** * Handles `<media:rating>` or `<itunes:explicit>` tags as defined in Media RSS and iTunes RSS respectively * * Used by {@see \SimplePie\Enclosure::get_rating()} and {@see \SimplePie\Enclosure::get_ratings()} * * This class can be overloaded with {@see \SimplePie\SimplePie::set_rating_class()} */ class Rating { /** * Rating scheme * * @var ?string * @see get_scheme() */ public $scheme; /** * Rating value * * @var ?string * @see get_value() */ public $value; /** * Constructor, used to input the data * * For documentation on all the parameters, see the corresponding * properties and their accessors */ public function __construct( ?string $scheme = null, ?string $value = null ) { $this->scheme = $scheme; $this->value = $value; } /** * String-ified version * * @return string */ public function __toString() { // There is no $this->data here return md5(serialize($this)); } /** * Get the organizational scheme for the rating * * @return string|null */ public function get_scheme() { if ($this->scheme !== null) { return $this->scheme; } return null; } /** * Get the value of the rating * * @return string|null */ public function get_value() { if ($this->value !== null) { return $this->value; } return null; } } class_alias('SimplePie\Rating', 'SimplePie_Rating'); https-detection-20260605171123.php 0000666 00000013341 15226703613 0011767 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } ClientException.php 0000666 00000000515 15226703613 0010364 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use SimplePie\Exception as SimplePieException; /** * Client exception class * * @internal */ final class ClientException extends SimplePieException { } Source-20260604235731.php 0000666 00000056272 15226703613 0010130 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; /** * Handles `<atom:source>` * * Used by {@see \SimplePie\Item::get_source()} * * This class can be overloaded with {@see \SimplePie::set_source_class()} */ class Source implements RegistryAware { /** @var Item */ public $item; /** @var array<string, mixed> */ public $data = []; /** @var Registry */ protected $registry; /** * @param array<string, mixed> $data */ public function __construct(Item $item, array $data) { $this->item = $item; $this->data = $data; } /** * @return void */ public function set_registry(\SimplePie\Registry $registry) { $this->registry = $registry; } /** * @return string */ public function __toString() { return md5(serialize($this->data)); } /** * @param string $namespace * @param string $tag * @return array<array<string, mixed>>|null */ public function get_source_tags(string $namespace, string $tag) { if (isset($this->data['child'][$namespace][$tag])) { return $this->data['child'][$namespace][$tag]; } return null; } /** * @param array<string, mixed> $element * @return string */ public function get_base(array $element = []) { return $this->item->get_base($element); } /** * @param string $data * @param int-mask-of<SimplePie::CONSTRUCT_*> $type * @param string $base * @return string */ public function sanitize(string $data, $type, string $base = '') { return $this->item->sanitize($data, $type, $base); } /** * @return Item */ public function get_item() { return $this->item; } /** * @return string|null */ public function get_title() { if ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'title')) { return $this->sanitize($return[0]['data'], $this->registry->call(Misc::class, 'atom_10_construct_type', [$return[0]['attribs']]), $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'title')) { return $this->sanitize($return[0]['data'], $this->registry->call(Misc::class, 'atom_03_construct_type', [$return[0]['attribs']]), $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_10, 'title')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML, $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_090, 'title')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML, $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'title')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML, $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'title')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'title')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } return null; } /** * @param int $key * @return Category|null */ public function get_category(int $key = 0) { $categories = $this->get_categories(); if (isset($categories[$key])) { return $categories[$key]; } return null; } /** * @return array<Category>|null */ public function get_categories() { $categories = []; foreach ((array) $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'category') as $category) { $term = null; $scheme = null; $label = null; if (isset($category['attribs']['']['term'])) { $term = $this->sanitize($category['attribs']['']['term'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($category['attribs']['']['scheme'])) { $scheme = $this->sanitize($category['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($category['attribs']['']['label'])) { $label = $this->sanitize($category['attribs']['']['label'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $categories[] = $this->registry->create(Category::class, [$term, $scheme, $label]); } foreach ((array) $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'category') as $category) { // This is really the label, but keep this as the term also for BC. // Label will also work on retrieving because that falls back to term. $term = $this->sanitize($category['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); if (isset($category['attribs']['']['domain'])) { $scheme = $this->sanitize($category['attribs']['']['domain'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $scheme = null; } $categories[] = $this->registry->create(Category::class, [$term, $scheme, null]); } foreach ((array) $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'subject') as $category) { $categories[] = $this->registry->create(Category::class, [$this->sanitize($category['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT), null, null]); } foreach ((array) $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'subject') as $category) { $categories[] = $this->registry->create(Category::class, [$this->sanitize($category['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT), null, null]); } if (!empty($categories)) { return array_unique($categories); } return null; } /** * @param int $key * @return Author|null */ public function get_author(int $key = 0) { $authors = $this->get_authors(); if (isset($authors[$key])) { return $authors[$key]; } return null; } /** * @return array<Author>|null */ public function get_authors() { $authors = []; foreach ((array) $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'author') as $author) { $name = null; $uri = null; $email = null; if (isset($author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['name'][0]['data'])) { $name = $this->sanitize($author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['name'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['uri'][0]['data'])) { $uri = $author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['uri'][0]; $uri = $this->sanitize($uri['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($uri)); } if (isset($author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['email'][0]['data'])) { $email = $this->sanitize($author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['email'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if ($name !== null || $email !== null || $uri !== null) { $authors[] = $this->registry->create(Author::class, [$name, $uri, $email]); } } if ($author = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'author')) { $name = null; $url = null; $email = null; if (isset($author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['name'][0]['data'])) { $name = $this->sanitize($author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['name'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['url'][0]['data'])) { $url = $author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['url'][0]; $url = $this->sanitize($url['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($url)); } if (isset($author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['email'][0]['data'])) { $email = $this->sanitize($author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['email'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if ($name !== null || $email !== null || $url !== null) { $authors[] = $this->registry->create(Author::class, [$name, $url, $email]); } } foreach ((array) $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'creator') as $author) { $authors[] = $this->registry->create(Author::class, [$this->sanitize($author['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT), null, null]); } foreach ((array) $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'creator') as $author) { $authors[] = $this->registry->create(Author::class, [$this->sanitize($author['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT), null, null]); } foreach ((array) $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'author') as $author) { $authors[] = $this->registry->create(Author::class, [$this->sanitize($author['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT), null, null]); } if (!empty($authors)) { return array_unique($authors); } return null; } /** * @param int $key * @return Author|null */ public function get_contributor(int $key = 0) { $contributors = $this->get_contributors(); if (isset($contributors[$key])) { return $contributors[$key]; } return null; } /** * @return array<Author>|null */ public function get_contributors() { $contributors = []; foreach ((array) $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'contributor') as $contributor) { $name = null; $uri = null; $email = null; if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['name'][0]['data'])) { $name = $this->sanitize($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['name'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['uri'][0]['data'])) { $uri = $contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['uri'][0]; $uri = $this->sanitize($uri['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($uri)); } if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['email'][0]['data'])) { $email = $this->sanitize($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['email'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if ($name !== null || $email !== null || $uri !== null) { $contributors[] = $this->registry->create(Author::class, [$name, $uri, $email]); } } foreach ((array) $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'contributor') as $contributor) { $name = null; $url = null; $email = null; if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['name'][0]['data'])) { $name = $this->sanitize($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['name'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['url'][0]['data'])) { $url = $contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['url'][0]; $url = $this->sanitize($url['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($url)); } if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['email'][0]['data'])) { $email = $this->sanitize($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['email'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if ($name !== null || $email !== null || $url !== null) { $contributors[] = $this->registry->create(Author::class, [$name, $url, $email]); } } if (!empty($contributors)) { return array_unique($contributors); } return null; } /** * @param int $key * @param string $rel * @return string|null */ public function get_link(int $key = 0, string $rel = 'alternate') { $links = $this->get_links($rel); if (isset($links[$key])) { return $links[$key]; } return null; } /** * Added for parity between the parent-level and the item/entry-level. * * @return string|null */ public function get_permalink() { return $this->get_link(0); } /** * @param string $rel * @return array<string>|null */ public function get_links(string $rel = 'alternate') { if (!isset($this->data['links'])) { $this->data['links'] = []; if ($links = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'link')) { foreach ($links as $link) { if (isset($link['attribs']['']['href'])) { $link_rel = (isset($link['attribs']['']['rel'])) ? $link['attribs']['']['rel'] : 'alternate'; $this->data['links'][$link_rel][] = $this->sanitize($link['attribs']['']['href'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($link)); } } } if ($links = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'link')) { foreach ($links as $link) { if (isset($link['attribs']['']['href'])) { $link_rel = (isset($link['attribs']['']['rel'])) ? $link['attribs']['']['rel'] : 'alternate'; $this->data['links'][$link_rel][] = $this->sanitize($link['attribs']['']['href'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($link)); } } } if ($links = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_10, 'link')) { $this->data['links']['alternate'][] = $this->sanitize($links[0]['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($links[0])); } if ($links = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_090, 'link')) { $this->data['links']['alternate'][] = $this->sanitize($links[0]['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($links[0])); } if ($links = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'link')) { $this->data['links']['alternate'][] = $this->sanitize($links[0]['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($links[0])); } $keys = array_keys($this->data['links']); foreach ($keys as $key) { $key = (string) $key; if ($this->registry->call(Misc::class, 'is_isegment_nz_nc', [$key])) { if (isset($this->data['links'][\SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY . $key])) { $this->data['links'][\SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY . $key] = array_merge($this->data['links'][$key], $this->data['links'][\SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY . $key]); $this->data['links'][$key] = &$this->data['links'][\SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY . $key]; } else { $this->data['links'][\SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY . $key] = &$this->data['links'][$key]; } } elseif (substr($key, 0, 41) === \SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY) { $this->data['links'][substr($key, 41)] = &$this->data['links'][$key]; } $this->data['links'][$key] = array_unique($this->data['links'][$key]); } } if (isset($this->data['links'][$rel])) { return $this->data['links'][$rel]; } return null; } /** * @return string|null */ public function get_description() { if ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'subtitle')) { return $this->sanitize($return[0]['data'], $this->registry->call(Misc::class, 'atom_10_construct_type', [$return[0]['attribs']]), $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'tagline')) { return $this->sanitize($return[0]['data'], $this->registry->call(Misc::class, 'atom_03_construct_type', [$return[0]['attribs']]), $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_10, 'description')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML, $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_090, 'description')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML, $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'description')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML, $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'description')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'description')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'summary')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_HTML, $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'subtitle')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_HTML, $this->get_base($return[0])); } return null; } /** * @return string|null */ public function get_copyright() { if ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'rights')) { return $this->sanitize($return[0]['data'], $this->registry->call(Misc::class, 'atom_10_construct_type', [$return[0]['attribs']]), $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'copyright')) { return $this->sanitize($return[0]['data'], $this->registry->call(Misc::class, 'atom_03_construct_type', [$return[0]['attribs']]), $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'copyright')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'rights')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'rights')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } return null; } /** * @return string|null */ public function get_language() { if ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'language')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'language')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'language')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif (isset($this->data['xml_lang'])) { return $this->sanitize($this->data['xml_lang'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } return null; } /** * @return float|null */ public function get_latitude() { if ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_W3C_BASIC_GEO, 'lat')) { return (float) $return[0]['data']; } elseif (($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_GEORSS, 'point')) && preg_match('/^((?:-)?[0-9]+(?:\.[0-9]+)) ((?:-)?[0-9]+(?:\.[0-9]+))$/', trim($return[0]['data']), $match)) { return (float) $match[1]; } return null; } /** * @return float|null */ public function get_longitude() { if ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_W3C_BASIC_GEO, 'long')) { return (float) $return[0]['data']; } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_W3C_BASIC_GEO, 'lon')) { return (float) $return[0]['data']; } elseif (($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_GEORSS, 'point')) && preg_match('/^((?:-)?[0-9]+(?:\.[0-9]+)) ((?:-)?[0-9]+(?:\.[0-9]+))$/', trim($return[0]['data']), $match)) { return (float) $match[2]; } return null; } /** * @return string|null */ public function get_image_url() { if ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'image')) { return $this->sanitize($return[0]['attribs']['']['href'], \SimplePie\SimplePie::CONSTRUCT_IRI); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'logo')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($return[0])); } elseif ($return = $this->get_source_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'icon')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($return[0])); } return null; } } class_alias('SimplePie\Source', 'SimplePie_Source'); Credit.php 0000666 00000004140 15226703613 0006477 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; /** * Handles `<media:credit>` as defined in Media RSS * * Used by {@see \SimplePie\Enclosure::get_credit()} and {@see \SimplePie\Enclosure::get_credits()} * * This class can be overloaded with {@see \SimplePie\SimplePie::set_credit_class()} */ class Credit { /** * Credited role * * @var ?string * @see get_role() */ public $role; /** * Organizational scheme * * @var ?string * @see get_scheme() */ public $scheme; /** * Credited name * * @var ?string * @see get_name() */ public $name; /** * Constructor, used to input the data * * For documentation on all the parameters, see the corresponding * properties and their accessors */ public function __construct( ?string $role = null, ?string $scheme = null, ?string $name = null ) { $this->role = $role; $this->scheme = $scheme; $this->name = $name; } /** * String-ified version * * @return string */ public function __toString() { // There is no $this->data here return md5(serialize($this)); } /** * Get the role of the person receiving credit * * @return string|null */ public function get_role() { if ($this->role !== null) { return $this->role; } return null; } /** * Get the organizational scheme * * @return string|null */ public function get_scheme() { if ($this->scheme !== null) { return $this->scheme; } return null; } /** * Get the credited person/entity's name * * @return string|null */ public function get_name() { if ($this->name !== null) { return $this->name; } return null; } } class_alias('SimplePie\Credit', 'SimplePie_Credit'); Parse/https-migration-20260606220702.php 0000666 00000011205 15226703613 0013050 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } Parse/https-detection-20260607002724.php 0000666 00000013341 15226703613 0013043 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } Parse/string.php 0000666 00000020233 15226703613 0007646 0 ustar 00 <?php /** * Parses unified or context diffs output from eg. the diff utility. * * Example: * <code> * $patch = file_get_contents('example.patch'); * $diff = new Text_Diff('string', array($patch)); * $renderer = new Text_Diff_Renderer_inline(); * echo $renderer->render($diff); * </code> * * Copyright 2005 Örjan Persson <o@42mm.org> * Copyright 2005-2010 The Horde Project (http://www.horde.org/) * * See the enclosed file COPYING for license information (LGPL). If you did * not receive this file, see https://opensource.org/license/lgpl-2-1/. * * @author Örjan Persson <o@42mm.org> * @package Text_Diff * @since 0.2.0 */ class Text_Diff_Engine_string { /** * Parses a unified or context diff. * * First param contains the whole diff and the second can be used to force * a specific diff type. If the second parameter is 'autodetect', the * diff will be examined to find out which type of diff this is. * * @param string $diff The diff content. * @param string $mode The diff mode of the content in $diff. One of * 'context', 'unified', or 'autodetect'. * * @return array List of all diff operations. */ function diff($diff, $mode = 'autodetect') { // Detect line breaks. $lnbr = "\n"; if (strpos($diff, "\r\n") !== false) { $lnbr = "\r\n"; } elseif (strpos($diff, "\r") !== false) { $lnbr = "\r"; } // Make sure we have a line break at the EOF. if (substr($diff, -strlen($lnbr)) != $lnbr) { $diff .= $lnbr; } if ($mode != 'autodetect' && $mode != 'context' && $mode != 'unified') { return PEAR::raiseError('Type of diff is unsupported'); } if ($mode == 'autodetect') { $context = strpos($diff, '***'); $unified = strpos($diff, '---'); if ($context === $unified) { return PEAR::raiseError('Type of diff could not be detected'); } elseif ($context === false || $unified === false) { $mode = $context !== false ? 'context' : 'unified'; } else { $mode = $context < $unified ? 'context' : 'unified'; } } // Split by new line and remove the diff header, if there is one. $diff = explode($lnbr, $diff); if (($mode == 'context' && strpos($diff[0], '***') === 0) || ($mode == 'unified' && strpos($diff[0], '---') === 0)) { array_shift($diff); array_shift($diff); } if ($mode == 'context') { return $this->parseContextDiff($diff); } else { return $this->parseUnifiedDiff($diff); } } /** * Parses an array containing the unified diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseUnifiedDiff($diff) { $edits = array(); $end = count($diff) - 1; for ($i = 0; $i < $end;) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case ' ': do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == ' '); $edits[] = new Text_Diff_Op_copy($diff1); break; case '+': // get all new lines do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': // get changed or removed lines $diff2 = array(); do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '-'); while ($i < $end && substr($diff[$i], 0, 1) == '+') { $diff2[] = substr($diff[$i++], 1); } if (count($diff2) == 0) { $edits[] = new Text_Diff_Op_delete($diff1); } else { $edits[] = new Text_Diff_Op_change($diff1, $diff2); } break; default: $i++; break; } } return $edits; } /** * Parses an array containing the context diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseContextDiff(&$diff) { $edits = array(); $i = $max_i = $j = $max_j = 0; $end = count($diff) - 1; while ($i < $end && $j < $end) { while ($i >= $max_i && $j >= $max_j) { // Find the boundaries of the diff output of the two files for ($i = $j; $i < $end && substr($diff[$i], 0, 3) == '***'; $i++); for ($max_i = $i; $max_i < $end && substr($diff[$max_i], 0, 3) != '---'; $max_i++); for ($j = $max_i; $j < $end && substr($diff[$j], 0, 3) == '---'; $j++); for ($max_j = $j; $max_j < $end && substr($diff[$max_j], 0, 3) != '***'; $max_j++); } // find what hasn't been changed $array = array(); while ($i < $max_i && $j < $max_j && strcmp($diff[$i], $diff[$j]) == 0) { $array[] = substr($diff[$i], 2); $i++; $j++; } while ($i < $max_i && ($max_j-$j) <= 1) { if ($diff[$i] != '' && substr($diff[$i], 0, 1) != ' ') { break; } $array[] = substr($diff[$i++], 2); } while ($j < $max_j && ($max_i-$i) <= 1) { if ($diff[$j] != '' && substr($diff[$j], 0, 1) != ' ') { break; } $array[] = substr($diff[$j++], 2); } if (count($array) > 0) { $edits[] = new Text_Diff_Op_copy($array); } if ($i < $max_i) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case '!': $diff2 = array(); do { $diff1[] = substr($diff[$i], 2); if ($j < $max_j && substr($diff[$j], 0, 1) == '!') { $diff2[] = substr($diff[$j++], 2); } } while (++$i < $max_i && substr($diff[$i], 0, 1) == '!'); $edits[] = new Text_Diff_Op_change($diff1, $diff2); break; case '+': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff1); break; } } if ($j < $max_j) { $diff2 = array(); switch (substr($diff[$j], 0, 1)) { case '+': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff2); break; case '-': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff2); break; } } } return $edits; } } Parse/https-migration-20260606185434.php 0000666 00000011205 15226703613 0013064 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } Parse/https-detection-20260606091251.php 0000666 00000013341 15226703613 0013045 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } Parse/https-detection.php 0000666 00000013341 15226703613 0011460 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } Parse/https-migration-20260606092011.php 0000666 00000011205 15226703613 0013050 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } Parse/https-migration.php 0000666 00000011205 15226703613 0011470 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } Parse/https-detection-20260605034026.php 0000666 00000013341 15226703613 0013041 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } Parse/https-migration-20260605225728.php 0000666 00000011205 15226703613 0013064 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } Parse/Date.php 0000666 00000062206 15226703613 0007223 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\Parse; /** * Date Parser */ class Date { /** * Input data * * @access protected * @var string */ public $date; /** * List of days, calendar day name => ordinal day number in the week * * @access protected * @var array<string, int<1,7>> */ public $day = [ // English 'mon' => 1, 'monday' => 1, 'tue' => 2, 'tuesday' => 2, 'wed' => 3, 'wednesday' => 3, 'thu' => 4, 'thursday' => 4, 'fri' => 5, 'friday' => 5, 'sat' => 6, 'saturday' => 6, 'sun' => 7, 'sunday' => 7, // Dutch 'maandag' => 1, 'dinsdag' => 2, 'woensdag' => 3, 'donderdag' => 4, 'vrijdag' => 5, 'zaterdag' => 6, 'zondag' => 7, // French 'lundi' => 1, 'mardi' => 2, 'mercredi' => 3, 'jeudi' => 4, 'vendredi' => 5, 'samedi' => 6, 'dimanche' => 7, // German 'montag' => 1, 'mo' => 1, 'dienstag' => 2, 'di' => 2, 'mittwoch' => 3, 'mi' => 3, 'donnerstag' => 4, 'do' => 4, 'freitag' => 5, 'fr' => 5, 'samstag' => 6, 'sa' => 6, 'sonnabend' => 6, // AFAIK no short form for sonnabend 'so' => 7, 'sonntag' => 7, // Italian 'lunedì' => 1, 'martedì' => 2, 'mercoledì' => 3, 'giovedì' => 4, 'venerdì' => 5, 'sabato' => 6, 'domenica' => 7, // Spanish 'lunes' => 1, 'martes' => 2, 'miércoles' => 3, 'jueves' => 4, 'viernes' => 5, 'sábado' => 6, 'domingo' => 7, // Finnish 'maanantai' => 1, 'tiistai' => 2, 'keskiviikko' => 3, 'torstai' => 4, 'perjantai' => 5, 'lauantai' => 6, 'sunnuntai' => 7, // Hungarian 'hétfő' => 1, 'kedd' => 2, 'szerda' => 3, 'csütörtok' => 4, 'péntek' => 5, 'szombat' => 6, 'vasárnap' => 7, // Greek 'Δευ' => 1, 'Τρι' => 2, 'Τετ' => 3, 'Πεμ' => 4, 'Παρ' => 5, 'Σαβ' => 6, 'Κυρ' => 7, // Russian 'Пн.' => 1, 'Вт.' => 2, 'Ср.' => 3, 'Чт.' => 4, 'Пт.' => 5, 'Сб.' => 6, 'Вс.' => 7, ]; /** * List of months, calendar month name => calendar month number * * @access protected * @var array<string, int<1,12>> */ public $month = [ // English 'jan' => 1, 'january' => 1, 'feb' => 2, 'february' => 2, 'mar' => 3, 'march' => 3, 'apr' => 4, 'april' => 4, 'may' => 5, // No long form of May 'jun' => 6, 'june' => 6, 'jul' => 7, 'july' => 7, 'aug' => 8, 'august' => 8, 'sep' => 9, 'september' => 9, 'oct' => 10, 'october' => 10, 'nov' => 11, 'november' => 11, 'dec' => 12, 'december' => 12, // Dutch 'januari' => 1, 'februari' => 2, 'maart' => 3, // 'april' => 4, 'mei' => 5, 'juni' => 6, 'juli' => 7, 'augustus' => 8, // 'september' => 9, 'oktober' => 10, // 'november' => 11, // 'december' => 12, // French 'janvier' => 1, 'février' => 2, 'mars' => 3, 'avril' => 4, 'mai' => 5, 'juin' => 6, 'juillet' => 7, 'août' => 8, 'septembre' => 9, 'octobre' => 10, 'novembre' => 11, 'décembre' => 12, // German 'januar' => 1, // 'jan' => 1, 'februar' => 2, // 'feb' => 2, 'märz' => 3, 'mär' => 3, // 'april' => 4, // 'apr' => 4, // 'mai' => 5, // no short form for may // 'juni' => 6, // 'jun' => 6, // 'juli' => 7, // 'jul' => 7, // 'august' => 8, // 'aug' => 8, // 'september' => 9, // 'sep' => 9, // 'oktober' => 10, 'okt' => 10, // 'november' => 11, // 'nov' => 11, 'dezember' => 12, 'dez' => 12, // Italian 'gennaio' => 1, 'febbraio' => 2, 'marzo' => 3, 'aprile' => 4, 'maggio' => 5, 'giugno' => 6, 'luglio' => 7, 'agosto' => 8, 'settembre' => 9, 'ottobre' => 10, // 'novembre' => 11, 'dicembre' => 12, // Spanish 'enero' => 1, 'febrero' => 2, // 'marzo' => 3, 'abril' => 4, 'mayo' => 5, 'junio' => 6, 'julio' => 7, // 'agosto' => 8, 'septiembre' => 9, 'setiembre' => 9, 'octubre' => 10, 'noviembre' => 11, 'diciembre' => 12, // Finnish 'tammikuu' => 1, 'helmikuu' => 2, 'maaliskuu' => 3, 'huhtikuu' => 4, 'toukokuu' => 5, 'kesäkuu' => 6, 'heinäkuu' => 7, 'elokuu' => 8, 'suuskuu' => 9, 'lokakuu' => 10, 'marras' => 11, 'joulukuu' => 12, // Hungarian 'január' => 1, 'február' => 2, 'március' => 3, 'április' => 4, 'május' => 5, 'június' => 6, 'július' => 7, 'augusztus' => 8, 'szeptember' => 9, 'október' => 10, // 'november' => 11, // 'december' => 12, // Greek 'Ιαν' => 1, 'Φεβ' => 2, 'Μάώ' => 3, 'Μαώ' => 3, 'Απρ' => 4, 'Μάι' => 5, 'Μαϊ' => 5, 'Μαι' => 5, 'Ιούν' => 6, 'Ιον' => 6, 'Ιούλ' => 7, 'Ιολ' => 7, 'Αύγ' => 8, 'Αυγ' => 8, 'Σεπ' => 9, 'Οκτ' => 10, 'Νοέ' => 11, 'Δεκ' => 12, // Russian 'Янв' => 1, 'января' => 1, 'Фев' => 2, 'февраля' => 2, 'Мар' => 3, 'марта' => 3, 'Апр' => 4, 'апреля' => 4, 'Май' => 5, 'мая' => 5, 'Июн' => 6, 'июня' => 6, 'Июл' => 7, 'июля' => 7, 'Авг' => 8, 'августа' => 8, 'Сен' => 9, 'сентября' => 9, 'Окт' => 10, 'октября' => 10, 'Ноя' => 11, 'ноября' => 11, 'Дек' => 12, 'декабря' => 12, ]; /** * List of timezones, abbreviation => offset from UTC * * @access protected * @var array<string, int> */ public $timezone = [ 'ACDT' => 37800, 'ACIT' => 28800, 'ACST' => 34200, 'ACT' => -18000, 'ACWDT' => 35100, 'ACWST' => 31500, 'AEDT' => 39600, 'AEST' => 36000, 'AFT' => 16200, 'AKDT' => -28800, 'AKST' => -32400, 'AMDT' => 18000, 'AMT' => -14400, 'ANAST' => 46800, 'ANAT' => 43200, 'ART' => -10800, 'AZOST' => -3600, 'AZST' => 18000, 'AZT' => 14400, 'BIOT' => 21600, 'BIT' => -43200, 'BOT' => -14400, 'BRST' => -7200, 'BRT' => -10800, 'BST' => 3600, 'BTT' => 21600, 'CAST' => 18000, 'CAT' => 7200, 'CCT' => 23400, 'CDT' => -18000, 'CEDT' => 7200, 'CEST' => 7200, 'CET' => 3600, 'CGST' => -7200, 'CGT' => -10800, 'CHADT' => 49500, 'CHAST' => 45900, 'CIST' => -28800, 'CKT' => -36000, 'CLDT' => -10800, 'CLST' => -14400, 'COT' => -18000, 'CST' => -21600, 'CVT' => -3600, 'CXT' => 25200, 'DAVT' => 25200, 'DTAT' => 36000, 'EADT' => -18000, 'EAST' => -21600, 'EAT' => 10800, 'ECT' => -18000, 'EDT' => -14400, 'EEST' => 10800, 'EET' => 7200, 'EGT' => -3600, 'EKST' => 21600, 'EST' => -18000, 'FJT' => 43200, 'FKDT' => -10800, 'FKST' => -14400, 'FNT' => -7200, 'GALT' => -21600, 'GEDT' => 14400, 'GEST' => 10800, 'GFT' => -10800, 'GILT' => 43200, 'GIT' => -32400, 'GST' => 14400, // 'GST' => -7200, 'GYT' => -14400, 'HAA' => -10800, 'HAC' => -18000, 'HADT' => -32400, 'HAE' => -14400, 'HAP' => -25200, 'HAR' => -21600, 'HAST' => -36000, 'HAT' => -9000, 'HAY' => -28800, 'HKST' => 28800, 'HMT' => 18000, 'HNA' => -14400, 'HNC' => -21600, 'HNE' => -18000, 'HNP' => -28800, 'HNR' => -25200, 'HNT' => -12600, 'HNY' => -32400, 'IRDT' => 16200, 'IRKST' => 32400, 'IRKT' => 28800, 'IRST' => 12600, 'JFDT' => -10800, 'JFST' => -14400, 'JST' => 32400, 'KGST' => 21600, 'KGT' => 18000, 'KOST' => 39600, 'KOVST' => 28800, 'KOVT' => 25200, 'KRAST' => 28800, 'KRAT' => 25200, 'KST' => 32400, 'LHDT' => 39600, 'LHST' => 37800, 'LINT' => 50400, 'LKT' => 21600, 'MAGST' => 43200, 'MAGT' => 39600, 'MAWT' => 21600, 'MDT' => -21600, 'MESZ' => 7200, 'MEZ' => 3600, 'MHT' => 43200, 'MIT' => -34200, 'MNST' => 32400, 'MSDT' => 14400, 'MSST' => 10800, 'MST' => -25200, 'MUT' => 14400, 'MVT' => 18000, 'MYT' => 28800, 'NCT' => 39600, 'NDT' => -9000, 'NFT' => 41400, 'NMIT' => 36000, 'NOVST' => 25200, 'NOVT' => 21600, 'NPT' => 20700, 'NRT' => 43200, 'NST' => -12600, 'NUT' => -39600, 'NZDT' => 46800, 'NZST' => 43200, 'OMSST' => 25200, 'OMST' => 21600, 'PDT' => -25200, 'PET' => -18000, 'PETST' => 46800, 'PETT' => 43200, 'PGT' => 36000, 'PHOT' => 46800, 'PHT' => 28800, 'PKT' => 18000, 'PMDT' => -7200, 'PMST' => -10800, 'PONT' => 39600, 'PST' => -28800, 'PWT' => 32400, 'PYST' => -10800, 'PYT' => -14400, 'RET' => 14400, 'ROTT' => -10800, 'SAMST' => 18000, 'SAMT' => 14400, 'SAST' => 7200, 'SBT' => 39600, 'SCDT' => 46800, 'SCST' => 43200, 'SCT' => 14400, 'SEST' => 3600, 'SGT' => 28800, 'SIT' => 28800, 'SRT' => -10800, 'SST' => -39600, 'SYST' => 10800, 'SYT' => 7200, 'TFT' => 18000, 'THAT' => -36000, 'TJT' => 18000, 'TKT' => -36000, 'TMT' => 18000, 'TOT' => 46800, 'TPT' => 32400, 'TRUT' => 36000, 'TVT' => 43200, 'TWT' => 28800, 'UYST' => -7200, 'UYT' => -10800, 'UZT' => 18000, 'VET' => -14400, 'VLAST' => 39600, 'VLAT' => 36000, 'VOST' => 21600, 'VUT' => 39600, 'WAST' => 7200, 'WAT' => 3600, 'WDT' => 32400, 'WEST' => 3600, 'WFT' => 43200, 'WIB' => 25200, 'WIT' => 32400, 'WITA' => 28800, 'WKST' => 18000, 'WST' => 28800, 'YAKST' => 36000, 'YAKT' => 32400, 'YAPT' => 36000, 'YEKST' => 21600, 'YEKT' => 18000, ]; /** * Cached PCRE for Date::$day * * @access protected * @var string */ public $day_pcre; /** * Cached PCRE for Date::$month * * @access protected * @var string */ public $month_pcre; /** * Array of user-added callback methods * * @access private * @var array<string> */ public $built_in = []; /** * Array of user-added callback methods * * @access private * @var array<callable(string): (int|false)> */ public $user = []; /** * Create new Date object, and set self::day_pcre, * self::month_pcre, and self::built_in * * @access private */ public function __construct() { $this->day_pcre = '(' . implode('|', array_keys($this->day)) . ')'; $this->month_pcre = '(' . implode('|', array_keys($this->month)) . ')'; static $cache; if (!isset($cache[get_class($this)])) { $all_methods = get_class_methods($this); foreach ($all_methods as $method) { if (strtolower(substr($method, 0, 5)) === 'date_') { $cache[get_class($this)][] = $method; } } } foreach ($cache[get_class($this)] as $method) { $this->built_in[] = $method; } } /** * Get the object * * @access public * @return Date */ public static function get() { static $object; if (!$object) { $object = new Date(); } return $object; } /** * Parse a date * * @final * @access public * @param string $date Date to parse * @return int|false Timestamp corresponding to date string, or false on failure */ public function parse(string $date) { foreach ($this->user as $method) { if (($returned = call_user_func($method, $date)) !== false) { return (int) $returned; } } foreach ($this->built_in as $method) { // TODO: we should really check this in constructor but that would require private properties. /** @var callable(string): (int|false) */ $callable = [$this, $method]; if (($returned = call_user_func($callable, $date)) !== false) { return $returned; } } return false; } /** * Add a callback method to parse a date * * @final * @access public * @param callable $callback * @return void */ public function add_callback(callable $callback) { $this->user[] = $callback; } /** * Parse a superset of W3C-DTF (allows hyphens and colons to be omitted, as * well as allowing any of upper or lower case "T", horizontal tabs, or * spaces to be used as the time separator (including more than one)) * * @access protected * @param string $date * @return int|false Timestamp */ public function date_w3cdtf(string $date) { $pcre = <<<'PCRE' / ^ (?P<year>[0-9]{4}) (?: -? (?P<month>[0-9]{2}) (?: -? (?P<day>[0-9]{2}) (?: [Tt\x09\x20]+ (?P<hour>[0-9]{2}) (?: :? (?P<minute>[0-9]{2}) (?: :? (?P<second>[0-9]{2}) (?: . (?P<second_fraction>[0-9]*) )? )? )? (?: (?P<zulu>Z) | (?P<tz_sign>[+\-]) (?P<tz_hour>[0-9]{1,2}) :? (?P<tz_minute>[0-9]{1,2}) ) )? )? )? $ /x PCRE; if (preg_match($pcre, $date, $match)) { // Fill in empty matches and convert to proper types. $year = (int) $match['year']; $month = isset($match['month']) ? (int) $match['month'] : 1; $day = isset($match['day']) ? (int) $match['day'] : 1; $hour = isset($match['hour']) ? (int) $match['hour'] : 0; $minute = isset($match['minute']) ? (int) $match['minute'] : 0; $second = isset($match['second']) ? (int) $match['second'] : 0; $second_fraction = isset($match['second_fraction']) ? ((int) $match['second_fraction']) / (10 ** strlen($match['second_fraction'])) : 0; $tz_sign = ($match['tz_sign'] ?? '') === '-' ? -1 : 1; $tz_hour = isset($match['tz_hour']) ? (int) $match['tz_hour'] : 0; $tz_minute = isset($match['tz_minute']) ? (int) $match['tz_minute'] : 0; // Numeric timezone $timezone = $tz_hour * 3600; $timezone += $tz_minute * 60; $timezone *= $tz_sign; // Convert the number of seconds to an integer, taking decimals into account $second = (int) round($second + $second_fraction); return gmmktime($hour, $minute, $second, $month, $day, $year) - $timezone; } return false; } /** * Remove RFC822 comments * * @access protected * @param string $string Data to strip comments from * @return string Comment stripped string */ public function remove_rfc2822_comments(string $string) { $position = 0; $length = strlen($string); $depth = 0; $output = ''; while ($position < $length && ($pos = strpos($string, '(', $position)) !== false) { $output .= substr($string, $position, $pos - $position); $position = $pos + 1; if ($pos === 0 || $string[$pos - 1] !== '\\') { $depth++; while ($depth && $position < $length) { $position += strcspn($string, '()', $position); if ($string[$position - 1] === '\\') { $position++; continue; } elseif (isset($string[$position])) { switch ($string[$position]) { case '(': $depth++; break; case ')': $depth--; break; } $position++; } else { break; } } } else { $output .= '('; } } $output .= substr($string, $position); return $output; } /** * Parse RFC2822's date format * * @access protected * @param string $date * @return int|false Timestamp */ public function date_rfc2822(string $date) { static $pcre; if (!$pcre) { $wsp = '[\x09\x20]'; $fws = '(?:' . $wsp . '+|' . $wsp . '*(?:\x0D\x0A' . $wsp . '+)+)'; $optional_fws = $fws . '?'; $day_name = $this->day_pcre; $month = $this->month_pcre; $day = '([0-9]{1,2})'; $hour = $minute = $second = '([0-9]{2})'; $year = '([0-9]{2,4})'; $num_zone = '([+\-])([0-9]{2})([0-9]{2})'; $character_zone = '([A-Z]{1,5})'; $zone = '(?:' . $num_zone . '|' . $character_zone . ')'; $pcre = '/(?:' . $optional_fws . $day_name . $optional_fws . ',)?' . $optional_fws . $day . $fws . $month . $fws . $year . $fws . $hour . $optional_fws . ':' . $optional_fws . $minute . '(?:' . $optional_fws . ':' . $optional_fws . $second . ')?' . $fws . $zone . '/i'; } if (preg_match($pcre, $this->remove_rfc2822_comments($date), $match)) { /* Capturing subpatterns: 1: Day name 2: Day 3: Month 4: Year 5: Hour 6: Minute 7: Second 8: Timezone ± 9: Timezone hours 10: Timezone minutes 11: Alphabetic timezone */ $day = (int) $match[2]; // Find the month number $month = $this->month[strtolower($match[3])]; $year = (int) $match[4]; $hour = (int) $match[5]; $minute = (int) $match[6]; // Second is optional, if it is empty set it to zero $second = (int) $match[7]; $tz_sign = $match[8]; $tz_hour = (int) $match[9]; $tz_minute = (int) $match[10]; $tz_code = isset($match[11]) ? strtoupper($match[11]) : ''; // Numeric timezone if ($tz_sign !== '') { $timezone = $tz_hour * 3600; $timezone += $tz_minute * 60; if ($tz_sign === '-') { $timezone = 0 - $timezone; } } // Character timezone elseif (isset($this->timezone[$tz_code])) { $timezone = $this->timezone[$tz_code]; } // Assume everything else to be -0000 else { $timezone = 0; } // Deal with 2/3 digit years if ($year < 50) { $year += 2000; } elseif ($year < 1000) { $year += 1900; } return gmmktime($hour, $minute, $second, $month, $day, $year) - $timezone; } return false; } /** * Parse RFC850's date format * * @access protected * @param string $date * @return int|false Timestamp */ public function date_rfc850(string $date) { static $pcre; if (!$pcre) { $space = '[\x09\x20]+'; $day_name = $this->day_pcre; $month = $this->month_pcre; $day = '([0-9]{1,2})'; $year = $hour = $minute = $second = '([0-9]{2})'; $zone = '([A-Z]{1,5})'; $pcre = '/^' . $day_name . ',' . $space . $day . '-' . $month . '-' . $year . $space . $hour . ':' . $minute . ':' . $second . $space . $zone . '$/i'; } if (preg_match($pcre, $date, $match)) { /* Capturing subpatterns: 1: Day name 2: Day 3: Month 4: Year 5: Hour 6: Minute 7: Second 8: Timezone */ $day = (int) $match[2]; // Month $month = $this->month[strtolower($match[3])]; $year = (int) $match[4]; $hour = (int) $match[5]; $minute = (int) $match[6]; // Second is optional, if it is empty set it to zero $second = (int) $match[7]; $tz_code = strtoupper($match[8]); // Character timezone if (isset($this->timezone[$tz_code])) { $timezone = $this->timezone[$tz_code]; } // Assume everything else to be -0000 else { $timezone = 0; } // Deal with 2 digit year if ($year < 50) { $year += 2000; } else { $year += 1900; } return gmmktime($hour, $minute, $second, $month, $day, $year) - $timezone; } return false; } /** * Parse C99's asctime()'s date format * * @access protected * @param string $date * @return int|false Timestamp */ public function date_asctime(string $date) { static $pcre; if (!$pcre) { $space = '[\x09\x20]+'; $wday_name = $this->day_pcre; $mon_name = $this->month_pcre; $day = '([0-9]{1,2})'; $hour = $sec = $min = '([0-9]{2})'; $year = '([0-9]{4})'; $terminator = '\x0A?\x00?'; $pcre = '/^' . $wday_name . $space . $mon_name . $space . $day . $space . $hour . ':' . $min . ':' . $sec . $space . $year . $terminator . '$/i'; } if (preg_match($pcre, $date, $match)) { /* Capturing subpatterns: 1: Day name 2: Month 3: Day 4: Hour 5: Minute 6: Second 7: Year */ $month = $this->month[strtolower($match[2])]; return gmmktime((int) $match[4], (int) $match[5], (int) $match[6], $month, (int) $match[3], (int) $match[7]); } return false; } /** * Parse dates using strtotime() * * @access protected * @param string $date * @return int|false Timestamp */ public function date_strtotime(string $date) { $strtotime = strtotime($date); if ($strtotime === -1 || $strtotime === false) { return false; } return $strtotime; } } class_alias('SimplePie\Parse\Date', 'SimplePie_Parse_Date'); Parse/https-detection-20260606164229.php 0000666 00000013341 15226703613 0013053 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } Parse/https-migration-20260606064515.php 0000666 00000011205 15226703613 0013060 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } Parse/https-detection-20260605111237.php 0000666 00000013341 15226703613 0013041 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605171925.php 0000666 00000011205 15226703613 0012011 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } Parser.php 0000666 00000104064 15226703613 0006527 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; use SimplePie\XML\Declaration\Parser as DeclarationParser; use XMLParser; /** * Parses XML into something sane * * * This class can be overloaded with {@see \SimplePie\SimplePie::set_parser_class()} */ class Parser implements RegistryAware { /** @var int */ public $error_code; /** @var string */ public $error_string; /** @var int */ public $current_line; /** @var int */ public $current_column; /** @var int */ public $current_byte; /** @var string */ public $separator = ' '; /** @var string[] */ public $namespace = ['']; /** @var string[] */ public $element = ['']; /** @var string[] */ public $xml_base = ['']; /** @var bool[] */ public $xml_base_explicit = [false]; /** @var string[] */ public $xml_lang = ['']; /** @var array<string, mixed> */ public $data = []; /** @var array<array<string, mixed>> */ public $datas = [[]]; /** @var int */ public $current_xhtml_construct = -1; /** @var string */ public $encoding; /** @var Registry */ protected $registry; /** * @return void */ public function set_registry(\SimplePie\Registry $registry) { $this->registry = $registry; } /** * @return bool */ public function parse(string &$data, string $encoding, string $url = '') { if (class_exists('DOMXpath') && function_exists('Mf2\parse')) { $doc = new \DOMDocument(); @$doc->loadHTML($data); $xpath = new \DOMXpath($doc); // Check for both h-feed and h-entry, as both a feed with no entries // and a list of entries without an h-feed wrapper are both valid. $query = '//*[contains(concat(" ", @class, " "), " h-feed ") or '. 'contains(concat(" ", @class, " "), " h-entry ")]'; /** @var \DOMNodeList<\DOMElement> $result */ $result = $xpath->query($query); if ($result->length !== 0) { return $this->parse_microformats($data, $url); } } // Use UTF-8 if we get passed US-ASCII, as every US-ASCII character is a UTF-8 character if (strtoupper($encoding) === 'US-ASCII') { $this->encoding = 'UTF-8'; } else { $this->encoding = $encoding; } // Strip BOM: // UTF-32 Big Endian BOM if (substr($data, 0, 4) === "\x00\x00\xFE\xFF") { $data = substr($data, 4); } // UTF-32 Little Endian BOM elseif (substr($data, 0, 4) === "\xFF\xFE\x00\x00") { $data = substr($data, 4); } // UTF-16 Big Endian BOM elseif (substr($data, 0, 2) === "\xFE\xFF") { $data = substr($data, 2); } // UTF-16 Little Endian BOM elseif (substr($data, 0, 2) === "\xFF\xFE") { $data = substr($data, 2); } // UTF-8 BOM elseif (substr($data, 0, 3) === "\xEF\xBB\xBF") { $data = substr($data, 3); } if (substr($data, 0, 5) === '<?xml' && strspn(substr($data, 5, 1), "\x09\x0A\x0D\x20") && ($pos = strpos($data, '?>')) !== false) { $declaration = $this->registry->create(DeclarationParser::class, [substr($data, 5, $pos - 5)]); if ($declaration->parse()) { $data = substr($data, $pos + 2); $data = '<?xml version="' . $declaration->version . '" encoding="' . $encoding . '" standalone="' . (($declaration->standalone) ? 'yes' : 'no') . '"?>' . "\n" . self::set_doctype($data); } else { $this->error_string = 'SimplePie bug! Please report this!'; return false; } } else { $data = self::set_doctype($data); } $return = true; static $xml_is_sane = null; if ($xml_is_sane === null) { $parser_check = xml_parser_create(); xml_parse_into_struct($parser_check, '<foo>&</foo>', $values); if (\PHP_VERSION_ID < 80000) { xml_parser_free($parser_check); } $xml_is_sane = isset($values[0]['value']); } // Create the parser if ($xml_is_sane) { $xml = xml_parser_create_ns($this->encoding, $this->separator); xml_parser_set_option($xml, XML_OPTION_SKIP_WHITE, 1); xml_parser_set_option($xml, XML_OPTION_CASE_FOLDING, 0); xml_set_character_data_handler($xml, [$this, 'cdata']); xml_set_element_handler($xml, [$this, 'tag_open'], [$this, 'tag_close']); // Parse! $wrapper = @is_writable(sys_get_temp_dir()) ? 'php://temp' : 'php://memory'; if (($stream = fopen($wrapper, 'r+')) && fwrite($stream, $data) && rewind($stream)) { //Parse by chunks not to use too much memory do { $stream_data = (string) fread($stream, 1048576); if (!xml_parse($xml, $stream_data, feof($stream))) { $this->error_code = xml_get_error_code($xml); $this->error_string = xml_error_string($this->error_code) ?: "Unknown"; $return = false; break; } } while (!feof($stream)); fclose($stream); } else { $return = false; } $this->current_line = xml_get_current_line_number($xml); $this->current_column = xml_get_current_column_number($xml); $this->current_byte = xml_get_current_byte_index($xml); if (\PHP_VERSION_ID < 80000) { xml_parser_free($xml); } return $return; } libxml_clear_errors(); $xml = new \XMLReader(); $xml->xml($data); while (@$xml->read()) { switch ($xml->nodeType) { case \XMLReader::END_ELEMENT: if ($xml->namespaceURI !== '') { $tagName = $xml->namespaceURI . $this->separator . $xml->localName; } else { $tagName = $xml->localName; } $this->tag_close(null, $tagName); break; case \XMLReader::ELEMENT: $empty = $xml->isEmptyElement; if ($xml->namespaceURI !== '') { $tagName = $xml->namespaceURI . $this->separator . $xml->localName; } else { $tagName = $xml->localName; } $attributes = []; while ($xml->moveToNextAttribute()) { if ($xml->namespaceURI !== '') { $attrName = $xml->namespaceURI . $this->separator . $xml->localName; } else { $attrName = $xml->localName; } $attributes[$attrName] = $xml->value; } $this->tag_open(null, $tagName, $attributes); if ($empty) { $this->tag_close(null, $tagName); } break; case \XMLReader::TEXT: case \XMLReader::CDATA: $this->cdata(null, $xml->value); break; } } if ($error = libxml_get_last_error()) { $this->error_code = $error->code; $this->error_string = $error->message; $this->current_line = $error->line; $this->current_column = $error->column; return false; } return true; } /** * @return int */ public function get_error_code() { return $this->error_code; } /** * @return string */ public function get_error_string() { return $this->error_string; } /** * @return int */ public function get_current_line() { return $this->current_line; } /** * @return int */ public function get_current_column() { return $this->current_column; } /** * @return int */ public function get_current_byte() { return $this->current_byte; } /** * @return array<string, mixed> */ public function get_data() { return $this->data; } /** * @param XMLParser|resource|null $parser * @param array<string, string> $attributes * @return void */ public function tag_open($parser, string $tag, array $attributes) { [$this->namespace[], $this->element[]] = $this->split_ns($tag); $attribs = []; foreach ($attributes as $name => $value) { [$attrib_namespace, $attribute] = $this->split_ns($name); $attribs[$attrib_namespace][$attribute] = $value; } if (isset($attribs[\SimplePie\SimplePie::NAMESPACE_XML]['base'])) { $base = $this->registry->call(Misc::class, 'absolutize_url', [$attribs[\SimplePie\SimplePie::NAMESPACE_XML]['base'], end($this->xml_base)]); if ($base !== false) { $this->xml_base[] = $base; $this->xml_base_explicit[] = true; } } else { $this->xml_base[] = end($this->xml_base) ?: ''; $this->xml_base_explicit[] = end($this->xml_base_explicit); } if (isset($attribs[\SimplePie\SimplePie::NAMESPACE_XML]['lang'])) { $this->xml_lang[] = $attribs[\SimplePie\SimplePie::NAMESPACE_XML]['lang']; } else { $this->xml_lang[] = end($this->xml_lang) ?: ''; } if ($this->current_xhtml_construct >= 0) { $this->current_xhtml_construct++; if (end($this->namespace) === \SimplePie\SimplePie::NAMESPACE_XHTML) { $this->data['data'] .= '<' . end($this->element); if (isset($attribs[''])) { foreach ($attribs[''] as $name => $value) { $this->data['data'] .= ' ' . $name . '="' . htmlspecialchars($value, ENT_COMPAT, $this->encoding) . '"'; } } $this->data['data'] .= '>'; } } else { $this->datas[] = &$this->data; $this->data = &$this->data['child'][end($this->namespace)][end($this->element)][]; $this->data = ['data' => '', 'attribs' => $attribs, 'xml_base' => end($this->xml_base), 'xml_base_explicit' => end($this->xml_base_explicit), 'xml_lang' => end($this->xml_lang)]; if ((end($this->namespace) === \SimplePie\SimplePie::NAMESPACE_ATOM_03 && in_array(end($this->element), ['title', 'tagline', 'copyright', 'info', 'summary', 'content']) && isset($attribs['']['mode']) && $attribs['']['mode'] === 'xml') || (end($this->namespace) === \SimplePie\SimplePie::NAMESPACE_ATOM_10 && in_array(end($this->element), ['rights', 'subtitle', 'summary', 'info', 'title', 'content']) && isset($attribs['']['type']) && $attribs['']['type'] === 'xhtml') || (end($this->namespace) === \SimplePie\SimplePie::NAMESPACE_RSS_20 && in_array(end($this->element), ['title'])) || (end($this->namespace) === \SimplePie\SimplePie::NAMESPACE_RSS_090 && in_array(end($this->element), ['title'])) || (end($this->namespace) === \SimplePie\SimplePie::NAMESPACE_RSS_10 && in_array(end($this->element), ['title']))) { $this->current_xhtml_construct = 0; } } } /** * @param XMLParser|resource|null $parser * @return void */ public function cdata($parser, string $cdata) { if ($this->current_xhtml_construct >= 0) { $this->data['data'] .= htmlspecialchars($cdata, ENT_QUOTES, $this->encoding); } else { $this->data['data'] .= $cdata; } } /** * @param XMLParser|resource|null $parser * @return void */ public function tag_close($parser, string $tag) { if ($this->current_xhtml_construct >= 0) { $this->current_xhtml_construct--; if (end($this->namespace) === \SimplePie\SimplePie::NAMESPACE_XHTML && !in_array(end($this->element), ['area', 'base', 'basefont', 'br', 'col', 'frame', 'hr', 'img', 'input', 'isindex', 'link', 'meta', 'param'])) { $this->data['data'] .= '</' . end($this->element) . '>'; } } if ($this->current_xhtml_construct === -1) { $this->data = &$this->datas[count($this->datas) - 1]; array_pop($this->datas); } array_pop($this->element); array_pop($this->namespace); array_pop($this->xml_base); array_pop($this->xml_base_explicit); array_pop($this->xml_lang); } /** * @return array{string, string} */ public function split_ns(string $string) { static $cache = []; if (!isset($cache[$string])) { if ($pos = strpos($string, $this->separator)) { static $separator_length; if (!$separator_length) { $separator_length = strlen($this->separator); } $namespace = substr($string, 0, $pos); $local_name = substr($string, $pos + $separator_length); if (strtolower($namespace) === \SimplePie\SimplePie::NAMESPACE_ITUNES) { $namespace = \SimplePie\SimplePie::NAMESPACE_ITUNES; } // Normalize the Media RSS namespaces if ($namespace === \SimplePie\SimplePie::NAMESPACE_MEDIARSS_WRONG || $namespace === \SimplePie\SimplePie::NAMESPACE_MEDIARSS_WRONG2 || $namespace === \SimplePie\SimplePie::NAMESPACE_MEDIARSS_WRONG3 || $namespace === \SimplePie\SimplePie::NAMESPACE_MEDIARSS_WRONG4 || $namespace === \SimplePie\SimplePie::NAMESPACE_MEDIARSS_WRONG5) { $namespace = \SimplePie\SimplePie::NAMESPACE_MEDIARSS; } $cache[$string] = [$namespace, $local_name]; } else { $cache[$string] = ['', $string]; } } return $cache[$string]; } /** * @param array<string, mixed> $data */ private function parse_hcard(array $data, bool $category = false): string { $name = ''; $link = ''; // Check if h-card is set and pass that information on in the link. if (isset($data['type']) && in_array('h-card', $data['type'])) { if (isset($data['properties']['name'][0])) { $name = $data['properties']['name'][0]; } if (isset($data['properties']['url'][0])) { $link = $data['properties']['url'][0]; if ($name === '') { $name = $link; } else { // can't have commas in categories. $name = str_replace(',', '', $name); } $person_tag = $category ? '<span class="person-tag"></span>' : ''; return '<a class="h-card" href="'.$link.'">'.$person_tag.$name.'</a>'; } } return $data['value'] ?? ''; } /** * @return true */ private function parse_microformats(string &$data, string $url): bool { // For PHPStan, we already check that in call site. \assert(function_exists('Mf2\parse')); \assert(function_exists('Mf2\fetch')); $feed_title = ''; $feed_author = null; $author_cache = []; $items = []; $entries = []; $mf = \Mf2\parse($data, $url); // First look for an h-feed. $h_feed = []; foreach ($mf['items'] as $mf_item) { if (in_array('h-feed', $mf_item['type'])) { $h_feed = $mf_item; break; } // Also look for h-feed or h-entry in the children of each top level item. if (!isset($mf_item['children'][0]['type'])) { continue; } if (in_array('h-feed', $mf_item['children'][0]['type'])) { $h_feed = $mf_item['children'][0]; // In this case the parent of the h-feed may be an h-card, so use it as // the feed_author. if (in_array('h-card', $mf_item['type'])) { $feed_author = $mf_item; } break; } elseif (in_array('h-entry', $mf_item['children'][0]['type'])) { $entries = $mf_item['children']; // In this case the parent of the h-entry list may be an h-card, so use // it as the feed_author. if (in_array('h-card', $mf_item['type'])) { $feed_author = $mf_item; } break; } } if (isset($h_feed['children'])) { $entries = $h_feed['children']; // Also set the feed title and store author from the h-feed if available. if (isset($mf['items'][0]['properties']['name'][0])) { $feed_title = $mf['items'][0]['properties']['name'][0]; } if (isset($mf['items'][0]['properties']['author'][0])) { $feed_author = $mf['items'][0]['properties']['author'][0]; } } elseif (count($entries) === 0) { $entries = $mf['items']; } for ($i = 0; $i < count($entries); $i++) { $entry = $entries[$i]; if (in_array('h-entry', $entry['type'])) { $item = []; $title = ''; $description = ''; if (isset($entry['properties']['url'][0])) { $link = $entry['properties']['url'][0]; if (isset($link['value'])) { $link = $link['value']; } $item['link'] = [['data' => $link]]; } if (isset($entry['properties']['uid'][0])) { $guid = $entry['properties']['uid'][0]; if (isset($guid['value'])) { $guid = $guid['value']; } $item['guid'] = [['data' => $guid]]; } if (isset($entry['properties']['name'][0])) { $title = $entry['properties']['name'][0]; if (isset($title['value'])) { $title = $title['value']; } $item['title'] = [['data' => $title]]; } if (isset($entry['properties']['author'][0]) || isset($feed_author)) { // author is a special case, it can be plain text or an h-card array. // If it's plain text it can also be a url that should be followed to // get the actual h-card. $author = $entry['properties']['author'][0] ?? $feed_author; if (!is_string($author)) { $author = $this->parse_hcard($author); } elseif (strpos($author, 'http') === 0) { if (isset($author_cache[$author])) { $author = $author_cache[$author]; } else { if ($mf = \Mf2\fetch($author)) { foreach ($mf['items'] as $hcard) { // Only interested in an h-card by itself in this case. if (!in_array('h-card', $hcard['type'])) { continue; } // It must have a url property matching what we fetched. if (!isset($hcard['properties']['url']) || !(in_array($author, $hcard['properties']['url']))) { continue; } // Save parse_hcard the trouble of finding the correct url. $hcard['properties']['url'][0] = $author; // Cache this h-card for the next h-entry to check. $author_cache[$author] = $this->parse_hcard($hcard); $author = $author_cache[$author]; break; } } } } $item['author'] = [['data' => $author]]; } if (isset($entry['properties']['photo'][0])) { // If a photo is also in content, don't need to add it again here. $content = ''; if (isset($entry['properties']['content'][0]['html'])) { $content = $entry['properties']['content'][0]['html']; } $photo_list = []; for ($j = 0; $j < count($entry['properties']['photo']); $j++) { $photo = $entry['properties']['photo'][$j]; if (!empty($photo) && strpos($content, $photo) === false) { $photo_list[] = $photo; } } // When there's more than one photo show the first and use a lightbox. // Need a permanent, unique name for the image set, but don't have // anything unique except for the content itself, so use that. $count = count($photo_list); if ($count > 1) { $image_set_id = preg_replace('/[[:^alnum:]]/', '', $photo_list[0]); $description = '<p>'; for ($j = 0; $j < $count; $j++) { $hidden = $j === 0 ? '' : 'class="hidden" '; $description .= '<a href="'.$photo_list[$j].'" '.$hidden. 'data-lightbox="image-set-'.$image_set_id.'">'. '<img src="'.$photo_list[$j].'"></a>'; } $description .= '<br><b>'.$count.' photos</b></p>'; } elseif ($count == 1) { $description = '<p><img src="'.$photo_list[0].'"></p>'; } } if (isset($entry['properties']['content'][0]['html'])) { // e-content['value'] is the same as p-name when they are on the same // element. Use this to replace title with a strip_tags version so // that alt text from images is not included in the title. if ($entry['properties']['content'][0]['value'] === $title) { $title = strip_tags($entry['properties']['content'][0]['html']); $item['title'] = [['data' => $title]]; } $description .= $entry['properties']['content'][0]['html']; if (isset($entry['properties']['in-reply-to'][0])) { $in_reply_to = ''; if (is_string($entry['properties']['in-reply-to'][0])) { $in_reply_to = $entry['properties']['in-reply-to'][0]; } elseif (isset($entry['properties']['in-reply-to'][0]['value'])) { $in_reply_to = $entry['properties']['in-reply-to'][0]['value']; } if ($in_reply_to !== '') { $description .= '<p><span class="in-reply-to"></span> '. '<a href="'.$in_reply_to.'">'.$in_reply_to.'</a><p>'; } } $item['description'] = [['data' => $description]]; } if (isset($entry['properties']['category'])) { $category_csv = ''; // Categories can also contain h-cards. foreach ($entry['properties']['category'] as $category) { if ($category_csv !== '') { $category_csv .= ', '; } if (is_string($category)) { // Can't have commas in categories. $category_csv .= str_replace(',', '', $category); } else { $category_csv .= $this->parse_hcard($category, true); } } $item['category'] = [['data' => $category_csv]]; } if (isset($entry['properties']['published'][0])) { $timestamp = strtotime($entry['properties']['published'][0]); $pub_date = date('F j Y g:ia', $timestamp).' GMT'; $item['pubDate'] = [['data' => $pub_date]]; } // The title and description are set to the empty string to represent // a deleted item (which also makes it an invalid rss item). if (isset($entry['properties']['deleted'][0])) { $item['title'] = [['data' => '']]; $item['description'] = [['data' => '']]; } $items[] = ['child' => ['' => $item]]; } } // Mimic RSS data format when storing microformats. $link = [['data' => $url]]; $image = ''; if (!is_string($feed_author) && isset($feed_author['properties']['photo'][0])) { $image = [['child' => ['' => ['url' => [['data' => $feed_author['properties']['photo'][0]]]]]]]; } // Use the name given for the h-feed, or get the title from the html. if ($feed_title !== '') { $feed_title = [['data' => htmlspecialchars($feed_title)]]; } elseif ($position = strpos($data, '<title>')) { $start = $position < 200 ? 0 : $position - 200; $check = substr($data, $start, 400); $matches = []; if (preg_match('/<title>(.+)<\/title>/', $check, $matches)) { $feed_title = [['data' => htmlspecialchars($matches[1])]]; } } $channel = ['channel' => [['child' => ['' => ['link' => $link, 'image' => $image, 'title' => $feed_title, 'item' => $items]]]]]; $rss = [['attribs' => ['' => ['version' => '2.0']], 'child' => ['' => $channel]]]; $this->data = ['child' => ['' => ['rss' => $rss]]]; return true; } private static function set_doctype(string $data): string { // Strip DOCTYPE except if containing an [internal subset] $data = preg_replace('/^\\s*<!DOCTYPE\\s[^>\\[\\]]*>\s*/', '', $data) ?? $data; // Declare HTML entities only if no remaining DOCTYPE $doctype = preg_match('/^\\s*<!DOCTYPE\\s/', $data) ? '' : self::declare_html_entities(); return $doctype . $data; } private static function declare_html_entities(): string { // This is required because the RSS specification says that entity-encoded // html is allowed, but the xml specification says they must be declared. return '<!DOCTYPE rss [ <!ENTITY nbsp " "> <!ENTITY iexcl "¡"> <!ENTITY cent "¢"> <!ENTITY pound "£"> <!ENTITY curren "¤"> <!ENTITY yen "¥"> <!ENTITY brvbar "¦"> <!ENTITY sect "§"> <!ENTITY uml "¨"> <!ENTITY copy "©"> <!ENTITY ordf "ª"> <!ENTITY laquo "«"> <!ENTITY not "¬"> <!ENTITY shy "­"> <!ENTITY reg "®"> <!ENTITY macr "¯"> <!ENTITY deg "°"> <!ENTITY plusmn "±"> <!ENTITY sup2 "²"> <!ENTITY sup3 "³"> <!ENTITY acute "´"> <!ENTITY micro "µ"> <!ENTITY para "¶"> <!ENTITY middot "·"> <!ENTITY cedil "¸"> <!ENTITY sup1 "¹"> <!ENTITY ordm "º"> <!ENTITY raquo "»"> <!ENTITY frac14 "¼"> <!ENTITY frac12 "½"> <!ENTITY frac34 "¾"> <!ENTITY iquest "¿"> <!ENTITY Agrave "À"> <!ENTITY Aacute "Á"> <!ENTITY Acirc "Â"> <!ENTITY Atilde "Ã"> <!ENTITY Auml "Ä"> <!ENTITY Aring "Å"> <!ENTITY AElig "Æ"> <!ENTITY Ccedil "Ç"> <!ENTITY Egrave "È"> <!ENTITY Eacute "É"> <!ENTITY Ecirc "Ê"> <!ENTITY Euml "Ë"> <!ENTITY Igrave "Ì"> <!ENTITY Iacute "Í"> <!ENTITY Icirc "Î"> <!ENTITY Iuml "Ï"> <!ENTITY ETH "Ð"> <!ENTITY Ntilde "Ñ"> <!ENTITY Ograve "Ò"> <!ENTITY Oacute "Ó"> <!ENTITY Ocirc "Ô"> <!ENTITY Otilde "Õ"> <!ENTITY Ouml "Ö"> <!ENTITY times "×"> <!ENTITY Oslash "Ø"> <!ENTITY Ugrave "Ù"> <!ENTITY Uacute "Ú"> <!ENTITY Ucirc "Û"> <!ENTITY Uuml "Ü"> <!ENTITY Yacute "Ý"> <!ENTITY THORN "Þ"> <!ENTITY szlig "ß"> <!ENTITY agrave "à"> <!ENTITY aacute "á"> <!ENTITY acirc "â"> <!ENTITY atilde "ã"> <!ENTITY auml "ä"> <!ENTITY aring "å"> <!ENTITY aelig "æ"> <!ENTITY ccedil "ç"> <!ENTITY egrave "è"> <!ENTITY eacute "é"> <!ENTITY ecirc "ê"> <!ENTITY euml "ë"> <!ENTITY igrave "ì"> <!ENTITY iacute "í"> <!ENTITY icirc "î"> <!ENTITY iuml "ï"> <!ENTITY eth "ð"> <!ENTITY ntilde "ñ"> <!ENTITY ograve "ò"> <!ENTITY oacute "ó"> <!ENTITY ocirc "ô"> <!ENTITY otilde "õ"> <!ENTITY ouml "ö"> <!ENTITY divide "÷"> <!ENTITY oslash "ø"> <!ENTITY ugrave "ù"> <!ENTITY uacute "ú"> <!ENTITY ucirc "û"> <!ENTITY uuml "ü"> <!ENTITY yacute "ý"> <!ENTITY thorn "þ"> <!ENTITY yuml "ÿ"> <!ENTITY OElig "Œ"> <!ENTITY oelig "œ"> <!ENTITY Scaron "Š"> <!ENTITY scaron "š"> <!ENTITY Yuml "Ÿ"> <!ENTITY fnof "ƒ"> <!ENTITY circ "ˆ"> <!ENTITY tilde "˜"> <!ENTITY Alpha "Α"> <!ENTITY Beta "Β"> <!ENTITY Gamma "Γ"> <!ENTITY Epsilon "Ε"> <!ENTITY Zeta "Ζ"> <!ENTITY Eta "Η"> <!ENTITY Theta "Θ"> <!ENTITY Iota "Ι"> <!ENTITY Kappa "Κ"> <!ENTITY Lambda "Λ"> <!ENTITY Mu "Μ"> <!ENTITY Nu "Ν"> <!ENTITY Xi "Ξ"> <!ENTITY Omicron "Ο"> <!ENTITY Pi "Π"> <!ENTITY Rho "Ρ"> <!ENTITY Sigma "Σ"> <!ENTITY Tau "Τ"> <!ENTITY Upsilon "Υ"> <!ENTITY Phi "Φ"> <!ENTITY Chi "Χ"> <!ENTITY Psi "Ψ"> <!ENTITY Omega "Ω"> <!ENTITY alpha "α"> <!ENTITY beta "β"> <!ENTITY gamma "γ"> <!ENTITY delta "δ"> <!ENTITY epsilon "ε"> <!ENTITY zeta "ζ"> <!ENTITY eta "η"> <!ENTITY theta "θ"> <!ENTITY iota "ι"> <!ENTITY kappa "κ"> <!ENTITY lambda "λ"> <!ENTITY mu "μ"> <!ENTITY nu "ν"> <!ENTITY xi "ξ"> <!ENTITY omicron "ο"> <!ENTITY pi "π"> <!ENTITY rho "ρ"> <!ENTITY sigmaf "ς"> <!ENTITY sigma "σ"> <!ENTITY tau "τ"> <!ENTITY upsilon "υ"> <!ENTITY phi "φ"> <!ENTITY chi "χ"> <!ENTITY psi "ψ"> <!ENTITY omega "ω"> <!ENTITY thetasym "ϑ"> <!ENTITY upsih "ϒ"> <!ENTITY piv "ϖ"> <!ENTITY ensp " "> <!ENTITY emsp " "> <!ENTITY thinsp " "> <!ENTITY zwnj "‌"> <!ENTITY zwj "‍"> <!ENTITY lrm "‎"> <!ENTITY rlm "‏"> <!ENTITY ndash "–"> <!ENTITY mdash "—"> <!ENTITY lsquo "‘"> <!ENTITY rsquo "’"> <!ENTITY sbquo "‚"> <!ENTITY ldquo "“"> <!ENTITY rdquo "”"> <!ENTITY bdquo "„"> <!ENTITY dagger "†"> <!ENTITY Dagger "‡"> <!ENTITY bull "•"> <!ENTITY hellip "…"> <!ENTITY permil "‰"> <!ENTITY prime "′"> <!ENTITY Prime "″"> <!ENTITY lsaquo "‹"> <!ENTITY rsaquo "›"> <!ENTITY oline "‾"> <!ENTITY frasl "⁄"> <!ENTITY euro "€"> <!ENTITY image "ℑ"> <!ENTITY weierp "℘"> <!ENTITY real "ℜ"> <!ENTITY trade "™"> <!ENTITY alefsym "ℵ"> <!ENTITY larr "←"> <!ENTITY uarr "↑"> <!ENTITY rarr "→"> <!ENTITY darr "↓"> <!ENTITY harr "↔"> <!ENTITY crarr "↵"> <!ENTITY lArr "⇐"> <!ENTITY uArr "⇑"> <!ENTITY rArr "⇒"> <!ENTITY dArr "⇓"> <!ENTITY hArr "⇔"> <!ENTITY forall "∀"> <!ENTITY part "∂"> <!ENTITY exist "∃"> <!ENTITY empty "∅"> <!ENTITY nabla "∇"> <!ENTITY isin "∈"> <!ENTITY notin "∉"> <!ENTITY ni "∋"> <!ENTITY prod "∏"> <!ENTITY sum "∑"> <!ENTITY minus "−"> <!ENTITY lowast "∗"> <!ENTITY radic "√"> <!ENTITY prop "∝"> <!ENTITY infin "∞"> <!ENTITY ang "∠"> <!ENTITY and "∧"> <!ENTITY or "∨"> <!ENTITY cap "∩"> <!ENTITY cup "∪"> <!ENTITY int "∫"> <!ENTITY there4 "∴"> <!ENTITY sim "∼"> <!ENTITY cong "≅"> <!ENTITY asymp "≈"> <!ENTITY ne "≠"> <!ENTITY equiv "≡"> <!ENTITY le "≤"> <!ENTITY ge "≥"> <!ENTITY sub "⊂"> <!ENTITY sup "⊃"> <!ENTITY nsub "⊄"> <!ENTITY sube "⊆"> <!ENTITY supe "⊇"> <!ENTITY oplus "⊕"> <!ENTITY otimes "⊗"> <!ENTITY perp "⊥"> <!ENTITY sdot "⋅"> <!ENTITY lceil "⌈"> <!ENTITY rceil "⌉"> <!ENTITY lfloor "⌊"> <!ENTITY rfloor "⌋"> <!ENTITY lang "〈"> <!ENTITY rang "〉"> <!ENTITY loz "◊"> <!ENTITY spades "♠"> <!ENTITY clubs "♣"> <!ENTITY hearts "♥"> <!ENTITY diams "♦"> ]>'; } } class_alias('SimplePie\Parser', 'SimplePie_Parser'); https-migration-20260605191208.php 0000666 00000011205 15226703613 0012005 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605070331.php 0000666 00000013341 15226703613 0011766 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260606132425.php 0000666 00000013341 15226703613 0011772 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606103247.php 0000666 00000011205 15226703613 0012002 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } Cache.php 0000666 00000006260 15226703613 0006275 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; use SimplePie\Cache\Base; /** * Used to create cache objects * * This class can be overloaded with {@see SimplePie::set_cache_class()}, * although the preferred way is to create your own handler * via {@see register()} * * @deprecated since SimplePie 1.8.0, use "SimplePie\SimplePie::set_cache()" instead */ class Cache { /** * Cache handler classes * * These receive 3 parameters to their constructor, as documented in * {@see register()} * @var array<string, class-string<Base>> */ protected static $handlers = [ 'mysql' => Cache\MySQL::class, 'memcache' => Cache\Memcache::class, 'memcached' => Cache\Memcached::class, 'redis' => Cache\Redis::class, ]; /** * Don't call the constructor. Please. */ private function __construct() { } /** * Create a new SimplePie\Cache object * * @param string $location URL location (scheme is used to determine handler) * @param string $filename Unique identifier for cache object * @param Base::TYPE_FEED|Base::TYPE_IMAGE $extension 'spi' or 'spc' * @return Base Type of object depends on scheme of `$location` */ public static function get_handler(string $location, string $filename, $extension) { $type = explode(':', $location, 2); $type = $type[0]; if (!empty(self::$handlers[$type])) { $class = self::$handlers[$type]; return new $class($location, $filename, $extension); } return new \SimplePie\Cache\File($location, $filename, $extension); } /** * Create a new SimplePie\Cache object * * @deprecated since SimplePie 1.3.1, use {@see get_handler()} instead * @param string $location * @param string $filename * @param Base::TYPE_FEED|Base::TYPE_IMAGE $extension * @return Base */ public function create(string $location, string $filename, $extension) { trigger_error('Cache::create() has been replaced with Cache::get_handler() since SimplePie 1.3.1, use the registry system instead.', \E_USER_DEPRECATED); return self::get_handler($location, $filename, $extension); } /** * Register a handler * * @param string $type DSN type to register for * @param class-string<Base> $class Name of handler class. Must implement Base * @return void */ public static function register(string $type, $class) { self::$handlers[$type] = $class; } /** * Parse a URL into an array * * @param string $url * @return array<string, mixed> */ public static function parse_URL(string $url) { $parsedUrl = parse_url($url); if ($parsedUrl === false) { return []; } $params = array_merge($parsedUrl, ['extras' => []]); if (isset($params['query'])) { parse_str($params['query'], $params['extras']); } return $params; } } class_alias('SimplePie\Cache', 'SimplePie_Cache'); class-wp-exception.php 0000666 00000000375 15226703613 0011020 0 ustar 00 <?php /** * WP_Exception class * * @package WordPress * @since 6.7.0 */ /** * Core base Exception class. * * Future, more specific, Exceptions should always extend this base class. * * @since 6.7.0 */ class WP_Exception extends Exception {} RegistryAware.php 0000666 00000000677 15226703613 0010070 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; /** * Handles the injection of Registry into other class * * {@see \SimplePie\SimplePie::get_registry()} */ interface RegistryAware { /** * Set the Registry into the class * * @return void */ public function set_registry(Registry $registry); } Locator.php 0000666 00000040473 15226703613 0006701 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; use DomDocument; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use Psr\Http\Message\UriFactoryInterface; use SimplePie\HTTP\Client; use SimplePie\HTTP\ClientException; use SimplePie\HTTP\FileClient; use SimplePie\HTTP\Psr18Client; use SimplePie\HTTP\Response; /** * Used for feed auto-discovery * * * This class can be overloaded with {@see \SimplePie\SimplePie::set_locator_class()} */ class Locator implements RegistryAware { /** @var ?string */ public $useragent = null; /** @var int */ public $timeout = 10; /** @var File */ public $file; /** @var string[] */ public $local = []; /** @var string[] */ public $elsewhere = []; /** @var array<mixed> */ public $cached_entities = []; /** @var string */ public $http_base; /** @var string */ public $base; /** @var int */ public $base_location = 0; /** @var int */ public $checked_feeds = 0; /** @var int */ public $max_checked_feeds = 10; /** @var bool */ public $force_fsockopen = false; /** @var array<int, mixed> */ public $curl_options = []; /** @var ?\DomDocument */ public $dom; /** @var ?Registry */ protected $registry; /** * @var Client|null */ private $http_client = null; /** * @param array<int, mixed> $curl_options */ public function __construct(File $file, int $timeout = 10, ?string $useragent = null, int $max_checked_feeds = 10, bool $force_fsockopen = false, array $curl_options = []) { $this->file = $file; $this->useragent = $useragent; $this->timeout = $timeout; $this->max_checked_feeds = $max_checked_feeds; $this->force_fsockopen = $force_fsockopen; $this->curl_options = $curl_options; $body = $this->file->get_body_content(); if (class_exists('DOMDocument') && $body != '') { $this->dom = new \DOMDocument(); set_error_handler([Misc::class, 'silence_errors']); try { $this->dom->loadHTML($body); } catch (\Throwable $ex) { $this->dom = null; } restore_error_handler(); } else { $this->dom = null; } } /** * Set a PSR-18 client and PSR-17 factories * * Allows you to use your own HTTP client implementations. */ final public function set_http_client( ClientInterface $http_client, RequestFactoryInterface $request_factory, UriFactoryInterface $uri_factory ): void { $this->http_client = new Psr18Client($http_client, $request_factory, $uri_factory); } /** * @return void */ public function set_registry(\SimplePie\Registry $registry) { $this->registry = $registry; } /** * @param SimplePie::LOCATOR_* $type * @param array<Response>|null $working * @return Response|null */ public function find(int $type = \SimplePie\SimplePie::LOCATOR_ALL, ?array &$working = null) { assert($this->registry !== null); if ($this->is_feed($this->file)) { return $this->file; } if (Misc::is_remote_uri($this->file->get_final_requested_uri())) { $sniffer = $this->registry->create(Content\Type\Sniffer::class, [$this->file]); if ($sniffer->get_type() !== 'text/html') { return null; } } if ($type & ~\SimplePie\SimplePie::LOCATOR_NONE) { $this->get_base(); } if ($type & \SimplePie\SimplePie::LOCATOR_AUTODISCOVERY && $working = $this->autodiscovery()) { return $working[0]; } if ($type & (\SimplePie\SimplePie::LOCATOR_LOCAL_EXTENSION | \SimplePie\SimplePie::LOCATOR_LOCAL_BODY | \SimplePie\SimplePie::LOCATOR_REMOTE_EXTENSION | \SimplePie\SimplePie::LOCATOR_REMOTE_BODY) && $this->get_links()) { if ($type & \SimplePie\SimplePie::LOCATOR_LOCAL_EXTENSION && $working = $this->extension($this->local)) { return $working[0]; } if ($type & \SimplePie\SimplePie::LOCATOR_LOCAL_BODY && $working = $this->body($this->local)) { return $working[0]; } if ($type & \SimplePie\SimplePie::LOCATOR_REMOTE_EXTENSION && $working = $this->extension($this->elsewhere)) { return $working[0]; } if ($type & \SimplePie\SimplePie::LOCATOR_REMOTE_BODY && $working = $this->body($this->elsewhere)) { return $working[0]; } } return null; } /** * @return bool */ public function is_feed(Response $file, bool $check_html = false) { assert($this->registry !== null); if (Misc::is_remote_uri($file->get_final_requested_uri())) { $sniffer = $this->registry->create(Content\Type\Sniffer::class, [$file]); $sniffed = $sniffer->get_type(); $mime_types = ['application/rss+xml', 'application/rdf+xml', 'text/rdf', 'application/atom+xml', 'text/xml', 'application/xml', 'application/x-rss+xml']; if ($check_html) { $mime_types[] = 'text/html'; } return in_array($sniffed, $mime_types); } elseif (is_file($file->get_final_requested_uri())) { return true; } else { return false; } } /** * @return void */ public function get_base() { assert($this->registry !== null); if ($this->dom === null) { throw new \SimplePie\Exception('DOMDocument not found, unable to use locator'); } $this->http_base = $this->file->get_final_requested_uri(); $this->base = $this->http_base; $elements = $this->dom->getElementsByTagName('base'); foreach ($elements as $element) { if ($element->hasAttribute('href')) { $base = $this->registry->call(Misc::class, 'absolutize_url', [trim($element->getAttribute('href')), $this->http_base]); if ($base === false) { continue; } $this->base = $base; $this->base_location = method_exists($element, 'getLineNo') ? $element->getLineNo() : 0; break; } } } /** * @return array<Response>|null */ public function autodiscovery() { $done = []; $feeds = []; $feeds = array_merge($feeds, $this->search_elements_by_tag('link', $done, $feeds)); $feeds = array_merge($feeds, $this->search_elements_by_tag('a', $done, $feeds)); $feeds = array_merge($feeds, $this->search_elements_by_tag('area', $done, $feeds)); if (!empty($feeds)) { return array_values($feeds); } return null; } /** * @param string[] $done * @param array<string, Response> $feeds * @return array<string, Response> */ protected function search_elements_by_tag(string $name, array &$done, array $feeds) { assert($this->registry !== null); if ($this->dom === null) { throw new \SimplePie\Exception('DOMDocument not found, unable to use locator'); } $links = $this->dom->getElementsByTagName($name); foreach ($links as $link) { if ($this->checked_feeds === $this->max_checked_feeds) { break; } if ($link->hasAttribute('href') && $link->hasAttribute('rel')) { $rel = array_unique($this->registry->call(Misc::class, 'space_separated_tokens', [strtolower($link->getAttribute('rel'))])); $line = method_exists($link, 'getLineNo') ? $link->getLineNo() : 1; if ($this->base_location < $line) { $href = $this->registry->call(Misc::class, 'absolutize_url', [trim($link->getAttribute('href')), $this->base]); } else { $href = $this->registry->call(Misc::class, 'absolutize_url', [trim($link->getAttribute('href')), $this->http_base]); } if ($href === false) { continue; } if (!in_array($href, $done) && in_array('feed', $rel) || (in_array('alternate', $rel) && !in_array('stylesheet', $rel) && $link->hasAttribute('type') && in_array(strtolower($this->registry->call(Misc::class, 'parse_mime', [$link->getAttribute('type')])), ['text/html', 'application/rss+xml', 'application/atom+xml'])) && !isset($feeds[$href])) { $this->checked_feeds++; $headers = [ 'Accept' => SimplePie::DEFAULT_HTTP_ACCEPT_HEADER, ]; try { $feed = $this->get_http_client()->request(Client::METHOD_GET, $href, $headers); if ((!Misc::is_remote_uri($feed->get_final_requested_uri()) || ($feed->get_status_code() === 200 || $feed->get_status_code() > 206 && $feed->get_status_code() < 300)) && $this->is_feed($feed, true)) { $feeds[$href] = $feed; } } catch (ClientException $th) { // Just mark it as done and continue. } } $done[] = $href; } } return $feeds; } /** * @return true|null */ public function get_links() { assert($this->registry !== null); if ($this->dom === null) { throw new \SimplePie\Exception('DOMDocument not found, unable to use locator'); } $links = $this->dom->getElementsByTagName('a'); foreach ($links as $link) { if ($link->hasAttribute('href')) { $href = trim($link->getAttribute('href')); $parsed = $this->registry->call(Misc::class, 'parse_url', [$href]); if ($parsed['scheme'] === '' || preg_match('/^(https?|feed)?$/i', $parsed['scheme'])) { if (method_exists($link, 'getLineNo') && $this->base_location < $link->getLineNo()) { $href = $this->registry->call(Misc::class, 'absolutize_url', [trim($link->getAttribute('href')), $this->base]); } else { $href = $this->registry->call(Misc::class, 'absolutize_url', [trim($link->getAttribute('href')), $this->http_base]); } if ($href === false) { continue; } $current = $this->registry->call(Misc::class, 'parse_url', [$this->file->get_final_requested_uri()]); if ($parsed['authority'] === '' || $parsed['authority'] === $current['authority']) { $this->local[] = $href; } else { $this->elsewhere[] = $href; } } } } $this->local = array_unique($this->local); $this->elsewhere = array_unique($this->elsewhere); if (!empty($this->local) || !empty($this->elsewhere)) { return true; } return null; } /** * Extracts first `link` element with given `rel` attribute inside the `head` element. * * @return string|null */ public function get_rel_link(string $rel) { assert($this->registry !== null); if ($this->dom === null) { throw new \SimplePie\Exception('DOMDocument not found, unable to use '. 'locator'); } if (!class_exists('DOMXpath')) { throw new \SimplePie\Exception('DOMXpath not found, unable to use '. 'get_rel_link'); } $xpath = new \DOMXpath($this->dom); $query = '(//head)[1]/link[@rel and @href]'; /** @var \DOMNodeList<\DOMElement> */ $queryResult = $xpath->query($query); foreach ($queryResult as $link) { $href = trim($link->getAttribute('href')); $parsed = $this->registry->call(Misc::class, 'parse_url', [$href]); if ($parsed['scheme'] === '' || preg_match('/^https?$/i', $parsed['scheme'])) { if (method_exists($link, 'getLineNo') && $this->base_location < $link->getLineNo()) { $href = $this->registry->call( Misc::class, 'absolutize_url', [trim($link->getAttribute('href')), $this->base] ); } else { $href = $this->registry->call( Misc::class, 'absolutize_url', [trim($link->getAttribute('href')), $this->http_base] ); } if ($href === false) { return null; } $rel_values = explode(' ', strtolower($link->getAttribute('rel'))); if (in_array($rel, $rel_values)) { return $href; } } } return null; } /** * @param string[] $array * @return array<Response>|null */ public function extension(array &$array) { foreach ($array as $key => $value) { if ($this->checked_feeds === $this->max_checked_feeds) { break; } $extension = strrchr($value, '.'); if ($extension !== false && in_array(strtolower($extension), ['.rss', '.rdf', '.atom', '.xml'])) { $this->checked_feeds++; $headers = [ 'Accept' => SimplePie::DEFAULT_HTTP_ACCEPT_HEADER, ]; try { $feed = $this->get_http_client()->request(Client::METHOD_GET, $value, $headers); if ((!Misc::is_remote_uri($feed->get_final_requested_uri()) || ($feed->get_status_code() === 200 || $feed->get_status_code() > 206 && $feed->get_status_code() < 300)) && $this->is_feed($feed)) { return [$feed]; } } catch (ClientException $th) { // Just unset and continue. } unset($array[$key]); } } return null; } /** * @param string[] $array * @return array<Response>|null */ public function body(array &$array) { foreach ($array as $key => $value) { if ($this->checked_feeds === $this->max_checked_feeds) { break; } if (preg_match('/(feed|rss|rdf|atom|xml)/i', $value)) { $this->checked_feeds++; $headers = [ 'Accept' => SimplePie::DEFAULT_HTTP_ACCEPT_HEADER, ]; try { $feed = $this->get_http_client()->request(Client::METHOD_GET, $value, $headers); if ((!Misc::is_remote_uri($feed->get_final_requested_uri()) || ($feed->get_status_code() === 200 || $feed->get_status_code() > 206 && $feed->get_status_code() < 300)) && $this->is_feed($feed)) { return [$feed]; } } catch (ClientException $th) { // Just unset and continue. } unset($array[$key]); } } return null; } /** * Get a HTTP client */ private function get_http_client(): Client { assert($this->registry !== null); if ($this->http_client === null) { $options = [ 'timeout' => $this->timeout, 'redirects' => 5, 'force_fsockopen' => $this->force_fsockopen, 'curl_options' => $this->curl_options, ]; if ($this->useragent !== null) { $options['useragent'] = $this->useragent; } return new FileClient( $this->registry, $options ); } return $this->http_client; } } class_alias('SimplePie\Locator', 'SimplePie_Locator', false); Misc.php 0000666 00000210245 15226703613 0006165 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; use SimplePie\XML\Declaration\Parser; /** * Miscellaneous utilities */ class Misc { /** @var int|null */ private static $SIMPLEPIE_BUILD = null; /** * @return string */ public static function time_hms(int $seconds) { $time = ''; $hours = floor($seconds / 3600); $remainder = $seconds % 3600; if ($hours > 0) { $time .= $hours.':'; } $minutes = floor($remainder / 60); $seconds = $remainder % 60; if ($minutes < 10 && $hours > 0) { $minutes = '0' . $minutes; } if ($seconds < 10) { $seconds = '0' . $seconds; } $time .= $minutes.':'; $time .= $seconds; return $time; } /** * @return string|false */ public static function absolutize_url(string $relative, string $base) { $iri = \SimplePie\IRI::absolutize(new \SimplePie\IRI($base), $relative); if ($iri === false) { return false; } return $iri->get_uri(); } /** * @internal */ public static function is_remote_uri(string $uri): bool { return preg_match('/^https?:\/\//i', $uri) === 1; } /** * Get a HTML/XML element from a HTML string * * @deprecated since SimplePie 1.3, use DOMDocument instead (parsing HTML with regex is bad!) * @param string $realname Element name (including namespace prefix if applicable) * @param string $string HTML document * @return array<array{tag: string, self_closing: bool, attribs: array<string, array{data: string}>, content?: string}> */ public static function get_element(string $realname, string $string) { // trigger_error(sprintf('Using method "' . __METHOD__ . '" is deprecated since SimplePie 1.3, use "DOMDocument" instead.'), \E_USER_DEPRECATED); $return = []; $name = preg_quote($realname, '/'); if (preg_match_all("/<($name)" . \SimplePie\SimplePie::PCRE_HTML_ATTRIBUTE . "(>(.*)<\/$name>|(\/)?>)/siU", $string, $matches, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) { for ($i = 0, $total_matches = count($matches); $i < $total_matches; $i++) { $return[$i]['tag'] = $realname; $return[$i]['full'] = $matches[$i][0][0]; $return[$i]['offset'] = $matches[$i][0][1]; if (strlen($matches[$i][3][0]) <= 2) { $return[$i]['self_closing'] = true; } else { $return[$i]['self_closing'] = false; $return[$i]['content'] = $matches[$i][4][0]; } $return[$i]['attribs'] = []; if (isset($matches[$i][2][0]) && preg_match_all('/[\x09\x0A\x0B\x0C\x0D\x20]+([^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3D\x3E]*)(?:[\x09\x0A\x0B\x0C\x0D\x20]*=[\x09\x0A\x0B\x0C\x0D\x20]*(?:"([^"]*)"|\'([^\']*)\'|([^\x09\x0A\x0B\x0C\x0D\x20\x22\x27\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x3E]*)?))?/', ' ' . $matches[$i][2][0] . ' ', $attribs, PREG_SET_ORDER)) { foreach ($attribs as $attrib) { if (count($attrib) === 2) { $attrib[2] = $attrib[1]; } $return[$i]['attribs'][strtolower($attrib[1])]['data'] = Misc::entities_decode(end($attrib)); } } } } return $return; } /** * @deprecated since SimplePie 1.9.0. If you need it, you can copy the function to your codebase. But you should consider using `DOMDocument` for any DOM wrangling. * @param array{tag: string, self_closing: bool, attribs: array<string, array{data: string}>, content: string} $element * @return string */ public static function element_implode(array $element) { // trigger_error(sprintf('Using method "' . __METHOD__ . '" is deprecated since SimplePie 1.9.'), \E_USER_DEPRECATED); $full = "<{$element['tag']}"; foreach ($element['attribs'] as $key => $value) { $key = strtolower($key); $full .= " $key=\"" . htmlspecialchars($value['data'], ENT_COMPAT, 'UTF-8') . '"'; } if ($element['self_closing']) { $full .= ' />'; } else { $full .= ">{$element['content']}</{$element['tag']}>"; } return $full; } /** * @param string $message * @param int $level * @param string $file * @param int $line * @return string */ public static function error(string $message, int $level, string $file, int $line) { if ((error_reporting() & $level) > 0) { switch ($level) { case E_USER_ERROR: $note = 'PHP Error'; break; case E_USER_WARNING: $note = 'PHP Warning'; break; case E_USER_NOTICE: $note = 'PHP Notice'; break; default: $note = 'Unknown Error'; break; } $log_error = true; if (!function_exists('error_log')) { $log_error = false; } $log_file = @ini_get('error_log'); if (!empty($log_file) && ('syslog' !== $log_file) && !@is_writable($log_file)) { $log_error = false; } if ($log_error) { @error_log("$note: $message in $file on line $line", 0); } } return $message; } /** * @return string */ public static function fix_protocol(string $url, int $http = 1) { $url = Misc::normalize_url($url); $parsed = Misc::parse_url($url); if ($parsed['scheme'] !== '' && $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') { return Misc::fix_protocol(Misc::compress_parse_url('http', $parsed['authority'], $parsed['path'], $parsed['query'], $parsed['fragment']), $http); } if ($parsed['scheme'] === '' && $parsed['authority'] === '' && !file_exists($url)) { return Misc::fix_protocol(Misc::compress_parse_url('http', $parsed['path'], '', $parsed['query'], $parsed['fragment']), $http); } if ($http === 2 && $parsed['scheme'] !== '') { return "feed:$url"; } elseif ($http === 3 && strtolower($parsed['scheme']) === 'http') { return substr_replace($url, 'podcast', 0, 4); } elseif ($http === 4 && strtolower($parsed['scheme']) === 'http') { return substr_replace($url, 'itpc', 0, 4); } return $url; } /** * @deprecated since SimplePie 1.8.0, use PHP native array_replace_recursive() instead. * @param array<mixed> $array1 * @param array<mixed> $array2 * @return array<mixed> */ public static function array_merge_recursive(array $array1, array $array2) { foreach ($array2 as $key => $value) { if (is_array($value)) { $array1[$key] = Misc::array_merge_recursive($array1[$key], $value); } else { $array1[$key] = $value; } } return $array1; } /** * @return array<string, string> */ public static function parse_url(string $url) { $iri = new \SimplePie\IRI($url); return [ 'scheme' => (string) $iri->scheme, 'authority' => (string) $iri->authority, 'path' => (string) $iri->path, 'query' => (string) $iri->query, 'fragment' => (string) $iri->fragment ]; } /** * @return string */ public static function compress_parse_url(string $scheme = '', string $authority = '', string $path = '', string $query = '', ?string $fragment = '') { $iri = new \SimplePie\IRI(''); $iri->scheme = $scheme; $iri->authority = $authority; $iri->path = $path; $iri->query = $query; $iri->fragment = $fragment; return $iri->get_uri(); } /** * @return string */ public static function normalize_url(string $url) { $iri = new \SimplePie\IRI($url); return $iri->get_uri(); } /** * @deprecated since SimplePie 1.9.0. This functionality is part of `IRI` – if you need it standalone, consider copying the function to your codebase. * @param array<int, string> $match * @return string */ public static function percent_encoding_normalization(array $match) { $integer = hexdec($match[1]); if ($integer >= 0x41 && $integer <= 0x5A || $integer >= 0x61 && $integer <= 0x7A || $integer >= 0x30 && $integer <= 0x39 || $integer === 0x2D || $integer === 0x2E || $integer === 0x5F || $integer === 0x7E) { // Cast for PHPStan, the value would only be float when above PHP_INT_MAX, which would not go in this branch. return chr((int) $integer); } return strtoupper($match[0]); } /** * Converts a Windows-1252 encoded string to a UTF-8 encoded string * * @static * @param string $string Windows-1252 encoded string * @return string UTF-8 encoded string */ public static function windows_1252_to_utf8(string $string) { static $convert_table = ["\x80" => "\xE2\x82\xAC", "\x81" => "\xEF\xBF\xBD", "\x82" => "\xE2\x80\x9A", "\x83" => "\xC6\x92", "\x84" => "\xE2\x80\x9E", "\x85" => "\xE2\x80\xA6", "\x86" => "\xE2\x80\xA0", "\x87" => "\xE2\x80\xA1", "\x88" => "\xCB\x86", "\x89" => "\xE2\x80\xB0", "\x8A" => "\xC5\xA0", "\x8B" => "\xE2\x80\xB9", "\x8C" => "\xC5\x92", "\x8D" => "\xEF\xBF\xBD", "\x8E" => "\xC5\xBD", "\x8F" => "\xEF\xBF\xBD", "\x90" => "\xEF\xBF\xBD", "\x91" => "\xE2\x80\x98", "\x92" => "\xE2\x80\x99", "\x93" => "\xE2\x80\x9C", "\x94" => "\xE2\x80\x9D", "\x95" => "\xE2\x80\xA2", "\x96" => "\xE2\x80\x93", "\x97" => "\xE2\x80\x94", "\x98" => "\xCB\x9C", "\x99" => "\xE2\x84\xA2", "\x9A" => "\xC5\xA1", "\x9B" => "\xE2\x80\xBA", "\x9C" => "\xC5\x93", "\x9D" => "\xEF\xBF\xBD", "\x9E" => "\xC5\xBE", "\x9F" => "\xC5\xB8", "\xA0" => "\xC2\xA0", "\xA1" => "\xC2\xA1", "\xA2" => "\xC2\xA2", "\xA3" => "\xC2\xA3", "\xA4" => "\xC2\xA4", "\xA5" => "\xC2\xA5", "\xA6" => "\xC2\xA6", "\xA7" => "\xC2\xA7", "\xA8" => "\xC2\xA8", "\xA9" => "\xC2\xA9", "\xAA" => "\xC2\xAA", "\xAB" => "\xC2\xAB", "\xAC" => "\xC2\xAC", "\xAD" => "\xC2\xAD", "\xAE" => "\xC2\xAE", "\xAF" => "\xC2\xAF", "\xB0" => "\xC2\xB0", "\xB1" => "\xC2\xB1", "\xB2" => "\xC2\xB2", "\xB3" => "\xC2\xB3", "\xB4" => "\xC2\xB4", "\xB5" => "\xC2\xB5", "\xB6" => "\xC2\xB6", "\xB7" => "\xC2\xB7", "\xB8" => "\xC2\xB8", "\xB9" => "\xC2\xB9", "\xBA" => "\xC2\xBA", "\xBB" => "\xC2\xBB", "\xBC" => "\xC2\xBC", "\xBD" => "\xC2\xBD", "\xBE" => "\xC2\xBE", "\xBF" => "\xC2\xBF", "\xC0" => "\xC3\x80", "\xC1" => "\xC3\x81", "\xC2" => "\xC3\x82", "\xC3" => "\xC3\x83", "\xC4" => "\xC3\x84", "\xC5" => "\xC3\x85", "\xC6" => "\xC3\x86", "\xC7" => "\xC3\x87", "\xC8" => "\xC3\x88", "\xC9" => "\xC3\x89", "\xCA" => "\xC3\x8A", "\xCB" => "\xC3\x8B", "\xCC" => "\xC3\x8C", "\xCD" => "\xC3\x8D", "\xCE" => "\xC3\x8E", "\xCF" => "\xC3\x8F", "\xD0" => "\xC3\x90", "\xD1" => "\xC3\x91", "\xD2" => "\xC3\x92", "\xD3" => "\xC3\x93", "\xD4" => "\xC3\x94", "\xD5" => "\xC3\x95", "\xD6" => "\xC3\x96", "\xD7" => "\xC3\x97", "\xD8" => "\xC3\x98", "\xD9" => "\xC3\x99", "\xDA" => "\xC3\x9A", "\xDB" => "\xC3\x9B", "\xDC" => "\xC3\x9C", "\xDD" => "\xC3\x9D", "\xDE" => "\xC3\x9E", "\xDF" => "\xC3\x9F", "\xE0" => "\xC3\xA0", "\xE1" => "\xC3\xA1", "\xE2" => "\xC3\xA2", "\xE3" => "\xC3\xA3", "\xE4" => "\xC3\xA4", "\xE5" => "\xC3\xA5", "\xE6" => "\xC3\xA6", "\xE7" => "\xC3\xA7", "\xE8" => "\xC3\xA8", "\xE9" => "\xC3\xA9", "\xEA" => "\xC3\xAA", "\xEB" => "\xC3\xAB", "\xEC" => "\xC3\xAC", "\xED" => "\xC3\xAD", "\xEE" => "\xC3\xAE", "\xEF" => "\xC3\xAF", "\xF0" => "\xC3\xB0", "\xF1" => "\xC3\xB1", "\xF2" => "\xC3\xB2", "\xF3" => "\xC3\xB3", "\xF4" => "\xC3\xB4", "\xF5" => "\xC3\xB5", "\xF6" => "\xC3\xB6", "\xF7" => "\xC3\xB7", "\xF8" => "\xC3\xB8", "\xF9" => "\xC3\xB9", "\xFA" => "\xC3\xBA", "\xFB" => "\xC3\xBB", "\xFC" => "\xC3\xBC", "\xFD" => "\xC3\xBD", "\xFE" => "\xC3\xBE", "\xFF" => "\xC3\xBF"]; return strtr($string, $convert_table); } /** * Change a string from one encoding to another * * @param string $data Raw data in $input encoding * @param string $input Encoding of $data * @param string $output Encoding you want * @return string|false False if we can't convert it */ public static function change_encoding(string $data, string $input, string $output) { $input = Misc::encoding($input); $output = Misc::encoding($output); // We fail to fail on non US-ASCII bytes if ($input === 'US-ASCII') { static $non_ascii_octets = ''; if (!$non_ascii_octets) { for ($i = 0x80; $i <= 0xFF; $i++) { $non_ascii_octets .= chr($i); } } $data = substr($data, 0, strcspn($data, $non_ascii_octets)); } // This is first, as behaviour of this is completely predictable if ($input === 'windows-1252' && $output === 'UTF-8') { return Misc::windows_1252_to_utf8($data); } // This is second, as behaviour of this varies only with PHP version (the middle part of this expression checks the encoding is supported). elseif (function_exists('mb_convert_encoding') && ($return = Misc::change_encoding_mbstring($data, $input, $output))) { return $return; } // This is third, as behaviour of this varies with OS userland and PHP version elseif (function_exists('iconv') && ($return = Misc::change_encoding_iconv($data, $input, $output))) { return $return; } // This is last, as behaviour of this varies with OS userland and PHP version elseif (class_exists('\UConverter') && ($return = Misc::change_encoding_uconverter($data, $input, $output))) { return $return; } // If we can't do anything, just fail return false; } /** * @return string|false */ protected static function change_encoding_mbstring(string $data, string $input, string $output) { if ($input === 'windows-949') { $input = 'EUC-KR'; } if ($output === 'windows-949') { $output = 'EUC-KR'; } if ($input === 'Windows-31J') { $input = 'SJIS'; } if ($output === 'Windows-31J') { $output = 'SJIS'; } // Check that the encoding is supported if (!in_array($input, mb_list_encodings())) { return false; } if (@mb_convert_encoding("\x80", 'UTF-16BE', $input) === "\x00\x80") { return false; } // Let's do some conversion if ($return = @mb_convert_encoding($data, $output, $input)) { return $return; } return false; } /** * @return string|false */ protected static function change_encoding_iconv(string $data, string $input, string $output) { return @iconv($input, $output, $data); } /** * @return string|false */ protected static function change_encoding_uconverter(string $data, string $input, string $output) { return @\UConverter::transcode($data, $output, $input); } /** * Normalize an encoding name * * This is automatically generated by create.php * * To generate it, run `php create.php` on the command line, and copy the * output to replace this function. * * @param string $charset Character set to standardise * @return string Standardised name */ public static function encoding(string $charset) { // Normalization from UTS #22 // Cast for PHPStan, the regex should not fail. switch (strtolower((string) preg_replace('/(?:[^a-zA-Z0-9]+|([^0-9])0+)/', '\1', $charset))) { case 'adobestandardencoding': case 'csadobestandardencoding': return 'Adobe-Standard-Encoding'; case 'adobesymbolencoding': case 'cshppsmath': return 'Adobe-Symbol-Encoding'; case 'ami1251': case 'amiga1251': return 'Amiga-1251'; case 'ansix31101983': case 'csat5001983': case 'csiso99naplps': case 'isoir99': case 'naplps': return 'ANSI_X3.110-1983'; case 'arabic7': case 'asmo449': case 'csiso89asmo449': case 'iso9036': case 'isoir89': return 'ASMO_449'; case 'big5': case 'csbig5': return 'Big5'; case 'big5hkscs': return 'Big5-HKSCS'; case 'bocu1': case 'csbocu1': return 'BOCU-1'; case 'brf': case 'csbrf': return 'BRF'; case 'bs4730': case 'csiso4unitedkingdom': case 'gb': case 'iso646gb': case 'isoir4': case 'uk': return 'BS_4730'; case 'bsviewdata': case 'csiso47bsviewdata': case 'isoir47': return 'BS_viewdata'; case 'cesu8': case 'cscesu8': return 'CESU-8'; case 'ca': case 'csa71': case 'csaz243419851': case 'csiso121canadian1': case 'iso646ca': case 'isoir121': return 'CSA_Z243.4-1985-1'; case 'csa72': case 'csaz243419852': case 'csiso122canadian2': case 'iso646ca2': case 'isoir122': return 'CSA_Z243.4-1985-2'; case 'csaz24341985gr': case 'csiso123csaz24341985gr': case 'isoir123': return 'CSA_Z243.4-1985-gr'; case 'csiso139csn369103': case 'csn369103': case 'isoir139': return 'CSN_369103'; case 'csdecmcs': case 'dec': case 'decmcs': return 'DEC-MCS'; case 'csiso21german': case 'de': case 'din66003': case 'iso646de': case 'isoir21': return 'DIN_66003'; case 'csdkus': case 'dkus': return 'dk-us'; case 'csiso646danish': case 'dk': case 'ds2089': case 'iso646dk': return 'DS_2089'; case 'csibmebcdicatde': case 'ebcdicatde': return 'EBCDIC-AT-DE'; case 'csebcdicatdea': case 'ebcdicatdea': return 'EBCDIC-AT-DE-A'; case 'csebcdiccafr': case 'ebcdiccafr': return 'EBCDIC-CA-FR'; case 'csebcdicdkno': case 'ebcdicdkno': return 'EBCDIC-DK-NO'; case 'csebcdicdknoa': case 'ebcdicdknoa': return 'EBCDIC-DK-NO-A'; case 'csebcdices': case 'ebcdices': return 'EBCDIC-ES'; case 'csebcdicesa': case 'ebcdicesa': return 'EBCDIC-ES-A'; case 'csebcdicess': case 'ebcdicess': return 'EBCDIC-ES-S'; case 'csebcdicfise': case 'ebcdicfise': return 'EBCDIC-FI-SE'; case 'csebcdicfisea': case 'ebcdicfisea': return 'EBCDIC-FI-SE-A'; case 'csebcdicfr': case 'ebcdicfr': return 'EBCDIC-FR'; case 'csebcdicit': case 'ebcdicit': return 'EBCDIC-IT'; case 'csebcdicpt': case 'ebcdicpt': return 'EBCDIC-PT'; case 'csebcdicuk': case 'ebcdicuk': return 'EBCDIC-UK'; case 'csebcdicus': case 'ebcdicus': return 'EBCDIC-US'; case 'csiso111ecmacyrillic': case 'ecmacyrillic': case 'isoir111': case 'koi8e': return 'ECMA-cyrillic'; case 'csiso17spanish': case 'es': case 'iso646es': case 'isoir17': return 'ES'; case 'csiso85spanish2': case 'es2': case 'iso646es2': case 'isoir85': return 'ES2'; case 'cseucpkdfmtjapanese': case 'eucjp': case 'extendedunixcodepackedformatforjapanese': return 'EUC-JP'; case 'cseucfixwidjapanese': case 'extendedunixcodefixedwidthforjapanese': return 'Extended_UNIX_Code_Fixed_Width_for_Japanese'; case 'gb18030': return 'GB18030'; case 'chinese': case 'cp936': case 'csgb2312': case 'csiso58gb231280': case 'gb2312': case 'gb231280': case 'gbk': case 'isoir58': case 'ms936': case 'windows936': return 'GBK'; case 'cn': case 'csiso57gb1988': case 'gb198880': case 'iso646cn': case 'isoir57': return 'GB_1988-80'; case 'csiso153gost1976874': case 'gost1976874': case 'isoir153': case 'stsev35888': return 'GOST_19768-74'; case 'csiso150': case 'csiso150greekccitt': case 'greekccitt': case 'isoir150': return 'greek-ccitt'; case 'csiso88greek7': case 'greek7': case 'isoir88': return 'greek7'; case 'csiso18greek7old': case 'greek7old': case 'isoir18': return 'greek7-old'; case 'cshpdesktop': case 'hpdesktop': return 'HP-DeskTop'; case 'cshplegal': case 'hplegal': return 'HP-Legal'; case 'cshpmath8': case 'hpmath8': return 'HP-Math8'; case 'cshppifont': case 'hppifont': return 'HP-Pi-font'; case 'cshproman8': case 'hproman8': case 'r8': case 'roman8': return 'hp-roman8'; case 'hzgb2312': return 'HZ-GB-2312'; case 'csibmsymbols': case 'ibmsymbols': return 'IBM-Symbols'; case 'csibmthai': case 'ibmthai': return 'IBM-Thai'; case 'cp37': case 'csibm37': case 'ebcdiccpca': case 'ebcdiccpnl': case 'ebcdiccpus': case 'ebcdiccpwt': case 'ibm37': return 'IBM037'; case 'cp38': case 'csibm38': case 'ebcdicint': case 'ibm38': return 'IBM038'; case 'cp273': case 'csibm273': case 'ibm273': return 'IBM273'; case 'cp274': case 'csibm274': case 'ebcdicbe': case 'ibm274': return 'IBM274'; case 'cp275': case 'csibm275': case 'ebcdicbr': case 'ibm275': return 'IBM275'; case 'csibm277': case 'ebcdiccpdk': case 'ebcdiccpno': case 'ibm277': return 'IBM277'; case 'cp278': case 'csibm278': case 'ebcdiccpfi': case 'ebcdiccpse': case 'ibm278': return 'IBM278'; case 'cp280': case 'csibm280': case 'ebcdiccpit': case 'ibm280': return 'IBM280'; case 'cp281': case 'csibm281': case 'ebcdicjpe': case 'ibm281': return 'IBM281'; case 'cp284': case 'csibm284': case 'ebcdiccpes': case 'ibm284': return 'IBM284'; case 'cp285': case 'csibm285': case 'ebcdiccpgb': case 'ibm285': return 'IBM285'; case 'cp290': case 'csibm290': case 'ebcdicjpkana': case 'ibm290': return 'IBM290'; case 'cp297': case 'csibm297': case 'ebcdiccpfr': case 'ibm297': return 'IBM297'; case 'cp420': case 'csibm420': case 'ebcdiccpar1': case 'ibm420': return 'IBM420'; case 'cp423': case 'csibm423': case 'ebcdiccpgr': case 'ibm423': return 'IBM423'; case 'cp424': case 'csibm424': case 'ebcdiccphe': case 'ibm424': return 'IBM424'; case '437': case 'cp437': case 'cspc8codepage437': case 'ibm437': return 'IBM437'; case 'cp500': case 'csibm500': case 'ebcdiccpbe': case 'ebcdiccpch': case 'ibm500': return 'IBM500'; case 'cp775': case 'cspc775baltic': case 'ibm775': return 'IBM775'; case '850': case 'cp850': case 'cspc850multilingual': case 'ibm850': return 'IBM850'; case '851': case 'cp851': case 'csibm851': case 'ibm851': return 'IBM851'; case '852': case 'cp852': case 'cspcp852': case 'ibm852': return 'IBM852'; case '855': case 'cp855': case 'csibm855': case 'ibm855': return 'IBM855'; case '857': case 'cp857': case 'csibm857': case 'ibm857': return 'IBM857'; case 'ccsid858': case 'cp858': case 'ibm858': case 'pcmultilingual850euro': return 'IBM00858'; case '860': case 'cp860': case 'csibm860': case 'ibm860': return 'IBM860'; case '861': case 'cp861': case 'cpis': case 'csibm861': case 'ibm861': return 'IBM861'; case '862': case 'cp862': case 'cspc862latinhebrew': case 'ibm862': return 'IBM862'; case '863': case 'cp863': case 'csibm863': case 'ibm863': return 'IBM863'; case 'cp864': case 'csibm864': case 'ibm864': return 'IBM864'; case '865': case 'cp865': case 'csibm865': case 'ibm865': return 'IBM865'; case '866': case 'cp866': case 'csibm866': case 'ibm866': return 'IBM866'; case 'cp868': case 'cpar': case 'csibm868': case 'ibm868': return 'IBM868'; case '869': case 'cp869': case 'cpgr': case 'csibm869': case 'ibm869': return 'IBM869'; case 'cp870': case 'csibm870': case 'ebcdiccproece': case 'ebcdiccpyu': case 'ibm870': return 'IBM870'; case 'cp871': case 'csibm871': case 'ebcdiccpis': case 'ibm871': return 'IBM871'; case 'cp880': case 'csibm880': case 'ebcdiccyrillic': case 'ibm880': return 'IBM880'; case 'cp891': case 'csibm891': case 'ibm891': return 'IBM891'; case 'cp903': case 'csibm903': case 'ibm903': return 'IBM903'; case '904': case 'cp904': case 'csibbm904': case 'ibm904': return 'IBM904'; case 'cp905': case 'csibm905': case 'ebcdiccptr': case 'ibm905': return 'IBM905'; case 'cp918': case 'csibm918': case 'ebcdiccpar2': case 'ibm918': return 'IBM918'; case 'ccsid924': case 'cp924': case 'ebcdiclatin9euro': case 'ibm924': return 'IBM00924'; case 'cp1026': case 'csibm1026': case 'ibm1026': return 'IBM1026'; case 'ibm1047': return 'IBM1047'; case 'ccsid1140': case 'cp1140': case 'ebcdicus37euro': case 'ibm1140': return 'IBM01140'; case 'ccsid1141': case 'cp1141': case 'ebcdicde273euro': case 'ibm1141': return 'IBM01141'; case 'ccsid1142': case 'cp1142': case 'ebcdicdk277euro': case 'ebcdicno277euro': case 'ibm1142': return 'IBM01142'; case 'ccsid1143': case 'cp1143': case 'ebcdicfi278euro': case 'ebcdicse278euro': case 'ibm1143': return 'IBM01143'; case 'ccsid1144': case 'cp1144': case 'ebcdicit280euro': case 'ibm1144': return 'IBM01144'; case 'ccsid1145': case 'cp1145': case 'ebcdices284euro': case 'ibm1145': return 'IBM01145'; case 'ccsid1146': case 'cp1146': case 'ebcdicgb285euro': case 'ibm1146': return 'IBM01146'; case 'ccsid1147': case 'cp1147': case 'ebcdicfr297euro': case 'ibm1147': return 'IBM01147'; case 'ccsid1148': case 'cp1148': case 'ebcdicinternational500euro': case 'ibm1148': return 'IBM01148'; case 'ccsid1149': case 'cp1149': case 'ebcdicis871euro': case 'ibm1149': return 'IBM01149'; case 'csiso143iecp271': case 'iecp271': case 'isoir143': return 'IEC_P27-1'; case 'csiso49inis': case 'inis': case 'isoir49': return 'INIS'; case 'csiso50inis8': case 'inis8': case 'isoir50': return 'INIS-8'; case 'csiso51iniscyrillic': case 'iniscyrillic': case 'isoir51': return 'INIS-cyrillic'; case 'csinvariant': case 'invariant': return 'INVARIANT'; case 'iso2022cn': return 'ISO-2022-CN'; case 'iso2022cnext': return 'ISO-2022-CN-EXT'; case 'csiso2022jp': case 'iso2022jp': return 'ISO-2022-JP'; case 'csiso2022jp2': case 'iso2022jp2': return 'ISO-2022-JP-2'; case 'csiso2022kr': case 'iso2022kr': return 'ISO-2022-KR'; case 'cswindows30latin1': case 'iso88591windows30latin1': return 'ISO-8859-1-Windows-3.0-Latin-1'; case 'cswindows31latin1': case 'iso88591windows31latin1': return 'ISO-8859-1-Windows-3.1-Latin-1'; case 'csisolatin2': case 'iso88592': case 'iso885921987': case 'isoir101': case 'l2': case 'latin2': return 'ISO-8859-2'; case 'cswindows31latin2': case 'iso88592windowslatin2': return 'ISO-8859-2-Windows-Latin-2'; case 'csisolatin3': case 'iso88593': case 'iso885931988': case 'isoir109': case 'l3': case 'latin3': return 'ISO-8859-3'; case 'csisolatin4': case 'iso88594': case 'iso885941988': case 'isoir110': case 'l4': case 'latin4': return 'ISO-8859-4'; case 'csisolatincyrillic': case 'cyrillic': case 'iso88595': case 'iso885951988': case 'isoir144': return 'ISO-8859-5'; case 'arabic': case 'asmo708': case 'csisolatinarabic': case 'ecma114': case 'iso88596': case 'iso885961987': case 'isoir127': return 'ISO-8859-6'; case 'csiso88596e': case 'iso88596e': return 'ISO-8859-6-E'; case 'csiso88596i': case 'iso88596i': return 'ISO-8859-6-I'; case 'csisolatingreek': case 'ecma118': case 'elot928': case 'greek': case 'greek8': case 'iso88597': case 'iso885971987': case 'isoir126': return 'ISO-8859-7'; case 'csisolatinhebrew': case 'hebrew': case 'iso88598': case 'iso885981988': case 'isoir138': return 'ISO-8859-8'; case 'csiso88598e': case 'iso88598e': return 'ISO-8859-8-E'; case 'csiso88598i': case 'iso88598i': return 'ISO-8859-8-I'; case 'cswindows31latin5': case 'iso88599windowslatin5': return 'ISO-8859-9-Windows-Latin-5'; case 'csisolatin6': case 'iso885910': case 'iso8859101992': case 'isoir157': case 'l6': case 'latin6': return 'ISO-8859-10'; case 'iso885913': return 'ISO-8859-13'; case 'iso885914': case 'iso8859141998': case 'isoceltic': case 'isoir199': case 'l8': case 'latin8': return 'ISO-8859-14'; case 'iso885915': case 'latin9': return 'ISO-8859-15'; case 'iso885916': case 'iso8859162001': case 'isoir226': case 'l10': case 'latin10': return 'ISO-8859-16'; case 'iso10646j1': return 'ISO-10646-J-1'; case 'csunicode': case 'iso10646ucs2': return 'ISO-10646-UCS-2'; case 'csucs4': case 'iso10646ucs4': return 'ISO-10646-UCS-4'; case 'csunicodeascii': case 'iso10646ucsbasic': return 'ISO-10646-UCS-Basic'; case 'csunicodelatin1': case 'iso10646': case 'iso10646unicodelatin1': return 'ISO-10646-Unicode-Latin1'; case 'csiso10646utf1': case 'iso10646utf1': return 'ISO-10646-UTF-1'; case 'csiso115481': case 'iso115481': case 'isotr115481': return 'ISO-11548-1'; case 'csiso90': case 'isoir90': return 'iso-ir-90'; case 'csunicodeibm1261': case 'isounicodeibm1261': return 'ISO-Unicode-IBM-1261'; case 'csunicodeibm1264': case 'isounicodeibm1264': return 'ISO-Unicode-IBM-1264'; case 'csunicodeibm1265': case 'isounicodeibm1265': return 'ISO-Unicode-IBM-1265'; case 'csunicodeibm1268': case 'isounicodeibm1268': return 'ISO-Unicode-IBM-1268'; case 'csunicodeibm1276': case 'isounicodeibm1276': return 'ISO-Unicode-IBM-1276'; case 'csiso646basic1983': case 'iso646basic1983': case 'ref': return 'ISO_646.basic:1983'; case 'csiso2intlrefversion': case 'irv': case 'iso646irv1983': case 'isoir2': return 'ISO_646.irv:1983'; case 'csiso2033': case 'e13b': case 'iso20331983': case 'isoir98': return 'ISO_2033-1983'; case 'csiso5427cyrillic': case 'iso5427': case 'isoir37': return 'ISO_5427'; case 'iso5427cyrillic1981': case 'iso54271981': case 'isoir54': return 'ISO_5427:1981'; case 'csiso5428greek': case 'iso54281980': case 'isoir55': return 'ISO_5428:1980'; case 'csiso6937add': case 'iso6937225': case 'isoir152': return 'ISO_6937-2-25'; case 'csisotextcomm': case 'iso69372add': case 'isoir142': return 'ISO_6937-2-add'; case 'csiso8859supp': case 'iso8859supp': case 'isoir154': case 'latin125': return 'ISO_8859-supp'; case 'csiso10367box': case 'iso10367box': case 'isoir155': return 'ISO_10367-box'; case 'csiso15italian': case 'iso646it': case 'isoir15': case 'it': return 'IT'; case 'csiso13jisc6220jp': case 'isoir13': case 'jisc62201969': case 'jisc62201969jp': case 'katakana': case 'x2017': return 'JIS_C6220-1969-jp'; case 'csiso14jisc6220ro': case 'iso646jp': case 'isoir14': case 'jisc62201969ro': case 'jp': return 'JIS_C6220-1969-ro'; case 'csiso42jisc62261978': case 'isoir42': case 'jisc62261978': return 'JIS_C6226-1978'; case 'csiso87jisx208': case 'isoir87': case 'jisc62261983': case 'jisx2081983': case 'x208': return 'JIS_C6226-1983'; case 'csiso91jisc62291984a': case 'isoir91': case 'jisc62291984a': case 'jpocra': return 'JIS_C6229-1984-a'; case 'csiso92jisc62991984b': case 'iso646jpocrb': case 'isoir92': case 'jisc62291984b': case 'jpocrb': return 'JIS_C6229-1984-b'; case 'csiso93jis62291984badd': case 'isoir93': case 'jisc62291984badd': case 'jpocrbadd': return 'JIS_C6229-1984-b-add'; case 'csiso94jis62291984hand': case 'isoir94': case 'jisc62291984hand': case 'jpocrhand': return 'JIS_C6229-1984-hand'; case 'csiso95jis62291984handadd': case 'isoir95': case 'jisc62291984handadd': case 'jpocrhandadd': return 'JIS_C6229-1984-hand-add'; case 'csiso96jisc62291984kana': case 'isoir96': case 'jisc62291984kana': return 'JIS_C6229-1984-kana'; case 'csjisencoding': case 'jisencoding': return 'JIS_Encoding'; case 'cshalfwidthkatakana': case 'jisx201': case 'x201': return 'JIS_X0201'; case 'csiso159jisx2121990': case 'isoir159': case 'jisx2121990': case 'x212': return 'JIS_X0212-1990'; case 'csiso141jusib1002': case 'iso646yu': case 'isoir141': case 'js': case 'jusib1002': case 'yu': return 'JUS_I.B1.002'; case 'csiso147macedonian': case 'isoir147': case 'jusib1003mac': case 'macedonian': return 'JUS_I.B1.003-mac'; case 'csiso146serbian': case 'isoir146': case 'jusib1003serb': case 'serbian': return 'JUS_I.B1.003-serb'; case 'koi7switched': return 'KOI7-switched'; case 'cskoi8r': case 'koi8r': return 'KOI8-R'; case 'koi8u': return 'KOI8-U'; case 'csksc5636': case 'iso646kr': case 'ksc5636': return 'KSC5636'; case 'cskz1048': case 'kz1048': case 'rk1048': case 'strk10482002': return 'KZ-1048'; case 'csiso19latingreek': case 'isoir19': case 'latingreek': return 'latin-greek'; case 'csiso27latingreek1': case 'isoir27': case 'latingreek1': return 'Latin-greek-1'; case 'csiso158lap': case 'isoir158': case 'lap': case 'latinlap': return 'latin-lap'; case 'csmacintosh': case 'mac': case 'macintosh': return 'macintosh'; case 'csmicrosoftpublishing': case 'microsoftpublishing': return 'Microsoft-Publishing'; case 'csmnem': case 'mnem': return 'MNEM'; case 'csmnemonic': case 'mnemonic': return 'MNEMONIC'; case 'csiso86hungarian': case 'hu': case 'iso646hu': case 'isoir86': case 'msz77953': return 'MSZ_7795.3'; case 'csnatsdano': case 'isoir91': case 'natsdano': return 'NATS-DANO'; case 'csnatsdanoadd': case 'isoir92': case 'natsdanoadd': return 'NATS-DANO-ADD'; case 'csnatssefi': case 'isoir81': case 'natssefi': return 'NATS-SEFI'; case 'csnatssefiadd': case 'isoir82': case 'natssefiadd': return 'NATS-SEFI-ADD'; case 'csiso151cuba': case 'cuba': case 'iso646cu': case 'isoir151': case 'ncnc1081': return 'NC_NC00-10:81'; case 'csiso69french': case 'fr': case 'iso646fr': case 'isoir69': case 'nfz62010': return 'NF_Z_62-010'; case 'csiso25french': case 'iso646fr1': case 'isoir25': case 'nfz620101973': return 'NF_Z_62-010_(1973)'; case 'csiso60danishnorwegian': case 'csiso60norwegian1': case 'iso646no': case 'isoir60': case 'no': case 'ns45511': return 'NS_4551-1'; case 'csiso61norwegian2': case 'iso646no2': case 'isoir61': case 'no2': case 'ns45512': return 'NS_4551-2'; case 'osdebcdicdf3irv': return 'OSD_EBCDIC_DF03_IRV'; case 'osdebcdicdf41': return 'OSD_EBCDIC_DF04_1'; case 'osdebcdicdf415': return 'OSD_EBCDIC_DF04_15'; case 'cspc8danishnorwegian': case 'pc8danishnorwegian': return 'PC8-Danish-Norwegian'; case 'cspc8turkish': case 'pc8turkish': return 'PC8-Turkish'; case 'csiso16portuguese': case 'iso646pt': case 'isoir16': case 'pt': return 'PT'; case 'csiso84portuguese2': case 'iso646pt2': case 'isoir84': case 'pt2': return 'PT2'; case 'cp154': case 'csptcp154': case 'cyrillicasian': case 'pt154': case 'ptcp154': return 'PTCP154'; case 'scsu': return 'SCSU'; case 'csiso10swedish': case 'fi': case 'iso646fi': case 'iso646se': case 'isoir10': case 'se': case 'sen850200b': return 'SEN_850200_B'; case 'csiso11swedishfornames': case 'iso646se2': case 'isoir11': case 'se2': case 'sen850200c': return 'SEN_850200_C'; case 'csiso102t617bit': case 'isoir102': case 't617bit': return 'T.61-7bit'; case 'csiso103t618bit': case 'isoir103': case 't61': case 't618bit': return 'T.61-8bit'; case 'csiso128t101g2': case 'isoir128': case 't101g2': return 'T.101-G2'; case 'cstscii': case 'tscii': return 'TSCII'; case 'csunicode11': case 'unicode11': return 'UNICODE-1-1'; case 'csunicode11utf7': case 'unicode11utf7': return 'UNICODE-1-1-UTF-7'; case 'csunknown8bit': case 'unknown8bit': return 'UNKNOWN-8BIT'; case 'ansix341968': case 'ansix341986': case 'ascii': case 'cp367': case 'csascii': case 'ibm367': case 'iso646irv1991': case 'iso646us': case 'isoir6': case 'us': case 'usascii': return 'US-ASCII'; case 'csusdk': case 'usdk': return 'us-dk'; case 'utf7': return 'UTF-7'; case 'utf8': return 'UTF-8'; case 'utf16': return 'UTF-16'; case 'utf16be': return 'UTF-16BE'; case 'utf16le': return 'UTF-16LE'; case 'utf32': return 'UTF-32'; case 'utf32be': return 'UTF-32BE'; case 'utf32le': return 'UTF-32LE'; case 'csventurainternational': case 'venturainternational': return 'Ventura-International'; case 'csventuramath': case 'venturamath': return 'Ventura-Math'; case 'csventuraus': case 'venturaus': return 'Ventura-US'; case 'csiso70videotexsupp1': case 'isoir70': case 'videotexsuppl': return 'videotex-suppl'; case 'csviqr': case 'viqr': return 'VIQR'; case 'csviscii': case 'viscii': return 'VISCII'; case 'csshiftjis': case 'cswindows31j': case 'mskanji': case 'shiftjis': case 'windows31j': return 'Windows-31J'; case 'iso885911': case 'tis620': return 'windows-874'; case 'cseuckr': case 'csksc56011987': case 'euckr': case 'isoir149': case 'korean': case 'ksc5601': case 'ksc56011987': case 'ksc56011989': case 'windows949': return 'windows-949'; case 'windows1250': return 'windows-1250'; case 'windows1251': return 'windows-1251'; case 'cp819': case 'csisolatin1': case 'ibm819': case 'iso88591': case 'iso885911987': case 'isoir100': case 'l1': case 'latin1': case 'windows1252': return 'windows-1252'; case 'windows1253': return 'windows-1253'; case 'csisolatin5': case 'iso88599': case 'iso885991989': case 'isoir148': case 'l5': case 'latin5': case 'windows1254': return 'windows-1254'; case 'windows1255': return 'windows-1255'; case 'windows1256': return 'windows-1256'; case 'windows1257': return 'windows-1257'; case 'windows1258': return 'windows-1258'; default: return $charset; } } /** * @return string */ public static function get_curl_version() { if (is_array($curl = curl_version())) { $curl = $curl['version']; } else { $curl = '0'; } return $curl; } /** * Strip HTML comments * * @deprecated since SimplePie 1.9.0. If you need it, you can copy the function to your codebase. But you should consider using `DOMDocument` for any DOM wrangling. * @param string $data Data to strip comments from * @return string Comment stripped string */ public static function strip_comments(string $data) { // trigger_error(sprintf('Using method "' . __METHOD__ . '" is deprecated since SimplePie 1.9.'), \E_USER_DEPRECATED); $output = ''; while (($start = strpos($data, '<!--')) !== false) { $output .= substr($data, 0, $start); if (($end = strpos($data, '-->', $start)) !== false) { $data = substr_replace($data, '', 0, $end + 3); } else { $data = ''; } } return $output . $data; } /** * @return int|false */ public static function parse_date(string $dt) { $parser = \SimplePie\Parse\Date::get(); return $parser->parse($dt); } /** * Decode HTML entities * * @deprecated since SimplePie 1.3, use DOMDocument instead * @param string $data Input data * @return string Output data */ public static function entities_decode(string $data) { // trigger_error(sprintf('Using method "' . __METHOD__ . '" is deprecated since SimplePie 1.3, use "DOMDocument" instead.'), \E_USER_DEPRECATED); $decoder = new \SimplePie_Decode_HTML_Entities($data); return $decoder->parse(); } /** * Remove RFC822 comments * * @deprecated since SimplePie 1.9.0. If you need it, consider copying the function to your codebase. * @param string $string Data to strip comments from * @return string Comment stripped string */ public static function uncomment_rfc822(string $string) { // trigger_error(sprintf('Using method "' . __METHOD__ . '" is deprecated since SimplePie 1.9.'), \E_USER_DEPRECATED); $position = 0; $length = strlen($string); $depth = 0; $output = ''; while ($position < $length && ($pos = strpos($string, '(', $position)) !== false) { $output .= substr($string, $position, $pos - $position); $position = $pos + 1; if ($string[$pos - 1] !== '\\') { $depth++; while ($depth && $position < $length) { $position += strcspn($string, '()', $position); if ($string[$position - 1] === '\\') { $position++; continue; } elseif (isset($string[$position])) { switch ($string[$position]) { case '(': $depth++; break; case ')': $depth--; break; } $position++; } else { break; } } } else { $output .= '('; } } $output .= substr($string, $position); return $output; } /** * @return string */ public static function parse_mime(string $mime) { if (($pos = strpos($mime, ';')) === false) { return trim($mime); } return trim(substr($mime, 0, $pos)); } /** * @param array<string, array<string, string>> $attribs * @return int-mask-of<SimplePie::CONSTRUCT_*> */ public static function atom_03_construct_type(array $attribs) { if (isset($attribs['']['mode']) && strtolower(trim($attribs['']['mode'])) === 'base64') { $mode = \SimplePie\SimplePie::CONSTRUCT_BASE64; } else { $mode = \SimplePie\SimplePie::CONSTRUCT_NONE; } if (isset($attribs['']['type'])) { switch (strtolower(trim($attribs['']['type']))) { case 'text': case 'text/plain': return \SimplePie\SimplePie::CONSTRUCT_TEXT | $mode; case 'html': case 'text/html': return \SimplePie\SimplePie::CONSTRUCT_HTML | $mode; case 'xhtml': case 'application/xhtml+xml': return \SimplePie\SimplePie::CONSTRUCT_XHTML | $mode; default: return \SimplePie\SimplePie::CONSTRUCT_NONE | $mode; } } return \SimplePie\SimplePie::CONSTRUCT_TEXT | $mode; } /** * @param array<string, array<string, string>> $attribs * @return int-mask-of<SimplePie::CONSTRUCT_*> */ public static function atom_10_construct_type(array $attribs) { if (isset($attribs['']['type'])) { switch (strtolower(trim($attribs['']['type']))) { case 'text': return \SimplePie\SimplePie::CONSTRUCT_TEXT; case 'html': return \SimplePie\SimplePie::CONSTRUCT_HTML; case 'xhtml': return \SimplePie\SimplePie::CONSTRUCT_XHTML; default: return \SimplePie\SimplePie::CONSTRUCT_NONE; } } return \SimplePie\SimplePie::CONSTRUCT_TEXT; } /** * @param array<string, array<string, string>> $attribs * @return int-mask-of<SimplePie::CONSTRUCT_*> */ public static function atom_10_content_construct_type(array $attribs) { if (isset($attribs['']['type'])) { $type = strtolower(trim($attribs['']['type'])); switch ($type) { case 'text': return \SimplePie\SimplePie::CONSTRUCT_TEXT; case 'html': return \SimplePie\SimplePie::CONSTRUCT_HTML; case 'xhtml': return \SimplePie\SimplePie::CONSTRUCT_XHTML; } if (in_array(substr($type, -4), ['+xml', '/xml']) || substr($type, 0, 5) === 'text/') { return \SimplePie\SimplePie::CONSTRUCT_NONE; } else { return \SimplePie\SimplePie::CONSTRUCT_BASE64; } } return \SimplePie\SimplePie::CONSTRUCT_TEXT; } /** * @return bool */ public static function is_isegment_nz_nc(string $string) { return (bool) preg_match('/^([A-Za-z0-9\-._~\x{A0}-\x{D7FF}\x{F900}-\x{FDCF}\x{FDF0}-\x{FFEF}\x{10000}-\x{1FFFD}\x{20000}-\x{2FFFD}\x{30000}-\x{3FFFD}\x{40000}-\x{4FFFD}\x{50000}-\x{5FFFD}\x{60000}-\x{6FFFD}\x{70000}-\x{7FFFD}\x{80000}-\x{8FFFD}\x{90000}-\x{9FFFD}\x{A0000}-\x{AFFFD}\x{B0000}-\x{BFFFD}\x{C0000}-\x{CFFFD}\x{D0000}-\x{DFFFD}\x{E1000}-\x{EFFFD}!$&\'()*+,;=@]|(%[0-9ABCDEF]{2}))+$/u', $string); } /** * @return string[] */ public static function space_separated_tokens(string $string) { $space_characters = "\x20\x09\x0A\x0B\x0C\x0D"; $string_length = strlen($string); $position = strspn($string, $space_characters); $tokens = []; while ($position < $string_length) { $len = strcspn($string, $space_characters, $position); $tokens[] = substr($string, $position, $len); $position += $len; $position += strspn($string, $space_characters, $position); } return $tokens; } /** * Converts a unicode codepoint to a UTF-8 character * * @static * @param int $codepoint Unicode codepoint * @return string|false UTF-8 character */ public static function codepoint_to_utf8(int $codepoint) { if ($codepoint < 0) { return false; } elseif ($codepoint <= 0x7f) { return chr($codepoint); } elseif ($codepoint <= 0x7ff) { return chr(0xc0 | ($codepoint >> 6)) . chr(0x80 | ($codepoint & 0x3f)); } elseif ($codepoint <= 0xffff) { return chr(0xe0 | ($codepoint >> 12)) . chr(0x80 | (($codepoint >> 6) & 0x3f)) . chr(0x80 | ($codepoint & 0x3f)); } elseif ($codepoint <= 0x10ffff) { return chr(0xf0 | ($codepoint >> 18)) . chr(0x80 | (($codepoint >> 12) & 0x3f)) . chr(0x80 | (($codepoint >> 6) & 0x3f)) . chr(0x80 | ($codepoint & 0x3f)); } // U+FFFD REPLACEMENT CHARACTER return "\xEF\xBF\xBD"; } /** * Similar to parse_str() * * Returns an associative array of name/value pairs, where the value is an * array of values that have used the same name * * @deprecated since SimplePie 1.9.0. If you need it, consider copying the function to your codebase. * @static * @param string $str The input string. * @return array<string, array<string|null>> */ public static function parse_str(string $str) { // trigger_error(sprintf('Using method "' . __METHOD__ . '" is deprecated since SimplePie 1.9.'), \E_USER_DEPRECATED); $return = []; $str = explode('&', $str); foreach ($str as $section) { if (strpos($section, '=') !== false) { [$name, $value] = explode('=', $section, 2); $return[urldecode($name)][] = urldecode($value); } else { $return[urldecode($section)][] = null; } } return $return; } /** * Detect XML encoding, as per XML 1.0 Appendix F.1 * * @todo Add support for EBCDIC * @param string $data XML data * @param \SimplePie\Registry $registry Class registry * @return array<string> Possible encodings */ public static function xml_encoding(string $data, \SimplePie\Registry $registry) { // UTF-32 Big Endian BOM if (substr($data, 0, 4) === "\x00\x00\xFE\xFF") { $encoding[] = 'UTF-32BE'; } // UTF-32 Little Endian BOM elseif (substr($data, 0, 4) === "\xFF\xFE\x00\x00") { $encoding[] = 'UTF-32LE'; } // UTF-16 Big Endian BOM elseif (substr($data, 0, 2) === "\xFE\xFF") { $encoding[] = 'UTF-16BE'; } // UTF-16 Little Endian BOM elseif (substr($data, 0, 2) === "\xFF\xFE") { $encoding[] = 'UTF-16LE'; } // UTF-8 BOM elseif (substr($data, 0, 3) === "\xEF\xBB\xBF") { $encoding[] = 'UTF-8'; } // UTF-32 Big Endian Without BOM elseif (substr($data, 0, 20) === "\x00\x00\x00\x3C\x00\x00\x00\x3F\x00\x00\x00\x78\x00\x00\x00\x6D\x00\x00\x00\x6C") { if ($pos = strpos($data, "\x00\x00\x00\x3F\x00\x00\x00\x3E")) { $parser = $registry->create(Parser::class, [Misc::change_encoding(substr($data, 20, $pos - 20), 'UTF-32BE', 'UTF-8')]); if ($parser->parse()) { $encoding[] = $parser->encoding; } } $encoding[] = 'UTF-32BE'; } // UTF-32 Little Endian Without BOM elseif (substr($data, 0, 20) === "\x3C\x00\x00\x00\x3F\x00\x00\x00\x78\x00\x00\x00\x6D\x00\x00\x00\x6C\x00\x00\x00") { if ($pos = strpos($data, "\x3F\x00\x00\x00\x3E\x00\x00\x00")) { $parser = $registry->create(Parser::class, [Misc::change_encoding(substr($data, 20, $pos - 20), 'UTF-32LE', 'UTF-8')]); if ($parser->parse()) { $encoding[] = $parser->encoding; } } $encoding[] = 'UTF-32LE'; } // UTF-16 Big Endian Without BOM elseif (substr($data, 0, 10) === "\x00\x3C\x00\x3F\x00\x78\x00\x6D\x00\x6C") { if ($pos = strpos($data, "\x00\x3F\x00\x3E")) { $parser = $registry->create(Parser::class, [Misc::change_encoding(substr($data, 20, $pos - 10), 'UTF-16BE', 'UTF-8')]); if ($parser->parse()) { $encoding[] = $parser->encoding; } } $encoding[] = 'UTF-16BE'; } // UTF-16 Little Endian Without BOM elseif (substr($data, 0, 10) === "\x3C\x00\x3F\x00\x78\x00\x6D\x00\x6C\x00") { if ($pos = strpos($data, "\x3F\x00\x3E\x00")) { $parser = $registry->create(Parser::class, [Misc::change_encoding(substr($data, 20, $pos - 10), 'UTF-16LE', 'UTF-8')]); if ($parser->parse()) { $encoding[] = $parser->encoding; } } $encoding[] = 'UTF-16LE'; } // US-ASCII (or superset) elseif (substr($data, 0, 5) === "\x3C\x3F\x78\x6D\x6C") { if ($pos = strpos($data, "\x3F\x3E")) { $parser = $registry->create(Parser::class, [substr($data, 5, $pos - 5)]); if ($parser->parse()) { $encoding[] = $parser->encoding; } } $encoding[] = 'UTF-8'; } // Fallback to UTF-8 else { $encoding[] = 'UTF-8'; } return $encoding; } /** * @return void */ public static function output_javascript() { if (function_exists('ob_gzhandler')) { ob_start('ob_gzhandler'); } header('Content-type: text/javascript; charset: UTF-8'); header('Cache-Control: must-revalidate'); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 604800) . ' GMT'); // 7 days $body = <<<JS function embed_quicktime(type, bgcolor, width, height, link, placeholder, loop) { if (placeholder != '') { document.writeln('<embed type="'+type+'" style="cursor:hand; cursor:pointer;" href="'+link+'" src="'+placeholder+'" width="'+width+'" height="'+height+'" autoplay="false" target="myself" controller="false" loop="'+loop+'" scale="aspect" bgcolor="'+bgcolor+'" pluginspage="http://www.apple.com/quicktime/download/"></embed>'); } else { document.writeln('<embed type="'+type+'" style="cursor:hand; cursor:pointer;" src="'+link+'" width="'+width+'" height="'+height+'" autoplay="false" target="myself" controller="true" loop="'+loop+'" scale="aspect" bgcolor="'+bgcolor+'" pluginspage="http://www.apple.com/quicktime/download/"></embed>'); } } function embed_flash(bgcolor, width, height, link, loop, type) { document.writeln('<embed src="'+link+'" pluginspage="http://www.macromedia.com/go/getflashplayer" type="'+type+'" quality="high" width="'+width+'" height="'+height+'" bgcolor="'+bgcolor+'" loop="'+loop+'"></embed>'); } function embed_flv(width, height, link, placeholder, loop, player) { document.writeln('<embed src="'+player+'" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" quality="high" width="'+width+'" height="'+height+'" wmode="transparent" flashvars="file='+link+'&autostart=false&repeat='+loop+'&showdigits=true&showfsbutton=false"></embed>'); } function embed_wmedia(width, height, link) { document.writeln('<embed type="application/x-mplayer2" src="'+link+'" autosize="1" width="'+width+'" height="'+height+'" showcontrols="1" showstatusbar="0" showdisplay="0" autostart="0"></embed>'); } JS; echo $body; } /** * Get the SimplePie build timestamp * * Uses the git index if it exists, otherwise uses the modification time * of the newest file. * * @return int */ public static function get_build() { if (self::$SIMPLEPIE_BUILD !== null) { return self::$SIMPLEPIE_BUILD; } $root = dirname(__FILE__, 2); if (file_exists($root . '/.git/index')) { self::$SIMPLEPIE_BUILD = (int) filemtime($root . '/.git/index'); return self::$SIMPLEPIE_BUILD; } elseif (file_exists($root . '/src')) { $time = 0; foreach (glob($root . '/src/*.php') ?: [] as $file) { if (($mtime = filemtime($file)) > $time) { $time = $mtime; } } self::$SIMPLEPIE_BUILD = $time; return self::$SIMPLEPIE_BUILD; } self::$SIMPLEPIE_BUILD = (int) filemtime(__FILE__); return self::$SIMPLEPIE_BUILD; } /** * Get the default user agent string * * @return string */ public static function get_default_useragent() { return \SimplePie\SimplePie::NAME . '/' . \SimplePie\SimplePie::VERSION . ' (Feed Parser; ' . \SimplePie\SimplePie::URL . '; Allow like Gecko) Build/' . static::get_build(); } /** * Format debugging information * * @return string */ public static function debug(SimplePie &$sp) { $info = 'SimplePie ' . \SimplePie\SimplePie::VERSION . ' Build ' . static::get_build() . "\n"; $info .= 'PHP ' . PHP_VERSION . "\n"; if ($sp->error() !== null) { // TODO: Remove cast with multifeeds. $info .= 'Error occurred: ' . implode(', ', (array) $sp->error()) . "\n"; } else { $info .= "No error found.\n"; } $info .= "Extensions:\n"; $extensions = ['pcre', 'curl', 'zlib', 'mbstring', 'iconv', 'xmlreader', 'xml']; foreach ($extensions as $ext) { if (extension_loaded($ext)) { $info .= " $ext loaded\n"; switch ($ext) { case 'pcre': $info .= ' Version ' . PCRE_VERSION . "\n"; break; case 'curl': $version = (array) curl_version(); $info .= ' Version ' . $version['version'] . "\n"; break; case 'iconv': $info .= ' Version ' . ICONV_VERSION . "\n"; break; case 'xml': $info .= ' Version ' . LIBXML_DOTTED_VERSION . "\n"; break; } } else { $info .= " $ext not loaded\n"; } } return $info; } /** * @return bool */ public static function silence_errors(int $num, string $str) { // No-op return true; } /** * Sanitize a URL by removing HTTP credentials. * @param string $url the URL to sanitize. * @return string the same URL without HTTP credentials. */ public static function url_remove_credentials(string $url) { // Cast for PHPStan: I do not think this can fail. // The regex is valid and there should be no backtracking. // https://github.com/phpstan/phpstan/issues/11547 return (string) preg_replace('#^(https?://)[^/:@]+:[^/:@]+@#i', '$1', $url); } } class_alias('SimplePie\Misc', 'SimplePie_Misc', false); Restriction.php 0000666 00000004501 15226703613 0007573 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; /** * Handles `<media:restriction>` as defined in Media RSS * * Used by {@see \SimplePie\Enclosure::get_restriction()} and {@see \SimplePie\Enclosure::get_restrictions()} * * This class can be overloaded with {@see \SimplePie\SimplePie::set_restriction_class()} */ class Restriction { public const RELATIONSHIP_ALLOW = 'allow'; public const RELATIONSHIP_DENY = 'deny'; /** * Relationship ('allow'/'deny') * * @var self::RELATIONSHIP_*|null * @see get_relationship() */ public $relationship; /** * Type of restriction * * @var string|null * @see get_type() */ public $type; /** * Restricted values * * @var string|null * @see get_value() */ public $value; /** * Constructor, used to input the data * * For documentation on all the parameters, see the corresponding * properties and their accessors * * @param ?self::RELATIONSHIP_* $relationship */ public function __construct(?string $relationship = null, ?string $type = null, ?string $value = null) { $this->relationship = $relationship; $this->type = $type; $this->value = $value; } /** * String-ified version * * @return string */ public function __toString() { // There is no $this->data here return md5(serialize($this)); } /** * Get the relationship * * @return ?self::RELATIONSHIP_* */ public function get_relationship() { if ($this->relationship !== null) { return $this->relationship; } return null; } /** * Get the type * * @return string|null */ public function get_type() { if ($this->type !== null) { return $this->type; } return null; } /** * Get the list of restricted things * * @return string|null */ public function get_value() { if ($this->value !== null) { return $this->value; } return null; } } class_alias('SimplePie\Restriction', 'SimplePie_Restriction'); Sanitize.php 0000666 00000073221 15226703613 0007061 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; use DOMDocument; use DOMXPath; use InvalidArgumentException; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use Psr\Http\Message\UriFactoryInterface; use SimplePie\Cache\Base; use SimplePie\Cache\BaseDataCache; use SimplePie\Cache\CallableNameFilter; use SimplePie\Cache\DataCache; use SimplePie\Cache\NameFilter; use SimplePie\HTTP\Client; use SimplePie\HTTP\ClientException; use SimplePie\HTTP\FileClient; use SimplePie\HTTP\Psr18Client; /** * Used for data cleanup and post-processing * * * This class can be overloaded with {@see \SimplePie\SimplePie::set_sanitize_class()} * * @todo Move to using an actual HTML parser (this will allow tags to be properly stripped, and to switch between HTML and XHTML), this will also make it easier to shorten a string while preserving HTML tags */ class Sanitize implements RegistryAware { // Private vars /** @var string */ public $base = ''; // Options /** @var bool */ public $remove_div = true; /** @var string */ public $image_handler = ''; /** @var string[] */ public $strip_htmltags = ['base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'iframe', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'script', 'style']; /** @var bool */ public $encode_instead_of_strip = false; /** @var string[] */ public $strip_attributes = ['bgsound', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc']; /** @var string[] */ public $rename_attributes = []; /** @var array<string, array<string, string>> */ public $add_attributes = ['audio' => ['preload' => 'none'], 'iframe' => ['sandbox' => 'allow-scripts allow-same-origin'], 'video' => ['preload' => 'none']]; /** @var bool */ public $strip_comments = false; /** @var string */ public $output_encoding = 'UTF-8'; /** @var bool */ public $enable_cache = true; /** @var string */ public $cache_location = './cache'; /** @var string&(callable(string): string) */ public $cache_name_function = 'md5'; /** * @var NameFilter */ private $cache_namefilter; /** @var int */ public $timeout = 10; /** @var string */ public $useragent = ''; /** @var bool */ public $force_fsockopen = false; /** @var array<string, string|string[]> */ public $replace_url_attributes = []; /** * @var array<int, mixed> Custom curl options * @see SimplePie::set_curl_options() */ private $curl_options = []; /** @var Registry */ public $registry; /** * @var DataCache|null */ private $cache = null; /** * @var int Cache duration (in seconds) */ private $cache_duration = 3600; /** * List of domains for which to force HTTPS. * @see \SimplePie\Sanitize::set_https_domains() * Array is a tree split at DNS levels. Example: * array('biz' => true, 'com' => array('example' => true), 'net' => array('example' => array('www' => true))) * @var true|array<string, true|array<string, true|array<string, array<string, true|array<string, true|array<string, true>>>>>> */ public $https_domains = []; /** * @var Client|null */ private $http_client = null; public function __construct() { // Set defaults $this->set_url_replacements(null); } /** * @return void */ public function remove_div(bool $enable = true) { $this->remove_div = (bool) $enable; } /** * @param string|false $page * @return void */ public function set_image_handler($page = false) { if ($page) { $this->image_handler = (string) $page; } else { $this->image_handler = ''; } } /** * @return void */ public function set_registry(\SimplePie\Registry $registry) { $this->registry = $registry; } /** * @param (string&(callable(string): string))|NameFilter $cache_name_function * @param class-string<Cache> $cache_class * @return void */ public function pass_cache_data(bool $enable_cache = true, string $cache_location = './cache', $cache_name_function = 'md5', string $cache_class = Cache::class, ?DataCache $cache = null) { $this->enable_cache = $enable_cache; if ($cache_location) { $this->cache_location = $cache_location; } // @phpstan-ignore-next-line Enforce PHPDoc type. if (!is_string($cache_name_function) && !$cache_name_function instanceof NameFilter) { throw new InvalidArgumentException(sprintf( '%s(): Argument #3 ($cache_name_function) must be of type %s', __METHOD__, NameFilter::class ), 1); } // BC: $cache_name_function could be a callable as string if (is_string($cache_name_function)) { // trigger_error(sprintf('Providing $cache_name_function as string in "%s()" is deprecated since SimplePie 1.8.0, provide as "%s" instead.', __METHOD__, NameFilter::class), \E_USER_DEPRECATED); $this->cache_name_function = $cache_name_function; $cache_name_function = new CallableNameFilter($cache_name_function); } $this->cache_namefilter = $cache_name_function; if ($cache !== null) { $this->cache = $cache; } } /** * Set a PSR-18 client and PSR-17 factories * * Allows you to use your own HTTP client implementations. */ final public function set_http_client( ClientInterface $http_client, RequestFactoryInterface $request_factory, UriFactoryInterface $uri_factory ): void { $this->http_client = new Psr18Client($http_client, $request_factory, $uri_factory); } /** * @deprecated since SimplePie 1.9.0, use \SimplePie\Sanitize::set_http_client() instead. * @param class-string<File> $file_class * @param array<int, mixed> $curl_options * @return void */ public function pass_file_data(string $file_class = File::class, int $timeout = 10, string $useragent = '', bool $force_fsockopen = false, array $curl_options = []) { // trigger_error(sprintf('SimplePie\Sanitize::pass_file_data() is deprecated since SimplePie 1.9.0, please use "SimplePie\Sanitize::set_http_client()" instead.'), \E_USER_DEPRECATED); if ($timeout) { $this->timeout = $timeout; } if ($useragent) { $this->useragent = $useragent; } if ($force_fsockopen) { $this->force_fsockopen = $force_fsockopen; } $this->curl_options = $curl_options; // Invalidate the registered client. $this->http_client = null; } /** * @param string[]|string|false $tags Set a list of tags to strip, or set empty string to use default tags, or false to strip nothing. * @return void */ public function strip_htmltags($tags = ['base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'iframe', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'script', 'style']) { if ($tags) { if (is_array($tags)) { $this->strip_htmltags = $tags; } else { $this->strip_htmltags = explode(',', $tags); } } else { $this->strip_htmltags = []; } } /** * @return void */ public function encode_instead_of_strip(bool $encode = false) { $this->encode_instead_of_strip = $encode; } /** * @param string[]|string $attribs * @return void */ public function rename_attributes($attribs = []) { if ($attribs) { if (is_array($attribs)) { $this->rename_attributes = $attribs; } else { $this->rename_attributes = explode(',', $attribs); } } else { $this->rename_attributes = []; } } /** * @param string[]|string $attribs * @return void */ public function strip_attributes($attribs = ['bgsound', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc']) { if ($attribs) { if (is_array($attribs)) { $this->strip_attributes = $attribs; } else { $this->strip_attributes = explode(',', $attribs); } } else { $this->strip_attributes = []; } } /** * @param array<string, array<string, string>> $attribs * @return void */ public function add_attributes(array $attribs = ['audio' => ['preload' => 'none'], 'iframe' => ['sandbox' => 'allow-scripts allow-same-origin'], 'video' => ['preload' => 'none']]) { $this->add_attributes = $attribs; } /** * @return void */ public function strip_comments(bool $strip = false) { $this->strip_comments = $strip; } /** * @return void */ public function set_output_encoding(string $encoding = 'UTF-8') { $this->output_encoding = $encoding; } /** * Set element/attribute key/value pairs of HTML attributes * containing URLs that need to be resolved relative to the feed * * Defaults to |a|@href, |area|@href, |audio|@src, |blockquote|@cite, * |del|@cite, |form|@action, |img|@longdesc, |img|@src, |input|@src, * |ins|@cite, |q|@cite, |source|@src, |video|@src * * @since 1.0 * @param array<string, string|string[]>|null $element_attribute Element/attribute key/value pairs, null for default * @return void */ public function set_url_replacements(?array $element_attribute = null) { if ($element_attribute === null) { $element_attribute = [ 'a' => 'href', 'area' => 'href', 'audio' => 'src', 'blockquote' => 'cite', 'del' => 'cite', 'form' => 'action', 'img' => [ 'longdesc', 'src' ], 'input' => 'src', 'ins' => 'cite', 'q' => 'cite', 'source' => 'src', 'video' => [ 'poster', 'src' ] ]; } $this->replace_url_attributes = $element_attribute; } /** * Set the list of domains for which to force HTTPS. * @see \SimplePie\Misc::https_url() * Example array('biz', 'example.com', 'example.org', 'www.example.net'); * * @param string[] $domains list of domain names ['biz', 'example.com', 'example.org', 'www.example.net'] * * @return void */ public function set_https_domains(array $domains) { $this->https_domains = []; foreach ($domains as $domain) { $domain = trim($domain, ". \t\n\r\0\x0B"); $segments = array_reverse(explode('.', $domain)); /** @var true|array<string, true|array<string, true|array<string, array<string, true|array<string, true|array<string, true>>>>>> */ // Needed for PHPStan. $node = &$this->https_domains; foreach ($segments as $segment) {//Build a tree if ($node === true) { break; } if (!isset($node[$segment])) { $node[$segment] = []; } $node = &$node[$segment]; } $node = true; } } /** * Check if the domain is in the list of forced HTTPS. * * @return bool */ protected function is_https_domain(string $domain) { $domain = trim($domain, '. '); $segments = array_reverse(explode('.', $domain)); $node = &$this->https_domains; foreach ($segments as $segment) {//Explore the tree if (isset($node[$segment])) { $node = &$node[$segment]; } else { break; } } return $node === true; } /** * Force HTTPS for selected Web sites. * * @return string */ public function https_url(string $url) { return ( strtolower(substr($url, 0, 7)) === 'http://' && ($parsed = parse_url($url, PHP_URL_HOST)) !== false // Malformed URL && $parsed !== null // Missing host && $this->is_https_domain($parsed) // Should be forced? ) ? substr_replace($url, 's', 4, 0) // Add the 's' to HTTPS : $url; } /** * @param int-mask-of<SimplePie::CONSTRUCT_*> $type * @param string $base * @return string Sanitized data; false if output encoding is changed to something other than UTF-8 and conversion fails */ public function sanitize(string $data, int $type, string $base = '') { $data = trim($data); if ($data !== '' || $type & \SimplePie\SimplePie::CONSTRUCT_IRI) { if ($type & \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML) { if (preg_match('/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . \SimplePie\SimplePie::PCRE_HTML_ATTRIBUTE . '>)/', $data)) { $type |= \SimplePie\SimplePie::CONSTRUCT_HTML; } else { $type |= \SimplePie\SimplePie::CONSTRUCT_TEXT; } } if ($type & \SimplePie\SimplePie::CONSTRUCT_BASE64) { $data = base64_decode($data); } if ($type & (\SimplePie\SimplePie::CONSTRUCT_HTML | \SimplePie\SimplePie::CONSTRUCT_XHTML)) { if (!class_exists('DOMDocument')) { throw new \SimplePie\Exception('DOMDocument not found, unable to use sanitizer'); } $document = new \DOMDocument(); $document->encoding = 'UTF-8'; // PHPStan seems to have trouble resolving int-mask because bitwise // operators are used when operators are used when passing this parameter. // https://github.com/phpstan/phpstan/issues/9384 /** @var int-mask-of<SimplePie::CONSTRUCT_*> $type */ $data = $this->preprocess($data, $type); set_error_handler([Misc::class, 'silence_errors']); $document->loadHTML($data); restore_error_handler(); $xpath = new \DOMXPath($document); // Strip comments if ($this->strip_comments) { /** @var \DOMNodeList<\DOMComment> */ $comments = $xpath->query('//comment()'); foreach ($comments as $comment) { $parentNode = $comment->parentNode; assert($parentNode !== null, 'For PHPStan, comment must have a parent'); $parentNode->removeChild($comment); } } // Strip out HTML tags and attributes that might cause various security problems. // Based on recommendations by Mark Pilgrim at: // https://web.archive.org/web/20110902041826/http://diveintomark.org:80/archives/2003/06/12/how_to_consume_rss_safely if ($this->strip_htmltags) { foreach ($this->strip_htmltags as $tag) { $this->strip_tag($tag, $document, $xpath, $type); } } if ($this->rename_attributes) { foreach ($this->rename_attributes as $attrib) { $this->rename_attr($attrib, $xpath); } } if ($this->strip_attributes) { foreach ($this->strip_attributes as $attrib) { $this->strip_attr($attrib, $xpath); } } if ($this->add_attributes) { foreach ($this->add_attributes as $tag => $valuePairs) { $this->add_attr($tag, $valuePairs, $document); } } // Replace relative URLs $this->base = $base; foreach ($this->replace_url_attributes as $element => $attributes) { $this->replace_urls($document, $element, $attributes); } // If image handling (caching, etc.) is enabled, cache and rewrite all the image tags. if ($this->image_handler !== '' && $this->enable_cache) { $images = $document->getElementsByTagName('img'); foreach ($images as $img) { if ($img->hasAttribute('src')) { $image_url = $this->cache_namefilter->filter($img->getAttribute('src')); $cache = $this->get_cache($image_url); if ($cache->get_data($image_url, false)) { $img->setAttribute('src', $this->image_handler . $image_url); } else { try { $file = $this->get_http_client()->request( Client::METHOD_GET, $img->getAttribute('src'), ['X-FORWARDED-FOR' => $_SERVER['REMOTE_ADDR']] ); } catch (ClientException $th) { continue; } if ((!Misc::is_remote_uri($file->get_final_requested_uri()) || ($file->get_status_code() === 200 || $file->get_status_code() > 206 && $file->get_status_code() < 300))) { if ($cache->set_data($image_url, ['headers' => $file->get_headers(), 'body' => $file->get_body_content()], $this->cache_duration)) { $img->setAttribute('src', $this->image_handler . $image_url); } else { trigger_error("$this->cache_location is not writable. Make sure you've set the correct relative or absolute path, and that the location is server-writable.", E_USER_WARNING); } } } } } } // Get content node $div = null; if (($item = $document->getElementsByTagName('body')->item(0)) !== null) { $div = $item->firstChild; } // Finally, convert to a HTML string $data = trim((string) $document->saveHTML($div)); if ($this->remove_div) { $data = preg_replace('/^<div' . \SimplePie\SimplePie::PCRE_XML_ATTRIBUTE . '>/', '', $data); // Cast for PHPStan, it is unable to validate a non-literal regex above. $data = preg_replace('/<\/div>$/', '', (string) $data); } else { $data = preg_replace('/^<div' . \SimplePie\SimplePie::PCRE_XML_ATTRIBUTE . '>/', '<div>', $data); } // Cast for PHPStan, it is unable to validate a non-literal regex above. $data = str_replace('</source>', '', (string) $data); } if ($type & \SimplePie\SimplePie::CONSTRUCT_IRI) { $absolute = $this->registry->call(Misc::class, 'absolutize_url', [$data, $base]); if ($absolute !== false) { $data = $absolute; } } if ($type & (\SimplePie\SimplePie::CONSTRUCT_TEXT | \SimplePie\SimplePie::CONSTRUCT_IRI)) { $data = htmlspecialchars($data, ENT_COMPAT, 'UTF-8'); } if ($this->output_encoding !== 'UTF-8') { // This really returns string|false but changing encoding is uncommon and we are going to deprecate it, so let’s just lie to PHPStan in the interest of cleaner annotations. /** @var string */ $data = $this->registry->call(Misc::class, 'change_encoding', [$data, 'UTF-8', $this->output_encoding]); } } return $data; } /** * @param int-mask-of<SimplePie::CONSTRUCT_*> $type * @return string */ protected function preprocess(string $html, int $type) { $ret = ''; $html = preg_replace('%</?(?:html|body)[^>]*?'.'>%is', '', $html); if ($type & ~\SimplePie\SimplePie::CONSTRUCT_XHTML) { // Atom XHTML constructs are wrapped with a div by default // Note: No protection if $html contains a stray </div>! $html = '<div>' . $html . '</div>'; $ret .= '<!DOCTYPE html>'; $content_type = 'text/html'; } else { $ret .= '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'; $content_type = 'application/xhtml+xml'; } $ret .= '<html><head>'; $ret .= '<meta http-equiv="Content-Type" content="' . $content_type . '; charset=utf-8" />'; $ret .= '</head><body>' . $html . '</body></html>'; return $ret; } /** * @param array<string>|string $attributes * @return void */ public function replace_urls(DOMDocument $document, string $tag, $attributes) { if (!is_array($attributes)) { $attributes = [$attributes]; } if (!is_array($this->strip_htmltags) || !in_array($tag, $this->strip_htmltags)) { $elements = $document->getElementsByTagName($tag); foreach ($elements as $element) { foreach ($attributes as $attribute) { if ($element->hasAttribute($attribute)) { $value = $this->registry->call(Misc::class, 'absolutize_url', [$element->getAttribute($attribute), $this->base]); if ($value !== false) { $value = $this->https_url($value); $element->setAttribute($attribute, $value); } } } } } } /** * @param array<int, string> $match * @return string */ public function do_strip_htmltags(array $match) { if ($this->encode_instead_of_strip) { if (isset($match[4]) && !in_array(strtolower($match[1]), ['script', 'style'])) { $match[1] = htmlspecialchars($match[1], ENT_COMPAT, 'UTF-8'); $match[2] = htmlspecialchars($match[2], ENT_COMPAT, 'UTF-8'); return "<$match[1]$match[2]>$match[3]</$match[1]>"; } else { return htmlspecialchars($match[0], ENT_COMPAT, 'UTF-8'); } } elseif (isset($match[4]) && !in_array(strtolower($match[1]), ['script', 'style'])) { return $match[4]; } else { return ''; } } /** * @param int-mask-of<SimplePie::CONSTRUCT_*> $type * @return void */ protected function strip_tag(string $tag, DOMDocument $document, DOMXPath $xpath, int $type) { $elements = $xpath->query('body//' . $tag); if ($elements === false) { throw new \SimplePie\Exception(sprintf( '%s(): Possibly malformed expression, check argument #1 ($tag)', __METHOD__ ), 1); } if ($this->encode_instead_of_strip) { foreach ($elements as $element) { $fragment = $document->createDocumentFragment(); // For elements which aren't script or style, include the tag itself if (!in_array($tag, ['script', 'style'])) { $text = '<' . $tag; if ($element->attributes !== null) { $attrs = []; foreach ($element->attributes as $name => $attr) { $value = $attr->value; // In XHTML, empty values should never exist, so we repeat the value if (empty($value) && ($type & \SimplePie\SimplePie::CONSTRUCT_XHTML)) { $value = $name; } // For HTML, empty is fine elseif (empty($value) && ($type & \SimplePie\SimplePie::CONSTRUCT_HTML)) { $attrs[] = $name; continue; } // Standard attribute text $attrs[] = $name . '="' . $attr->value . '"'; } $text .= ' ' . implode(' ', $attrs); } $text .= '>'; $fragment->appendChild(new \DOMText($text)); } $number = $element->childNodes->length; for ($i = $number; $i > 0; $i--) { if (($child = $element->childNodes->item(0)) !== null) { $fragment->appendChild($child); } } if (!in_array($tag, ['script', 'style'])) { $fragment->appendChild(new \DOMText('</' . $tag . '>')); } if (($parentNode = $element->parentNode) !== null) { $parentNode->replaceChild($fragment, $element); } } return; } elseif (in_array($tag, ['script', 'style'])) { foreach ($elements as $element) { if (($parentNode = $element->parentNode) !== null) { $parentNode->removeChild($element); } } return; } else { foreach ($elements as $element) { $fragment = $document->createDocumentFragment(); $number = $element->childNodes->length; for ($i = $number; $i > 0; $i--) { if (($child = $element->childNodes->item(0)) !== null) { $fragment->appendChild($child); } } if (($parentNode = $element->parentNode) !== null) { $parentNode->replaceChild($fragment, $element); } } } } /** * @return void */ protected function strip_attr(string $attrib, DOMXPath $xpath) { $elements = $xpath->query('//*[@' . $attrib . ']'); if ($elements === false) { throw new \SimplePie\Exception(sprintf( '%s(): Possibly malformed expression, check argument #1 ($attrib)', __METHOD__ ), 1); } /** @var \DOMElement $element */ foreach ($elements as $element) { $element->removeAttribute($attrib); } } /** * @return void */ protected function rename_attr(string $attrib, DOMXPath $xpath) { $elements = $xpath->query('//*[@' . $attrib . ']'); if ($elements === false) { throw new \SimplePie\Exception(sprintf( '%s(): Possibly malformed expression, check argument #1 ($attrib)', __METHOD__ ), 1); } /** @var \DOMElement $element */ foreach ($elements as $element) { $element->setAttribute('data-sanitized-' . $attrib, $element->getAttribute($attrib)); $element->removeAttribute($attrib); } } /** * @param array<string, string> $valuePairs * @return void */ protected function add_attr(string $tag, array $valuePairs, DOMDocument $document) { $elements = $document->getElementsByTagName($tag); /** @var \DOMElement $element */ foreach ($elements as $element) { foreach ($valuePairs as $attrib => $value) { $element->setAttribute($attrib, $value); } } } /** * Get a DataCache * * @param string $image_url Only needed for BC, can be removed in SimplePie 2.0.0 * * @return DataCache */ private function get_cache(string $image_url = ''): DataCache { if ($this->cache === null) { // @trigger_error(sprintf('Not providing as PSR-16 cache implementation is deprecated since SimplePie 1.8.0, please use "SimplePie\SimplePie::set_cache()".'), \E_USER_DEPRECATED); $cache = $this->registry->call(Cache::class, 'get_handler', [ $this->cache_location, $image_url, Base::TYPE_IMAGE ]); return new BaseDataCache($cache); } return $this->cache; } /** * Get a HTTP client */ private function get_http_client(): Client { if ($this->http_client === null) { $this->http_client = new FileClient( $this->registry, [ 'timeout' => $this->timeout, 'redirects' => 5, 'useragent' => $this->useragent, 'force_fsockopen' => $this->force_fsockopen, 'curl_options' => $this->curl_options, ] ); } return $this->http_client; } } class_alias('SimplePie\Sanitize', 'SimplePie_Sanitize'); https-detection-20260605111237.php 0000666 00000013341 15226703613 0011767 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606074445.php 0000666 00000011205 15226703613 0012011 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605180142.php 0000666 00000011205 15226703613 0012000 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605143320.php 0000666 00000013341 15226703613 0011765 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } Caption.php 0000666 00000006033 15226703613 0006665 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; /** * Handles `<media:text>` captions as defined in Media RSS. * * Used by {@see \SimplePie\Enclosure::get_caption()} and {@see \SimplePie\Enclosure::get_captions()} * * This class can be overloaded with {@see \SimplePie\SimplePie::set_caption_class()} */ class Caption { /** * Content type * * @var ?string * @see get_type() */ public $type; /** * Language * * @var ?string * @see get_language() */ public $lang; /** * Start time * * @var ?string * @see get_starttime() */ public $startTime; /** * End time * * @var ?string * @see get_endtime() */ public $endTime; /** * Caption text * * @var ?string * @see get_text() */ public $text; /** * Constructor, used to input the data * * For documentation on all the parameters, see the corresponding * properties and their accessors */ public function __construct( ?string $type = null, ?string $lang = null, ?string $startTime = null, ?string $endTime = null, ?string $text = null ) { $this->type = $type; $this->lang = $lang; $this->startTime = $startTime; $this->endTime = $endTime; $this->text = $text; } /** * String-ified version * * @return string */ public function __toString() { // There is no $this->data here return md5(serialize($this)); } /** * Get the end time * * @return string|null Time in the format 'hh:mm:ss.SSS' */ public function get_endtime() { if ($this->endTime !== null) { return $this->endTime; } return null; } /** * Get the language * * @link http://tools.ietf.org/html/rfc3066 * @return string|null Language code as per RFC 3066 */ public function get_language() { if ($this->lang !== null) { return $this->lang; } return null; } /** * Get the start time * * @return string|null Time in the format 'hh:mm:ss.SSS' */ public function get_starttime() { if ($this->startTime !== null) { return $this->startTime; } return null; } /** * Get the text of the caption * * @return string|null */ public function get_text() { if ($this->text !== null) { return $this->text; } return null; } /** * Get the content type (not MIME type) * * @return string|null Either 'text' or 'html' */ public function get_type() { if ($this->type !== null) { return $this->type; } return null; } } class_alias('SimplePie\Caption', 'SimplePie_Caption'); https-detection-20260605034026-20260606231158.php 0000666 00000013341 15226703613 0013356 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605120304.php 0000666 00000013341 15226703613 0011762 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260607003752.php 0000666 00000011205 15226703613 0012003 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605225728-20260608154123.php 0000666 00000011205 15226703613 0013377 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606134345.php 0000666 00000013341 15226703613 0011775 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605172444.php 0000666 00000011205 15226703613 0012006 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } Item.php 0000666 00000401045 15226703613 0006170 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; /** * Manages all item-related data * * Used by {@see \SimplePie\SimplePie::get_item()} and {@see \SimplePie\SimplePie::get_items()} * * This class can be overloaded with {@see \SimplePie\SimplePie::set_item_class()} */ class Item implements RegistryAware { /** * Parent feed * * @access private * @var \SimplePie\SimplePie */ public $feed; /** * Raw data * * @access private * @var array<string, mixed> */ public $data = []; /** * Registry object * * @see set_registry * @var \SimplePie\Registry */ protected $registry; /** * @var Sanitize|null */ private $sanitize = null; /** * Create a new item object * * This is usually used by {@see \SimplePie\SimplePie::get_items} and * {@see \SimplePie\SimplePie::get_item}. Avoid creating this manually. * * @param \SimplePie\SimplePie $feed Parent feed * @param array<string, mixed> $data Raw data */ public function __construct(\SimplePie\SimplePie $feed, array $data) { $this->feed = $feed; $this->data = $data; } /** * Set the registry handler * * This is usually used by {@see \SimplePie\Registry::create} * * @since 1.3 * @param \SimplePie\Registry $registry * @return void */ public function set_registry(\SimplePie\Registry $registry) { $this->registry = $registry; } /** * Get a string representation of the item * * @return string */ public function __toString() { return md5(serialize($this->data)); } /** * Remove items that link back to this before destroying this object */ public function __destruct() { if (!gc_enabled()) { unset($this->feed); } } /** * Get data for an item-level element * * This method allows you to get access to ANY element/attribute that is a * sub-element of the item/entry tag. * * See {@see \SimplePie\SimplePie::get_feed_tags()} for a description of the return value * * @since 1.0 * @see http://simplepie.org/wiki/faq/supported_xml_namespaces * @param string $namespace The URL of the XML namespace of the elements you're trying to access * @param string $tag Tag name * @return array<array<string, mixed>>|null */ public function get_item_tags(string $namespace, string $tag) { if (isset($this->data['child'][$namespace][$tag])) { return $this->data['child'][$namespace][$tag]; } return null; } /** * Get base URL of the item itself. * Returns `<xml:base>` or feed base URL. * Similar to `Item::get_base()` but can safely be used during initialisation methods * such as `Item::get_links()` (`Item::get_base()` and `Item::get_links()` call each-other) * and is not affected by enclosures. * * @param array<string, mixed> $element * @see get_base */ private function get_own_base(array $element = []): string { if (!empty($element['xml_base_explicit']) && isset($element['xml_base'])) { return $element['xml_base']; } return $this->feed->get_base(); } /** * Get the base URL value. * Uses `<xml:base>`, or item link, or enclosure link, or feed base URL. * * @param array<string, mixed> $element * @return string */ public function get_base(array $element = []) { if (!empty($element['xml_base_explicit']) && isset($element['xml_base'])) { return $element['xml_base']; } $link = $this->get_permalink(); if ($link != null) { return $link; } return $this->feed->get_base($element); } /** * Sanitize feed data * * @access private * @see \SimplePie\SimplePie::sanitize() * @param string $data Data to sanitize * @param int-mask-of<SimplePie::CONSTRUCT_*> $type * @param string $base Base URL to resolve URLs against * @return string Sanitized data */ public function sanitize(string $data, int $type, string $base = '') { // This really returns string|false but changing encoding is uncommon and we are going to deprecate it, so let’s just lie to PHPStan in the interest of cleaner annotations. return $this->feed->sanitize($data, $type, $base); } /** * Get the parent feed * * Note: this may not work as you think for multifeeds! * * @link http://simplepie.org/faq/typical_multifeed_gotchas#missing_data_from_feed * @since 1.0 * @return \SimplePie\SimplePie */ public function get_feed() { return $this->feed; } /** * Get the unique identifier for the item * * This is usually used when writing code to check for new items in a feed. * * Uses `<atom:id>`, `<guid>`, `<dc:identifier>` or the `about` attribute * for RDF. If none of these are supplied (or `$hash` is true), creates an * MD5 hash based on the permalink, title and content. * * @since Beta 2 * @param bool $hash Should we force using a hash instead of the supplied ID? * @param string|false $fn User-supplied function to generate an hash * @return string|null */ public function get_id(bool $hash = false, $fn = 'md5') { if (!$hash) { if ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'id')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'id')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'guid')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'identifier')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'identifier')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif (isset($this->data['attribs'][\SimplePie\SimplePie::NAMESPACE_RDF]['about'])) { return $this->sanitize($this->data['attribs'][\SimplePie\SimplePie::NAMESPACE_RDF]['about'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } } if ($fn === false) { return null; } elseif (!is_callable($fn)) { trigger_error('User-supplied function $fn must be callable', E_USER_WARNING); $fn = 'md5'; } return call_user_func( $fn, $this->get_permalink().$this->get_title().$this->get_content() ); } /** * Get the title of the item * * Uses `<atom:title>`, `<title>` or `<dc:title>` * * @since Beta 2 (previously called `get_item_title` since 0.8) * @return string|null */ public function get_title() { if (!isset($this->data['title'])) { if ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'title')) { $this->data['title'] = $this->sanitize($return[0]['data'], $this->registry->call(Misc::class, 'atom_10_construct_type', [$return[0]['attribs']]), $this->get_base($return[0])); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'title')) { $this->data['title'] = $this->sanitize($return[0]['data'], $this->registry->call(Misc::class, 'atom_03_construct_type', [$return[0]['attribs']]), $this->get_base($return[0])); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_10, 'title')) { $this->data['title'] = $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML, $this->get_base($return[0])); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_090, 'title')) { $this->data['title'] = $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML, $this->get_base($return[0])); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'title')) { $this->data['title'] = $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML, $this->get_base($return[0])); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'title')) { $this->data['title'] = $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'title')) { $this->data['title'] = $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $this->data['title'] = null; } } return $this->data['title']; } /** * Get the content for the item * * Prefers summaries over full content , but will return full content if a * summary does not exist. * * To prefer full content instead, use {@see get_content} * * Uses `<atom:summary>`, `<description>`, `<dc:description>` or * `<itunes:subtitle>` * * @since 0.8 * @param bool $description_only Should we avoid falling back to the content? * @return string|null */ public function get_description(bool $description_only = false) { if (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'summary')) && ($return = $this->sanitize($tags[0]['data'], $this->registry->call(Misc::class, 'atom_10_construct_type', [$tags[0]['attribs']]), $this->get_base($tags[0])))) { return $return; } elseif (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'summary')) && ($return = $this->sanitize($tags[0]['data'], $this->registry->call(Misc::class, 'atom_03_construct_type', [$tags[0]['attribs']]), $this->get_base($tags[0])))) { return $return; } elseif (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_10, 'description')) && ($return = $this->sanitize($tags[0]['data'], \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML, $this->get_base($tags[0])))) { return $return; } elseif (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'description')) && ($return = $this->sanitize($tags[0]['data'], \SimplePie\SimplePie::CONSTRUCT_HTML, $this->get_base($tags[0])))) { return $return; } elseif (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'description')) && ($return = $this->sanitize($tags[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT))) { return $return; } elseif (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'description')) && ($return = $this->sanitize($tags[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT))) { return $return; } elseif (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'summary')) && ($return = $this->sanitize($tags[0]['data'], \SimplePie\SimplePie::CONSTRUCT_HTML, $this->get_base($tags[0])))) { return $return; } elseif (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'subtitle')) && ($return = $this->sanitize($tags[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT))) { return $return; } elseif (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_090, 'description')) && ($return = $this->sanitize($tags[0]['data'], \SimplePie\SimplePie::CONSTRUCT_HTML))) { return $return; } elseif (!$description_only) { return $this->get_content(true); } return null; } /** * Get the content for the item * * Prefers full content over summaries, but will return a summary if full * content does not exist. * * To prefer summaries instead, use {@see get_description} * * Uses `<atom:content>` or `<content:encoded>` (RSS 1.0 Content Module) * * @since 1.0 * @param bool $content_only Should we avoid falling back to the description? * @return string|null */ public function get_content(bool $content_only = false) { if (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'content')) && ($return = $this->sanitize($tags[0]['data'], $this->registry->call(Misc::class, 'atom_10_content_construct_type', [$tags[0]['attribs']]), $this->get_base($tags[0])))) { return $return; } elseif (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'content')) && ($return = $this->sanitize($tags[0]['data'], $this->registry->call(Misc::class, 'atom_03_construct_type', [$tags[0]['attribs']]), $this->get_base($tags[0])))) { return $return; } elseif (($tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_10_MODULES_CONTENT, 'encoded')) && ($return = $this->sanitize($tags[0]['data'], \SimplePie\SimplePie::CONSTRUCT_HTML, $this->get_base($tags[0])))) { return $return; } elseif (!$content_only) { return $this->get_description(true); } return null; } /** * Get the media:thumbnail of the item * * Uses `<media:thumbnail>` * * * @return array{url: string, height?: string, width?: string, time?: string}|null */ public function get_thumbnail() { if (!isset($this->data['thumbnail'])) { if ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'thumbnail')) { $thumbnail = $return[0]['attribs']['']; if (empty($thumbnail['url'])) { $this->data['thumbnail'] = null; } else { $thumbnail['url'] = $this->sanitize($thumbnail['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($return[0])); $this->data['thumbnail'] = $thumbnail; } } else { $this->data['thumbnail'] = null; } } return $this->data['thumbnail']; } /** * Get a category for the item * * @since Beta 3 (previously called `get_categories()` since Beta 2) * @param int $key The category that you want to return. Remember that arrays begin with 0, not 1 * @return \SimplePie\Category|null */ public function get_category(int $key = 0) { $categories = $this->get_categories(); if (isset($categories[$key])) { return $categories[$key]; } return null; } /** * Get all categories for the item * * Uses `<atom:category>`, `<category>` or `<dc:subject>` * * @since Beta 3 * @return \SimplePie\Category[]|null List of {@see \SimplePie\Category} objects */ public function get_categories() { $categories = []; $type = 'category'; foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, $type) as $category) { $term = null; $scheme = null; $label = null; if (isset($category['attribs']['']['term'])) { $term = $this->sanitize($category['attribs']['']['term'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($category['attribs']['']['scheme'])) { $scheme = $this->sanitize($category['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($category['attribs']['']['label'])) { $label = $this->sanitize($category['attribs']['']['label'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $categories[] = $this->registry->create(Category::class, [$term, $scheme, $label, $type]); } foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, $type) as $category) { // This is really the label, but keep this as the term also for BC. // Label will also work on retrieving because that falls back to term. $term = $this->sanitize($category['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); if (isset($category['attribs']['']['domain'])) { $scheme = $this->sanitize($category['attribs']['']['domain'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $scheme = null; } $categories[] = $this->registry->create(Category::class, [$term, $scheme, null, $type]); } $type = 'subject'; foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, $type) as $category) { $categories[] = $this->registry->create(Category::class, [$this->sanitize($category['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT), null, null, $type]); } foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, $type) as $category) { $categories[] = $this->registry->create(Category::class, [$this->sanitize($category['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT), null, null, $type]); } if (!empty($categories)) { return array_unique($categories); } return null; } /** * Get an author for the item * * @since Beta 2 * @param int $key The author that you want to return. Remember that arrays begin with 0, not 1 * @return \SimplePie\Author|null */ public function get_author(int $key = 0) { $authors = $this->get_authors(); if (isset($authors[$key])) { return $authors[$key]; } return null; } /** * Get a contributor for the item * * @since 1.1 * @param int $key The contrbutor that you want to return. Remember that arrays begin with 0, not 1 * @return \SimplePie\Author|null */ public function get_contributor(int $key = 0) { $contributors = $this->get_contributors(); if (isset($contributors[$key])) { return $contributors[$key]; } return null; } /** * Get all contributors for the item * * Uses `<atom:contributor>` * * @since 1.1 * @return \SimplePie\Author[]|null List of {@see \SimplePie\Author} objects */ public function get_contributors() { $contributors = []; foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'contributor') as $contributor) { $name = null; $uri = null; $email = null; if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['name'][0]['data'])) { $name = $this->sanitize($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['name'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['uri'][0]['data'])) { $uri = $contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['uri'][0]; $uri = $this->sanitize($uri['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($uri)); } if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['email'][0]['data'])) { $email = $this->sanitize($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['email'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if ($name !== null || $email !== null || $uri !== null) { $contributors[] = $this->registry->create(Author::class, [$name, $uri, $email]); } } foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'contributor') as $contributor) { $name = null; $url = null; $email = null; if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['name'][0]['data'])) { $name = $this->sanitize($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['name'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['url'][0]['data'])) { $url = $contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['url'][0]; $url = $this->sanitize($url['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($url)); } if (isset($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['email'][0]['data'])) { $email = $this->sanitize($contributor['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['email'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if ($name !== null || $email !== null || $url !== null) { $contributors[] = $this->registry->create(Author::class, [$name, $url, $email]); } } if (!empty($contributors)) { return array_unique($contributors); } return null; } /** * Get all authors for the item * * Uses `<atom:author>`, `<author>`, `<dc:creator>` or `<itunes:author>` * * @since Beta 2 * @return \SimplePie\Author[]|null List of {@see \SimplePie\Author} objects */ public function get_authors() { $authors = []; foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'author') as $author) { $name = null; $uri = null; $email = null; if (isset($author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['name'][0]['data'])) { $name = $this->sanitize($author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['name'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['uri'][0]['data'])) { $uri = $author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['uri'][0]; $uri = $this->sanitize($uri['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($uri)); } if (isset($author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['email'][0]['data'])) { $email = $this->sanitize($author['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_10]['email'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if ($name !== null || $email !== null || $uri !== null) { $authors[] = $this->registry->create(Author::class, [$name, $uri, $email]); } } if ($author = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'author')) { $name = null; $url = null; $email = null; if (isset($author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['name'][0]['data'])) { $name = $this->sanitize($author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['name'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['url'][0]['data'])) { $url = $author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['url'][0]; $url = $this->sanitize($url['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_base($url)); } if (isset($author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['email'][0]['data'])) { $email = $this->sanitize($author[0]['child'][\SimplePie\SimplePie::NAMESPACE_ATOM_03]['email'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if ($name !== null || $email !== null || $url !== null) { $authors[] = $this->registry->create(Author::class, [$name, $url, $email]); } } if ($author = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'author')) { $authors[] = $this->registry->create(Author::class, [null, null, $this->sanitize($author[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT)]); } foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'creator') as $author) { $authors[] = $this->registry->create(Author::class, [$this->sanitize($author['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT), null, null]); } foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'creator') as $author) { $authors[] = $this->registry->create(Author::class, [$this->sanitize($author['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT), null, null]); } foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'author') as $author) { $authors[] = $this->registry->create(Author::class, [$this->sanitize($author['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT), null, null]); } if (!empty($authors)) { return array_unique($authors); } elseif (($source = $this->get_source()) && ($authors = $source->get_authors())) { return $authors; } elseif ($authors = $this->feed->get_authors()) { return $authors; } return null; } /** * Get the copyright info for the item * * Uses `<atom:rights>` or `<dc:rights>` * * @since 1.1 * @return string|null */ public function get_copyright() { if ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'rights')) { return $this->sanitize($return[0]['data'], $this->registry->call(Misc::class, 'atom_10_construct_type', [$return[0]['attribs']]), $this->get_base($return[0])); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'rights')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'rights')) { return $this->sanitize($return[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } return null; } /** * Get the posting date/time for the item * * Uses `<atom:published>`, `<atom:updated>`, `<atom:issued>`, * `<atom:modified>`, `<pubDate>` or `<dc:date>` * * Note: obeys PHP's timezone setting. To get a UTC date/time, use * {@see get_gmdate} * * @since Beta 2 (previously called `get_item_date` since 0.8) * * @param string $date_format Supports any PHP date format from {@see http://php.net/date} (empty for the raw data) * @return ($date_format is 'U' ? ?int : ?string) */ public function get_date(string $date_format = 'j F Y, g:i a') { if (!isset($this->data['date'])) { if ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'published')) { $this->data['date']['raw'] = $return[0]['data']; } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'pubDate')) { $this->data['date']['raw'] = $return[0]['data']; } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_11, 'date')) { $this->data['date']['raw'] = $return[0]['data']; } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_DC_10, 'date')) { $this->data['date']['raw'] = $return[0]['data']; } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'updated')) { $this->data['date']['raw'] = $return[0]['data']; } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'issued')) { $this->data['date']['raw'] = $return[0]['data']; } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'created')) { $this->data['date']['raw'] = $return[0]['data']; } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'modified')) { $this->data['date']['raw'] = $return[0]['data']; } if (!empty($this->data['date']['raw'])) { $parser = $this->registry->call(Parse\Date::class, 'get'); $this->data['date']['parsed'] = $parser->parse($this->data['date']['raw']) ?: null; } else { $this->data['date'] = null; } } if ($this->data['date']) { switch ($date_format) { case '': return $this->sanitize($this->data['date']['raw'], \SimplePie\SimplePie::CONSTRUCT_TEXT); case 'U': return $this->data['date']['parsed']; default: return date($date_format, $this->data['date']['parsed']); } } return null; } /** * Get the update date/time for the item * * Uses `<atom:updated>` * * Note: obeys PHP's timezone setting. To get a UTC date/time, use * {@see get_gmdate} * * @param string $date_format Supports any PHP date format from {@see http://php.net/date} (empty for the raw data) * @return ($date_format is 'U' ? ?int : ?string) */ public function get_updated_date(string $date_format = 'j F Y, g:i a') { if (!isset($this->data['updated'])) { if ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'updated')) { $this->data['updated']['raw'] = $return[0]['data']; } if (!empty($this->data['updated']['raw'])) { $parser = $this->registry->call(Parse\Date::class, 'get'); $this->data['updated']['parsed'] = $parser->parse($this->data['updated']['raw']) ?: null; } else { $this->data['updated'] = null; } } if ($this->data['updated']) { switch ($date_format) { case '': return $this->sanitize($this->data['updated']['raw'], \SimplePie\SimplePie::CONSTRUCT_TEXT); case 'U': return $this->data['updated']['parsed']; default: return date($date_format, $this->data['updated']['parsed']); } } return null; } /** * Get the localized posting date/time for the item * * Returns the date formatted in the localized language. To display in * languages other than the server's default, you need to change the locale * with {@link http://php.net/setlocale setlocale()}. The available * localizations depend on which ones are installed on your web server. * * @since 1.0 * * @param string $date_format Supports any PHP date format from {@see http://php.net/strftime} (empty for the raw data) * @return string|null|false see `strftime` for when this can return `false` */ public function get_local_date(string $date_format = '%c') { if ($date_format === '') { if (($raw_date = $this->get_date('')) === null) { return null; } return $this->sanitize($raw_date, \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif (($date = $this->get_date('U')) !== null && $date !== false) { return strftime($date_format, $date); } return null; } /** * Get the posting date/time for the item (UTC time) * * @see get_date * @param string $date_format Supports any PHP date format from {@see http://php.net/date} * @return string|null */ public function get_gmdate(string $date_format = 'j F Y, g:i a') { $date = $this->get_date('U'); if ($date === null) { return null; } return gmdate($date_format, $date); } /** * Get the update date/time for the item (UTC time) * * @see get_updated_date * @param string $date_format Supports any PHP date format from {@see http://php.net/date} * @return string|null */ public function get_updated_gmdate(string $date_format = 'j F Y, g:i a') { $date = $this->get_updated_date('U'); if ($date === null) { return null; } return gmdate($date_format, $date); } /** * Get the permalink for the item * * Returns the first link available with a relationship of "alternate". * Identical to {@see get_link()} with key 0 * * @see get_link * @since 0.8 * @return string|null Permalink URL */ public function get_permalink() { $link = $this->get_link(); $enclosure = $this->get_enclosure(0); if ($link !== null) { return $link; } elseif ($enclosure !== null) { return $enclosure->get_link(); } return null; } /** * Get a single link for the item * * @since Beta 3 * @param int $key The link that you want to return. Remember that arrays begin with 0, not 1 * @param string $rel The relationship of the link to return * @return string|null Link URL */ public function get_link(int $key = 0, string $rel = 'alternate') { $links = $this->get_links($rel); if ($links && $links[$key] !== null) { return $links[$key]; } return null; } /** * Get all links for the item * * Uses `<atom:link>`, `<link>` or `<guid>` * * @since Beta 2 * @param string $rel The relationship of links to return * @return array<string>|null Links found for the item (strings) */ public function get_links(string $rel = 'alternate') { if (!isset($this->data['links'])) { $this->data['links'] = []; foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'link') as $link) { if (isset($link['attribs']['']['href'])) { $link_rel = (isset($link['attribs']['']['rel'])) ? $link['attribs']['']['rel'] : 'alternate'; $this->data['links'][$link_rel][] = $this->sanitize($link['attribs']['']['href'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($link)); } } foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'link') as $link) { if (isset($link['attribs']['']['href'])) { $link_rel = (isset($link['attribs']['']['rel'])) ? $link['attribs']['']['rel'] : 'alternate'; $this->data['links'][$link_rel][] = $this->sanitize($link['attribs']['']['href'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($link)); } } if ($links = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_10, 'link')) { $this->data['links']['alternate'][] = $this->sanitize($links[0]['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($links[0])); } if ($links = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_090, 'link')) { $this->data['links']['alternate'][] = $this->sanitize($links[0]['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($links[0])); } if ($links = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'link')) { $this->data['links']['alternate'][] = $this->sanitize($links[0]['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($links[0])); } if ($links = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'guid')) { if (!isset($links[0]['attribs']['']['isPermaLink']) || strtolower(trim($links[0]['attribs']['']['isPermaLink'])) === 'true') { $this->data['links']['alternate'][] = $this->sanitize($links[0]['data'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($links[0])); } } $keys = array_keys($this->data['links']); foreach ($keys as $key) { if ($this->registry->call(Misc::class, 'is_isegment_nz_nc', [$key])) { if (isset($this->data['links'][\SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY . $key])) { $this->data['links'][\SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY . $key] = array_merge($this->data['links'][$key], $this->data['links'][\SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY . $key]); $this->data['links'][$key] = &$this->data['links'][\SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY . $key]; } else { $this->data['links'][\SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY . $key] = &$this->data['links'][$key]; } } elseif (substr((string) $key, 0, 41) === \SimplePie\SimplePie::IANA_LINK_RELATIONS_REGISTRY) { $this->data['links'][substr((string) $key, 41)] = &$this->data['links'][$key]; } $this->data['links'][$key] = array_unique($this->data['links'][$key]); } } if (isset($this->data['links'][$rel])) { return $this->data['links'][$rel]; } return null; } /** * Get an enclosure from the item * * Supports the <enclosure> RSS tag, as well as Media RSS and iTunes RSS. * * @since Beta 2 * @todo Add ability to prefer one type of content over another (in a media group). * @param int $key The enclosure that you want to return. Remember that arrays begin with 0, not 1 * @return \SimplePie\Enclosure|null */ public function get_enclosure(int $key = 0) { $enclosures = $this->get_enclosures(); if (isset($enclosures[$key])) { return $enclosures[$key]; } return null; } /** * Get all available enclosures (podcasts, etc.) * * Supports the <enclosure> RSS tag, as well as Media RSS and iTunes RSS. * * At this point, we're pretty much assuming that all enclosures for an item * are the same content. Anything else is too complicated to * properly support. * * @since Beta 2 * @todo Add support for end-user defined sorting of enclosures by type/handler (so we can prefer the faster-loading FLV over MP4). * @todo If an element exists at a level, but its value is empty, we should fall back to the value from the parent (if it exists). * @return \SimplePie\Enclosure[]|null List of \SimplePie\Enclosure items */ public function get_enclosures() { if (!isset($this->data['enclosures'])) { $this->data['enclosures'] = []; // Elements $captions_parent = null; $categories_parent = null; $copyrights_parent = null; $credits_parent = null; $description_parent = null; $duration_parent = null; $hashes_parent = null; $keywords_parent = null; $player_parent = null; $ratings_parent = null; $restrictions_parent = []; $thumbnails_parent = null; $title_parent = null; // Let's do the channel and item-level ones first, and just re-use them if we need to. $parent = $this->get_feed(); // CAPTIONS if ($captions = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'text')) { foreach ($captions as $caption) { $caption_type = null; $caption_lang = null; $caption_startTime = null; $caption_endTime = null; $caption_text = null; if (isset($caption['attribs']['']['type'])) { $caption_type = $this->sanitize($caption['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['lang'])) { $caption_lang = $this->sanitize($caption['attribs']['']['lang'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['start'])) { $caption_startTime = $this->sanitize($caption['attribs']['']['start'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['end'])) { $caption_endTime = $this->sanitize($caption['attribs']['']['end'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['data'])) { $caption_text = $this->sanitize($caption['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $captions_parent[] = $this->registry->create(Caption::class, [$caption_type, $caption_lang, $caption_startTime, $caption_endTime, $caption_text]); } } elseif ($captions = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'text')) { foreach ($captions as $caption) { $caption_type = null; $caption_lang = null; $caption_startTime = null; $caption_endTime = null; $caption_text = null; if (isset($caption['attribs']['']['type'])) { $caption_type = $this->sanitize($caption['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['lang'])) { $caption_lang = $this->sanitize($caption['attribs']['']['lang'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['start'])) { $caption_startTime = $this->sanitize($caption['attribs']['']['start'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['end'])) { $caption_endTime = $this->sanitize($caption['attribs']['']['end'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['data'])) { $caption_text = $this->sanitize($caption['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $captions_parent[] = $this->registry->create(Caption::class, [$caption_type, $caption_lang, $caption_startTime, $caption_endTime, $caption_text]); } } if (is_array($captions_parent)) { $captions_parent = array_values(array_unique($captions_parent)); } // CATEGORIES foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'category') as $category) { $term = null; $scheme = null; $label = null; if (isset($category['data'])) { $term = $this->sanitize($category['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($category['attribs']['']['scheme'])) { $scheme = $this->sanitize($category['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $scheme = 'http://search.yahoo.com/mrss/category_schema'; } if (isset($category['attribs']['']['label'])) { $label = $this->sanitize($category['attribs']['']['label'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $categories_parent[] = $this->registry->create(Category::class, [$term, $scheme, $label]); } foreach ((array) $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'category') as $category) { $term = null; $scheme = null; $label = null; if (isset($category['data'])) { $term = $this->sanitize($category['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($category['attribs']['']['scheme'])) { $scheme = $this->sanitize($category['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $scheme = 'http://search.yahoo.com/mrss/category_schema'; } if (isset($category['attribs']['']['label'])) { $label = $this->sanitize($category['attribs']['']['label'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $categories_parent[] = $this->registry->create(Category::class, [$term, $scheme, $label]); } foreach ((array) $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'category') as $category) { $term = null; $scheme = 'http://www.itunes.com/dtds/podcast-1.0.dtd'; $label = null; if (isset($category['attribs']['']['text'])) { $label = $this->sanitize($category['attribs']['']['text'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $categories_parent[] = $this->registry->create(Category::class, [$term, $scheme, $label]); if (isset($category['child'][\SimplePie\SimplePie::NAMESPACE_ITUNES]['category'])) { foreach ((array) $category['child'][\SimplePie\SimplePie::NAMESPACE_ITUNES]['category'] as $subcategory) { if (isset($subcategory['attribs']['']['text'])) { $label = $this->sanitize($subcategory['attribs']['']['text'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $categories_parent[] = $this->registry->create(Category::class, [$term, $scheme, $label]); } } } if (is_array($categories_parent)) { $categories_parent = array_values(array_unique($categories_parent)); } // COPYRIGHT if ($copyright = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'copyright')) { $copyright_url = null; $copyright_label = null; if (isset($copyright[0]['attribs']['']['url'])) { $copyright_url = $this->sanitize($copyright[0]['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($copyright[0]['data'])) { $copyright_label = $this->sanitize($copyright[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $copyrights_parent = $this->registry->create(Copyright::class, [$copyright_url, $copyright_label]); } elseif ($copyright = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'copyright')) { $copyright_url = null; $copyright_label = null; if (isset($copyright[0]['attribs']['']['url'])) { $copyright_url = $this->sanitize($copyright[0]['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($copyright[0]['data'])) { $copyright_label = $this->sanitize($copyright[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $copyrights_parent = $this->registry->create(Copyright::class, [$copyright_url, $copyright_label]); } // CREDITS if ($credits = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'credit')) { foreach ($credits as $credit) { $credit_role = null; $credit_scheme = null; $credit_name = null; if (isset($credit['attribs']['']['role'])) { $credit_role = $this->sanitize($credit['attribs']['']['role'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($credit['attribs']['']['scheme'])) { $credit_scheme = $this->sanitize($credit['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $credit_scheme = 'urn:ebu'; } if (isset($credit['data'])) { $credit_name = $this->sanitize($credit['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $credits_parent[] = $this->registry->create(Credit::class, [$credit_role, $credit_scheme, $credit_name]); } } elseif ($credits = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'credit')) { foreach ($credits as $credit) { $credit_role = null; $credit_scheme = null; $credit_name = null; if (isset($credit['attribs']['']['role'])) { $credit_role = $this->sanitize($credit['attribs']['']['role'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($credit['attribs']['']['scheme'])) { $credit_scheme = $this->sanitize($credit['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $credit_scheme = 'urn:ebu'; } if (isset($credit['data'])) { $credit_name = $this->sanitize($credit['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $credits_parent[] = $this->registry->create(Credit::class, [$credit_role, $credit_scheme, $credit_name]); } } if (is_array($credits_parent)) { $credits_parent = array_values(array_unique($credits_parent)); } // DESCRIPTION if ($description_parent = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'description')) { if (isset($description_parent[0]['data'])) { $description_parent = $this->sanitize($description_parent[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } } elseif ($description_parent = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'description')) { if (isset($description_parent[0]['data'])) { $description_parent = $this->sanitize($description_parent[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } } // DURATION $duration_tags = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'duration'); if ($duration_tags !== null) { $seconds = null; $minutes = null; $hours = null; if (isset($duration_tags[0]['data'])) { $temp = explode(':', $this->sanitize($duration_tags[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT)); $seconds = (int) array_pop($temp); if (count($temp) > 0) { $minutes = (int) array_pop($temp); $seconds += $minutes * 60; } if (count($temp) > 0) { $hours = (int) array_pop($temp); $seconds += $hours * 3600; } unset($temp); $duration_parent = $seconds; } } // HASHES if ($hashes_iterator = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'hash')) { foreach ($hashes_iterator as $hash) { $value = null; $algo = null; if (isset($hash['data'])) { $value = $this->sanitize($hash['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($hash['attribs']['']['algo'])) { $algo = $this->sanitize($hash['attribs']['']['algo'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $algo = 'md5'; } $hashes_parent[] = $algo.':'.$value; } } elseif ($hashes_iterator = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'hash')) { foreach ($hashes_iterator as $hash) { $value = null; $algo = null; if (isset($hash['data'])) { $value = $this->sanitize($hash['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($hash['attribs']['']['algo'])) { $algo = $this->sanitize($hash['attribs']['']['algo'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $algo = 'md5'; } $hashes_parent[] = $algo.':'.$value; } } if (is_array($hashes_parent)) { $hashes_parent = array_values(array_unique($hashes_parent)); } // KEYWORDS if ($keywords = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'keywords')) { if (isset($keywords[0]['data'])) { $temp = explode(',', $this->sanitize($keywords[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT)); foreach ($temp as $word) { $keywords_parent[] = trim($word); } } unset($temp); } elseif ($keywords = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'keywords')) { if (isset($keywords[0]['data'])) { $temp = explode(',', $this->sanitize($keywords[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT)); foreach ($temp as $word) { $keywords_parent[] = trim($word); } } unset($temp); } elseif ($keywords = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'keywords')) { if (isset($keywords[0]['data'])) { $temp = explode(',', $this->sanitize($keywords[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT)); foreach ($temp as $word) { $keywords_parent[] = trim($word); } } unset($temp); } elseif ($keywords = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'keywords')) { if (isset($keywords[0]['data'])) { $temp = explode(',', $this->sanitize($keywords[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT)); foreach ($temp as $word) { $keywords_parent[] = trim($word); } } unset($temp); } if (is_array($keywords_parent)) { $keywords_parent = array_values(array_unique($keywords_parent)); } // PLAYER if ($player_parent = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'player')) { if (isset($player_parent[0]['attribs']['']['url'])) { $player_parent = $this->sanitize($player_parent[0]['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($player_parent[0])); } } elseif ($player_parent = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'player')) { if (isset($player_parent[0]['attribs']['']['url'])) { $player_parent = $this->sanitize($player_parent[0]['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($player_parent[0])); } } // RATINGS if ($ratings = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'rating')) { foreach ($ratings as $rating) { $rating_scheme = null; $rating_value = null; if (isset($rating['attribs']['']['scheme'])) { $rating_scheme = $this->sanitize($rating['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $rating_scheme = 'urn:simple'; } if (isset($rating['data'])) { $rating_value = $this->sanitize($rating['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $ratings_parent[] = $this->registry->create(Rating::class, [$rating_scheme, $rating_value]); } } elseif ($ratings = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'explicit')) { foreach ($ratings as $rating) { $rating_scheme = 'urn:itunes'; $rating_value = null; if (isset($rating['data'])) { $rating_value = $this->sanitize($rating['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $ratings_parent[] = $this->registry->create(Rating::class, [$rating_scheme, $rating_value]); } } elseif ($ratings = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'rating')) { foreach ($ratings as $rating) { $rating_scheme = null; $rating_value = null; if (isset($rating['attribs']['']['scheme'])) { $rating_scheme = $this->sanitize($rating['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $rating_scheme = 'urn:simple'; } if (isset($rating['data'])) { $rating_value = $this->sanitize($rating['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $ratings_parent[] = $this->registry->create(Rating::class, [$rating_scheme, $rating_value]); } } elseif ($ratings = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'explicit')) { foreach ($ratings as $rating) { $rating_scheme = 'urn:itunes'; $rating_value = null; if (isset($rating['data'])) { $rating_value = $this->sanitize($rating['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $ratings_parent[] = $this->registry->create(Rating::class, [$rating_scheme, $rating_value]); } } if (is_array($ratings_parent)) { $ratings_parent = array_values(array_unique($ratings_parent)); } // RESTRICTIONS if ($restrictions = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'restriction')) { foreach ($restrictions as $restriction) { $restriction_relationship = null; $restriction_type = null; $restriction_value = null; if (isset($restriction['attribs']['']['relationship'])) { $restriction_relationship = $this->sanitize($restriction['attribs']['']['relationship'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($restriction['attribs']['']['type'])) { $restriction_type = $this->sanitize($restriction['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($restriction['data'])) { $restriction_value = $this->sanitize($restriction['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $restrictions_parent[] = $this->registry->create(Restriction::class, [$restriction_relationship, $restriction_type, $restriction_value]); } } elseif ($restrictions = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'block')) { foreach ($restrictions as $restriction) { $restriction_relationship = Restriction::RELATIONSHIP_ALLOW; $restriction_type = null; $restriction_value = 'itunes'; if (isset($restriction['data']) && strtolower($restriction['data']) === 'yes') { $restriction_relationship = Restriction::RELATIONSHIP_DENY; } $restrictions_parent[] = $this->registry->create(Restriction::class, [$restriction_relationship, $restriction_type, $restriction_value]); } } elseif ($restrictions = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'restriction')) { foreach ($restrictions as $restriction) { $restriction_relationship = null; $restriction_type = null; $restriction_value = null; if (isset($restriction['attribs']['']['relationship'])) { $restriction_relationship = $this->sanitize($restriction['attribs']['']['relationship'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($restriction['attribs']['']['type'])) { $restriction_type = $this->sanitize($restriction['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($restriction['data'])) { $restriction_value = $this->sanitize($restriction['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $restrictions_parent[] = $this->registry->create(Restriction::class, [$restriction_relationship, $restriction_type, $restriction_value]); } } elseif ($restrictions = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_ITUNES, 'block')) { foreach ($restrictions as $restriction) { $restriction_relationship = Restriction::RELATIONSHIP_ALLOW; $restriction_type = null; $restriction_value = 'itunes'; if (isset($restriction['data']) && strtolower($restriction['data']) === 'yes') { $restriction_relationship = Restriction::RELATIONSHIP_DENY; } $restrictions_parent[] = $this->registry->create(Restriction::class, [$restriction_relationship, $restriction_type, $restriction_value]); } } if (count($restrictions_parent) > 0) { $restrictions_parent = array_values(array_unique($restrictions_parent)); } else { $restrictions_parent = [new \SimplePie\Restriction(Restriction::RELATIONSHIP_ALLOW, null, 'default')]; } // THUMBNAILS if ($thumbnails = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'thumbnail')) { foreach ($thumbnails as $thumbnail) { if (isset($thumbnail['attribs']['']['url'])) { $thumbnails_parent[] = $this->sanitize($thumbnail['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($thumbnail)); } } } elseif ($thumbnails = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'thumbnail')) { foreach ($thumbnails as $thumbnail) { if (isset($thumbnail['attribs']['']['url'])) { $thumbnails_parent[] = $this->sanitize($thumbnail['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($thumbnail)); } } } // TITLES if ($title_parent = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'title')) { if (isset($title_parent[0]['data'])) { $title_parent = $this->sanitize($title_parent[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } } elseif ($title_parent = $parent->get_channel_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'title')) { if (isset($title_parent[0]['data'])) { $title_parent = $this->sanitize($title_parent[0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } } // Clear the memory unset($parent); // Attributes $bitrate = null; $channels = null; $duration = null; $expression = null; $framerate = null; $height = null; $javascript = null; $lang = null; $length = null; $medium = null; $samplingrate = null; $type = null; $url = null; $width = null; // Elements $captions = null; $categories = null; $copyrights = null; $credits = null; $description = null; $hashes = null; $keywords = null; $player = null; $ratings = null; $restrictions = null; $thumbnails = null; $title = null; // If we have media:group tags, loop through them. foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_MEDIARSS, 'group') as $group) { if (isset($group['child']) && isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['content'])) { // If we have media:content tags, loop through them. foreach ((array) $group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['content'] as $content) { if (isset($content['attribs']['']['url'])) { // Attributes $bitrate = null; $channels = null; $duration = null; $expression = null; $framerate = null; $height = null; $javascript = null; $lang = null; $length = null; $medium = null; $samplingrate = null; $type = null; $url = null; $width = null; // Elements $captions = null; $categories = null; $copyrights = null; $credits = null; $description = null; $hashes = null; $keywords = null; $player = null; $ratings = null; $restrictions = null; $thumbnails = null; $title = null; // Start checking the attributes of media:content if (isset($content['attribs']['']['bitrate'])) { $bitrate = $this->sanitize($content['attribs']['']['bitrate'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['channels'])) { $channels = $this->sanitize($content['attribs']['']['channels'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['duration'])) { $duration = $this->sanitize($content['attribs']['']['duration'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $duration = $duration_parent; } if (isset($content['attribs']['']['expression'])) { $expression = $this->sanitize($content['attribs']['']['expression'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['framerate'])) { $framerate = $this->sanitize($content['attribs']['']['framerate'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['height'])) { $height = $this->sanitize($content['attribs']['']['height'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['lang'])) { $lang = $this->sanitize($content['attribs']['']['lang'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['fileSize'])) { $length = intval($content['attribs']['']['fileSize']); } if (isset($content['attribs']['']['medium'])) { $medium = $this->sanitize($content['attribs']['']['medium'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['samplingrate'])) { $samplingrate = $this->sanitize($content['attribs']['']['samplingrate'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['type'])) { $type = $this->sanitize($content['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['width'])) { $width = $this->sanitize($content['attribs']['']['width'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $url = $this->sanitize($content['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($content)); // Checking the other optional media: elements. Priority: media:content, media:group, item, channel // CAPTIONS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['text'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['text'] as $caption) { $caption_type = null; $caption_lang = null; $caption_startTime = null; $caption_endTime = null; $caption_text = null; if (isset($caption['attribs']['']['type'])) { $caption_type = $this->sanitize($caption['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['lang'])) { $caption_lang = $this->sanitize($caption['attribs']['']['lang'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['start'])) { $caption_startTime = $this->sanitize($caption['attribs']['']['start'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['end'])) { $caption_endTime = $this->sanitize($caption['attribs']['']['end'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['data'])) { $caption_text = $this->sanitize($caption['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $captions[] = $this->registry->create(Caption::class, [$caption_type, $caption_lang, $caption_startTime, $caption_endTime, $caption_text]); } if (is_array($captions)) { $captions = array_values(array_unique($captions)); } } elseif (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['text'])) { foreach ($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['text'] as $caption) { $caption_type = null; $caption_lang = null; $caption_startTime = null; $caption_endTime = null; $caption_text = null; if (isset($caption['attribs']['']['type'])) { $caption_type = $this->sanitize($caption['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['lang'])) { $caption_lang = $this->sanitize($caption['attribs']['']['lang'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['start'])) { $caption_startTime = $this->sanitize($caption['attribs']['']['start'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['end'])) { $caption_endTime = $this->sanitize($caption['attribs']['']['end'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['data'])) { $caption_text = $this->sanitize($caption['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $captions[] = $this->registry->create(Caption::class, [$caption_type, $caption_lang, $caption_startTime, $caption_endTime, $caption_text]); } if (is_array($captions)) { $captions = array_values(array_unique($captions)); } } else { $captions = $captions_parent; } // CATEGORIES if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['category'])) { foreach ((array) $content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['category'] as $category) { $term = null; $scheme = null; $label = null; if (isset($category['data'])) { $term = $this->sanitize($category['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($category['attribs']['']['scheme'])) { $scheme = $this->sanitize($category['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $scheme = 'http://search.yahoo.com/mrss/category_schema'; } if (isset($category['attribs']['']['label'])) { $label = $this->sanitize($category['attribs']['']['label'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $categories[] = $this->registry->create(Category::class, [$term, $scheme, $label]); } } if (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['category'])) { foreach ((array) $group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['category'] as $category) { $term = null; $scheme = null; $label = null; if (isset($category['data'])) { $term = $this->sanitize($category['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($category['attribs']['']['scheme'])) { $scheme = $this->sanitize($category['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $scheme = 'http://search.yahoo.com/mrss/category_schema'; } if (isset($category['attribs']['']['label'])) { $label = $this->sanitize($category['attribs']['']['label'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $categories[] = $this->registry->create(Category::class, [$term, $scheme, $label]); } } if (is_array($categories) && is_array($categories_parent)) { $categories = array_values(array_unique(array_merge($categories, $categories_parent))); } elseif (is_array($categories)) { $categories = array_values(array_unique($categories)); } elseif (is_array($categories_parent)) { $categories = array_values(array_unique($categories_parent)); } // COPYRIGHTS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'])) { $copyright_url = null; $copyright_label = null; if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['attribs']['']['url'])) { $copyright_url = $this->sanitize($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['data'])) { $copyright_label = $this->sanitize($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $copyrights = $this->registry->create(Copyright::class, [$copyright_url, $copyright_label]); } elseif (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'])) { $copyright_url = null; $copyright_label = null; if (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['attribs']['']['url'])) { $copyright_url = $this->sanitize($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['data'])) { $copyright_label = $this->sanitize($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $copyrights = $this->registry->create(Copyright::class, [$copyright_url, $copyright_label]); } else { $copyrights = $copyrights_parent; } // CREDITS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['credit'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['credit'] as $credit) { $credit_role = null; $credit_scheme = null; $credit_name = null; if (isset($credit['attribs']['']['role'])) { $credit_role = $this->sanitize($credit['attribs']['']['role'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($credit['attribs']['']['scheme'])) { $credit_scheme = $this->sanitize($credit['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $credit_scheme = 'urn:ebu'; } if (isset($credit['data'])) { $credit_name = $this->sanitize($credit['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $credits[] = $this->registry->create(Credit::class, [$credit_role, $credit_scheme, $credit_name]); } if (is_array($credits)) { $credits = array_values(array_unique($credits)); } } elseif (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['credit'])) { foreach ($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['credit'] as $credit) { $credit_role = null; $credit_scheme = null; $credit_name = null; if (isset($credit['attribs']['']['role'])) { $credit_role = $this->sanitize($credit['attribs']['']['role'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($credit['attribs']['']['scheme'])) { $credit_scheme = $this->sanitize($credit['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $credit_scheme = 'urn:ebu'; } if (isset($credit['data'])) { $credit_name = $this->sanitize($credit['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $credits[] = $this->registry->create(Credit::class, [$credit_role, $credit_scheme, $credit_name]); } if (is_array($credits)) { $credits = array_values(array_unique($credits)); } } else { $credits = $credits_parent; } // DESCRIPTION if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['description'])) { $description = $this->sanitize($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['description'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['description'])) { $description = $this->sanitize($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['description'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $description = $description_parent; } // HASHES if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['hash'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['hash'] as $hash) { $value = null; $algo = null; if (isset($hash['data'])) { $value = $this->sanitize($hash['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($hash['attribs']['']['algo'])) { $algo = $this->sanitize($hash['attribs']['']['algo'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $algo = 'md5'; } $hashes[] = $algo.':'.$value; } if (is_array($hashes)) { $hashes = array_values(array_unique($hashes)); } } elseif (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['hash'])) { foreach ($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['hash'] as $hash) { $value = null; $algo = null; if (isset($hash['data'])) { $value = $this->sanitize($hash['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($hash['attribs']['']['algo'])) { $algo = $this->sanitize($hash['attribs']['']['algo'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $algo = 'md5'; } $hashes[] = $algo.':'.$value; } if (is_array($hashes)) { $hashes = array_values(array_unique($hashes)); } } else { $hashes = $hashes_parent; } // KEYWORDS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['keywords'])) { if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['keywords'][0]['data'])) { $temp = explode(',', $this->sanitize($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['keywords'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT)); foreach ($temp as $word) { $keywords[] = trim($word); } unset($temp); } if (is_array($keywords)) { $keywords = array_values(array_unique($keywords)); } } elseif (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['keywords'])) { if (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['keywords'][0]['data'])) { $temp = explode(',', $this->sanitize($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['keywords'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT)); foreach ($temp as $word) { $keywords[] = trim($word); } unset($temp); } if (is_array($keywords)) { $keywords = array_values(array_unique($keywords)); } } else { $keywords = $keywords_parent; } // PLAYER if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['player'])) { $playerElem = $content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['player'][0]; $player = $this->sanitize($playerElem['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($playerElem)); } elseif (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['player'])) { $playerElem = $group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['player'][0]; $player = $this->sanitize($playerElem['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($playerElem)); } else { $player = $player_parent; } // RATINGS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['rating'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['rating'] as $rating) { $rating_scheme = null; $rating_value = null; if (isset($rating['attribs']['']['scheme'])) { $rating_scheme = $this->sanitize($rating['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $rating_scheme = 'urn:simple'; } if (isset($rating['data'])) { $rating_value = $this->sanitize($rating['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $ratings[] = $this->registry->create(Rating::class, [$rating_scheme, $rating_value]); } if (is_array($ratings)) { $ratings = array_values(array_unique($ratings)); } } elseif (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['rating'])) { foreach ($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['rating'] as $rating) { $rating_scheme = null; $rating_value = null; if (isset($rating['attribs']['']['scheme'])) { $rating_scheme = $this->sanitize($rating['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $rating_scheme = 'urn:simple'; } if (isset($rating['data'])) { $rating_value = $this->sanitize($rating['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $ratings[] = $this->registry->create(Rating::class, [$rating_scheme, $rating_value]); } if (is_array($ratings)) { $ratings = array_values(array_unique($ratings)); } } else { $ratings = $ratings_parent; } // RESTRICTIONS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['restriction'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['restriction'] as $restriction) { $restriction_relationship = null; $restriction_type = null; $restriction_value = null; if (isset($restriction['attribs']['']['relationship'])) { $restriction_relationship = $this->sanitize($restriction['attribs']['']['relationship'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($restriction['attribs']['']['type'])) { $restriction_type = $this->sanitize($restriction['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($restriction['data'])) { $restriction_value = $this->sanitize($restriction['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $restrictions[] = $this->registry->create(Restriction::class, [$restriction_relationship, $restriction_type, $restriction_value]); } if (is_array($restrictions)) { $restrictions = array_values(array_unique($restrictions)); } } elseif (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['restriction'])) { foreach ($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['restriction'] as $restriction) { $restriction_relationship = null; $restriction_type = null; $restriction_value = null; if (isset($restriction['attribs']['']['relationship'])) { $restriction_relationship = $this->sanitize($restriction['attribs']['']['relationship'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($restriction['attribs']['']['type'])) { $restriction_type = $this->sanitize($restriction['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($restriction['data'])) { $restriction_value = $this->sanitize($restriction['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $restrictions[] = $this->registry->create(Restriction::class, [$restriction_relationship, $restriction_type, $restriction_value]); } if (is_array($restrictions)) { $restrictions = array_values(array_unique($restrictions)); } } else { $restrictions = $restrictions_parent; } // THUMBNAILS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['thumbnail'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['thumbnail'] as $thumbnail) { $thumbnails[] = $this->sanitize($thumbnail['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($thumbnail)); } if (is_array($thumbnails)) { $thumbnails = array_values(array_unique($thumbnails)); } } elseif (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['thumbnail'])) { foreach ($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['thumbnail'] as $thumbnail) { $thumbnails[] = $this->sanitize($thumbnail['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($thumbnail)); } if (is_array($thumbnails)) { $thumbnails = array_values(array_unique($thumbnails)); } } else { $thumbnails = $thumbnails_parent; } // TITLES if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['title'])) { $title = $this->sanitize($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['title'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } elseif (isset($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['title'])) { $title = $this->sanitize($group['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['title'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $title = $title_parent; } $this->data['enclosures'][] = $this->registry->create(Enclosure::class, [$url, $type, $length, null, $bitrate, $captions, $categories, $channels, $copyrights, $credits, $description, $duration, $expression, $framerate, $hashes, $height, $keywords, $lang, $medium, $player, $ratings, $restrictions, $samplingrate, $thumbnails, $title, $width]); } } } } // If we have standalone media:content tags, loop through them. if (isset($this->data['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['content'])) { foreach ((array) $this->data['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['content'] as $content) { if (isset($content['attribs']['']['url']) || isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['player'])) { // Attributes $bitrate = null; $channels = null; $duration = null; $expression = null; $framerate = null; $height = null; $javascript = null; $lang = null; $length = null; $medium = null; $samplingrate = null; $type = null; $url = null; $width = null; // Elements $captions = null; $categories = null; $copyrights = null; $credits = null; $description = null; $hashes = null; $keywords = null; $player = null; $ratings = null; $restrictions = null; $thumbnails = null; $title = null; // Start checking the attributes of media:content if (isset($content['attribs']['']['bitrate'])) { $bitrate = $this->sanitize($content['attribs']['']['bitrate'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['channels'])) { $channels = $this->sanitize($content['attribs']['']['channels'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['duration'])) { $duration = $this->sanitize($content['attribs']['']['duration'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $duration = $duration_parent; } if (isset($content['attribs']['']['expression'])) { $expression = $this->sanitize($content['attribs']['']['expression'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['framerate'])) { $framerate = $this->sanitize($content['attribs']['']['framerate'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['height'])) { $height = $this->sanitize($content['attribs']['']['height'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['lang'])) { $lang = $this->sanitize($content['attribs']['']['lang'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['fileSize'])) { $length = intval($content['attribs']['']['fileSize']); } if (isset($content['attribs']['']['medium'])) { $medium = $this->sanitize($content['attribs']['']['medium'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['samplingrate'])) { $samplingrate = $this->sanitize($content['attribs']['']['samplingrate'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['type'])) { $type = $this->sanitize($content['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['width'])) { $width = $this->sanitize($content['attribs']['']['width'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['attribs']['']['url'])) { $url = $this->sanitize($content['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($content)); } // Checking the other optional media: elements. Priority: media:content, media:group, item, channel // CAPTIONS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['text'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['text'] as $caption) { $caption_type = null; $caption_lang = null; $caption_startTime = null; $caption_endTime = null; $caption_text = null; if (isset($caption['attribs']['']['type'])) { $caption_type = $this->sanitize($caption['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['lang'])) { $caption_lang = $this->sanitize($caption['attribs']['']['lang'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['start'])) { $caption_startTime = $this->sanitize($caption['attribs']['']['start'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['attribs']['']['end'])) { $caption_endTime = $this->sanitize($caption['attribs']['']['end'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($caption['data'])) { $caption_text = $this->sanitize($caption['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $captions[] = $this->registry->create(Caption::class, [$caption_type, $caption_lang, $caption_startTime, $caption_endTime, $caption_text]); } if (is_array($captions)) { $captions = array_values(array_unique($captions)); } } else { $captions = $captions_parent; } // CATEGORIES if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['category'])) { foreach ((array) $content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['category'] as $category) { $term = null; $scheme = null; $label = null; if (isset($category['data'])) { $term = $this->sanitize($category['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($category['attribs']['']['scheme'])) { $scheme = $this->sanitize($category['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $scheme = 'http://search.yahoo.com/mrss/category_schema'; } if (isset($category['attribs']['']['label'])) { $label = $this->sanitize($category['attribs']['']['label'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $categories[] = $this->registry->create(Category::class, [$term, $scheme, $label]); } } if (is_array($categories) && is_array($categories_parent)) { $categories = array_values(array_unique(array_merge($categories, $categories_parent))); } elseif (is_array($categories)) { $categories = array_values(array_unique($categories)); } elseif (is_array($categories_parent)) { $categories = array_values(array_unique($categories_parent)); } else { $categories = null; } // COPYRIGHTS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'])) { $copyright_url = null; $copyright_label = null; if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['attribs']['']['url'])) { $copyright_url = $this->sanitize($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['data'])) { $copyright_label = $this->sanitize($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['copyright'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $copyrights = $this->registry->create(Copyright::class, [$copyright_url, $copyright_label]); } else { $copyrights = $copyrights_parent; } // CREDITS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['credit'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['credit'] as $credit) { $credit_role = null; $credit_scheme = null; $credit_name = null; if (isset($credit['attribs']['']['role'])) { $credit_role = $this->sanitize($credit['attribs']['']['role'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($credit['attribs']['']['scheme'])) { $credit_scheme = $this->sanitize($credit['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $credit_scheme = 'urn:ebu'; } if (isset($credit['data'])) { $credit_name = $this->sanitize($credit['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $credits[] = $this->registry->create(Credit::class, [$credit_role, $credit_scheme, $credit_name]); } if (is_array($credits)) { $credits = array_values(array_unique($credits)); } } else { $credits = $credits_parent; } // DESCRIPTION if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['description'])) { $description = $this->sanitize($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['description'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $description = $description_parent; } // HASHES if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['hash'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['hash'] as $hash) { $value = null; $algo = null; if (isset($hash['data'])) { $value = $this->sanitize($hash['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($hash['attribs']['']['algo'])) { $algo = $this->sanitize($hash['attribs']['']['algo'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $algo = 'md5'; } $hashes[] = $algo.':'.$value; } if (is_array($hashes)) { $hashes = array_values(array_unique($hashes)); } } else { $hashes = $hashes_parent; } // KEYWORDS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['keywords'])) { if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['keywords'][0]['data'])) { $temp = explode(',', $this->sanitize($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['keywords'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT)); foreach ($temp as $word) { $keywords[] = trim($word); } unset($temp); } if (is_array($keywords)) { $keywords = array_values(array_unique($keywords)); } } else { $keywords = $keywords_parent; } // PLAYER if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['player'])) { if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['player'][0]['attribs']['']['url'])) { $playerElem = $content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['player'][0]; $player = $this->sanitize($playerElem['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($playerElem)); } } else { $player = $player_parent; } // RATINGS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['rating'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['rating'] as $rating) { $rating_scheme = null; $rating_value = null; if (isset($rating['attribs']['']['scheme'])) { $rating_scheme = $this->sanitize($rating['attribs']['']['scheme'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $rating_scheme = 'urn:simple'; } if (isset($rating['data'])) { $rating_value = $this->sanitize($rating['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $ratings[] = $this->registry->create(Rating::class, [$rating_scheme, $rating_value]); } if (is_array($ratings)) { $ratings = array_values(array_unique($ratings)); } } else { $ratings = $ratings_parent; } // RESTRICTIONS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['restriction'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['restriction'] as $restriction) { $restriction_relationship = null; $restriction_type = null; $restriction_value = null; if (isset($restriction['attribs']['']['relationship'])) { $restriction_relationship = $this->sanitize($restriction['attribs']['']['relationship'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($restriction['attribs']['']['type'])) { $restriction_type = $this->sanitize($restriction['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($restriction['data'])) { $restriction_value = $this->sanitize($restriction['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } $restrictions[] = $this->registry->create(Restriction::class, [$restriction_relationship, $restriction_type, $restriction_value]); } if (is_array($restrictions)) { $restrictions = array_values(array_unique($restrictions)); } } else { $restrictions = $restrictions_parent; } // THUMBNAILS if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['thumbnail'])) { foreach ($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['thumbnail'] as $thumbnail) { if (isset($thumbnail['attribs']['']['url'])) { $thumbnails[] = $this->sanitize($thumbnail['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($thumbnail)); } } if (is_array($thumbnails)) { $thumbnails = array_values(array_unique($thumbnails)); } } else { $thumbnails = $thumbnails_parent; } // TITLES if (isset($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['title'])) { $title = $this->sanitize($content['child'][\SimplePie\SimplePie::NAMESPACE_MEDIARSS]['title'][0]['data'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $title = $title_parent; } $this->data['enclosures'][] = $this->registry->create(Enclosure::class, [$url, $type, $length, null, $bitrate, $captions, $categories, $channels, $copyrights, $credits, $description, $duration, $expression, $framerate, $hashes, $height, $keywords, $lang, $medium, $player, $ratings, $restrictions, $samplingrate, $thumbnails, $title, $width]); } } } foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'link') as $link) { if (isset($link['attribs']['']['href']) && !empty($link['attribs']['']['rel']) && $link['attribs']['']['rel'] === 'enclosure') { // Attributes $bitrate = null; $channels = null; $duration = null; $expression = null; $framerate = null; $height = null; $javascript = null; $lang = null; $length = null; $medium = null; $samplingrate = null; $type = null; $url = null; $width = null; $url = $this->sanitize($link['attribs']['']['href'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($link)); if (isset($link['attribs']['']['type'])) { $type = $this->sanitize($link['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($link['attribs']['']['length'])) { $length = intval($link['attribs']['']['length']); } if (isset($link['attribs']['']['title'])) { $title = $this->sanitize($link['attribs']['']['title'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } else { $title = $title_parent; } // Since we don't have group or content for these, we'll just pass the '*_parent' variables directly to the constructor $this->data['enclosures'][] = $this->registry->create(Enclosure::class, [$url, $type, $length, null, $bitrate, $captions_parent, $categories_parent, $channels, $copyrights_parent, $credits_parent, $description_parent, $duration_parent, $expression, $framerate, $hashes_parent, $height, $keywords_parent, $lang, $medium, $player_parent, $ratings_parent, $restrictions_parent, $samplingrate, $thumbnails_parent, $title, $width]); } } foreach ((array) $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_03, 'link') as $link) { if (isset($link['attribs']['']['href']) && !empty($link['attribs']['']['rel']) && $link['attribs']['']['rel'] === 'enclosure') { // Attributes $bitrate = null; $channels = null; $duration = null; $expression = null; $framerate = null; $height = null; $javascript = null; $lang = null; $length = null; $medium = null; $samplingrate = null; $type = null; $url = null; $width = null; $url = $this->sanitize($link['attribs']['']['href'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($link)); if (isset($link['attribs']['']['type'])) { $type = $this->sanitize($link['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($link['attribs']['']['length'])) { $length = intval($link['attribs']['']['length']); } // Since we don't have group or content for these, we'll just pass the '*_parent' variables directly to the constructor $this->data['enclosures'][] = $this->registry->create(Enclosure::class, [$url, $type, $length, null, $bitrate, $captions_parent, $categories_parent, $channels, $copyrights_parent, $credits_parent, $description_parent, $duration_parent, $expression, $framerate, $hashes_parent, $height, $keywords_parent, $lang, $medium, $player_parent, $ratings_parent, $restrictions_parent, $samplingrate, $thumbnails_parent, $title_parent, $width]); } } foreach ($this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_RSS_20, 'enclosure') ?? [] as $enclosure) { if (isset($enclosure['attribs']['']['url'])) { // Attributes $bitrate = null; $channels = null; $duration = null; $expression = null; $framerate = null; $height = null; $javascript = null; $lang = null; $length = null; $medium = null; $samplingrate = null; $type = null; $url = null; $width = null; $url = $this->sanitize($enclosure['attribs']['']['url'], \SimplePie\SimplePie::CONSTRUCT_IRI, $this->get_own_base($enclosure)); $url = $this->get_sanitize()->https_url($url); if (isset($enclosure['attribs']['']['type'])) { $type = $this->sanitize($enclosure['attribs']['']['type'], \SimplePie\SimplePie::CONSTRUCT_TEXT); } if (isset($enclosure['attribs']['']['length'])) { $length = intval($enclosure['attribs']['']['length']); } // Since we don't have group or content for these, we'll just pass the '*_parent' variables directly to the constructor $this->data['enclosures'][] = $this->registry->create(Enclosure::class, [$url, $type, $length, null, $bitrate, $captions_parent, $categories_parent, $channels, $copyrights_parent, $credits_parent, $description_parent, $duration_parent, $expression, $framerate, $hashes_parent, $height, $keywords_parent, $lang, $medium, $player_parent, $ratings_parent, $restrictions_parent, $samplingrate, $thumbnails_parent, $title_parent, $width]); } } if (count($this->data['enclosures']) === 0 && ($url || $type || $length || $bitrate || $captions_parent || $categories_parent || $channels || $copyrights_parent || $credits_parent || $description_parent || $duration_parent || $expression || $framerate || $hashes_parent || $height || $keywords_parent || $lang || $medium || $player_parent || $ratings_parent || $samplingrate || $thumbnails_parent || $title_parent || $width)) { // Since we don't have group or content for these, we'll just pass the '*_parent' variables directly to the constructor $this->data['enclosures'][] = $this->registry->create(Enclosure::class, [$url, $type, $length, null, $bitrate, $captions_parent, $categories_parent, $channels, $copyrights_parent, $credits_parent, $description_parent, $duration_parent, $expression, $framerate, $hashes_parent, $height, $keywords_parent, $lang, $medium, $player_parent, $ratings_parent, $restrictions_parent, $samplingrate, $thumbnails_parent, $title_parent, $width]); } $this->data['enclosures'] = array_values(array_unique($this->data['enclosures'])); } if (!empty($this->data['enclosures'])) { return $this->data['enclosures']; } return null; } /** * Get the latitude coordinates for the item * * Compatible with the W3C WGS84 Basic Geo and GeoRSS specifications * * Uses `<geo:lat>` or `<georss:point>` * * @since 1.0 * @link http://www.w3.org/2003/01/geo/ W3C WGS84 Basic Geo * @link http://www.georss.org/ GeoRSS * @return float|null */ public function get_latitude() { if ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_W3C_BASIC_GEO, 'lat')) { return (float) $return[0]['data']; } elseif (($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_GEORSS, 'point')) && preg_match('/^((?:-)?[0-9]+(?:\.[0-9]+)) ((?:-)?[0-9]+(?:\.[0-9]+))$/', trim($return[0]['data']), $match)) { return (float) $match[1]; } return null; } /** * Get the longitude coordinates for the item * * Compatible with the W3C WGS84 Basic Geo and GeoRSS specifications * * Uses `<geo:long>`, `<geo:lon>` or `<georss:point>` * * @since 1.0 * @link http://www.w3.org/2003/01/geo/ W3C WGS84 Basic Geo * @link http://www.georss.org/ GeoRSS * @return float|null */ public function get_longitude() { if ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_W3C_BASIC_GEO, 'long')) { return (float) $return[0]['data']; } elseif ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_W3C_BASIC_GEO, 'lon')) { return (float) $return[0]['data']; } elseif (($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_GEORSS, 'point')) && preg_match('/^((?:-)?[0-9]+(?:\.[0-9]+)) ((?:-)?[0-9]+(?:\.[0-9]+))$/', trim($return[0]['data']), $match)) { return (float) $match[2]; } return null; } /** * Get the `<atom:source>` for the item * * @since 1.1 * @return \SimplePie\Source|null */ public function get_source() { if ($return = $this->get_item_tags(\SimplePie\SimplePie::NAMESPACE_ATOM_10, 'source')) { return $this->registry->create(Source::class, [$this, $return[0]]); } return null; } public function set_sanitize(Sanitize $sanitize): void { $this->sanitize = $sanitize; } protected function get_sanitize(): Sanitize { if ($this->sanitize === null) { $this->sanitize = new Sanitize(); } return $this->sanitize; } } class_alias('SimplePie\Item', 'SimplePie_Item'); HTTP/cache-20260605065428.php 0000666 00000032256 15226703613 0010513 0 ustar 00 <?php /** * Object Cache API * * @link https://developer.wordpress.org/reference/classes/wp_object_cache/ * * @package WordPress * @subpackage Cache */ /** WP_Object_Cache class */ require_once ABSPATH . WPINC . '/class-wp-object-cache.php'; /** * Sets up Object Cache Global and assigns it. * * @since 2.0.0 * * @global WP_Object_Cache $wp_object_cache */ function wp_cache_init() { $GLOBALS['wp_object_cache'] = new WP_Object_Cache(); } /** * Adds data to the cache, if the cache key doesn't already exist. * * @since 2.0.0 * * @see WP_Object_Cache::add() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The data to add to the cache. * @param string $group Optional. The group to add the cache to. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When the cache data should expire, in seconds. * Default 0 (no expiration). * @return bool True on success, false if cache key and group already exist. */ function wp_cache_add( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add( $key, $data, $group, (int) $expire ); } /** * Adds multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::add_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if cache key and group already exist. */ function wp_cache_add_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add_multiple( $data, $group, (int) $expire ); } /** * Replaces the contents of the cache with new data. * * @since 2.0.0 * * @see WP_Object_Cache::replace() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache data that should be replaced. * @param mixed $data The new data to store in the cache. * @param string $group Optional. The group for the cache data that should be replaced. * Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True if contents were replaced, false if original value does not exist. */ function wp_cache_replace( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->replace( $key, $data, $group, (int) $expire ); } /** * Saves the data to the cache. * * Differs from wp_cache_add() and wp_cache_replace() in that it will always write data. * * @since 2.0.0 * * @see WP_Object_Cache::set() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The contents to store in the cache. * @param string $group Optional. Where to group the cache contents. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True on success, false on failure. */ function wp_cache_set( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set( $key, $data, $group, (int) $expire ); } /** * Sets multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::set_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false on failure. */ function wp_cache_set_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set_multiple( $data, $group, (int) $expire ); } /** * Retrieves the cache contents from the cache by key and group. * * @since 2.0.0 * * @see WP_Object_Cache::get() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @param bool|null $found Optional. Whether the key was found in the cache (passed by reference). * Disambiguates a return of false, a storable value. Default null. * @return mixed|false The cache contents on success, false on failure to retrieve contents. */ function wp_cache_get( $key, $group = '', $force = false, &$found = null ) { global $wp_object_cache; return $wp_object_cache->get( $key, $group, $force, $found ); } /** * Retrieves multiple values from the cache in one call. * * @since 5.5.0 * * @see WP_Object_Cache::get_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @return array Array of return values, grouped by key. Each value is either * the cache contents on success, or false on failure. */ function wp_cache_get_multiple( $keys, $group = '', $force = false ) { global $wp_object_cache; return $wp_object_cache->get_multiple( $keys, $group, $force ); } /** * Removes the cache contents matching key and group. * * @since 2.0.0 * * @see WP_Object_Cache::delete() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key What the contents in the cache are called. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool True on successful removal, false on failure. */ function wp_cache_delete( $key, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete( $key, $group ); } /** * Deletes multiple values from the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::delete_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache to deleted. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if the contents were not deleted. */ function wp_cache_delete_multiple( array $keys, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete_multiple( $keys, $group ); } /** * Increments numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::incr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache contents that should be incremented. * @param int $offset Optional. The amount by which to increment the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_incr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->incr( $key, $offset, $group ); } /** * Decrements numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::decr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to decrement. * @param int $offset Optional. The amount by which to decrement the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_decr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->decr( $key, $offset, $group ); } /** * Removes all cache items. * * @since 2.0.0 * * @see WP_Object_Cache::flush() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @return bool True on success, false on failure. */ function wp_cache_flush() { global $wp_object_cache; return $wp_object_cache->flush(); } /** * Removes all cache items from the in-memory runtime cache. * * @since 6.0.0 * * @see WP_Object_Cache::flush() * * @return bool True on success, false on failure. */ function wp_cache_flush_runtime() { return wp_cache_flush(); } /** * Removes all cache items in a group, if the object cache implementation supports it. * * Before calling this function, always check for group flushing support using the * `wp_cache_supports( 'flush_group' )` function. * * @since 6.1.0 * * @see WP_Object_Cache::flush_group() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string $group Name of group to remove from cache. * @return bool True if group was flushed, false otherwise. */ function wp_cache_flush_group( $group ) { global $wp_object_cache; return $wp_object_cache->flush_group( $group ); } /** * Determines whether the object cache implementation supports a particular feature. * * @since 6.1.0 * * @param string $feature Name of the feature to check for. Possible values include: * 'add_multiple', 'set_multiple', 'get_multiple', 'delete_multiple', * 'flush_runtime', 'flush_group'. * @return bool True if the feature is supported, false otherwise. */ function wp_cache_supports( $feature ) { switch ( $feature ) { case 'add_multiple': case 'set_multiple': case 'get_multiple': case 'delete_multiple': case 'flush_runtime': case 'flush_group': return true; default: return false; } } /** * Closes the cache. * * This function has ceased to do anything since WordPress 2.5. The * functionality was removed along with the rest of the persistent cache. * * This does not mean that plugins can't implement this function when they need * to make sure that the cache is cleaned up after WordPress no longer needs it. * * @since 2.0.0 * * @return true Always returns true. */ function wp_cache_close() { return true; } /** * Adds a group or set of groups to the list of global groups. * * @since 2.6.0 * * @see WP_Object_Cache::add_global_groups() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_global_groups( $groups ) { global $wp_object_cache; $wp_object_cache->add_global_groups( $groups ); } /** * Adds a group or set of groups to the list of non-persistent groups. * * @since 2.6.0 * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_non_persistent_groups( $groups ) { // Default cache doesn't persist so nothing to do here. } /** * Switches the internal blog ID. * * This changes the blog id used to create keys in blog specific groups. * * @since 3.5.0 * * @see WP_Object_Cache::switch_to_blog() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int $blog_id Site ID. */ function wp_cache_switch_to_blog( $blog_id ) { global $wp_object_cache; $wp_object_cache->switch_to_blog( $blog_id ); } /** * Resets internal cache keys and structures. * * If the cache back end uses global blog or site IDs as part of its cache keys, * this function instructs the back end to reset those keys and perform any cleanup * since blog or site IDs have changed since cache init. * * This function is deprecated. Use wp_cache_switch_to_blog() instead of this * function when preparing the cache for a blog switch. For clearing the cache * during unit tests, consider using wp_cache_init(). wp_cache_init() is not * recommended outside of unit tests as the performance penalty for using it is high. * * @since 3.0.0 * @deprecated 3.5.0 Use wp_cache_switch_to_blog() * @see WP_Object_Cache::reset() * * @global WP_Object_Cache $wp_object_cache Object cache global instance. */ function wp_cache_reset() { _deprecated_function( __FUNCTION__, '3.5.0', 'wp_cache_switch_to_blog()' ); global $wp_object_cache; $wp_object_cache->reset(); } HTTP/class-wp-oembed-controller-20260605063657.php 0000666 00000015371 15226703613 0014614 0 ustar 00 <?php /** * WP_oEmbed_Controller class, used to provide an oEmbed endpoint. * * @package WordPress * @subpackage Embeds * @since 4.4.0 */ /** * oEmbed API endpoint controller. * * Registers the REST API route and delivers the response data. * The output format (XML or JSON) is handled by the REST API. * * @since 4.4.0 */ #[AllowDynamicProperties] final class WP_oEmbed_Controller { /** * Register the oEmbed REST API route. * * @since 4.4.0 */ public function register_routes() { /** * Filters the maxwidth oEmbed parameter. * * @since 4.4.0 * * @param int $maxwidth Maximum allowed width. Default 600. */ $maxwidth = apply_filters( 'oembed_default_width', 600 ); register_rest_route( 'oembed/1.0', '/embed', array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_item' ), 'permission_callback' => '__return_true', 'args' => array( 'url' => array( 'description' => __( 'The URL of the resource for which to fetch oEmbed data.' ), 'required' => true, 'type' => 'string', 'format' => 'uri', ), 'format' => array( 'default' => 'json', 'sanitize_callback' => 'wp_oembed_ensure_format', ), 'maxwidth' => array( 'default' => $maxwidth, 'sanitize_callback' => 'absint', ), ), ), ) ); register_rest_route( 'oembed/1.0', '/proxy', array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_proxy_item' ), 'permission_callback' => array( $this, 'get_proxy_item_permissions_check' ), 'args' => array( 'url' => array( 'description' => __( 'The URL of the resource for which to fetch oEmbed data.' ), 'required' => true, 'type' => 'string', 'format' => 'uri', ), 'format' => array( 'description' => __( 'The oEmbed format to use.' ), 'type' => 'string', 'default' => 'json', 'enum' => array( 'json', 'xml', ), ), 'maxwidth' => array( 'description' => __( 'The maximum width of the embed frame in pixels.' ), 'type' => 'integer', 'default' => $maxwidth, 'sanitize_callback' => 'absint', ), 'maxheight' => array( 'description' => __( 'The maximum height of the embed frame in pixels.' ), 'type' => 'integer', 'sanitize_callback' => 'absint', ), 'discover' => array( 'description' => __( 'Whether to perform an oEmbed discovery request for unsanctioned providers.' ), 'type' => 'boolean', 'default' => true, ), ), ), ) ); } /** * Callback for the embed API endpoint. * * Returns the JSON object for the post. * * @since 4.4.0 * * @param WP_REST_Request $request Full data about the request. * @return array|WP_Error oEmbed response data or WP_Error on failure. */ public function get_item( $request ) { $post_id = url_to_postid( $request['url'] ); /** * Filters the determined post ID. * * @since 4.4.0 * * @param int $post_id The post ID. * @param string $url The requested URL. */ $post_id = apply_filters( 'oembed_request_post_id', $post_id, $request['url'] ); $data = get_oembed_response_data( $post_id, $request['maxwidth'] ); if ( ! $data ) { return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) ); } return $data; } /** * Checks if current user can make a proxy oEmbed request. * * @since 4.8.0 * * @return true|WP_Error True if the request has read access, WP_Error object otherwise. */ public function get_proxy_item_permissions_check() { if ( ! current_user_can( 'edit_posts' ) ) { return new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to make proxied oEmbed requests.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Callback for the proxy API endpoint. * * Returns the JSON object for the proxied item. * * @since 4.8.0 * * @see WP_oEmbed::get_html() * @global WP_Embed $wp_embed WordPress Embed object. * @global WP_Scripts $wp_scripts * * @param WP_REST_Request $request Full data about the request. * @return object|WP_Error oEmbed response data or WP_Error on failure. */ public function get_proxy_item( $request ) { global $wp_embed, $wp_scripts; $args = $request->get_params(); // Serve oEmbed data from cache if set. unset( $args['_wpnonce'] ); $cache_key = 'oembed_' . md5( serialize( $args ) ); $data = get_transient( $cache_key ); if ( ! empty( $data ) ) { return $data; } $url = $request['url']; unset( $args['url'] ); // Copy maxwidth/maxheight to width/height since WP_oEmbed::fetch() uses these arg names. if ( isset( $args['maxwidth'] ) ) { $args['width'] = $args['maxwidth']; } if ( isset( $args['maxheight'] ) ) { $args['height'] = $args['maxheight']; } // Short-circuit process for URLs belonging to the current site. $data = get_oembed_response_data_for_url( $url, $args ); if ( $data ) { return $data; } $data = _wp_oembed_get_object()->get_data( $url, $args ); if ( false === $data ) { // Try using a classic embed, instead. /* @var WP_Embed $wp_embed */ $html = $wp_embed->get_embed_handler_html( $args, $url ); if ( $html ) { // Check if any scripts were enqueued by the shortcode, and include them in the response. $enqueued_scripts = array(); foreach ( $wp_scripts->queue as $script ) { $enqueued_scripts[] = $wp_scripts->registered[ $script ]->src; } return (object) array( 'provider_name' => __( 'Embed Handler' ), 'html' => $html, 'scripts' => $enqueued_scripts, ); } return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) ); } /** This filter is documented in wp-includes/class-wp-oembed.php */ $data->html = apply_filters( 'oembed_result', _wp_oembed_get_object()->data2html( (object) $data, $url ), $url, $args ); /** * Filters the oEmbed TTL value (time to live). * * Similar to the {@see 'oembed_ttl'} filter, but for the REST API * oEmbed proxy endpoint. * * @since 4.8.0 * * @param int $time Time to live (in seconds). * @param string $url The attempted embed URL. * @param array $args An array of embed request arguments. */ $ttl = apply_filters( 'rest_oembed_ttl', DAY_IN_SECONDS, $url, $args ); set_transient( $cache_key, $data, $ttl ); return $data; } } HTTP/https-detection-20260606052845-20260609153821.php 0000666 00000013341 15226703613 0014152 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606074142-20260608092454.php 0000666 00000011205 15226703613 0014157 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/block-editor.php 0000666 00000071142 15226703613 0010430 0 ustar 00 <?php /** * Block Editor API. * * @package WordPress * @subpackage Editor * @since 5.8.0 */ /** * Returns the list of default categories for block types. * * @since 5.8.0 * @since 6.3.0 Reusable Blocks renamed to Patterns. * * @return array[] Array of categories for block types. */ function get_default_block_categories() { return array( array( 'slug' => 'text', 'title' => _x( 'Text', 'block category' ), 'icon' => null, ), array( 'slug' => 'media', 'title' => _x( 'Media', 'block category' ), 'icon' => null, ), array( 'slug' => 'design', 'title' => _x( 'Design', 'block category' ), 'icon' => null, ), array( 'slug' => 'widgets', 'title' => _x( 'Widgets', 'block category' ), 'icon' => null, ), array( 'slug' => 'theme', 'title' => _x( 'Theme', 'block category' ), 'icon' => null, ), array( 'slug' => 'embed', 'title' => _x( 'Embeds', 'block category' ), 'icon' => null, ), array( 'slug' => 'reusable', 'title' => _x( 'Patterns', 'block category' ), 'icon' => null, ), ); } /** * Returns all the categories for block types that will be shown in the block editor. * * @since 5.0.0 * @since 5.8.0 It is possible to pass the block editor context as param. * * @param WP_Post|WP_Block_Editor_Context $post_or_block_editor_context The current post object or * the block editor context. * * @return array[] Array of categories for block types. */ function get_block_categories( $post_or_block_editor_context ) { $block_categories = get_default_block_categories(); $block_editor_context = $post_or_block_editor_context instanceof WP_Post ? new WP_Block_Editor_Context( array( 'post' => $post_or_block_editor_context, ) ) : $post_or_block_editor_context; /** * Filters the default array of categories for block types. * * @since 5.8.0 * * @param array[] $block_categories Array of categories for block types. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $block_categories = apply_filters( 'block_categories_all', $block_categories, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the default array of categories for block types. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_categories_all'} filter instead. * * @param array[] $block_categories Array of categories for block types. * @param WP_Post $post Post being loaded. */ $block_categories = apply_filters_deprecated( 'block_categories', array( $block_categories, $post ), '5.8.0', 'block_categories_all' ); } return $block_categories; } /** * Gets the list of allowed block types to use in the block editor. * * @since 5.8.0 * * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return bool|string[] Array of block type slugs, or boolean to enable/disable all. */ function get_allowed_block_types( $block_editor_context ) { $allowed_block_types = true; /** * Filters the allowed block types for all editor types. * * @since 5.8.0 * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported). * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $allowed_block_types = apply_filters( 'allowed_block_types_all', $allowed_block_types, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the allowed block types for the editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'allowed_block_types_all'} filter instead. * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported) * @param WP_Post $post The post resource data. */ $allowed_block_types = apply_filters_deprecated( 'allowed_block_types', array( $allowed_block_types, $post ), '5.8.0', 'allowed_block_types_all' ); } return $allowed_block_types; } /** * Returns the default block editor settings. * * @since 5.8.0 * * @return array The default block editor settings. */ function get_default_block_editor_settings() { // Media settings. // wp_max_upload_size() can be expensive, so only call it when relevant for the current user. $max_upload_size = 0; if ( current_user_can( 'upload_files' ) ) { $max_upload_size = wp_max_upload_size(); if ( ! $max_upload_size ) { $max_upload_size = 0; } } /** This filter is documented in wp-admin/includes/media.php */ $image_size_names = apply_filters( 'image_size_names_choose', array( 'thumbnail' => __( 'Thumbnail' ), 'medium' => __( 'Medium' ), 'large' => __( 'Large' ), 'full' => __( 'Full Size' ), ) ); $available_image_sizes = array(); foreach ( $image_size_names as $image_size_slug => $image_size_name ) { $available_image_sizes[] = array( 'slug' => $image_size_slug, 'name' => $image_size_name, ); } $default_size = get_option( 'image_default_size', 'large' ); $image_default_size = in_array( $default_size, array_keys( $image_size_names ), true ) ? $default_size : 'large'; $image_dimensions = array(); $all_sizes = wp_get_registered_image_subsizes(); foreach ( $available_image_sizes as $size ) { $key = $size['slug']; if ( isset( $all_sizes[ $key ] ) ) { $image_dimensions[ $key ] = $all_sizes[ $key ]; } } // These styles are used if the "no theme styles" options is triggered or on // themes without their own editor styles. $default_editor_styles_file = ABSPATH . WPINC . '/css/dist/block-editor/default-editor-styles.css'; static $default_editor_styles_file_contents = false; if ( ! $default_editor_styles_file_contents && file_exists( $default_editor_styles_file ) ) { $default_editor_styles_file_contents = file_get_contents( $default_editor_styles_file ); } $default_editor_styles = array(); if ( $default_editor_styles_file_contents ) { $default_editor_styles = array( array( 'css' => $default_editor_styles_file_contents ), ); } $editor_settings = array( 'alignWide' => get_theme_support( 'align-wide' ), 'allowedBlockTypes' => true, 'allowedMimeTypes' => get_allowed_mime_types(), 'defaultEditorStyles' => $default_editor_styles, 'blockCategories' => get_default_block_categories(), 'isRTL' => is_rtl(), 'imageDefaultSize' => $image_default_size, 'imageDimensions' => $image_dimensions, 'imageEditing' => true, 'imageSizes' => $available_image_sizes, 'maxUploadFileSize' => $max_upload_size, '__experimentalDashboardLink' => admin_url( '/' ), // The following flag is required to enable the new Gallery block format on the mobile apps in 5.9. '__unstableGalleryWithImageBlocks' => true, ); $theme_settings = get_classic_theme_supports_block_editor_settings(); foreach ( $theme_settings as $key => $value ) { $editor_settings[ $key ] = $value; } return $editor_settings; } /** * Returns the block editor settings needed to use the Legacy Widget block which * is not registered by default. * * @since 5.8.0 * * @return array Settings to be used with get_block_editor_settings(). */ function get_legacy_widget_block_editor_settings() { $editor_settings = array(); /** * Filters the list of widget-type IDs that should **not** be offered by the * Legacy Widget block. * * Returning an empty array will make all widgets available. * * @since 5.8.0 * * @param string[] $widgets An array of excluded widget-type IDs. */ $editor_settings['widgetTypesToHideFromLegacyWidgetBlock'] = apply_filters( 'widget_types_to_hide_from_legacy_widget_block', array( 'pages', 'calendar', 'archives', 'media_audio', 'media_image', 'media_gallery', 'media_video', 'search', 'text', 'categories', 'recent-posts', 'recent-comments', 'rss', 'tag_cloud', 'custom_html', 'block', ) ); return $editor_settings; } /** * Collect the block editor assets that need to be loaded into the editor's iframe. * * @since 6.0.0 * @access private * * @global WP_Styles $wp_styles The WP_Styles current instance. * @global WP_Scripts $wp_scripts The WP_Scripts current instance. * * @return array { * The block editor assets. * * @type string|false $styles String containing the HTML for styles. * @type string|false $scripts String containing the HTML for scripts. * } */ function _wp_get_iframed_editor_assets() { global $wp_styles, $wp_scripts; // Keep track of the styles and scripts instance to restore later. $current_wp_styles = $wp_styles; $current_wp_scripts = $wp_scripts; // Create new instances to collect the assets. $wp_styles = new WP_Styles(); $wp_scripts = new WP_Scripts(); /* * Register all currently registered styles and scripts. The actions that * follow enqueue assets, but don't necessarily register them. */ $wp_styles->registered = $current_wp_styles->registered; $wp_scripts->registered = $current_wp_scripts->registered; /* * We generally do not need reset styles for the iframed editor. * However, if it's a classic theme, margins will be added to every block, * which is reset specifically for list items, so classic themes rely on * these reset styles. */ $wp_styles->done = wp_theme_has_theme_json() ? array( 'wp-reset-editor-styles' ) : array(); wp_enqueue_script( 'wp-polyfill' ); // Enqueue the `editorStyle` handles for all core block, and dependencies. wp_enqueue_style( 'wp-edit-blocks' ); if ( current_theme_supports( 'wp-block-styles' ) ) { wp_enqueue_style( 'wp-block-library-theme' ); } /* * We don't want to load EDITOR scripts in the iframe, only enqueue * front-end assets for the content. */ add_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); do_action( 'enqueue_block_assets' ); remove_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Additionally, do enqueue `editorStyle` assets for all blocks, which * contains editor-only styling for blocks (editor content). */ foreach ( $block_registry->get_all_registered() as $block_type ) { if ( isset( $block_type->editor_style_handles ) && is_array( $block_type->editor_style_handles ) ) { foreach ( $block_type->editor_style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } } } /** * Remove the deprecated `print_emoji_styles` handler. * It avoids breaking style generation with a deprecation message. */ $has_emoji_styles = has_action( 'wp_print_styles', 'print_emoji_styles' ); if ( $has_emoji_styles ) { remove_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_styles(); wp_print_font_faces(); wp_print_font_faces_from_style_variations(); $styles = ob_get_clean(); if ( $has_emoji_styles ) { add_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_head_scripts(); wp_print_footer_scripts(); $scripts = ob_get_clean(); // Restore the original instances. $wp_styles = $current_wp_styles; $wp_scripts = $current_wp_scripts; return array( 'styles' => $styles, 'scripts' => $scripts, ); } /** * Finds the first occurrence of a specific block in an array of blocks. * * @since 6.3.0 * * @param array $blocks Array of blocks. * @param string $block_name Name of the block to find. * @return array Found block, or empty array if none found. */ function wp_get_first_block( $blocks, $block_name ) { foreach ( $blocks as $block ) { if ( $block_name === $block['blockName'] ) { return $block; } if ( ! empty( $block['innerBlocks'] ) ) { $found_block = wp_get_first_block( $block['innerBlocks'], $block_name ); if ( ! empty( $found_block ) ) { return $found_block; } } } return array(); } /** * Retrieves Post Content block attributes from the current post template. * * @since 6.3.0 * @since 6.4.0 Return null if there is no post content block. * @access private * * @global int $post_ID * * @return array|null Post Content block attributes array or null if Post Content block doesn't exist. */ function wp_get_post_content_block_attributes() { global $post_ID; $is_block_theme = wp_is_block_theme(); if ( ! $is_block_theme || ! $post_ID ) { return null; } $template_slug = get_page_template_slug( $post_ID ); if ( ! $template_slug ) { $post_slug = 'singular'; $page_slug = 'singular'; $template_types = get_block_templates(); foreach ( $template_types as $template_type ) { if ( 'page' === $template_type->slug ) { $page_slug = 'page'; } if ( 'single' === $template_type->slug ) { $post_slug = 'single'; } } $what_post_type = get_post_type( $post_ID ); switch ( $what_post_type ) { case 'page': $template_slug = $page_slug; break; default: $template_slug = $post_slug; break; } } $current_template = get_block_templates( array( 'slug__in' => array( $template_slug ) ) ); if ( ! empty( $current_template ) ) { $template_blocks = parse_blocks( $current_template[0]->content ); $post_content_block = wp_get_first_block( $template_blocks, 'core/post-content' ); if ( isset( $post_content_block['attrs'] ) ) { return $post_content_block['attrs']; } } return null; } /** * Returns the contextualized block editor settings for a selected editor context. * * @since 5.8.0 * * @param array $custom_settings Custom settings to use with the given editor type. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return array The contextualized block editor settings. */ function get_block_editor_settings( array $custom_settings, $block_editor_context ) { $editor_settings = array_merge( get_default_block_editor_settings(), array( 'allowedBlockTypes' => get_allowed_block_types( $block_editor_context ), 'blockCategories' => get_block_categories( $block_editor_context ), ), $custom_settings ); $editor_settings['__experimentalBlockBindingsSupportedAttributes'] = array(); foreach ( array_keys( WP_Block_Type_Registry::get_instance()->get_all_registered() ) as $block_type ) { $supported_block_attributes = get_block_bindings_supported_attributes( $block_type ); if ( ! empty( $supported_block_attributes ) ) { $editor_settings['__experimentalBlockBindingsSupportedAttributes'][ $block_type ] = $supported_block_attributes; } } $global_styles = array(); $presets = array( array( 'css' => 'variables', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), array( 'css' => 'presets', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), ); foreach ( $presets as $preset_style ) { $actual_css = wp_get_global_stylesheet( array( $preset_style['css'] ) ); if ( '' !== $actual_css ) { $preset_style['css'] = $actual_css; $global_styles[] = $preset_style; } } if ( wp_theme_has_theme_json() ) { $block_classes = array( 'css' => 'styles', '__unstableType' => 'theme', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } /* * Add the custom CSS as a separate stylesheet so any invalid CSS * entered by users does not break other global styles. */ $global_styles[] = array( 'css' => wp_get_global_stylesheet( array( 'custom-css' ) ), '__unstableType' => 'user', 'isGlobalStyles' => true, ); } else { // If there is no `theme.json` file, ensure base layout styles are still available. $block_classes = array( 'css' => 'base-layout-styles', '__unstableType' => 'base-layout', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } } $editor_settings['styles'] = array_merge( $global_styles, get_block_editor_theme_styles() ); $editor_settings['__experimentalFeatures'] = wp_get_global_settings(); // These settings may need to be updated based on data coming from theme.json sources. if ( isset( $editor_settings['__experimentalFeatures']['color']['palette'] ) ) { $colors_by_origin = $editor_settings['__experimentalFeatures']['color']['palette']; $editor_settings['colors'] = isset( $colors_by_origin['custom'] ) ? $colors_by_origin['custom'] : ( isset( $colors_by_origin['theme'] ) ? $colors_by_origin['theme'] : $colors_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['gradients'] ) ) { $gradients_by_origin = $editor_settings['__experimentalFeatures']['color']['gradients']; $editor_settings['gradients'] = isset( $gradients_by_origin['custom'] ) ? $gradients_by_origin['custom'] : ( isset( $gradients_by_origin['theme'] ) ? $gradients_by_origin['theme'] : $gradients_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['fontSizes'] ) ) { $font_sizes_by_origin = $editor_settings['__experimentalFeatures']['typography']['fontSizes']; $editor_settings['fontSizes'] = isset( $font_sizes_by_origin['custom'] ) ? $font_sizes_by_origin['custom'] : ( isset( $font_sizes_by_origin['theme'] ) ? $font_sizes_by_origin['theme'] : $font_sizes_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['custom'] ) ) { $editor_settings['disableCustomColors'] = ! $editor_settings['__experimentalFeatures']['color']['custom']; unset( $editor_settings['__experimentalFeatures']['color']['custom'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ) ) { $editor_settings['disableCustomGradients'] = ! $editor_settings['__experimentalFeatures']['color']['customGradient']; unset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ) ) { $editor_settings['disableCustomFontSizes'] = ! $editor_settings['__experimentalFeatures']['typography']['customFontSize']; unset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ) ) { $editor_settings['enableCustomLineHeight'] = $editor_settings['__experimentalFeatures']['typography']['lineHeight']; unset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['units'] ) ) { $editor_settings['enableCustomUnits'] = $editor_settings['__experimentalFeatures']['spacing']['units']; unset( $editor_settings['__experimentalFeatures']['spacing']['units'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ) ) { $editor_settings['enableCustomSpacing'] = $editor_settings['__experimentalFeatures']['spacing']['padding']; unset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ) ) { $editor_settings['disableCustomSpacingSizes'] = ! $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize']; unset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['spacingSizes'] ) ) { $spacing_sizes_by_origin = $editor_settings['__experimentalFeatures']['spacing']['spacingSizes']; $editor_settings['spacingSizes'] = isset( $spacing_sizes_by_origin['custom'] ) ? $spacing_sizes_by_origin['custom'] : ( isset( $spacing_sizes_by_origin['theme'] ) ? $spacing_sizes_by_origin['theme'] : $spacing_sizes_by_origin['default'] ); } $editor_settings['__unstableResolvedAssets'] = _wp_get_iframed_editor_assets(); $editor_settings['__unstableIsBlockBasedTheme'] = wp_is_block_theme(); $editor_settings['localAutosaveInterval'] = 15; $editor_settings['disableLayoutStyles'] = current_theme_supports( 'disable-layout-styles' ); $editor_settings['__experimentalDiscussionSettings'] = array( 'commentOrder' => get_option( 'comment_order' ), 'commentsPerPage' => get_option( 'comments_per_page' ), 'defaultCommentsPage' => get_option( 'default_comments_page' ), 'pageComments' => get_option( 'page_comments' ), 'threadComments' => get_option( 'thread_comments' ), 'threadCommentsDepth' => get_option( 'thread_comments_depth' ), 'defaultCommentStatus' => get_option( 'default_comment_status' ), 'avatarURL' => get_avatar_url( '', array( 'size' => 96, 'force_default' => true, 'default' => get_option( 'avatar_default' ), ) ), ); $post_content_block_attributes = wp_get_post_content_block_attributes(); if ( isset( $post_content_block_attributes ) ) { $editor_settings['postContentAttributes'] = $post_content_block_attributes; } $editor_settings['canUpdateBlockBindings'] = current_user_can( 'edit_block_binding', $block_editor_context ); /** * Filters the settings to pass to the block editor for all editor type. * * @since 5.8.0 * * @param array $editor_settings Default editor settings. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $editor_settings = apply_filters( 'block_editor_settings_all', $editor_settings, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the settings to pass to the block editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_settings_all'} filter instead. * * @param array $editor_settings Default editor settings. * @param WP_Post $post Post being edited. */ $editor_settings = apply_filters_deprecated( 'block_editor_settings', array( $editor_settings, $post ), '5.8.0', 'block_editor_settings_all' ); } return $editor_settings; } /** * Preloads common data used with the block editor by specifying an array of * REST API paths that will be preloaded for a given block editor context. * * @since 5.8.0 * * @global WP_Post $post Global post object. * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * @global WP_Styles $wp_styles The WP_Styles object for printing styles. * * @param (string|string[])[] $preload_paths List of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ function block_editor_rest_api_preload( array $preload_paths, $block_editor_context ) { global $post, $wp_scripts, $wp_styles; /** * Filters the array of REST API paths that will be used to preloaded common data for the block editor. * * @since 5.8.0 * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $preload_paths = apply_filters( 'block_editor_rest_api_preload_paths', $preload_paths, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $selected_post = $block_editor_context->post; /** * Filters the array of paths that will be preloaded. * * Preload common data by specifying an array of REST API paths that will be preloaded. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_rest_api_preload_paths'} filter instead. * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Post $selected_post Post being edited. */ $preload_paths = apply_filters_deprecated( 'block_editor_preload_paths', array( $preload_paths, $selected_post ), '5.8.0', 'block_editor_rest_api_preload_paths' ); } if ( empty( $preload_paths ) ) { return; } /* * Ensure the global $post, $wp_scripts, and $wp_styles remain the same after * API data is preloaded. * Because API preloading can call the_content and other filters, plugins * can unexpectedly modify the global $post or enqueue assets which are not * intended for the block editor. */ $backup_global_post = ! empty( $post ) ? clone $post : $post; $backup_wp_scripts = ! empty( $wp_scripts ) ? clone $wp_scripts : $wp_scripts; $backup_wp_styles = ! empty( $wp_styles ) ? clone $wp_styles : $wp_styles; foreach ( $preload_paths as &$path ) { if ( is_string( $path ) && ! str_starts_with( $path, '/' ) ) { $path = '/' . $path; continue; } if ( is_array( $path ) && is_string( $path[0] ) && ! str_starts_with( $path[0], '/' ) ) { $path[0] = '/' . $path[0]; } } unset( $path ); $preload_data = array_reduce( $preload_paths, 'rest_preload_api_request', array() ); // Restore the global $post, $wp_scripts, and $wp_styles as they were before API preloading. $post = $backup_global_post; $wp_scripts = $backup_wp_scripts; $wp_styles = $backup_wp_styles; wp_add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createPreloadingMiddleware( %s ) );', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Creates an array of theme styles to load into the block editor. * * @since 5.8.0 * * @global array $editor_styles * * @return array An array of theme styles for the block editor. */ function get_block_editor_theme_styles() { global $editor_styles; $styles = array(); if ( $editor_styles && current_theme_supports( 'editor-styles' ) ) { foreach ( $editor_styles as $style ) { if ( preg_match( '~^(https?:)?//~', $style ) ) { $response = wp_remote_get( $style ); if ( ! is_wp_error( $response ) ) { $styles[] = array( 'css' => wp_remote_retrieve_body( $response ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } else { $file = get_theme_file_path( $style ); if ( is_file( $file ) ) { $styles[] = array( 'css' => file_get_contents( $file ), 'baseURL' => get_theme_file_uri( $style ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } } } return $styles; } /** * Returns the classic theme supports settings for block editor. * * @since 6.2.0 * @since 6.6.0 Add support for 'editor-spacing-sizes' theme support. * * @return array The classic theme supports settings. */ function get_classic_theme_supports_block_editor_settings() { $theme_settings = array( 'disableCustomColors' => get_theme_support( 'disable-custom-colors' ), 'disableCustomFontSizes' => get_theme_support( 'disable-custom-font-sizes' ), 'disableCustomGradients' => get_theme_support( 'disable-custom-gradients' ), 'disableLayoutStyles' => get_theme_support( 'disable-layout-styles' ), 'enableCustomLineHeight' => get_theme_support( 'custom-line-height' ), 'enableCustomSpacing' => get_theme_support( 'custom-spacing' ), 'enableCustomUnits' => get_theme_support( 'custom-units' ), ); // Theme settings. $color_palette = current( (array) get_theme_support( 'editor-color-palette' ) ); if ( false !== $color_palette ) { $theme_settings['colors'] = $color_palette; } $font_sizes = current( (array) get_theme_support( 'editor-font-sizes' ) ); if ( false !== $font_sizes ) { $theme_settings['fontSizes'] = $font_sizes; } $gradient_presets = current( (array) get_theme_support( 'editor-gradient-presets' ) ); if ( false !== $gradient_presets ) { $theme_settings['gradients'] = $gradient_presets; } $spacing_sizes = current( (array) get_theme_support( 'editor-spacing-sizes' ) ); if ( false !== $spacing_sizes ) { $theme_settings['spacingSizes'] = $spacing_sizes; } return $theme_settings; } /** * Initialize site preview. * * This function sets IFRAME_REQUEST to true if the site preview parameter is set. * * @since 6.8.0 */ function wp_initialize_site_preview_hooks() { if ( ! defined( 'IFRAME_REQUEST' ) && isset( $_GET['wp_site_preview'] ) && 1 === (int) $_GET['wp_site_preview'] && current_user_can( 'edit_theme_options' ) ) { define( 'IFRAME_REQUEST', true ); } } HTTP/https-detection-20260606030444.php 0000666 00000013341 15226703613 0012547 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605125128-20260608183506.php 0000666 00000013341 15226703613 0014146 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605170301-20260608153846.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605202835.php 0000666 00000011205 15226703613 0012563 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605141018-20260607082937.php 0000666 00000013341 15226703613 0014147 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-dependency-20260605065505.php 0000666 00000005111 15226703613 0013277 0 ustar 00 <?php /** * Dependencies API: _WP_Dependency class * * @since 4.7.0 * * @package WordPress * @subpackage Dependencies */ /** * Class _WP_Dependency * * Helper class to register a handle and associated data. * * @access private * @since 2.6.0 */ #[AllowDynamicProperties] class _WP_Dependency { /** * The handle name. * * @since 2.6.0 * @var string */ public $handle; /** * The handle source. * * If source is set to false, the item is an alias of other items it depends on. * * @since 2.6.0 * @var string|false */ public $src; /** * An array of handle dependencies. * * @since 2.6.0 * @var string[] */ public $deps = array(); /** * The handle version. * * Used for cache-busting. * * @since 2.6.0 * @var string|false|null */ public $ver = false; /** * Additional arguments for the handle. * * @since 2.6.0 * @var mixed */ public $args = null; // Custom property, such as $in_footer or $media. /** * Extra data to supply to the handle. * * @since 2.6.0 * @var array */ public $extra = array(); /** * Translation textdomain set for this dependency. * * @since 5.0.0 * @var string */ public $textdomain; /** * Translation path set for this dependency. * * @since 5.0.0 * @var string */ public $translations_path; /** * Setup dependencies. * * @since 2.6.0 * @since 5.3.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @param mixed ...$args Dependency information. */ public function __construct( ...$args ) { list( $this->handle, $this->src, $this->deps, $this->ver, $this->args ) = $args; if ( ! is_array( $this->deps ) ) { $this->deps = array(); } } /** * Add handle data. * * @since 2.6.0 * * @param string $name The data key to add. * @param mixed $data The data value to add. * @return bool False if not scalar, true otherwise. */ public function add_data( $name, $data ) { if ( ! is_scalar( $name ) ) { return false; } $this->extra[ $name ] = $data; return true; } /** * Sets the translation domain for this dependency. * * @since 5.0.0 * * @param string $domain The translation textdomain. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool False if $domain is not a string, true otherwise. */ public function set_translations( $domain, $path = '' ) { if ( ! is_string( $domain ) ) { return false; } $this->textdomain = $domain; $this->translations_path = $path; return true; } } HTTP/class-wp-http-encoding-20260605093858.php 0000666 00000015041 15226703613 0013743 0 ustar 00 <?php /** * HTTP API: WP_Http_Encoding class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement deflate and gzip transfer encoding support for HTTP requests. * * Includes RFC 1950, RFC 1951, and RFC 1952. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Http_Encoding { /** * Compress raw string using the deflate format. * * Supports the RFC 1951 standard. * * @since 2.8.0 * * @param string $raw String to compress. * @param int $level Optional. Compression level, 9 is highest. Default 9. * @param string $supports Optional, not used. When implemented it will choose * the right compression based on what the server supports. * @return string|false Compressed string on success, false on failure. */ public static function compress( $raw, $level = 9, $supports = null ) { return gzdeflate( $raw, $level ); } /** * Decompression of deflated string. * * Will attempt to decompress using the RFC 1950 standard, and if that fails * then the RFC 1951 standard deflate will be attempted. Finally, the RFC * 1952 standard gzip decode will be attempted. If all fail, then the * original compressed string will be returned. * * @since 2.8.0 * * @param string $compressed String to decompress. * @param int $length The optional length of the compressed data. * @return string|false Decompressed string on success, false on failure. */ public static function decompress( $compressed, $length = null ) { if ( empty( $compressed ) ) { return $compressed; } $decompressed = @gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = self::compatible_gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = @gzuncompress( $compressed ); if ( false !== $decompressed ) { return $decompressed; } if ( function_exists( 'gzdecode' ) ) { $decompressed = @gzdecode( $compressed ); if ( false !== $decompressed ) { return $decompressed; } } return $compressed; } /** * Decompression of deflated string while staying compatible with the majority of servers. * * Certain Servers will return deflated data with headers which PHP's gzinflate() * function cannot handle out of the box. The following function has been created from * various snippets on the gzinflate() PHP documentation. * * Warning: Magic numbers within. Due to the potential different formats that the compressed * data may be returned in, some "magic offsets" are needed to ensure proper decompression * takes place. For a simple pragmatic way to determine the magic offset in use, see: * https://core.trac.wordpress.org/ticket/18273 * * @since 2.8.1 * * @link https://core.trac.wordpress.org/ticket/18273 * @link https://www.php.net/manual/en/function.gzinflate.php#70875 * @link https://www.php.net/manual/en/function.gzinflate.php#77336 * * @param string $gz_data String to decompress. * @return string|false Decompressed string on success, false on failure. */ public static function compatible_gzinflate( $gz_data ) { // Compressed data might contain a full header, if so strip it for gzinflate(). if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) { $i = 10; $flg = ord( substr( $gz_data, 3, 1 ) ); if ( $flg > 0 ) { if ( $flg & 4 ) { list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) ); $i = $i + 2 + $xlen; } if ( $flg & 8 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 16 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 2 ) { $i = $i + 2; } } $decompressed = @gzinflate( substr( $gz_data, $i, -8 ) ); if ( false !== $decompressed ) { return $decompressed; } } // Compressed data from java.util.zip.Deflater amongst others. $decompressed = @gzinflate( substr( $gz_data, 2 ) ); if ( false !== $decompressed ) { return $decompressed; } return false; } /** * What encoding types to accept and their priority values. * * @since 2.8.0 * * @param string $url * @param array $args * @return string Types of encoding to accept. */ public static function accept_encoding( $url, $args ) { $type = array(); $compression_enabled = self::is_available(); if ( ! $args['decompress'] ) { // Decompression specifically disabled. $compression_enabled = false; } elseif ( $args['stream'] ) { // Disable when streaming to file. $compression_enabled = false; } elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it. $compression_enabled = false; } if ( $compression_enabled ) { if ( function_exists( 'gzinflate' ) ) { $type[] = 'deflate;q=1.0'; } if ( function_exists( 'gzuncompress' ) ) { $type[] = 'compress;q=0.5'; } if ( function_exists( 'gzdecode' ) ) { $type[] = 'gzip;q=0.5'; } } /** * Filters the allowed encoding types. * * @since 3.6.0 * * @param string[] $type Array of what encoding types to accept and their priority values. * @param string $url URL of the HTTP request. * @param array $args HTTP request arguments. */ $type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args ); return implode( ', ', $type ); } /** * What encoding the content used when it was compressed to send in the headers. * * @since 2.8.0 * * @return string Content-Encoding string to send in the header. */ public static function content_encoding() { return 'deflate'; } /** * Whether the content be decoded based on the headers. * * @since 2.8.0 * * @param array|string $headers All of the available headers. * @return bool */ public static function should_decode( $headers ) { if ( is_array( $headers ) ) { if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) { return true; } } elseif ( is_string( $headers ) ) { return ( stripos( $headers, 'content-encoding:' ) !== false ); } return false; } /** * Whether decompression and compression are supported by the PHP version. * * Each function is tested instead of checking for the zlib extension, to * ensure that the functions all exist in the PHP version and aren't * disabled. * * @since 2.8.0 * * @return bool */ public static function is_available() { return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) ); } } HTTP/Exception-20260605074834.php 0000666 00000000543 15226703613 0011401 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; use Exception as NativeException; /** * General SimplePie exception class */ class Exception extends NativeException { } class_alias('SimplePie\Exception', 'SimplePie_Exception'); HTTP/https-migration-20260606071227-20260606102021.php 0000666 00000011205 15226703613 0014134 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605114012-20260606090130.php 0000666 00000013341 15226703613 0014120 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605170810.php 0000666 00000011205 15226703613 0012560 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/ClientException-20260605031323.php 0000666 00000000515 15226703613 0012521 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use SimplePie\Exception as SimplePieException; /** * Client exception class * * @internal */ final class ClientException extends SimplePieException { } HTTP/https-detection-20260605100735-20260615121008.php 0000666 00000013341 15226703613 0014126 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605100646-20260607065035.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260607110256-20260609083450.php 0000666 00000011205 15226703613 0014152 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605211138.php 0000666 00000013341 15226703613 0012547 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605091014-20260609061210.php 0000666 00000011205 15226703613 0014136 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606085143-20260608114300.php 0000666 00000011205 15226703613 0014143 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605183356-20260610175430.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605090909.php 0000666 00000013341 15226703613 0012562 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/RawTextResponse.php 0000666 00000004027 15226703613 0011165 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Response for rax text * * This interface must be interoperable with Psr\Http\Message\ResponseInterface * @see https://www.php-fig.org/psr/psr-7/#33-psrhttpmessageresponseinterface * * @internal */ final class RawTextResponse implements Response { /** * @var string */ private $raw_text; /** * @var string */ private $permanent_url; /** * @var array<non-empty-array<string>> */ private $headers = []; /** * @var string */ private $requested_url; public function __construct(string $raw_text, string $filepath) { $this->raw_text = $raw_text; $this->permanent_url = $filepath; $this->requested_url = $filepath; } public function get_permanent_uri(): string { return $this->permanent_url; } public function get_final_requested_uri(): string { return $this->requested_url; } public function get_status_code(): int { return 200; } public function get_headers(): array { return $this->headers; } public function has_header(string $name): bool { return isset($this->headers[strtolower($name)]); } public function get_header(string $name): array { return isset($this->headers[strtolower($name)]) ? $this->headers[$name] : []; } public function with_header(string $name, $value) { $new = clone $this; $newHeader = [ strtolower($name) => (array) $value, ]; $new->headers = $newHeader + $this->headers; return $new; } public function get_header_line(string $name): string { return isset($this->headers[strtolower($name)]) ? implode(", ", $this->headers[$name]) : ''; } public function get_body_content(): string { return $this->raw_text; } } HTTP/https-migration-20260606072415-20260608035200.php 0000666 00000011205 15226703613 0014142 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260607003752-20260608235907.php 0000666 00000011205 15226703613 0014161 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606002503-20260607011010.php 0000666 00000013341 15226703613 0014111 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260607032415.php 0000666 00000013341 15226703613 0012550 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606000629.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection.php 0000666 00000013341 15226703613 0011165 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605135219-20260608034746.php 0000666 00000011205 15226703613 0014161 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606183054-20260610075321.php 0000666 00000011205 15226703613 0014145 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605171945-20260606112816.php 0000666 00000011205 15226703613 0014160 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-proxy-20260605121204.php 0000666 00000013534 15226703613 0013314 0 ustar 00 <?php /** * HTTP API: WP_HTTP_Proxy class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement HTTP API proxy support. * * There are caveats to proxy support. It requires that defines be made in the wp-config.php file to * enable proxy support. There are also a few filters that plugins can hook into for some of the * constants. * * Please note that only BASIC authentication is supported by most transports. * cURL MAY support more methods (such as NTLM authentication) depending on your environment. * * The constants are as follows: * <ol> * <li>WP_PROXY_HOST - Enable proxy support and host for connecting.</li> * <li>WP_PROXY_PORT - Proxy port for connection. No default, must be defined.</li> * <li>WP_PROXY_USERNAME - Proxy username, if it requires authentication.</li> * <li>WP_PROXY_PASSWORD - Proxy password, if it requires authentication.</li> * <li>WP_PROXY_BYPASS_HOSTS - Will prevent the hosts in this list from going through the proxy. * You do not need to have localhost and the site host in this list, because they will not be passed * through the proxy. The list should be presented in a comma separated list, wildcards using * are supported. Example: *.wordpress.org</li> * </ol> * * An example can be as seen below. * * define('WP_PROXY_HOST', '192.168.84.101'); * define('WP_PROXY_PORT', '8080'); * define('WP_PROXY_BYPASS_HOSTS', 'localhost, www.example.com, *.wordpress.org'); * * @link https://core.trac.wordpress.org/ticket/4011 Proxy support ticket in WordPress. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_PROXY_BYPASS_HOSTS * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_HTTP_Proxy { /** * Whether proxy connection should be used. * * Constants which control this behavior: * * - `WP_PROXY_HOST` * - `WP_PROXY_PORT` * * @since 2.8.0 * * @return bool */ public function is_enabled() { return defined( 'WP_PROXY_HOST' ) && defined( 'WP_PROXY_PORT' ); } /** * Whether authentication should be used. * * Constants which control this behavior: * * - `WP_PROXY_USERNAME` * - `WP_PROXY_PASSWORD` * * @since 2.8.0 * * @return bool */ public function use_authentication() { return defined( 'WP_PROXY_USERNAME' ) && defined( 'WP_PROXY_PASSWORD' ); } /** * Retrieve the host for the proxy server. * * @since 2.8.0 * * @return string */ public function host() { if ( defined( 'WP_PROXY_HOST' ) ) { return WP_PROXY_HOST; } return ''; } /** * Retrieve the port for the proxy server. * * @since 2.8.0 * * @return string */ public function port() { if ( defined( 'WP_PROXY_PORT' ) ) { return WP_PROXY_PORT; } return ''; } /** * Retrieve the username for proxy authentication. * * @since 2.8.0 * * @return string */ public function username() { if ( defined( 'WP_PROXY_USERNAME' ) ) { return WP_PROXY_USERNAME; } return ''; } /** * Retrieve the password for proxy authentication. * * @since 2.8.0 * * @return string */ public function password() { if ( defined( 'WP_PROXY_PASSWORD' ) ) { return WP_PROXY_PASSWORD; } return ''; } /** * Retrieve authentication string for proxy authentication. * * @since 2.8.0 * * @return string */ public function authentication() { return $this->username() . ':' . $this->password(); } /** * Retrieve header string for proxy authentication. * * @since 2.8.0 * * @return string */ public function authentication_header() { return 'Proxy-Authorization: Basic ' . base64_encode( $this->authentication() ); } /** * Determines whether the request should be sent through a proxy. * * We want to keep localhost and the site URL from being sent through the proxy, because * some proxies can not handle this. We also have the constant available for defining other * hosts that won't be sent through the proxy. * * @since 2.8.0 * * @param string $uri URL of the request. * @return bool Whether to send the request through the proxy. */ public function send_through_proxy( $uri ) { $check = parse_url( $uri ); // Malformed URL, can not process, but this could mean ssl, so let through anyway. if ( false === $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); /** * Filters whether to preempt sending the request through the proxy. * * Returning false will bypass the proxy; returning true will send * the request through the proxy. Returning null bypasses the filter. * * @since 3.5.0 * * @param bool|null $override Whether to send the request through the proxy. Default null. * @param string $uri URL of the request. * @param array $check Associative array result of parsing the request URL with `parse_url()`. * @param array $home Associative array result of parsing the site URL with `parse_url()`. */ $result = apply_filters( 'pre_http_send_through_proxy', null, $uri, $check, $home ); if ( ! is_null( $result ) ) { return $result; } if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { return false; } if ( ! defined( 'WP_PROXY_BYPASS_HOSTS' ) ) { return true; } static $bypass_hosts = null; static $wildcard_regex = array(); if ( null === $bypass_hosts ) { $bypass_hosts = preg_split( '|,\s*|', WP_PROXY_BYPASS_HOSTS ); if ( str_contains( WP_PROXY_BYPASS_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $bypass_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $bypass_hosts, true ); } } } HTTP/https-migration-20260605111908.php 0000666 00000011205 15226703613 0012563 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605101028.php 0000666 00000011205 15226703613 0012553 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605221150-20260608165309.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606074753-20260610024008.php 0000666 00000013341 15226703613 0014136 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605183333-20260607215359.php 0000666 00000011205 15226703613 0014161 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605034026-20260606111629.php 0000666 00000013341 15226703613 0014135 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605034026-20260606060333.php 0000666 00000013341 15226703613 0014130 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606074155.php 0000666 00000011205 15226703613 0012566 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605213309-20260608030539.php 0000666 00000011205 15226703613 0014152 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606154019-20260608160834.php 0000666 00000013341 15226703613 0014147 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606100517-20260607202351.php 0000666 00000013341 15226703613 0014127 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605100823-20260608050439.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/cache-20260605074617.php 0000666 00000032256 15226703613 0010513 0 ustar 00 <?php /** * Object Cache API * * @link https://developer.wordpress.org/reference/classes/wp_object_cache/ * * @package WordPress * @subpackage Cache */ /** WP_Object_Cache class */ require_once ABSPATH . WPINC . '/class-wp-object-cache.php'; /** * Sets up Object Cache Global and assigns it. * * @since 2.0.0 * * @global WP_Object_Cache $wp_object_cache */ function wp_cache_init() { $GLOBALS['wp_object_cache'] = new WP_Object_Cache(); } /** * Adds data to the cache, if the cache key doesn't already exist. * * @since 2.0.0 * * @see WP_Object_Cache::add() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The data to add to the cache. * @param string $group Optional. The group to add the cache to. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When the cache data should expire, in seconds. * Default 0 (no expiration). * @return bool True on success, false if cache key and group already exist. */ function wp_cache_add( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add( $key, $data, $group, (int) $expire ); } /** * Adds multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::add_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if cache key and group already exist. */ function wp_cache_add_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add_multiple( $data, $group, (int) $expire ); } /** * Replaces the contents of the cache with new data. * * @since 2.0.0 * * @see WP_Object_Cache::replace() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache data that should be replaced. * @param mixed $data The new data to store in the cache. * @param string $group Optional. The group for the cache data that should be replaced. * Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True if contents were replaced, false if original value does not exist. */ function wp_cache_replace( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->replace( $key, $data, $group, (int) $expire ); } /** * Saves the data to the cache. * * Differs from wp_cache_add() and wp_cache_replace() in that it will always write data. * * @since 2.0.0 * * @see WP_Object_Cache::set() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The contents to store in the cache. * @param string $group Optional. Where to group the cache contents. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True on success, false on failure. */ function wp_cache_set( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set( $key, $data, $group, (int) $expire ); } /** * Sets multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::set_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false on failure. */ function wp_cache_set_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set_multiple( $data, $group, (int) $expire ); } /** * Retrieves the cache contents from the cache by key and group. * * @since 2.0.0 * * @see WP_Object_Cache::get() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @param bool|null $found Optional. Whether the key was found in the cache (passed by reference). * Disambiguates a return of false, a storable value. Default null. * @return mixed|false The cache contents on success, false on failure to retrieve contents. */ function wp_cache_get( $key, $group = '', $force = false, &$found = null ) { global $wp_object_cache; return $wp_object_cache->get( $key, $group, $force, $found ); } /** * Retrieves multiple values from the cache in one call. * * @since 5.5.0 * * @see WP_Object_Cache::get_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @return array Array of return values, grouped by key. Each value is either * the cache contents on success, or false on failure. */ function wp_cache_get_multiple( $keys, $group = '', $force = false ) { global $wp_object_cache; return $wp_object_cache->get_multiple( $keys, $group, $force ); } /** * Removes the cache contents matching key and group. * * @since 2.0.0 * * @see WP_Object_Cache::delete() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key What the contents in the cache are called. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool True on successful removal, false on failure. */ function wp_cache_delete( $key, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete( $key, $group ); } /** * Deletes multiple values from the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::delete_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache to deleted. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if the contents were not deleted. */ function wp_cache_delete_multiple( array $keys, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete_multiple( $keys, $group ); } /** * Increments numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::incr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache contents that should be incremented. * @param int $offset Optional. The amount by which to increment the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_incr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->incr( $key, $offset, $group ); } /** * Decrements numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::decr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to decrement. * @param int $offset Optional. The amount by which to decrement the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_decr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->decr( $key, $offset, $group ); } /** * Removes all cache items. * * @since 2.0.0 * * @see WP_Object_Cache::flush() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @return bool True on success, false on failure. */ function wp_cache_flush() { global $wp_object_cache; return $wp_object_cache->flush(); } /** * Removes all cache items from the in-memory runtime cache. * * @since 6.0.0 * * @see WP_Object_Cache::flush() * * @return bool True on success, false on failure. */ function wp_cache_flush_runtime() { return wp_cache_flush(); } /** * Removes all cache items in a group, if the object cache implementation supports it. * * Before calling this function, always check for group flushing support using the * `wp_cache_supports( 'flush_group' )` function. * * @since 6.1.0 * * @see WP_Object_Cache::flush_group() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string $group Name of group to remove from cache. * @return bool True if group was flushed, false otherwise. */ function wp_cache_flush_group( $group ) { global $wp_object_cache; return $wp_object_cache->flush_group( $group ); } /** * Determines whether the object cache implementation supports a particular feature. * * @since 6.1.0 * * @param string $feature Name of the feature to check for. Possible values include: * 'add_multiple', 'set_multiple', 'get_multiple', 'delete_multiple', * 'flush_runtime', 'flush_group'. * @return bool True if the feature is supported, false otherwise. */ function wp_cache_supports( $feature ) { switch ( $feature ) { case 'add_multiple': case 'set_multiple': case 'get_multiple': case 'delete_multiple': case 'flush_runtime': case 'flush_group': return true; default: return false; } } /** * Closes the cache. * * This function has ceased to do anything since WordPress 2.5. The * functionality was removed along with the rest of the persistent cache. * * This does not mean that plugins can't implement this function when they need * to make sure that the cache is cleaned up after WordPress no longer needs it. * * @since 2.0.0 * * @return true Always returns true. */ function wp_cache_close() { return true; } /** * Adds a group or set of groups to the list of global groups. * * @since 2.6.0 * * @see WP_Object_Cache::add_global_groups() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_global_groups( $groups ) { global $wp_object_cache; $wp_object_cache->add_global_groups( $groups ); } /** * Adds a group or set of groups to the list of non-persistent groups. * * @since 2.6.0 * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_non_persistent_groups( $groups ) { // Default cache doesn't persist so nothing to do here. } /** * Switches the internal blog ID. * * This changes the blog id used to create keys in blog specific groups. * * @since 3.5.0 * * @see WP_Object_Cache::switch_to_blog() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int $blog_id Site ID. */ function wp_cache_switch_to_blog( $blog_id ) { global $wp_object_cache; $wp_object_cache->switch_to_blog( $blog_id ); } /** * Resets internal cache keys and structures. * * If the cache back end uses global blog or site IDs as part of its cache keys, * this function instructs the back end to reset those keys and perform any cleanup * since blog or site IDs have changed since cache init. * * This function is deprecated. Use wp_cache_switch_to_blog() instead of this * function when preparing the cache for a blog switch. For clearing the cache * during unit tests, consider using wp_cache_init(). wp_cache_init() is not * recommended outside of unit tests as the performance penalty for using it is high. * * @since 3.0.0 * @deprecated 3.5.0 Use wp_cache_switch_to_blog() * @see WP_Object_Cache::reset() * * @global WP_Object_Cache $wp_object_cache Object cache global instance. */ function wp_cache_reset() { _deprecated_function( __FUNCTION__, '3.5.0', 'wp_cache_switch_to_blog()' ); global $wp_object_cache; $wp_object_cache->reset(); } HTTP/https-migration-20260605201229-20260606110508.php 0000666 00000011205 15226703613 0014141 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/FileClient-20260605041219.php 0000666 00000004333 15226703613 0011451 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use SimplePie\File; use SimplePie\Misc; use SimplePie\Registry; use Throwable; /** * HTTP Client based on \SimplePie\File * * @internal */ final class FileClient implements Client { /** @var Registry */ private $registry; /** @var array{timeout?: int, redirects?: int, useragent?: string, force_fsockopen?: bool, curl_options?: array<mixed>} */ private $options; /** * @param array{timeout?: int, redirects?: int, useragent?: string, force_fsockopen?: bool, curl_options?: array<mixed>} $options */ public function __construct(Registry $registry, array $options = []) { $this->registry = $registry; $this->options = $options; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param array<string, string> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { // @phpstan-ignore-next-line Enforce PHPDoc type. if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } try { $file = $this->registry->create(File::class, [ $url, $this->options['timeout'] ?? 10, $this->options['redirects'] ?? 5, $headers, $this->options['useragent'] ?? Misc::get_default_useragent(), $this->options['force_fsockopen'] ?? false, $this->options['curl_options'] ?? [] ]); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($file->error !== null && $file->get_status_code() === 0) { throw new ClientException($file->error); } return $file; } } HTTP/class-wp-oembed-20260605033526.php 0000666 00000075666 15226703613 0012440 0 ustar 00 <?php /** * API for fetching the HTML to embed remote content based on a provided URL * * Used internally by the WP_Embed class, but is designed to be generic. * * @link https://developer.wordpress.org/advanced-administration/wordpress/oembed/ * @link http://oembed.com/ * * @package WordPress * @subpackage oEmbed */ /** * Core class used to implement oEmbed functionality. * * @since 2.9.0 */ #[AllowDynamicProperties] class WP_oEmbed { /** * A list of oEmbed providers. * * @since 2.9.0 * @var array */ public $providers = array(); /** * A list of an early oEmbed providers. * * @since 4.0.0 * @var array */ public static $early_providers = array(); /** * A list of private/protected methods, used for backward compatibility. * * @since 4.2.0 * @var array */ private $compat_methods = array( '_fetch_with_format', '_parse_json', '_parse_xml', '_parse_xml_body' ); /** * Constructor. * * @since 2.9.0 */ public function __construct() { $host = urlencode( home_url() ); $providers = array( '#https?://((m|www)\.)?youtube\.com/watch.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/playlist.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/shorts/*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/live/*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://youtu\.be/.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://(.+\.)?vimeo\.com/.*#i' => array( 'https://vimeo.com/api/oembed.{format}', true ), '#https?://(www\.)?dailymotion\.com/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://dai\.ly/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://(www\.)?flickr\.com/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://flic\.kr/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://(.+\.)?smugmug\.com/.*#i' => array( 'https://api.smugmug.com/services/oembed/', true ), '#https?://(www\.)?scribd\.com/(doc|document)/.*#i' => array( 'https://www.scribd.com/services/oembed', true ), '#https?://wordpress\.tv/.*#i' => array( 'https://wordpress.tv/oembed/', true ), '#https?://(.+\.)?crowdsignal\.net/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(.+\.)?polldaddy\.com/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://poll\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(.+\.)?survey\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/status(es)?/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/likes$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/lists/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/timelines/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/i/moments/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?soundcloud\.com/.*#i' => array( 'https://soundcloud.com/oembed', true ), '#https?://(open|play)\.spotify\.com/.*#i' => array( 'https://embed.spotify.com/oembed/', true ), '#https?://(.+\.)?imgur\.com/.*#i' => array( 'https://api.imgur.com/oembed', true ), '#https?://(www\.)?issuu\.com/.+/docs/.+#i' => array( 'https://issuu.com/oembed_wp', true ), '#https?://(www\.)?mixcloud\.com/.*#i' => array( 'https://app.mixcloud.com/oembed/', true ), '#https?://(www\.|embed\.)?ted\.com/talks/.*#i' => array( 'https://www.ted.com/services/v1/oembed.{format}', true ), '#https?://(www\.)?(animoto|video214)\.com/play/.*#i' => array( 'https://animoto.com/oembeds/create', true ), '#https?://(.+)\.tumblr\.com/.*#i' => array( 'https://www.tumblr.com/oembed/1.0', true ), '#https?://(www\.)?kickstarter\.com/projects/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://kck\.st/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://cloudup\.com/.*#i' => array( 'https://cloudup.com/oembed', true ), '#https?://(www\.)?reverbnation\.com/.*#i' => array( 'https://www.reverbnation.com/oembed', true ), '#https?://videopress\.com/v/.*#' => array( 'https://public-api.wordpress.com/oembed/?for=' . $host, true ), '#https?://(www\.)?reddit\.com/r/[^/]+/comments/.*#i' => array( 'https://www.reddit.com/oembed', true ), '#https?://(www\.)?speakerdeck\.com/.*#i' => array( 'https://speakerdeck.com/oembed.{format}', true ), '#https?://([a-z0-9-]+\.)?amazon\.(com|com\.mx|com\.br|ca)/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.uk|de|fr|it|es|in|nl|ru)/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.jp|com\.au)/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://(www\.)?a\.co/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.to/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.eu/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://(www\.)?amzn\.in/.*#i' => array( 'https://read.amazon.in/kp/api/oembed', true ), '#https?://(www\.)?amzn\.asia/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://(www\.)?z\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://www\.someecards\.com/.+-cards/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://www\.someecards\.com/usercards/viewcard/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://some\.ly\/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://(www\.)?tiktok\.com/.*/video/.*#i' => array( 'https://www.tiktok.com/oembed', true ), '#https?://(www\.)?tiktok\.com/@.*#i' => array( 'https://www.tiktok.com/oembed', true ), '#https?://([a-z]{2}|www)\.pinterest\.com(\.(au|mx))?/.*#i' => array( 'https://www.pinterest.com/oembed.json', true ), '#https?://(www\.)?wolframcloud\.com/obj/.+#i' => array( 'https://www.wolframcloud.com/oembed', true ), '#https?://pca\.st/.+#i' => array( 'https://pca.st/oembed.json', true ), '#https?://((play|www)\.)?anghami\.com/.*#i' => array( 'https://api.anghami.com/rest/v1/oembed.view', true ), '#https?://bsky.app/profile/.*/post/.*#i' => array( 'https://embed.bsky.app/oembed', true ), '#https?://(www\.)?canva\.com/design/.*/view.*#i' => array( 'https://canva.com/_oembed', true ), ); if ( ! empty( self::$early_providers['add'] ) ) { foreach ( self::$early_providers['add'] as $format => $data ) { $providers[ $format ] = $data; } } if ( ! empty( self::$early_providers['remove'] ) ) { foreach ( self::$early_providers['remove'] as $format ) { unset( $providers[ $format ] ); } } self::$early_providers = array(); /** * Filters the list of sanctioned oEmbed providers. * * Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized * iframes. The providers in this list are sanctioned, meaning they are trusted and allowed to * embed any content, such as iframes, videos, JavaScript, and arbitrary HTML. * * Supported providers: * * | Provider | Flavor | Since | * | ------------ | ----------------------------------------- | ------- | * | Dailymotion | dailymotion.com | 2.9.0 | * | Flickr | flickr.com | 2.9.0 | * | Scribd | scribd.com | 2.9.0 | * | Vimeo | vimeo.com | 2.9.0 | * | WordPress.tv | wordpress.tv | 2.9.0 | * | YouTube | youtube.com/watch | 2.9.0 | * | Crowdsignal | polldaddy.com | 3.0.0 | * | SmugMug | smugmug.com | 3.0.0 | * | YouTube | youtu.be | 3.0.0 | * | Twitter | twitter.com | 3.4.0 | * | SoundCloud | soundcloud.com | 3.5.0 | * | Dailymotion | dai.ly | 3.6.0 | * | Flickr | flic.kr | 3.6.0 | * | Spotify | spotify.com | 3.6.0 | * | Imgur | imgur.com | 3.9.0 | * | Animoto | animoto.com | 4.0.0 | * | Animoto | video214.com | 4.0.0 | * | Issuu | issuu.com | 4.0.0 | * | Mixcloud | mixcloud.com | 4.0.0 | * | Crowdsignal | poll.fm | 4.0.0 | * | TED | ted.com | 4.0.0 | * | YouTube | youtube.com/playlist | 4.0.0 | * | Tumblr | tumblr.com | 4.2.0 | * | Kickstarter | kickstarter.com | 4.2.0 | * | Kickstarter | kck.st | 4.2.0 | * | Cloudup | cloudup.com | 4.3.0 | * | ReverbNation | reverbnation.com | 4.4.0 | * | VideoPress | videopress.com | 4.4.0 | * | Reddit | reddit.com | 4.4.0 | * | Speaker Deck | speakerdeck.com | 4.4.0 | * | Twitter | twitter.com/timelines | 4.5.0 | * | Twitter | twitter.com/moments | 4.5.0 | * | Twitter | twitter.com/user | 4.7.0 | * | Twitter | twitter.com/likes | 4.7.0 | * | Twitter | twitter.com/lists | 4.7.0 | * | Screencast | screencast.com | 4.8.0 | * | Amazon | amazon.com (com.mx, com.br, ca) | 4.9.0 | * | Amazon | amazon.de (fr, it, es, in, nl, ru, co.uk) | 4.9.0 | * | Amazon | amazon.co.jp (com.au) | 4.9.0 | * | Amazon | amazon.cn | 4.9.0 | * | Amazon | a.co | 4.9.0 | * | Amazon | amzn.to (eu, in, asia) | 4.9.0 | * | Amazon | z.cn | 4.9.0 | * | Someecards | someecards.com | 4.9.0 | * | Someecards | some.ly | 4.9.0 | * | Crowdsignal | survey.fm | 5.1.0 | * | TikTok | tiktok.com | 5.4.0 | * | Pinterest | pinterest.com | 5.9.0 | * | WolframCloud | wolframcloud.com | 5.9.0 | * | Pocket Casts | pocketcasts.com | 6.1.0 | * | Crowdsignal | crowdsignal.net | 6.2.0 | * | Anghami | anghami.com | 6.3.0 | * | Bluesky | bsky.app | 6.6.0 | * | Canva | canva.com | 6.8.0 | * * No longer supported providers: * * | Provider | Flavor | Since | Removed | * | ------------ | -------------------- | --------- | --------- | * | Qik | qik.com | 2.9.0 | 3.9.0 | * | Viddler | viddler.com | 2.9.0 | 4.0.0 | * | Revision3 | revision3.com | 2.9.0 | 4.2.0 | * | Blip | blip.tv | 2.9.0 | 4.4.0 | * | Rdio | rdio.com | 3.6.0 | 4.4.1 | * | Rdio | rd.io | 3.6.0 | 4.4.1 | * | Vine | vine.co | 4.1.0 | 4.9.0 | * | Photobucket | photobucket.com | 2.9.0 | 5.1.0 | * | Funny or Die | funnyordie.com | 3.0.0 | 5.1.0 | * | CollegeHumor | collegehumor.com | 4.0.0 | 5.3.1 | * | Hulu | hulu.com | 2.9.0 | 5.5.0 | * | Instagram | instagram.com | 3.5.0 | 5.5.2 | * | Instagram | instagr.am | 3.5.0 | 5.5.2 | * | Instagram TV | instagram.com | 5.1.0 | 5.5.2 | * | Instagram TV | instagr.am | 5.1.0 | 5.5.2 | * | Facebook | facebook.com | 4.7.0 | 5.5.2 | * | Meetup.com | meetup.com | 3.9.0 | 6.0.1 | * | Meetup.com | meetu.ps | 3.9.0 | 6.0.1 | * | SlideShare | slideshare.net | 3.5.0 | 6.6.0 | * | Screencast | screencast.com | 4.8.0 | 6.8.2 | * * @see wp_oembed_add_provider() * * @since 2.9.0 * * @param array[] $providers An array of arrays containing data about popular oEmbed providers. */ $this->providers = apply_filters( 'oembed_providers', $providers ); // Fix any embeds that contain new lines in the middle of the HTML which breaks wpautop(). add_filter( 'oembed_dataparse', array( $this, '_strip_newlines' ), 10, 3 ); } /** * Exposes private/protected methods for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( in_array( $name, $this->compat_methods, true ) ) { return $this->$name( ...$arguments ); } return false; } /** * Takes a URL and returns the corresponding oEmbed provider's URL, if there is one. * * @since 4.0.0 * * @see WP_oEmbed::discover() * * @param string $url The URL to the content. * @param string|array $args { * Optional. Additional provider arguments. Default empty. * * @type bool $discover Optional. Determines whether to attempt to discover link tags * at the given URL for an oEmbed provider when the provider URL * is not found in the built-in providers list. Default true. * } * @return string|false The oEmbed provider URL on success, false on failure. */ public function get_provider( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = false; if ( ! isset( $args['discover'] ) ) { $args['discover'] = true; } foreach ( $this->providers as $matchmask => $data ) { list( $providerurl, $regex ) = $data; // Turn the asterisk-type provider URLs into regex. if ( ! $regex ) { $matchmask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $matchmask ), '#' ) ) . '#i'; $matchmask = preg_replace( '|^#http\\\://|', '#https?\://', $matchmask ); } if ( preg_match( $matchmask, $url ) ) { $provider = str_replace( '{format}', 'json', $providerurl ); // JSON is easier to deal with than XML. break; } } if ( ! $provider && $args['discover'] ) { $provider = $this->discover( $url ); } return $provider; } /** * Adds an oEmbed provider. * * The provider is added just-in-time when wp_oembed_add_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time addition is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_add_provider() * * @param string $format Format of URL that this provider can handle. You can use * asterisks as wildcards. * @param string $provider The URL to the oEmbed provider.. * @param bool $regex Optional. Whether the $format parameter is in a regex format. * Default false. */ public static function _add_provider_early( $format, $provider, $regex = false ) { if ( empty( self::$early_providers['add'] ) ) { self::$early_providers['add'] = array(); } self::$early_providers['add'][ $format ] = array( $provider, $regex ); } /** * Removes an oEmbed provider. * * The provider is removed just-in-time when wp_oembed_remove_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time removal is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_remove_provider() * * @param string $format The format of URL that this provider can handle. You can use * asterisks as wildcards. */ public static function _remove_provider_early( $format ) { if ( empty( self::$early_providers['remove'] ) ) { self::$early_providers['remove'] = array(); } self::$early_providers['remove'][] = $format; } /** * Takes a URL and attempts to return the oEmbed data. * * @see WP_oEmbed::fetch() * * @since 4.8.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function get_data( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = $this->get_provider( $url, $args ); if ( ! $provider ) { return false; } $data = $this->fetch( $provider, $url, $args ); if ( false === $data ) { return false; } return $data; } /** * The do-it-all function that takes a URL and attempts to return the HTML. * * @see WP_oEmbed::fetch() * @see WP_oEmbed::data2html() * * @since 2.9.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return string|false The UNSANITIZED (and potentially unsafe) HTML that should be used to embed * on success, false on failure. */ public function get_html( $url, $args = '' ) { /** * Filters the oEmbed result before any HTTP requests are made. * * This allows one to short-circuit the default logic, perhaps by * replacing it with a routine that is more optimal for your setup. * * Returning a non-null value from the filter will effectively short-circuit retrieval * and return the passed value instead. * * @since 4.5.3 * * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. * Default null to continue retrieving the result. * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ $pre = apply_filters( 'pre_oembed_result', null, $url, $args ); if ( null !== $pre ) { return $pre; } $data = $this->get_data( $url, $args ); if ( false === $data ) { return false; } /** * Filters the HTML returned by the oEmbed provider. * * @since 2.9.0 * * @param string|false $data The returned oEmbed HTML (false if unsafe). * @param string $url URL of the content to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ return apply_filters( 'oembed_result', $this->data2html( $data, $url ), $url, $args ); } /** * Attempts to discover link tags at the given URL for an oEmbed provider. * * @since 2.9.0 * * @param string $url The URL that should be inspected for discovery `<link>` tags. * @return string|false The oEmbed provider URL on success, false on failure. */ public function discover( $url ) { $providers = array(); $args = array( 'limit_response_size' => 153600, // 150 KB ); /** * Filters oEmbed remote get arguments. * * @since 4.0.0 * * @see WP_Http::request() * * @param array $args oEmbed remote get arguments. * @param string $url URL to be inspected. */ $args = apply_filters( 'oembed_remote_get_args', $args, $url ); // Fetch URL content. $request = wp_safe_remote_get( $url, $args ); $html = wp_remote_retrieve_body( $request ); if ( $html ) { /** * Filters the link types that contain oEmbed provider URLs. * * @since 2.9.0 * * @param string[] $format Array of oEmbed link types. Accepts 'application/json+oembed', * 'text/xml+oembed', and 'application/xml+oembed' (incorrect, * used by at least Vimeo). */ $linktypes = apply_filters( 'oembed_linktypes', array( 'application/json+oembed' => 'json', 'text/xml+oembed' => 'xml', 'application/xml+oembed' => 'xml', ) ); // Strip <body>. $html_head_end = stripos( $html, '</head>' ); if ( $html_head_end ) { $html = substr( $html, 0, $html_head_end ); } // Do a quick check. $tagfound = false; foreach ( $linktypes as $linktype => $format ) { if ( stripos( $html, $linktype ) ) { $tagfound = true; break; } } if ( $tagfound && preg_match_all( '#<link([^<>]+)/?>#iU', $html, $links ) ) { foreach ( $links[1] as $link ) { $atts = shortcode_parse_atts( $link ); if ( ! empty( $atts['type'] ) && ! empty( $linktypes[ $atts['type'] ] ) && ! empty( $atts['href'] ) ) { $providers[ $linktypes[ $atts['type'] ] ] = htmlspecialchars_decode( $atts['href'] ); // Stop here if it's JSON (that's all we need). if ( 'json' === $linktypes[ $atts['type'] ] ) { break; } } } } } // JSON is preferred to XML. if ( ! empty( $providers['json'] ) ) { return $providers['json']; } elseif ( ! empty( $providers['xml'] ) ) { return $providers['xml']; } else { return false; } } /** * Connects to an oEmbed provider and returns the result. * * @since 2.9.0 * * @param string $provider The URL to the oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function fetch( $provider, $url, $args = '' ) { $args = wp_parse_args( $args, wp_embed_defaults( $url ) ); $provider = add_query_arg( 'maxwidth', (int) $args['width'], $provider ); $provider = add_query_arg( 'maxheight', (int) $args['height'], $provider ); $provider = add_query_arg( 'url', urlencode( $url ), $provider ); $provider = add_query_arg( 'dnt', 1, $provider ); /** * Filters the oEmbed URL to be fetched. * * @since 2.9.0 * @since 4.9.0 The `dnt` (Do Not Track) query parameter was added to all oEmbed provider URLs. * * @param string $provider URL of the oEmbed provider. * @param string $url URL of the content to be embedded. * @param array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ $provider = apply_filters( 'oembed_fetch_url', $provider, $url, $args ); foreach ( array( 'json', 'xml' ) as $format ) { $result = $this->_fetch_with_format( $provider, $format ); if ( is_wp_error( $result ) && 'not-implemented' === $result->get_error_code() ) { continue; } return ( $result && ! is_wp_error( $result ) ) ? $result : false; } return false; } /** * Fetches result from an oEmbed provider for a specific format and complete provider URL * * @since 3.0.0 * * @param string $provider_url_with_args URL to the provider with full arguments list (url, maxheight, etc.) * @param string $format Format to use. * @return object|false|WP_Error The result in the form of an object on success, false on failure. */ private function _fetch_with_format( $provider_url_with_args, $format ) { $provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args ); /** This filter is documented in wp-includes/class-wp-oembed.php */ $args = apply_filters( 'oembed_remote_get_args', array(), $provider_url_with_args ); $response = wp_safe_remote_get( $provider_url_with_args, $args ); if ( 501 === wp_remote_retrieve_response_code( $response ) ) { return new WP_Error( 'not-implemented' ); } $body = wp_remote_retrieve_body( $response ); if ( ! $body ) { return false; } $parse_method = "_parse_$format"; return $this->$parse_method( $body ); } /** * Parses a json response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_json( $response_body ) { $data = json_decode( trim( $response_body ) ); return ( $data && is_object( $data ) ) ? $data : false; } /** * Parses an XML response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_xml( $response_body ) { if ( ! function_exists( 'libxml_disable_entity_loader' ) ) { return false; } if ( PHP_VERSION_ID < 80000 ) { /* * This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading * is disabled by default, so this function is no longer needed to protect against XXE attacks. */ $loader = libxml_disable_entity_loader( true ); } $errors = libxml_use_internal_errors( true ); $return = $this->_parse_xml_body( $response_body ); libxml_use_internal_errors( $errors ); if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) { // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated libxml_disable_entity_loader( $loader ); } return $return; } /** * Serves as a helper function for parsing an XML response body. * * @since 3.6.0 * * @param string $response_body * @return stdClass|false */ private function _parse_xml_body( $response_body ) { if ( ! function_exists( 'simplexml_import_dom' ) || ! class_exists( 'DOMDocument', false ) ) { return false; } $dom = new DOMDocument(); $success = $dom->loadXML( $response_body ); if ( ! $success ) { return false; } if ( isset( $dom->doctype ) ) { return false; } foreach ( $dom->childNodes as $child ) { if ( XML_DOCUMENT_TYPE_NODE === $child->nodeType ) { return false; } } $xml = simplexml_import_dom( $dom ); if ( ! $xml ) { return false; } $return = new stdClass(); foreach ( $xml as $key => $value ) { $return->$key = (string) $value; } return $return; } /** * Converts a data object from WP_oEmbed::fetch() and returns the HTML. * * @since 2.9.0 * * @param object $data A data object result from an oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @return string|false The HTML needed to embed on success, false on failure. */ public function data2html( $data, $url ) { if ( ! is_object( $data ) || empty( $data->type ) ) { return false; } $return = false; switch ( $data->type ) { case 'photo': if ( empty( $data->url ) || empty( $data->width ) || empty( $data->height ) ) { break; } if ( ! is_string( $data->url ) || ! is_numeric( $data->width ) || ! is_numeric( $data->height ) ) { break; } $title = ! empty( $data->title ) && is_string( $data->title ) ? $data->title : ''; $return = '<a href="' . esc_url( $url ) . '"><img src="' . esc_url( $data->url ) . '" alt="' . esc_attr( $title ) . '" width="' . esc_attr( $data->width ) . '" height="' . esc_attr( $data->height ) . '" /></a>'; break; case 'video': case 'rich': if ( ! empty( $data->html ) && is_string( $data->html ) ) { $return = $data->html; } break; case 'link': if ( ! empty( $data->title ) && is_string( $data->title ) ) { $return = '<a href="' . esc_url( $url ) . '">' . esc_html( $data->title ) . '</a>'; } break; default: $return = false; } /** * Filters the returned oEmbed HTML. * * Use this filter to add support for custom data types, or to filter the result. * * @since 2.9.0 * * @param string|false $return The returned oEmbed HTML, or false on failure. * @param object $data A data object result from an oEmbed provider. * @param string $url The URL of the content to be embedded. */ return apply_filters( 'oembed_dataparse', $return, $data, $url ); } /** * Strips any new lines from the HTML. * * @since 2.9.0 as strip_scribd_newlines() * @since 3.0.0 * * @param string|false $html Existing HTML. * @param object $data Data object from WP_oEmbed::data2html() * @param string $url The original URL passed to oEmbed. * @return string|false Possibly modified $html. */ public function _strip_newlines( $html, $data, $url ) { if ( ! str_contains( $html, "\n" ) ) { return $html; } $count = 1; $found = array(); $token = '__PRE__'; $search = array( "\t", "\n", "\r", ' ' ); $replace = array( '__TAB__', '__NL__', '__CR__', '__SPACE__' ); $tokenized = str_replace( $search, $replace, $html ); preg_match_all( '#(<pre[^>]*>.+?</pre>)#i', $tokenized, $matches, PREG_SET_ORDER ); foreach ( $matches as $i => $match ) { $tag_html = str_replace( $replace, $search, $match[0] ); $tag_token = $token . $i; $found[ $tag_token ] = $tag_html; $html = str_replace( $tag_html, $tag_token, $html, $count ); } $replaced = str_replace( $replace, $search, $html ); $stripped = str_replace( array( "\r\n", "\n" ), '', $replaced ); $pre = array_values( $found ); $tokens = array_keys( $found ); return str_replace( $tokens, $pre, $stripped ); } } HTTP/https-detection-20260605092254-20260608123828.php 0000666 00000013341 15226703613 0014152 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-customize-setting-20260605053458.php 0000666 00000072412 15226703613 0014672 0 ustar 00 <?php /** * WordPress Customize Setting classes * * @package WordPress * @subpackage Customize * @since 3.4.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } /** * Customize Setting class. * * Handles saving and sanitizing of settings. * * @since 3.4.0 * * @see WP_Customize_Manager * @link https://developer.wordpress.org/themes/customize-api */ #[AllowDynamicProperties] class WP_Customize_Setting { /** * Customizer bootstrap instance. * * @since 3.4.0 * @var WP_Customize_Manager */ public $manager; /** * Unique string identifier for the setting. * * @since 3.4.0 * @var string */ public $id; /** * Type of customize settings. * * @since 3.4.0 * @var string */ public $type = 'theme_mod'; /** * Capability required to edit this setting. * * @since 3.4.0 * @var string|array */ public $capability = 'edit_theme_options'; /** * Theme features required to support the setting. * * @since 3.4.0 * @var string|string[] */ public $theme_supports = ''; /** * The default value for the setting. * * @since 3.4.0 * @var string */ public $default = ''; /** * Options for rendering the live preview of changes in Customizer. * * Set this value to 'postMessage' to enable a custom JavaScript handler to render changes to this setting * as opposed to reloading the whole page. * * @since 3.4.0 * @var string */ public $transport = 'refresh'; /** * Server-side validation callback for the setting's value. * * @since 4.6.0 * @var callable */ public $validate_callback = ''; /** * Callback to filter a Customize setting value in un-slashed form. * * @since 3.4.0 * @var callable */ public $sanitize_callback = ''; /** * Callback to convert a Customize PHP setting value to a value that is JSON serializable. * * @since 3.4.0 * @var callable */ public $sanitize_js_callback = ''; /** * Whether or not the setting is initially dirty when created. * * This is used to ensure that a setting will be sent from the pane to the * preview when loading the Customizer. Normally a setting only is synced to * the preview if it has been changed. This allows the setting to be sent * from the start. * * @since 4.2.0 * @var bool */ public $dirty = false; /** * ID Data. * * @since 3.4.0 * @var array */ protected $id_data = array(); /** * Whether or not preview() was called. * * @since 4.4.0 * @var bool */ protected $is_previewed = false; /** * Cache of multidimensional values to improve performance. * * @since 4.4.0 * @var array */ protected static $aggregated_multidimensionals = array(); /** * Whether the multidimensional setting is aggregated. * * @since 4.4.0 * @var bool */ protected $is_multidimensional_aggregated = false; /** * Constructor. * * Any supplied $args override class property defaults. * * @since 3.4.0 * * @param WP_Customize_Manager $manager Customizer bootstrap instance. * @param string $id A specific ID of the setting. * Can be a theme mod or option name. * @param array $args { * Optional. Array of properties for the new Setting object. Default empty array. * * @type string $type Type of the setting. Default 'theme_mod'. * @type string $capability Capability required for the setting. Default 'edit_theme_options' * @type string|string[] $theme_supports Theme features required to support the panel. Default is none. * @type string $default Default value for the setting. Default is empty string. * @type string $transport Options for rendering the live preview of changes in Customizer. * Using 'refresh' makes the change visible by reloading the whole preview. * Using 'postMessage' allows a custom JavaScript to handle live changes. * Default is 'refresh'. * @type callable $validate_callback Server-side validation callback for the setting's value. * @type callable $sanitize_callback Callback to filter a Customize setting value in un-slashed form. * @type callable $sanitize_js_callback Callback to convert a Customize PHP setting value to a value that is * JSON serializable. * @type bool $dirty Whether or not the setting is initially dirty when created. * } */ public function __construct( $manager, $id, $args = array() ) { $keys = array_keys( get_object_vars( $this ) ); foreach ( $keys as $key ) { if ( isset( $args[ $key ] ) ) { $this->$key = $args[ $key ]; } } $this->manager = $manager; $this->id = $id; // Parse the ID for array keys. $this->id_data['keys'] = preg_split( '/\[/', str_replace( ']', '', $this->id ) ); $this->id_data['base'] = array_shift( $this->id_data['keys'] ); // Rebuild the ID. $this->id = $this->id_data['base']; if ( ! empty( $this->id_data['keys'] ) ) { $this->id .= '[' . implode( '][', $this->id_data['keys'] ) . ']'; } if ( $this->validate_callback ) { add_filter( "customize_validate_{$this->id}", $this->validate_callback, 10, 3 ); } if ( $this->sanitize_callback ) { add_filter( "customize_sanitize_{$this->id}", $this->sanitize_callback, 10, 2 ); } if ( $this->sanitize_js_callback ) { add_filter( "customize_sanitize_js_{$this->id}", $this->sanitize_js_callback, 10, 2 ); } if ( 'option' === $this->type || 'theme_mod' === $this->type ) { // Other setting types can opt-in to aggregate multidimensional explicitly. $this->aggregate_multidimensional(); // Allow option settings to indicate whether they should be autoloaded. if ( 'option' === $this->type && isset( $args['autoload'] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] = $args['autoload']; } } } /** * Get parsed ID data for multidimensional setting. * * @since 4.4.0 * * @return array { * ID data for multidimensional setting. * * @type string $base ID base * @type array $keys Keys for multidimensional array. * } */ final public function id_data() { return $this->id_data; } /** * Set up the setting for aggregated multidimensional values. * * When a multidimensional setting gets aggregated, all of its preview and update * calls get combined into one call, greatly improving performance. * * @since 4.4.0 */ protected function aggregate_multidimensional() { $id_base = $this->id_data['base']; if ( ! isset( self::$aggregated_multidimensionals[ $this->type ] ) ) { self::$aggregated_multidimensionals[ $this->type ] = array(); } if ( ! isset( self::$aggregated_multidimensionals[ $this->type ][ $id_base ] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $id_base ] = array( 'previewed_instances' => array(), // Calling preview() will add the $setting to the array. 'preview_applied_instances' => array(), // Flags for which settings have had their values applied. 'root_value' => $this->get_root_value( array() ), // Root value for initial state, manipulated by preview and update calls. ); } if ( ! empty( $this->id_data['keys'] ) ) { // Note the preview-applied flag is cleared at priority 9 to ensure it is cleared before a deferred-preview runs. add_action( "customize_post_value_set_{$this->id}", array( $this, '_clear_aggregated_multidimensional_preview_applied_flag' ), 9 ); $this->is_multidimensional_aggregated = true; } } /** * Reset `$aggregated_multidimensionals` static variable. * * This is intended only for use by unit tests. * * @since 4.5.0 * @ignore */ public static function reset_aggregated_multidimensionals() { self::$aggregated_multidimensionals = array(); } /** * The ID for the current site when the preview() method was called. * * @since 4.2.0 * @var int */ protected $_previewed_blog_id; /** * Return true if the current site is not the same as the previewed site. * * @since 4.2.0 * * @return bool If preview() has been called. */ public function is_current_blog_previewed() { if ( ! isset( $this->_previewed_blog_id ) ) { return false; } return ( get_current_blog_id() === $this->_previewed_blog_id ); } /** * Original non-previewed value stored by the preview method. * * @see WP_Customize_Setting::preview() * @since 4.1.1 * @var mixed */ protected $_original_value; /** * Add filters to supply the setting's value when accessed. * * If the setting already has a pre-existing value and there is no incoming * post value for the setting, then this method will short-circuit since * there is no change to preview. * * @since 3.4.0 * @since 4.4.0 Added boolean return value. * * @return bool False when preview short-circuits due no change needing to be previewed. */ public function preview() { if ( ! isset( $this->_previewed_blog_id ) ) { $this->_previewed_blog_id = get_current_blog_id(); } // Prevent re-previewing an already-previewed setting. if ( $this->is_previewed ) { return true; } $id_base = $this->id_data['base']; $is_multidimensional = ! empty( $this->id_data['keys'] ); $multidimensional_filter = array( $this, '_multidimensional_preview_filter' ); /* * Check if the setting has a pre-existing value (an isset check), * and if doesn't have any incoming post value. If both checks are true, * then the preview short-circuits because there is nothing that needs * to be previewed. */ $undefined = new stdClass(); $needs_preview = ( $undefined !== $this->post_value( $undefined ) ); $value = null; // Since no post value was defined, check if we have an initial value set. if ( ! $needs_preview ) { if ( $this->is_multidimensional_aggregated ) { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root, $this->id_data['keys'], $undefined ); } else { $default = $this->default; $this->default = $undefined; // Temporarily set default to undefined so we can detect if existing value is set. $value = $this->value(); $this->default = $default; } $needs_preview = ( $undefined === $value ); // Because the default needs to be supplied. } // If the setting does not need previewing now, defer to when it has a value to preview. if ( ! $needs_preview ) { if ( ! has_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ) ) { add_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ); } return false; } switch ( $this->type ) { case 'theme_mod': if ( ! $is_multidimensional ) { add_filter( "theme_mod_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add this filter once for this ID base. add_filter( "theme_mod_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; case 'option': if ( ! $is_multidimensional ) { add_filter( "pre_option_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add these filters once for this ID base. add_filter( "option_{$id_base}", $multidimensional_filter ); add_filter( "default_option_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; default: /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->id}", $this ); /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the setting type. * * @since 4.1.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->type}", $this ); } $this->is_previewed = true; return true; } /** * Clear out the previewed-applied flag for a multidimensional-aggregated value whenever its post value is updated. * * This ensures that the new value will get sanitized and used the next time * that `WP_Customize_Setting::_multidimensional_preview_filter()` * is called for this setting. * * @since 4.4.0 * * @see WP_Customize_Manager::set_post_value() * @see WP_Customize_Setting::_multidimensional_preview_filter() */ final public function _clear_aggregated_multidimensional_preview_applied_flag() { unset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['preview_applied_instances'][ $this->id ] ); } /** * Callback function to filter non-multidimensional theme mods and options. * * If switch_to_blog() was called after the preview() method, and the current * site is now not the same site, then this method does a no-op and returns * the original value. * * @since 3.4.0 * * @param mixed $original Old value. * @return mixed New or old value. */ public function _preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $undefined = new stdClass(); // Symbol hack. $post_value = $this->post_value( $undefined ); if ( $undefined !== $post_value ) { $value = $post_value; } else { /* * Note that we don't use $original here because preview() will * not add the filter in the first place if it has an initial value * and there is no post value. */ $value = $this->default; } return $value; } /** * Callback function to filter multidimensional theme mods and options. * * For all multidimensional settings of a given type, the preview filter for * the first setting previewed will be used to apply the values for the others. * * @since 4.4.0 * * @see WP_Customize_Setting::$aggregated_multidimensionals * @param mixed $original Original root value. * @return mixed New or old value. */ final public function _multidimensional_preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $id_base = $this->id_data['base']; // If no settings have been previewed yet (which should not be the case, since $this is), just pass through the original value. if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { return $original; } foreach ( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] as $previewed_setting ) { // Skip applying previewed value for any settings that have already been applied. if ( ! empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] ) ) { continue; } // Do the replacements of the posted/default sub value into the root value. $value = $previewed_setting->post_value( $previewed_setting->default ); $root = self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value']; $root = $previewed_setting->multidimensional_replace( $root, $previewed_setting->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value'] = $root; // Mark this setting having been applied so that it will be skipped when the filter is called again. self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] = true; } return self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; } /** * Checks user capabilities and theme supports, and then saves * the value of the setting. * * @since 3.4.0 * * @return void|false Void on success, false if cap check fails * or value isn't set or is invalid. */ final public function save() { $value = $this->post_value(); if ( ! $this->check_capabilities() || ! isset( $value ) ) { return false; } $id_base = $this->id_data['base']; /** * Fires when the WP_Customize_Setting::save() method is called. * * The dynamic portion of the hook name, `$id_base` refers to * the base slug of the setting name. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_save_{$id_base}", $this ); $this->update( $value ); } /** * Fetch and sanitize the $_POST value for the setting. * * During a save request prior to save, post_value() provides the new value while value() does not. * * @since 3.4.0 * * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The default value on failure, otherwise the sanitized and validated value. */ final public function post_value( $default_value = null ) { return $this->manager->post_value( $this, $default_value ); } /** * Sanitize an input. * * @since 3.4.0 * * @param string|array $value The value to sanitize. * @return string|array|null|WP_Error Sanitized value, or `null`/`WP_Error` if invalid. */ public function sanitize( $value ) { /** * Filters a Customize setting value in un-slashed form. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ return apply_filters( "customize_sanitize_{$this->id}", $value, $this ); } /** * Validates an input. * * @since 4.6.0 * * @see WP_REST_Request::has_valid_params() * * @param mixed $value Value to validate. * @return true|WP_Error True if the input was validated, otherwise WP_Error. */ public function validate( $value ) { if ( is_wp_error( $value ) ) { return $value; } if ( is_null( $value ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value.' ) ); } $validity = new WP_Error(); /** * Validates a Customize setting value. * * Plugins should amend the `$validity` object via its `WP_Error::add()` method. * * The dynamic portion of the hook name, `$this->ID`, refers to the setting ID. * * @since 4.6.0 * * @param WP_Error $validity Filtered from `true` to `WP_Error` when invalid. * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $validity = apply_filters( "customize_validate_{$this->id}", $validity, $value, $this ); if ( is_wp_error( $validity ) && ! $validity->has_errors() ) { $validity = true; } return $validity; } /** * Get the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $default_value Value to return if root does not exist. * @return mixed */ protected function get_root_value( $default_value = null ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { return get_option( $id_base, $default_value ); } elseif ( 'theme_mod' === $this->type ) { return get_theme_mod( $id_base, $default_value ); } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return $default_value; } } /** * Set the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $value Value to set as root of multidimensional setting. * @return bool Whether the multidimensional root was updated successfully. */ protected function set_root_value( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { $autoload = true; if ( isset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] ) ) { $autoload = self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload']; } return update_option( $id_base, $value, $autoload ); } elseif ( 'theme_mod' === $this->type ) { set_theme_mod( $id_base, $value ); return true; } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return false; } } /** * Save the value of the setting, using the related API. * * @since 3.4.0 * * @param mixed $value The value to update. * @return bool The result of saving the value. */ protected function update( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type || 'theme_mod' === $this->type ) { if ( ! $this->is_multidimensional_aggregated ) { return $this->set_root_value( $value ); } else { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $root = $this->multidimensional_replace( $root, $this->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value'] = $root; return $this->set_root_value( $root ); } } else { /** * Fires when the WP_Customize_Setting::update() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the type of setting. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_update_{$this->type}", $value, $this ); return has_action( "customize_update_{$this->type}" ); } } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_theme_mod() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_option() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Fetch the value of the setting. * * @since 3.4.0 * * @return mixed The value. */ public function value() { $id_base = $this->id_data['base']; $is_core_type = ( 'option' === $this->type || 'theme_mod' === $this->type ); if ( ! $is_core_type && ! $this->is_multidimensional_aggregated ) { // Use post value if previewed and a post value is present. if ( $this->is_previewed ) { $value = $this->post_value( null ); if ( null !== $value ) { return $value; } } $value = $this->get_root_value( $this->default ); /** * Filters a Customize setting value not handled as a theme_mod or option. * * The dynamic portion of the hook name, `$id_base`, refers to * the base slug of the setting name, initialized from `$this->id_data['base']`. * * For settings handled as theme_mods or options, see those corresponding * functions for available hooks. * * @since 3.4.0 * @since 4.6.0 Added the `$this` setting instance as the second parameter. * * @param mixed $default_value The setting default value. Default empty. * @param WP_Customize_Setting $setting The setting instance. */ $value = apply_filters( "customize_value_{$id_base}", $value, $this ); } elseif ( $this->is_multidimensional_aggregated ) { $root_value = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root_value, $this->id_data['keys'], $this->default ); // Ensure that the post value is used if the setting is previewed, since preview filters aren't applying on cached $root_value. if ( $this->is_previewed ) { $value = $this->post_value( $value ); } } else { $value = $this->get_root_value( $this->default ); } return $value; } /** * Sanitize the setting's value for use in JavaScript. * * @since 3.4.0 * * @return mixed The requested escaped value. */ public function js_value() { /** * Filters a Customize setting value for use in JavaScript. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param mixed $value The setting value. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $value = apply_filters( "customize_sanitize_js_{$this->id}", $this->value(), $this ); if ( is_string( $value ) ) { return html_entity_decode( $value, ENT_QUOTES, 'UTF-8' ); } return $value; } /** * Retrieves the data to export to the client via JSON. * * @since 4.6.0 * * @return array Array of parameters passed to JavaScript. */ public function json() { return array( 'value' => $this->js_value(), 'transport' => $this->transport, 'dirty' => $this->dirty, 'type' => $this->type, ); } /** * Validate user capabilities whether the theme supports the setting. * * @since 3.4.0 * * @return bool False if theme doesn't support the setting or user can't change setting, otherwise true. */ final public function check_capabilities() { if ( $this->capability && ! current_user_can( $this->capability ) ) { return false; } if ( $this->theme_supports && ! current_theme_supports( ...(array) $this->theme_supports ) ) { return false; } return true; } /** * Multidimensional helper function. * * @since 3.4.0 * * @param array $root * @param array $keys * @param bool $create Default false. * @return array|void Keys are 'root', 'node', and 'key'. */ final protected function multidimensional( &$root, $keys, $create = false ) { if ( $create && empty( $root ) ) { $root = array(); } if ( ! isset( $root ) || empty( $keys ) ) { return; } $last = array_pop( $keys ); $node = &$root; foreach ( $keys as $key ) { if ( $create && ! isset( $node[ $key ] ) ) { $node[ $key ] = array(); } if ( ! is_array( $node ) || ! isset( $node[ $key ] ) ) { return; } $node = &$node[ $key ]; } if ( $create ) { if ( ! is_array( $node ) ) { // Account for an array overriding a string or object value. $node = array(); } if ( ! isset( $node[ $last ] ) ) { $node[ $last ] = array(); } } if ( ! isset( $node[ $last ] ) ) { return; } return array( 'root' => &$root, 'node' => &$node, 'key' => $last, ); } /** * Will attempt to replace a specific value in a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $value The value to update. * @return mixed */ final protected function multidimensional_replace( $root, $keys, $value ) { if ( ! isset( $value ) ) { return $root; } elseif ( empty( $keys ) ) { // If there are no keys, we're replacing the root. return $value; } $result = $this->multidimensional( $root, $keys, true ); if ( isset( $result ) ) { $result['node'][ $result['key'] ] = $value; } return $root; } /** * Will attempt to fetch a specific value from a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The requested value or the default value. */ final protected function multidimensional_get( $root, $keys, $default_value = null ) { if ( empty( $keys ) ) { // If there are no keys, test the root. return isset( $root ) ? $root : $default_value; } $result = $this->multidimensional( $root, $keys ); return isset( $result ) ? $result['node'][ $result['key'] ] : $default_value; } /** * Will attempt to check if a specific value in a multidimensional array is set. * * @since 3.4.0 * * @param array $root * @param array $keys * @return bool True if value is set, false if not. */ final protected function multidimensional_isset( $root, $keys ) { $result = $this->multidimensional_get( $root, $keys ); return isset( $result ); } } /** * WP_Customize_Filter_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-filter-setting.php'; /** * WP_Customize_Header_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-setting.php'; /** * WP_Customize_Background_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-setting.php'; /** * WP_Customize_Nav_Menu_Item_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-setting.php'; /** * WP_Customize_Nav_Menu_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-setting.php'; HTTP/https-migration-20260605134451.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605090746.php 0000666 00000013341 15226703613 0012561 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605221843.php 0000666 00000013341 15226703613 0012553 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606063145-20260608020751.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605234702.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605220934-20260607042725.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260607100220.php 0000666 00000013341 15226703613 0012536 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605090843.php 0000666 00000011205 15226703613 0012567 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260607053209.php 0000666 00000013341 15226703613 0012554 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606141137.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605170805.php 0000666 00000013341 15226703613 0012554 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606074445-20260615161316.php 0000666 00000011205 15226703613 0014155 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-20260605040529.php 0000666 00000121142 15226703613 0012142 0 ustar 00 <?php /** * HTTP API: WP_Http class * * @package WordPress * @subpackage HTTP * @since 2.7.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) { require ABSPATH . WPINC . '/Requests/src/Autoload.php'; WpOrg\Requests\Autoload::register(); WpOrg\Requests\Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' ); } /** * Core class used for managing HTTP transports and making HTTP requests. * * This class is used to consistently make outgoing HTTP requests easy for developers * while still being compatible with the many PHP configurations under which * WordPress runs. * * Debugging includes several actions, which pass different variables for debugging the HTTP API. * * @since 2.7.0 */ #[AllowDynamicProperties] class WP_Http { // Aliases for HTTP response codes. const HTTP_CONTINUE = 100; const SWITCHING_PROTOCOLS = 101; const PROCESSING = 102; const EARLY_HINTS = 103; const OK = 200; const CREATED = 201; const ACCEPTED = 202; const NON_AUTHORITATIVE_INFORMATION = 203; const NO_CONTENT = 204; const RESET_CONTENT = 205; const PARTIAL_CONTENT = 206; const MULTI_STATUS = 207; const IM_USED = 226; const MULTIPLE_CHOICES = 300; const MOVED_PERMANENTLY = 301; const FOUND = 302; const SEE_OTHER = 303; const NOT_MODIFIED = 304; const USE_PROXY = 305; const RESERVED = 306; const TEMPORARY_REDIRECT = 307; const PERMANENT_REDIRECT = 308; const BAD_REQUEST = 400; const UNAUTHORIZED = 401; const PAYMENT_REQUIRED = 402; const FORBIDDEN = 403; const NOT_FOUND = 404; const METHOD_NOT_ALLOWED = 405; const NOT_ACCEPTABLE = 406; const PROXY_AUTHENTICATION_REQUIRED = 407; const REQUEST_TIMEOUT = 408; const CONFLICT = 409; const GONE = 410; const LENGTH_REQUIRED = 411; const PRECONDITION_FAILED = 412; const REQUEST_ENTITY_TOO_LARGE = 413; const REQUEST_URI_TOO_LONG = 414; const UNSUPPORTED_MEDIA_TYPE = 415; const REQUESTED_RANGE_NOT_SATISFIABLE = 416; const EXPECTATION_FAILED = 417; const IM_A_TEAPOT = 418; const MISDIRECTED_REQUEST = 421; const UNPROCESSABLE_ENTITY = 422; const LOCKED = 423; const FAILED_DEPENDENCY = 424; const TOO_EARLY = 425; const UPGRADE_REQUIRED = 426; const PRECONDITION_REQUIRED = 428; const TOO_MANY_REQUESTS = 429; const REQUEST_HEADER_FIELDS_TOO_LARGE = 431; const UNAVAILABLE_FOR_LEGAL_REASONS = 451; const INTERNAL_SERVER_ERROR = 500; const NOT_IMPLEMENTED = 501; const BAD_GATEWAY = 502; const SERVICE_UNAVAILABLE = 503; const GATEWAY_TIMEOUT = 504; const HTTP_VERSION_NOT_SUPPORTED = 505; const VARIANT_ALSO_NEGOTIATES = 506; const INSUFFICIENT_STORAGE = 507; const NOT_EXTENDED = 510; const NETWORK_AUTHENTICATION_REQUIRED = 511; /** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', 'PUT', 'DELETE', * 'TRACE', 'OPTIONS', or 'PATCH'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type float $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports. * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through wp_http_validate_url(). * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string $sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be dropped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error { * Array of response data, or a WP_Error instance upon error. * * @type \WpOrg\Requests\Utility\CaseInsensitiveDictionary $headers Response headers keyed by name. * @type string $body Response body. * @type array $response { * Array of HTTP response data. * * @type int|false $code HTTP response status code. * @type string|false $message HTTP response message. * } * @type WP_HTTP_Cookie[] $cookies Array of cookies set by the server. * @type string|null $filename Optional. Filename of the response. * @type WP_HTTP_Requests_Response|null $http_response Response object. * } */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', /** * Filters the timeout value for an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param float $timeout_value Time in seconds until a request times out. Default 5. * @param string $url The request URL. */ 'timeout' => apply_filters( 'http_request_timeout', 5, $url ), /** * Filters the number of redirects allowed during an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param int $redirect_count Number of redirects allowed. Default 5. * @param string $url The request URL. */ 'redirection' => apply_filters( 'http_request_redirection_count', 5, $url ), /** * Filters the version of the HTTP protocol used in a request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $version Version of HTTP used. Accepts '1.0' and '1.1'. Default '1.0'. * @param string $url The request URL. */ 'httpversion' => apply_filters( 'http_request_version', '1.0', $url ), /** * Filters the user agent value sent with an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $user_agent WordPress user agent string. * @param string $url The request URL. */ 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $url ), /** * Filters whether to pass URLs through wp_http_validate_url() in an HTTP request. * * @since 3.6.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $pass_url Whether to pass URLs through wp_http_validate_url(). Default false. * @param string $url The request URL. */ 'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false, $url ), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null, ); // Pre-parse for the HEAD checks. $args = wp_parse_args( $args ); // By default, HEAD requests do not cause redirections. if ( isset( $args['method'] ) && 'HEAD' === $args['method'] ) { $defaults['redirection'] = 0; } $parsed_args = wp_parse_args( $args, $defaults ); /** * Filters the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $parsed_args An array of HTTP request arguments. * @param string $url The request URL. */ $parsed_args = apply_filters( 'http_request_args', $parsed_args, $url ); // The transports decrement this, store a copy of the original value for loop purposes. if ( ! isset( $parsed_args['_redirection'] ) ) { $parsed_args['_redirection'] = $parsed_args['redirection']; } /** * Filters the preemptive return value of an HTTP request. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return one of: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - Boolean false to avoid short-circuiting the response * * Returning any other value may result in unexpected behavior. * * @since 2.9.0 * * @param false|array|WP_Error $response A preemptive return value of an HTTP request. Default false. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters( 'pre_http_request', false, $parsed_args, $url ); if ( false !== $pre ) { return $pre; } if ( function_exists( 'wp_kses_bad_protocol' ) ) { if ( $parsed_args['reject_unsafe_urls'] ) { $url = wp_http_validate_url( $url ); } if ( $url ) { $url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) ); } } $parsed_url = parse_url( $url ); if ( empty( $url ) || empty( $parsed_url['scheme'] ) ) { $response = new WP_Error( 'http_request_failed', __( 'A valid URL was not provided.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } if ( $this->block_request( $url ) ) { $response = new WP_Error( 'http_request_not_executed', __( 'User has blocked requests through HTTP.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } // If we are streaming to a file but no filename was given drop it in the WP temp dir // and pick its name using the basename of the $url. if ( $parsed_args['stream'] ) { if ( empty( $parsed_args['filename'] ) ) { $parsed_args['filename'] = get_temp_dir() . basename( $url ); } // Force some settings if we are streaming to a file and check for existence // and perms of destination directory. $parsed_args['blocking'] = true; if ( ! wp_is_writable( dirname( $parsed_args['filename'] ) ) ) { $response = new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } } if ( is_null( $parsed_args['headers'] ) ) { $parsed_args['headers'] = array(); } // WP allows passing in headers as a string, weirdly. if ( ! is_array( $parsed_args['headers'] ) ) { $processed_headers = self::processHeaders( $parsed_args['headers'] ); $parsed_args['headers'] = $processed_headers['headers']; } // Setup arguments. $headers = $parsed_args['headers']; $data = $parsed_args['body']; $type = $parsed_args['method']; $options = array( 'timeout' => $parsed_args['timeout'], 'useragent' => $parsed_args['user-agent'], 'blocking' => $parsed_args['blocking'], 'hooks' => new WP_HTTP_Requests_Hooks( $url, $parsed_args ), ); // Ensure redirects follow browser behavior. $options['hooks']->register( 'requests.before_redirect', array( static::class, 'browser_redirect_compatibility' ) ); // Validate redirected URLs. if ( function_exists( 'wp_kses_bad_protocol' ) && $parsed_args['reject_unsafe_urls'] ) { $options['hooks']->register( 'requests.before_redirect', array( static::class, 'validate_redirects' ) ); } if ( $parsed_args['stream'] ) { $options['filename'] = $parsed_args['filename']; } if ( empty( $parsed_args['redirection'] ) ) { $options['follow_redirects'] = false; } else { $options['redirects'] = $parsed_args['redirection']; } // Use byte limit, if we can. if ( isset( $parsed_args['limit_response_size'] ) ) { $options['max_bytes'] = $parsed_args['limit_response_size']; } // If we've got cookies, use and convert them to WpOrg\Requests\Cookie. if ( ! empty( $parsed_args['cookies'] ) ) { $options['cookies'] = self::normalize_cookies( $parsed_args['cookies'] ); } // SSL certificate handling. if ( ! $parsed_args['sslverify'] ) { $options['verify'] = false; $options['verifyname'] = false; } else { $options['verify'] = $parsed_args['sslcertificates']; } // All non-GET/HEAD requests should put the arguments in the form body. if ( 'HEAD' !== $type && 'GET' !== $type ) { $options['data_format'] = 'body'; } /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection * or path to an SSL certificate. * @param string $url The request URL. */ $options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'], $url ); // Check for proxies. $proxy = new WP_HTTP_Proxy(); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $options['proxy'] = new WpOrg\Requests\Proxy\Http( $proxy->host() . ':' . $proxy->port() ); if ( $proxy->use_authentication() ) { $options['proxy']->use_authentication = true; $options['proxy']->user = $proxy->username(); $options['proxy']->pass = $proxy->password(); } } // Avoid issues where mbstring.func_overload is enabled. mbstring_binary_safe_encoding(); try { $requests_response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options ); // Convert the response into an array. $http_response = new WP_HTTP_Requests_Response( $requests_response, $parsed_args['filename'] ); $response = $http_response->to_array(); // Add the original object to the array. $response['http_response'] = $http_response; } catch ( WpOrg\Requests\Exception $e ) { $response = new WP_Error( 'http_request_failed', $e->getMessage() ); } reset_mbstring_encoding(); /** * Fires after an HTTP API response is received and before the response is returned. * * @since 2.8.0 * * @param array|WP_Error $response HTTP response or WP_Error object. * @param string $context Context under which the hook is fired. * @param string $class HTTP transport used. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); if ( is_wp_error( $response ) ) { return $response; } if ( ! $parsed_args['blocking'] ) { return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), 'http_response' => null, ); } /** * Filters a successful HTTP API response immediately before the response is returned. * * @since 2.9.0 * * @param array $response HTTP response. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ return apply_filters( 'http_response', $response, $parsed_args, $url ); } /** * Normalizes cookies for using in Requests. * * @since 4.6.0 * * @param array $cookies Array of cookies to send with the request. * @return WpOrg\Requests\Cookie\Jar Cookie holder object. */ public static function normalize_cookies( $cookies ) { $cookie_jar = new WpOrg\Requests\Cookie\Jar(); foreach ( $cookies as $name => $value ) { if ( $value instanceof WP_Http_Cookie ) { $attributes = array_filter( $value->get_attributes(), static function ( $attr ) { return null !== $attr; } ); $cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) ); } elseif ( is_scalar( $value ) ) { $cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value ); } } return $cookie_jar; } /** * Match redirect behavior to browser handling. * * Changes 302 redirects from POST to GET to match browser handling. Per * RFC 7231, user agents can deviate from the strict reading of the * specification for compatibility purposes. * * @since 4.6.0 * * @param string $location URL to redirect to. * @param array $headers Headers for the redirect. * @param string|array $data Body to send with the request. * @param array $options Redirect request options. * @param WpOrg\Requests\Response $original Response object. */ public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) { // Browser compatibility. if ( 302 === $original->status_code ) { $options['type'] = WpOrg\Requests\Requests::GET; } } /** * Validate redirected URLs. * * @since 4.7.5 * * @throws WpOrg\Requests\Exception On unsuccessful URL validation. * @param string $location URL to redirect to. */ public static function validate_redirects( $location ) { if ( ! wp_http_validate_url( $location ) ) { throw new WpOrg\Requests\Exception( __( 'A valid URL was not provided.' ), 'wp_http.redirect_failed_validation' ); } } /** * Tests which transports are capable of supporting the request. * * @since 3.2.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * @see WpOrg\Requests\Requests::get_transport_class() * * @param array $args Request arguments. * @param string $url URL to request. * @return string|false Class name for the first transport that claims to support the request. * False if no transport claims to support the request. */ public function _get_first_available_transport( $args, $url = null ) { $transports = array( 'curl', 'streams' ); /** * Filters which HTTP transports are available and in what order. * * @since 3.7.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * * @param string[] $transports Array of HTTP transports to check. Default array contains * 'curl' and 'streams', in that order. * @param array $args HTTP request arguments. * @param string $url The URL to request. */ $request_order = apply_filters_deprecated( 'http_api_transports', array( $transports, $args, $url ), '6.4.0' ); // Loop over each transport on each HTTP request looking for one which will serve this request's needs. foreach ( $request_order as $transport ) { if ( in_array( $transport, $transports, true ) ) { $transport = ucfirst( $transport ); } $class = 'WP_Http_' . $transport; // Check to see if this transport is a possibility, calls the transport statically. if ( ! call_user_func( array( $class, 'test' ), $args, $url ) ) { continue; } return $class; } return false; } /** * Dispatches a HTTP request to a supporting transport. * * Tests each transport in order to find a transport which matches the request arguments. * Also caches the transport instance to be used later. * * The order for requests is cURL, and then PHP Streams. * * @since 3.2.0 * @deprecated 5.1.0 Use WP_Http::request() * @see WP_Http::request() * * @param string $url URL to request. * @param array $args Request arguments. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ private function _dispatch_request( $url, $args ) { static $transports = array(); $class = $this->_get_first_available_transport( $args, $url ); if ( ! $class ) { return new WP_Error( 'http_failure', __( 'There are no HTTP transports available which can complete the requested request.' ) ); } // Transport claims to support request, instantiate it and give it a whirl. if ( empty( $transports[ $class ] ) ) { $transports[ $class ] = new $class(); } $response = $transports[ $class ]->request( $url, $args ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', $class, $args, $url ); if ( is_wp_error( $response ) ) { return $response; } /** This filter is documented in wp-includes/class-wp-http.php */ return apply_filters( 'http_response', $response, $args, $url ); } /** * Uses the POST HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function post( $url, $args = array() ) { $defaults = array( 'method' => 'POST' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the GET HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function get( $url, $args = array() ) { $defaults = array( 'method' => 'GET' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the HEAD HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function head( $url, $args = array() ) { $defaults = array( 'method' => 'HEAD' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Parses the responses and splits the parts into headers and body. * * @since 2.7.0 * * @param string $response The full response string. * @return array { * Array with response headers and body. * * @type string $headers HTTP response headers. * @type string $body HTTP response body. * } */ public static function processResponse( $response ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid $response = explode( "\r\n\r\n", $response, 2 ); return array( 'headers' => $response[0], 'body' => isset( $response[1] ) ? $response[1] : '', ); } /** * Transforms header string into an array. * * @since 2.7.0 * * @param string|array $headers The original headers. If a string is passed, it will be converted * to an array. If an array is passed, then it is assumed to be * raw header data with numeric keys with the headers as the values. * No headers must be passed that were already processed. * @param string $url Optional. The URL that was requested. Default empty. * @return array { * Processed string headers. If duplicate headers are encountered, * then a numbered array is returned as the value of that header-key. * * @type array $response { * @type int $code The response status code. Default 0. * @type string $message The response message. Default empty. * } * @type array $newheaders The processed header data as a multidimensional array. * @type WP_Http_Cookie[] $cookies If the original headers contain the 'Set-Cookie' key, * an array containing `WP_Http_Cookie` objects is returned. * } */ public static function processHeaders( $headers, $url = '' ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // Split headers, one per array element. if ( is_string( $headers ) ) { // Tolerate line terminator: CRLF = LF (RFC 2616 19.3). $headers = str_replace( "\r\n", "\n", $headers ); /* * Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>, * <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2). */ $headers = preg_replace( '/\n[ \t]/', ' ', $headers ); // Create the headers array. $headers = explode( "\n", $headers ); } $response = array( 'code' => 0, 'message' => '', ); /* * If a redirection has taken place, The headers for each page request may have been passed. * In this case, determine the final HTTP header and parse from there. */ for ( $i = count( $headers ) - 1; $i >= 0; $i-- ) { if ( ! empty( $headers[ $i ] ) && ! str_contains( $headers[ $i ], ':' ) ) { $headers = array_splice( $headers, $i ); break; } } $cookies = array(); $newheaders = array(); foreach ( (array) $headers as $tempheader ) { if ( empty( $tempheader ) ) { continue; } if ( ! str_contains( $tempheader, ':' ) ) { $stack = explode( ' ', $tempheader, 3 ); $stack[] = ''; list( , $response['code'], $response['message']) = $stack; continue; } list($key, $value) = explode( ':', $tempheader, 2 ); $key = strtolower( $key ); $value = trim( $value ); if ( isset( $newheaders[ $key ] ) ) { if ( ! is_array( $newheaders[ $key ] ) ) { $newheaders[ $key ] = array( $newheaders[ $key ] ); } $newheaders[ $key ][] = $value; } else { $newheaders[ $key ] = $value; } if ( 'set-cookie' === $key ) { $cookies[] = new WP_Http_Cookie( $value, $url ); } } // Cast the Response Code to an int. $response['code'] = (int) $response['code']; return array( 'response' => $response, 'headers' => $newheaders, 'cookies' => $cookies, ); } /** * Takes the arguments for a ::request() and checks for the cookie array. * * If it's found, then it upgrades any basic name => value pairs to WP_Http_Cookie instances, * which are each parsed into strings and added to the Cookie: header (within the arguments array). * Edits the array by reference. * * @since 2.8.0 * * @param array $r Full array of args passed into ::request() */ public static function buildCookieHeader( &$r ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! empty( $r['cookies'] ) ) { // Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances. foreach ( $r['cookies'] as $name => $value ) { if ( ! is_object( $value ) ) { $r['cookies'][ $name ] = new WP_Http_Cookie( array( 'name' => $name, 'value' => $value, ) ); } } $cookies_header = ''; foreach ( (array) $r['cookies'] as $cookie ) { $cookies_header .= $cookie->getHeaderValue() . '; '; } $cookies_header = substr( $cookies_header, 0, -2 ); $r['headers']['cookie'] = $cookies_header; } } /** * Decodes chunk transfer-encoding, based off the HTTP 1.1 specification. * * Based off the HTTP http_encoding_dechunk function. * * @link https://tools.ietf.org/html/rfc2616#section-19.4.6 Process for chunked decoding. * * @since 2.7.0 * * @param string $body Body content. * @return string Chunked decoded body on success or raw body on failure. */ public static function chunkTransferDecode( $body ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // The body is not chunked encoded or is malformed. if ( ! preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', trim( $body ) ) ) { return $body; } $parsed_body = ''; // We'll be altering $body, so need a backup in case of error. $body_original = $body; while ( true ) { $has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match ); if ( ! $has_chunk || empty( $match[1] ) ) { return $body_original; } $length = hexdec( $match[1] ); $chunk_length = strlen( $match[0] ); // Parse out the chunk of data. $parsed_body .= substr( $body, $chunk_length, $length ); // Remove the chunk from the raw data. $body = substr( $body, $length + $chunk_length ); // End of the document. if ( '0' === trim( $body ) ) { return $parsed_body; } } } /** * Determines whether an HTTP API request to the given URL should be blocked. * * Those who are behind a proxy and want to prevent access to certain hosts may do so. This will * prevent plugins from working and core functionality, if you don't include `api.wordpress.org`. * * You block external URL requests by defining `WP_HTTP_BLOCK_EXTERNAL` as true in your `wp-config.php` * file and this will only allow localhost and your site to make requests. The constant * `WP_ACCESSIBLE_HOSTS` will allow additional hosts to go through for requests. The format of the * `WP_ACCESSIBLE_HOSTS` constant is a comma separated list of hostnames to allow, wildcard domains * are supported, eg `*.wordpress.org` will allow for all subdomains of `wordpress.org` to be contacted. * * @since 2.8.0 * * @link https://core.trac.wordpress.org/ticket/8927 Allow preventing external requests. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_ACCESSIBLE_HOSTS * * @param string $uri URI of url. * @return bool True to block, false to allow. */ public function block_request( $uri ) { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) { return false; } $check = parse_url( $uri ); if ( ! $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * * A local request is one to `localhost` or to the same host as the site itself. * * @since 2.8.0 * * @param bool $block Whether to block local requests. Default false. */ return apply_filters( 'block_local_requests', false ); } if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) { return true; } static $accessible_hosts = null; static $wildcard_regex = array(); if ( null === $accessible_hosts ) { $accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS ); if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $accessible_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it. } } /** * Used as a wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7. * * @deprecated 4.4.0 Use wp_parse_url() * @see wp_parse_url() * * @param string $url The URL to parse. * @return bool|array False on failure; Array of URL components on success; * See parse_url()'s return values. */ protected static function parse_url( $url ) { _deprecated_function( __METHOD__, '4.4.0', 'wp_parse_url()' ); return wp_parse_url( $url ); } /** * Converts a relative URL to an absolute URL relative to a given URL. * * If an Absolute URL is provided, no processing of that URL is done. * * @since 3.4.0 * * @param string $maybe_relative_path The URL which might be relative. * @param string $url The URL which $maybe_relative_path is relative to. * @return string An Absolute URL, in a failure condition where the URL cannot be parsed, the relative URL will be returned. */ public static function make_absolute_url( $maybe_relative_path, $url ) { if ( empty( $url ) ) { return $maybe_relative_path; } $url_parts = wp_parse_url( $url ); if ( ! $url_parts ) { return $maybe_relative_path; } $relative_url_parts = wp_parse_url( $maybe_relative_path ); if ( ! $relative_url_parts ) { return $maybe_relative_path; } // Check for a scheme on the 'relative' URL. if ( ! empty( $relative_url_parts['scheme'] ) ) { return $maybe_relative_path; } $absolute_path = $url_parts['scheme'] . '://'; // Schemeless URLs will make it this far, so we check for a host in the relative URL // and convert it to a protocol-URL. if ( isset( $relative_url_parts['host'] ) ) { $absolute_path .= $relative_url_parts['host']; if ( isset( $relative_url_parts['port'] ) ) { $absolute_path .= ':' . $relative_url_parts['port']; } } else { $absolute_path .= $url_parts['host']; if ( isset( $url_parts['port'] ) ) { $absolute_path .= ':' . $url_parts['port']; } } // Start off with the absolute URL path. $path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/'; // If it's a root-relative path, then great. if ( ! empty( $relative_url_parts['path'] ) && '/' === $relative_url_parts['path'][0] ) { $path = $relative_url_parts['path']; // Else it's a relative path. } elseif ( ! empty( $relative_url_parts['path'] ) ) { // Strip off any file components from the absolute path. $path = substr( $path, 0, strrpos( $path, '/' ) + 1 ); // Build the new path. $path .= $relative_url_parts['path']; // Strip all /path/../ out of the path. while ( strpos( $path, '../' ) > 1 ) { $path = preg_replace( '![^/]+/\.\./!', '', $path ); } // Strip any final leading ../ from the path. $path = preg_replace( '!^/(\.\./)+!', '', $path ); } // Add the query string. if ( ! empty( $relative_url_parts['query'] ) ) { $path .= '?' . $relative_url_parts['query']; } // Add the fragment. if ( ! empty( $relative_url_parts['fragment'] ) ) { $path .= '#' . $relative_url_parts['fragment']; } return $absolute_path . '/' . ltrim( $path, '/' ); } /** * Handles an HTTP redirect and follows it if appropriate. * * @since 3.7.0 * * @param string $url The URL which was requested. * @param array $args The arguments which were used to make the request. * @param array $response The response of the HTTP request. * @return array|false|WP_Error An HTTP API response array if the redirect is successfully followed, * false if no redirect is present, or a WP_Error object if there's an error. */ public static function handle_redirects( $url, $args, $response ) { // If no redirects are present, or, redirects were not requested, perform no action. if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) { return false; } // Only perform redirections on redirection http codes. if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) { return false; } // Don't redirect if we've run out of redirects. if ( $args['redirection']-- <= 0 ) { return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) ); } $redirect_location = $response['headers']['location']; // If there were multiple Location headers, use the last header specified. if ( is_array( $redirect_location ) ) { $redirect_location = array_pop( $redirect_location ); } $redirect_location = self::make_absolute_url( $redirect_location, $url ); // POST requests should not POST to a redirected location. if ( 'POST' === $args['method'] ) { if ( in_array( $response['response']['code'], array( 302, 303 ), true ) ) { $args['method'] = 'GET'; } } // Include valid cookies in the redirect process. if ( ! empty( $response['cookies'] ) ) { foreach ( $response['cookies'] as $cookie ) { if ( $cookie->test( $redirect_location ) ) { $args['cookies'][] = $cookie; } } } return wp_remote_request( $redirect_location, $args ); } /** * Determines if a specified string represents an IP address or not. * * This function also detects the type of the IP address, returning either * '4' or '6' to represent an IPv4 and IPv6 address respectively. * This does not verify if the IP is a valid IP, only that it appears to be * an IP address. * * @link http://home.deds.nl/~aeron/regex/ for IPv6 regex. * * @since 3.7.0 * * @param string $maybe_ip A suspected IP address. * @return int|false Upon success, '4' or '6' to represent an IPv4 or IPv6 address, false upon failure. */ public static function is_ip_address( $maybe_ip ) { if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $maybe_ip ) ) { return 4; } if ( str_contains( $maybe_ip, ':' ) && preg_match( '/^(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})$/i', trim( $maybe_ip, ' []' ) ) ) { return 6; } return false; } } HTTP/https-detection-20260605090909-20260608083612.php 0000666 00000013341 15226703613 0014153 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606002819-20260608142719.php 0000666 00000013341 15226703613 0014151 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606072415-20260608061224.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605183407-20260606043826.php 0000666 00000011205 15226703613 0014160 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606003506.php 0000666 00000011205 15226703613 0012556 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606145107-20260608101827.php 0000666 00000011205 15226703613 0014152 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605170301-20260610055034.php 0000666 00000011205 15226703613 0014132 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606105401.php 0000666 00000011205 15226703613 0012553 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606105339-20260609082055.php 0000666 00000013341 15226703613 0014147 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605172228.php 0000666 00000011205 15226703613 0012565 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Parser.php 0000666 00000035551 15226703613 0007312 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Response Parser * @template Psr7Compatible of bool */ class Parser { /** * HTTP Version * * @var float */ public $http_version = 0.0; /** * Status code * * @var int */ public $status_code = 0; /** * Reason phrase * * @var string */ public $reason = ''; /** * @var Psr7Compatible whether headers are compatible with PSR-7 format. */ private $psr7Compatible; /** * Key/value pairs of the headers * * @var (Psr7Compatible is true ? array<string, non-empty-array<string>> : array<string, string>) */ public $headers = []; /** * Body of the response * * @var string */ public $body = ''; private const STATE_HTTP_VERSION = 'http_version'; private const STATE_STATUS = 'status'; private const STATE_REASON = 'reason'; private const STATE_NEW_LINE = 'new_line'; private const STATE_BODY = 'body'; private const STATE_NAME = 'name'; private const STATE_VALUE = 'value'; private const STATE_VALUE_CHAR = 'value_char'; private const STATE_QUOTE = 'quote'; private const STATE_QUOTE_ESCAPED = 'quote_escaped'; private const STATE_QUOTE_CHAR = 'quote_char'; private const STATE_CHUNKED = 'chunked'; private const STATE_EMIT = 'emit'; private const STATE_ERROR = false; /** * Current state of the state machine * * @var self::STATE_* */ protected $state = self::STATE_HTTP_VERSION; /** * Input data * * @var string */ protected $data = ''; /** * Input data length (to avoid calling strlen() everytime this is needed) * * @var int */ protected $data_length = 0; /** * Current position of the pointer * * @var int */ protected $position = 0; /** * Name of the header currently being parsed * * @var string */ protected $name = ''; /** * Value of the header currently being parsed * * @var string */ protected $value = ''; /** * Create an instance of the class with the input data * * @param string $data Input data * @param Psr7Compatible $psr7Compatible Whether the data types are in format compatible with PSR-7. */ public function __construct(string $data, bool $psr7Compatible = false) { $this->data = $data; $this->data_length = strlen($this->data); $this->psr7Compatible = $psr7Compatible; } /** * Parse the input data * * @return bool true on success, false on failure */ public function parse() { while ($this->state && $this->state !== self::STATE_EMIT && $this->has_data()) { $state = $this->state; $this->$state(); } $this->data = ''; if ($this->state === self::STATE_EMIT || $this->state === self::STATE_BODY) { return true; } // Reset the parser state. $this->http_version = 0.0; $this->status_code = 0; $this->reason = ''; $this->headers = []; $this->body = ''; return false; } /** * Check whether there is data beyond the pointer * * @return bool true if there is further data, false if not */ protected function has_data() { return (bool) ($this->position < $this->data_length); } /** * See if the next character is LWS * * @return bool true if the next character is LWS, false if not */ protected function is_linear_whitespace() { return (bool) ($this->data[$this->position] === "\x09" || $this->data[$this->position] === "\x20" || ($this->data[$this->position] === "\x0A" && isset($this->data[$this->position + 1]) && ($this->data[$this->position + 1] === "\x09" || $this->data[$this->position + 1] === "\x20"))); } /** * Parse the HTTP version * @return void */ protected function http_version() { if (strpos($this->data, "\x0A") !== false && strtoupper(substr($this->data, 0, 5)) === 'HTTP/') { $len = strspn($this->data, '0123456789.', 5); $http_version = substr($this->data, 5, $len); $this->position += 5 + $len; if (substr_count($http_version, '.') <= 1) { $this->http_version = (float) $http_version; $this->position += strspn($this->data, "\x09\x20", $this->position); $this->state = self::STATE_STATUS; } else { $this->state = self::STATE_ERROR; } } else { $this->state = self::STATE_ERROR; } } /** * Parse the status code * @return void */ protected function status() { if ($len = strspn($this->data, '0123456789', $this->position)) { $this->status_code = (int) substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_REASON; } else { $this->state = self::STATE_ERROR; } } /** * Parse the reason phrase * @return void */ protected function reason() { $len = strcspn($this->data, "\x0A", $this->position); $this->reason = trim(substr($this->data, $this->position, $len), "\x09\x0D\x20"); $this->position += $len + 1; $this->state = self::STATE_NEW_LINE; } private function add_header(string $name, string $value): void { if ($this->psr7Compatible) { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, non-empty-array<string>> */ $headers = &$this->headers; $headers[$name][] = $value; } else { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, string>) */ $headers = &$this->headers; $headers[$name] .= ', ' . $value; } } private function replace_header(string $name, string $value): void { if ($this->psr7Compatible) { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, non-empty-array<string>> */ $headers = &$this->headers; $headers[$name] = [$value]; } else { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, string>) */ $headers = &$this->headers; $headers[$name] = $value; } } /** * Deal with a new line, shifting data around as needed * @return void */ protected function new_line() { $this->value = trim($this->value, "\x0D\x20"); if ($this->name !== '' && $this->value !== '') { $this->name = strtolower($this->name); // We should only use the last Content-Type header. c.f. issue #1 if (isset($this->headers[$this->name]) && $this->name !== 'content-type') { $this->add_header($this->name, $this->value); } else { $this->replace_header($this->name, $this->value); } } $this->name = ''; $this->value = ''; if (substr($this->data[$this->position], 0, 2) === "\x0D\x0A") { $this->position += 2; $this->state = self::STATE_BODY; } elseif ($this->data[$this->position] === "\x0A") { $this->position++; $this->state = self::STATE_BODY; } else { $this->state = self::STATE_NAME; } } /** * Parse a header name * @return void */ protected function name() { $len = strcspn($this->data, "\x0A:", $this->position); if (isset($this->data[$this->position + $len])) { if ($this->data[$this->position + $len] === "\x0A") { $this->position += $len; $this->state = self::STATE_NEW_LINE; } else { $this->name = substr($this->data, $this->position, $len); $this->position += $len + 1; $this->state = self::STATE_VALUE; } } else { $this->state = self::STATE_ERROR; } } /** * Parse LWS, replacing consecutive LWS characters with a single space * @return void */ protected function linear_whitespace() { do { if (substr($this->data, $this->position, 2) === "\x0D\x0A") { $this->position += 2; } elseif ($this->data[$this->position] === "\x0A") { $this->position++; } $this->position += strspn($this->data, "\x09\x20", $this->position); } while ($this->has_data() && $this->is_linear_whitespace()); $this->value .= "\x20"; } /** * See what state to move to while within non-quoted header values * @return void */ protected function value() { if ($this->is_linear_whitespace()) { $this->linear_whitespace(); } else { switch ($this->data[$this->position]) { case '"': // Workaround for ETags: we have to include the quotes as // part of the tag. if (strtolower($this->name) === 'etag') { $this->value .= '"'; $this->position++; $this->state = self::STATE_VALUE_CHAR; break; } $this->position++; $this->state = self::STATE_QUOTE; break; case "\x0A": $this->position++; $this->state = self::STATE_NEW_LINE; break; default: $this->state = self::STATE_VALUE_CHAR; break; } } } /** * Parse a header value while outside quotes * @return void */ protected function value_char() { $len = strcspn($this->data, "\x09\x20\x0A\"", $this->position); $this->value .= substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_VALUE; } /** * See what state to move to while within quoted header values * @return void */ protected function quote() { if ($this->is_linear_whitespace()) { $this->linear_whitespace(); } else { switch ($this->data[$this->position]) { case '"': $this->position++; $this->state = self::STATE_VALUE; break; case "\x0A": $this->position++; $this->state = self::STATE_NEW_LINE; break; case '\\': $this->position++; $this->state = self::STATE_QUOTE_ESCAPED; break; default: $this->state = self::STATE_QUOTE_CHAR; break; } } } /** * Parse a header value while within quotes * @return void */ protected function quote_char() { $len = strcspn($this->data, "\x09\x20\x0A\"\\", $this->position); $this->value .= substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_VALUE; } /** * Parse an escaped character within quotes * @return void */ protected function quote_escaped() { $this->value .= $this->data[$this->position]; $this->position++; $this->state = self::STATE_QUOTE; } /** * Parse the body * @return void */ protected function body() { $this->body = substr($this->data, $this->position); if (!empty($this->headers['transfer-encoding'])) { unset($this->headers['transfer-encoding']); $this->state = self::STATE_CHUNKED; } else { $this->state = self::STATE_EMIT; } } /** * Parsed a "Transfer-Encoding: chunked" body * @return void */ protected function chunked() { if (!preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', trim($this->body))) { $this->state = self::STATE_EMIT; return; } $decoded = ''; $encoded = $this->body; while (true) { $is_chunked = (bool) preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', $encoded, $matches); if (!$is_chunked) { // Looks like it's not chunked after all $this->state = self::STATE_EMIT; return; } $length = hexdec(trim($matches[1])); // For PHPStan: this will only be float when larger than PHP_INT_MAX. // But even on 32-bit systems, it would mean 2GiB chunk, which sounds unlikely. \assert(\is_int($length), "Length needs to be shorter than PHP_INT_MAX"); if ($length === 0) { // Ignore trailer headers $this->state = self::STATE_EMIT; $this->body = $decoded; return; } $chunk_length = strlen($matches[0]); $decoded .= substr($encoded, $chunk_length, $length); $encoded = substr($encoded, $chunk_length + $length + 2); // BC for PHP < 8.0: substr() can return bool instead of string $encoded = ($encoded === false) ? '' : $encoded; if (trim($encoded) === '0' || empty($encoded)) { $this->state = self::STATE_EMIT; $this->body = $decoded; return; } } } /** * Prepare headers (take care of proxies headers) * * @param string $headers Raw headers * @param non-negative-int $count Redirection count. Default to 1. * * @return string */ public static function prepareHeaders(string $headers, int $count = 1) { $data = explode("\r\n\r\n", $headers, $count); $data = array_pop($data); if (false !== stripos($data, "HTTP/1.0 200 Connection established\r\n")) { $exploded = explode("\r\n\r\n", $data, 2); $data = end($exploded); } if (false !== stripos($data, "HTTP/1.1 200 Connection established\r\n")) { $exploded = explode("\r\n\r\n", $data, 2); $data = end($exploded); } return $data; } } class_alias('SimplePie\HTTP\Parser', 'SimplePie_HTTP_Parser'); HTTP/block-editor-20260605084153.php 0000666 00000071142 15226703613 0012017 0 ustar 00 <?php /** * Block Editor API. * * @package WordPress * @subpackage Editor * @since 5.8.0 */ /** * Returns the list of default categories for block types. * * @since 5.8.0 * @since 6.3.0 Reusable Blocks renamed to Patterns. * * @return array[] Array of categories for block types. */ function get_default_block_categories() { return array( array( 'slug' => 'text', 'title' => _x( 'Text', 'block category' ), 'icon' => null, ), array( 'slug' => 'media', 'title' => _x( 'Media', 'block category' ), 'icon' => null, ), array( 'slug' => 'design', 'title' => _x( 'Design', 'block category' ), 'icon' => null, ), array( 'slug' => 'widgets', 'title' => _x( 'Widgets', 'block category' ), 'icon' => null, ), array( 'slug' => 'theme', 'title' => _x( 'Theme', 'block category' ), 'icon' => null, ), array( 'slug' => 'embed', 'title' => _x( 'Embeds', 'block category' ), 'icon' => null, ), array( 'slug' => 'reusable', 'title' => _x( 'Patterns', 'block category' ), 'icon' => null, ), ); } /** * Returns all the categories for block types that will be shown in the block editor. * * @since 5.0.0 * @since 5.8.0 It is possible to pass the block editor context as param. * * @param WP_Post|WP_Block_Editor_Context $post_or_block_editor_context The current post object or * the block editor context. * * @return array[] Array of categories for block types. */ function get_block_categories( $post_or_block_editor_context ) { $block_categories = get_default_block_categories(); $block_editor_context = $post_or_block_editor_context instanceof WP_Post ? new WP_Block_Editor_Context( array( 'post' => $post_or_block_editor_context, ) ) : $post_or_block_editor_context; /** * Filters the default array of categories for block types. * * @since 5.8.0 * * @param array[] $block_categories Array of categories for block types. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $block_categories = apply_filters( 'block_categories_all', $block_categories, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the default array of categories for block types. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_categories_all'} filter instead. * * @param array[] $block_categories Array of categories for block types. * @param WP_Post $post Post being loaded. */ $block_categories = apply_filters_deprecated( 'block_categories', array( $block_categories, $post ), '5.8.0', 'block_categories_all' ); } return $block_categories; } /** * Gets the list of allowed block types to use in the block editor. * * @since 5.8.0 * * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return bool|string[] Array of block type slugs, or boolean to enable/disable all. */ function get_allowed_block_types( $block_editor_context ) { $allowed_block_types = true; /** * Filters the allowed block types for all editor types. * * @since 5.8.0 * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported). * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $allowed_block_types = apply_filters( 'allowed_block_types_all', $allowed_block_types, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the allowed block types for the editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'allowed_block_types_all'} filter instead. * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported) * @param WP_Post $post The post resource data. */ $allowed_block_types = apply_filters_deprecated( 'allowed_block_types', array( $allowed_block_types, $post ), '5.8.0', 'allowed_block_types_all' ); } return $allowed_block_types; } /** * Returns the default block editor settings. * * @since 5.8.0 * * @return array The default block editor settings. */ function get_default_block_editor_settings() { // Media settings. // wp_max_upload_size() can be expensive, so only call it when relevant for the current user. $max_upload_size = 0; if ( current_user_can( 'upload_files' ) ) { $max_upload_size = wp_max_upload_size(); if ( ! $max_upload_size ) { $max_upload_size = 0; } } /** This filter is documented in wp-admin/includes/media.php */ $image_size_names = apply_filters( 'image_size_names_choose', array( 'thumbnail' => __( 'Thumbnail' ), 'medium' => __( 'Medium' ), 'large' => __( 'Large' ), 'full' => __( 'Full Size' ), ) ); $available_image_sizes = array(); foreach ( $image_size_names as $image_size_slug => $image_size_name ) { $available_image_sizes[] = array( 'slug' => $image_size_slug, 'name' => $image_size_name, ); } $default_size = get_option( 'image_default_size', 'large' ); $image_default_size = in_array( $default_size, array_keys( $image_size_names ), true ) ? $default_size : 'large'; $image_dimensions = array(); $all_sizes = wp_get_registered_image_subsizes(); foreach ( $available_image_sizes as $size ) { $key = $size['slug']; if ( isset( $all_sizes[ $key ] ) ) { $image_dimensions[ $key ] = $all_sizes[ $key ]; } } // These styles are used if the "no theme styles" options is triggered or on // themes without their own editor styles. $default_editor_styles_file = ABSPATH . WPINC . '/css/dist/block-editor/default-editor-styles.css'; static $default_editor_styles_file_contents = false; if ( ! $default_editor_styles_file_contents && file_exists( $default_editor_styles_file ) ) { $default_editor_styles_file_contents = file_get_contents( $default_editor_styles_file ); } $default_editor_styles = array(); if ( $default_editor_styles_file_contents ) { $default_editor_styles = array( array( 'css' => $default_editor_styles_file_contents ), ); } $editor_settings = array( 'alignWide' => get_theme_support( 'align-wide' ), 'allowedBlockTypes' => true, 'allowedMimeTypes' => get_allowed_mime_types(), 'defaultEditorStyles' => $default_editor_styles, 'blockCategories' => get_default_block_categories(), 'isRTL' => is_rtl(), 'imageDefaultSize' => $image_default_size, 'imageDimensions' => $image_dimensions, 'imageEditing' => true, 'imageSizes' => $available_image_sizes, 'maxUploadFileSize' => $max_upload_size, '__experimentalDashboardLink' => admin_url( '/' ), // The following flag is required to enable the new Gallery block format on the mobile apps in 5.9. '__unstableGalleryWithImageBlocks' => true, ); $theme_settings = get_classic_theme_supports_block_editor_settings(); foreach ( $theme_settings as $key => $value ) { $editor_settings[ $key ] = $value; } return $editor_settings; } /** * Returns the block editor settings needed to use the Legacy Widget block which * is not registered by default. * * @since 5.8.0 * * @return array Settings to be used with get_block_editor_settings(). */ function get_legacy_widget_block_editor_settings() { $editor_settings = array(); /** * Filters the list of widget-type IDs that should **not** be offered by the * Legacy Widget block. * * Returning an empty array will make all widgets available. * * @since 5.8.0 * * @param string[] $widgets An array of excluded widget-type IDs. */ $editor_settings['widgetTypesToHideFromLegacyWidgetBlock'] = apply_filters( 'widget_types_to_hide_from_legacy_widget_block', array( 'pages', 'calendar', 'archives', 'media_audio', 'media_image', 'media_gallery', 'media_video', 'search', 'text', 'categories', 'recent-posts', 'recent-comments', 'rss', 'tag_cloud', 'custom_html', 'block', ) ); return $editor_settings; } /** * Collect the block editor assets that need to be loaded into the editor's iframe. * * @since 6.0.0 * @access private * * @global WP_Styles $wp_styles The WP_Styles current instance. * @global WP_Scripts $wp_scripts The WP_Scripts current instance. * * @return array { * The block editor assets. * * @type string|false $styles String containing the HTML for styles. * @type string|false $scripts String containing the HTML for scripts. * } */ function _wp_get_iframed_editor_assets() { global $wp_styles, $wp_scripts; // Keep track of the styles and scripts instance to restore later. $current_wp_styles = $wp_styles; $current_wp_scripts = $wp_scripts; // Create new instances to collect the assets. $wp_styles = new WP_Styles(); $wp_scripts = new WP_Scripts(); /* * Register all currently registered styles and scripts. The actions that * follow enqueue assets, but don't necessarily register them. */ $wp_styles->registered = $current_wp_styles->registered; $wp_scripts->registered = $current_wp_scripts->registered; /* * We generally do not need reset styles for the iframed editor. * However, if it's a classic theme, margins will be added to every block, * which is reset specifically for list items, so classic themes rely on * these reset styles. */ $wp_styles->done = wp_theme_has_theme_json() ? array( 'wp-reset-editor-styles' ) : array(); wp_enqueue_script( 'wp-polyfill' ); // Enqueue the `editorStyle` handles for all core block, and dependencies. wp_enqueue_style( 'wp-edit-blocks' ); if ( current_theme_supports( 'wp-block-styles' ) ) { wp_enqueue_style( 'wp-block-library-theme' ); } /* * We don't want to load EDITOR scripts in the iframe, only enqueue * front-end assets for the content. */ add_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); do_action( 'enqueue_block_assets' ); remove_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Additionally, do enqueue `editorStyle` assets for all blocks, which * contains editor-only styling for blocks (editor content). */ foreach ( $block_registry->get_all_registered() as $block_type ) { if ( isset( $block_type->editor_style_handles ) && is_array( $block_type->editor_style_handles ) ) { foreach ( $block_type->editor_style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } } } /** * Remove the deprecated `print_emoji_styles` handler. * It avoids breaking style generation with a deprecation message. */ $has_emoji_styles = has_action( 'wp_print_styles', 'print_emoji_styles' ); if ( $has_emoji_styles ) { remove_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_styles(); wp_print_font_faces(); wp_print_font_faces_from_style_variations(); $styles = ob_get_clean(); if ( $has_emoji_styles ) { add_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_head_scripts(); wp_print_footer_scripts(); $scripts = ob_get_clean(); // Restore the original instances. $wp_styles = $current_wp_styles; $wp_scripts = $current_wp_scripts; return array( 'styles' => $styles, 'scripts' => $scripts, ); } /** * Finds the first occurrence of a specific block in an array of blocks. * * @since 6.3.0 * * @param array $blocks Array of blocks. * @param string $block_name Name of the block to find. * @return array Found block, or empty array if none found. */ function wp_get_first_block( $blocks, $block_name ) { foreach ( $blocks as $block ) { if ( $block_name === $block['blockName'] ) { return $block; } if ( ! empty( $block['innerBlocks'] ) ) { $found_block = wp_get_first_block( $block['innerBlocks'], $block_name ); if ( ! empty( $found_block ) ) { return $found_block; } } } return array(); } /** * Retrieves Post Content block attributes from the current post template. * * @since 6.3.0 * @since 6.4.0 Return null if there is no post content block. * @access private * * @global int $post_ID * * @return array|null Post Content block attributes array or null if Post Content block doesn't exist. */ function wp_get_post_content_block_attributes() { global $post_ID; $is_block_theme = wp_is_block_theme(); if ( ! $is_block_theme || ! $post_ID ) { return null; } $template_slug = get_page_template_slug( $post_ID ); if ( ! $template_slug ) { $post_slug = 'singular'; $page_slug = 'singular'; $template_types = get_block_templates(); foreach ( $template_types as $template_type ) { if ( 'page' === $template_type->slug ) { $page_slug = 'page'; } if ( 'single' === $template_type->slug ) { $post_slug = 'single'; } } $what_post_type = get_post_type( $post_ID ); switch ( $what_post_type ) { case 'page': $template_slug = $page_slug; break; default: $template_slug = $post_slug; break; } } $current_template = get_block_templates( array( 'slug__in' => array( $template_slug ) ) ); if ( ! empty( $current_template ) ) { $template_blocks = parse_blocks( $current_template[0]->content ); $post_content_block = wp_get_first_block( $template_blocks, 'core/post-content' ); if ( isset( $post_content_block['attrs'] ) ) { return $post_content_block['attrs']; } } return null; } /** * Returns the contextualized block editor settings for a selected editor context. * * @since 5.8.0 * * @param array $custom_settings Custom settings to use with the given editor type. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return array The contextualized block editor settings. */ function get_block_editor_settings( array $custom_settings, $block_editor_context ) { $editor_settings = array_merge( get_default_block_editor_settings(), array( 'allowedBlockTypes' => get_allowed_block_types( $block_editor_context ), 'blockCategories' => get_block_categories( $block_editor_context ), ), $custom_settings ); $editor_settings['__experimentalBlockBindingsSupportedAttributes'] = array(); foreach ( array_keys( WP_Block_Type_Registry::get_instance()->get_all_registered() ) as $block_type ) { $supported_block_attributes = get_block_bindings_supported_attributes( $block_type ); if ( ! empty( $supported_block_attributes ) ) { $editor_settings['__experimentalBlockBindingsSupportedAttributes'][ $block_type ] = $supported_block_attributes; } } $global_styles = array(); $presets = array( array( 'css' => 'variables', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), array( 'css' => 'presets', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), ); foreach ( $presets as $preset_style ) { $actual_css = wp_get_global_stylesheet( array( $preset_style['css'] ) ); if ( '' !== $actual_css ) { $preset_style['css'] = $actual_css; $global_styles[] = $preset_style; } } if ( wp_theme_has_theme_json() ) { $block_classes = array( 'css' => 'styles', '__unstableType' => 'theme', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } /* * Add the custom CSS as a separate stylesheet so any invalid CSS * entered by users does not break other global styles. */ $global_styles[] = array( 'css' => wp_get_global_stylesheet( array( 'custom-css' ) ), '__unstableType' => 'user', 'isGlobalStyles' => true, ); } else { // If there is no `theme.json` file, ensure base layout styles are still available. $block_classes = array( 'css' => 'base-layout-styles', '__unstableType' => 'base-layout', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } } $editor_settings['styles'] = array_merge( $global_styles, get_block_editor_theme_styles() ); $editor_settings['__experimentalFeatures'] = wp_get_global_settings(); // These settings may need to be updated based on data coming from theme.json sources. if ( isset( $editor_settings['__experimentalFeatures']['color']['palette'] ) ) { $colors_by_origin = $editor_settings['__experimentalFeatures']['color']['palette']; $editor_settings['colors'] = isset( $colors_by_origin['custom'] ) ? $colors_by_origin['custom'] : ( isset( $colors_by_origin['theme'] ) ? $colors_by_origin['theme'] : $colors_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['gradients'] ) ) { $gradients_by_origin = $editor_settings['__experimentalFeatures']['color']['gradients']; $editor_settings['gradients'] = isset( $gradients_by_origin['custom'] ) ? $gradients_by_origin['custom'] : ( isset( $gradients_by_origin['theme'] ) ? $gradients_by_origin['theme'] : $gradients_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['fontSizes'] ) ) { $font_sizes_by_origin = $editor_settings['__experimentalFeatures']['typography']['fontSizes']; $editor_settings['fontSizes'] = isset( $font_sizes_by_origin['custom'] ) ? $font_sizes_by_origin['custom'] : ( isset( $font_sizes_by_origin['theme'] ) ? $font_sizes_by_origin['theme'] : $font_sizes_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['custom'] ) ) { $editor_settings['disableCustomColors'] = ! $editor_settings['__experimentalFeatures']['color']['custom']; unset( $editor_settings['__experimentalFeatures']['color']['custom'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ) ) { $editor_settings['disableCustomGradients'] = ! $editor_settings['__experimentalFeatures']['color']['customGradient']; unset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ) ) { $editor_settings['disableCustomFontSizes'] = ! $editor_settings['__experimentalFeatures']['typography']['customFontSize']; unset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ) ) { $editor_settings['enableCustomLineHeight'] = $editor_settings['__experimentalFeatures']['typography']['lineHeight']; unset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['units'] ) ) { $editor_settings['enableCustomUnits'] = $editor_settings['__experimentalFeatures']['spacing']['units']; unset( $editor_settings['__experimentalFeatures']['spacing']['units'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ) ) { $editor_settings['enableCustomSpacing'] = $editor_settings['__experimentalFeatures']['spacing']['padding']; unset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ) ) { $editor_settings['disableCustomSpacingSizes'] = ! $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize']; unset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['spacingSizes'] ) ) { $spacing_sizes_by_origin = $editor_settings['__experimentalFeatures']['spacing']['spacingSizes']; $editor_settings['spacingSizes'] = isset( $spacing_sizes_by_origin['custom'] ) ? $spacing_sizes_by_origin['custom'] : ( isset( $spacing_sizes_by_origin['theme'] ) ? $spacing_sizes_by_origin['theme'] : $spacing_sizes_by_origin['default'] ); } $editor_settings['__unstableResolvedAssets'] = _wp_get_iframed_editor_assets(); $editor_settings['__unstableIsBlockBasedTheme'] = wp_is_block_theme(); $editor_settings['localAutosaveInterval'] = 15; $editor_settings['disableLayoutStyles'] = current_theme_supports( 'disable-layout-styles' ); $editor_settings['__experimentalDiscussionSettings'] = array( 'commentOrder' => get_option( 'comment_order' ), 'commentsPerPage' => get_option( 'comments_per_page' ), 'defaultCommentsPage' => get_option( 'default_comments_page' ), 'pageComments' => get_option( 'page_comments' ), 'threadComments' => get_option( 'thread_comments' ), 'threadCommentsDepth' => get_option( 'thread_comments_depth' ), 'defaultCommentStatus' => get_option( 'default_comment_status' ), 'avatarURL' => get_avatar_url( '', array( 'size' => 96, 'force_default' => true, 'default' => get_option( 'avatar_default' ), ) ), ); $post_content_block_attributes = wp_get_post_content_block_attributes(); if ( isset( $post_content_block_attributes ) ) { $editor_settings['postContentAttributes'] = $post_content_block_attributes; } $editor_settings['canUpdateBlockBindings'] = current_user_can( 'edit_block_binding', $block_editor_context ); /** * Filters the settings to pass to the block editor for all editor type. * * @since 5.8.0 * * @param array $editor_settings Default editor settings. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $editor_settings = apply_filters( 'block_editor_settings_all', $editor_settings, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the settings to pass to the block editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_settings_all'} filter instead. * * @param array $editor_settings Default editor settings. * @param WP_Post $post Post being edited. */ $editor_settings = apply_filters_deprecated( 'block_editor_settings', array( $editor_settings, $post ), '5.8.0', 'block_editor_settings_all' ); } return $editor_settings; } /** * Preloads common data used with the block editor by specifying an array of * REST API paths that will be preloaded for a given block editor context. * * @since 5.8.0 * * @global WP_Post $post Global post object. * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * @global WP_Styles $wp_styles The WP_Styles object for printing styles. * * @param (string|string[])[] $preload_paths List of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ function block_editor_rest_api_preload( array $preload_paths, $block_editor_context ) { global $post, $wp_scripts, $wp_styles; /** * Filters the array of REST API paths that will be used to preloaded common data for the block editor. * * @since 5.8.0 * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $preload_paths = apply_filters( 'block_editor_rest_api_preload_paths', $preload_paths, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $selected_post = $block_editor_context->post; /** * Filters the array of paths that will be preloaded. * * Preload common data by specifying an array of REST API paths that will be preloaded. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_rest_api_preload_paths'} filter instead. * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Post $selected_post Post being edited. */ $preload_paths = apply_filters_deprecated( 'block_editor_preload_paths', array( $preload_paths, $selected_post ), '5.8.0', 'block_editor_rest_api_preload_paths' ); } if ( empty( $preload_paths ) ) { return; } /* * Ensure the global $post, $wp_scripts, and $wp_styles remain the same after * API data is preloaded. * Because API preloading can call the_content and other filters, plugins * can unexpectedly modify the global $post or enqueue assets which are not * intended for the block editor. */ $backup_global_post = ! empty( $post ) ? clone $post : $post; $backup_wp_scripts = ! empty( $wp_scripts ) ? clone $wp_scripts : $wp_scripts; $backup_wp_styles = ! empty( $wp_styles ) ? clone $wp_styles : $wp_styles; foreach ( $preload_paths as &$path ) { if ( is_string( $path ) && ! str_starts_with( $path, '/' ) ) { $path = '/' . $path; continue; } if ( is_array( $path ) && is_string( $path[0] ) && ! str_starts_with( $path[0], '/' ) ) { $path[0] = '/' . $path[0]; } } unset( $path ); $preload_data = array_reduce( $preload_paths, 'rest_preload_api_request', array() ); // Restore the global $post, $wp_scripts, and $wp_styles as they were before API preloading. $post = $backup_global_post; $wp_scripts = $backup_wp_scripts; $wp_styles = $backup_wp_styles; wp_add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createPreloadingMiddleware( %s ) );', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Creates an array of theme styles to load into the block editor. * * @since 5.8.0 * * @global array $editor_styles * * @return array An array of theme styles for the block editor. */ function get_block_editor_theme_styles() { global $editor_styles; $styles = array(); if ( $editor_styles && current_theme_supports( 'editor-styles' ) ) { foreach ( $editor_styles as $style ) { if ( preg_match( '~^(https?:)?//~', $style ) ) { $response = wp_remote_get( $style ); if ( ! is_wp_error( $response ) ) { $styles[] = array( 'css' => wp_remote_retrieve_body( $response ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } else { $file = get_theme_file_path( $style ); if ( is_file( $file ) ) { $styles[] = array( 'css' => file_get_contents( $file ), 'baseURL' => get_theme_file_uri( $style ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } } } return $styles; } /** * Returns the classic theme supports settings for block editor. * * @since 6.2.0 * @since 6.6.0 Add support for 'editor-spacing-sizes' theme support. * * @return array The classic theme supports settings. */ function get_classic_theme_supports_block_editor_settings() { $theme_settings = array( 'disableCustomColors' => get_theme_support( 'disable-custom-colors' ), 'disableCustomFontSizes' => get_theme_support( 'disable-custom-font-sizes' ), 'disableCustomGradients' => get_theme_support( 'disable-custom-gradients' ), 'disableLayoutStyles' => get_theme_support( 'disable-layout-styles' ), 'enableCustomLineHeight' => get_theme_support( 'custom-line-height' ), 'enableCustomSpacing' => get_theme_support( 'custom-spacing' ), 'enableCustomUnits' => get_theme_support( 'custom-units' ), ); // Theme settings. $color_palette = current( (array) get_theme_support( 'editor-color-palette' ) ); if ( false !== $color_palette ) { $theme_settings['colors'] = $color_palette; } $font_sizes = current( (array) get_theme_support( 'editor-font-sizes' ) ); if ( false !== $font_sizes ) { $theme_settings['fontSizes'] = $font_sizes; } $gradient_presets = current( (array) get_theme_support( 'editor-gradient-presets' ) ); if ( false !== $gradient_presets ) { $theme_settings['gradients'] = $gradient_presets; } $spacing_sizes = current( (array) get_theme_support( 'editor-spacing-sizes' ) ); if ( false !== $spacing_sizes ) { $theme_settings['spacingSizes'] = $spacing_sizes; } return $theme_settings; } /** * Initialize site preview. * * This function sets IFRAME_REQUEST to true if the site preview parameter is set. * * @since 6.8.0 */ function wp_initialize_site_preview_hooks() { if ( ! defined( 'IFRAME_REQUEST' ) && isset( $_GET['wp_site_preview'] ) && 1 === (int) $_GET['wp_site_preview'] && current_user_can( 'edit_theme_options' ) ) { define( 'IFRAME_REQUEST', true ); } } HTTP/https-migration-20260606190910-20260607235056.php 0000666 00000011205 15226703613 0014155 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606132425-20260607201638.php 0000666 00000013341 15226703613 0014141 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605070331-20260606183605.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606074258-20260608042916.php 0000666 00000013341 15226703613 0014155 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605165559.php 0000666 00000013341 15226703613 0012566 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605043510-20260608042721.php 0000666 00000011205 15226703613 0014141 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605100844-20260610173148.php 0000666 00000013341 15226703613 0014136 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605102734.php 0000666 00000013341 15226703613 0012550 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606015754-20260606205336.php 0000666 00000011205 15226703613 0014154 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605182443.php 0000666 00000011205 15226703613 0012565 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-feed-cache-20260605044308.php 0000666 00000001711 15226703613 0013125 0 ustar 00 <?php /** * Feed API: WP_Feed_Cache class * * @package WordPress * @subpackage Feed * @since 4.7.0 * @deprecated 5.6.0 */ _deprecated_file( basename( __FILE__ ), '5.6.0', '', __( 'This file is only loaded for backward compatibility with SimplePie 1.2.x. Please consider switching to a recent SimplePie version.' ) ); /** * Core class used to implement a feed cache. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Feed_Cache extends SimplePie\Cache { /** * Creates a new SimplePie\Cache object. * * @since 2.8.0 * * @param string $location URL location (scheme is used to determine handler). * @param string $filename Unique identifier for cache object. * @param string $extension 'spi' or 'spc'. * @return WP_Feed_Cache_Transient Feed cache handler object that uses transients. */ public function create( $location, $filename, $extension ) { return new WP_Feed_Cache_Transient( $location, $filename, $extension ); } } HTTP/https-detection-20260607154209-20260609000148.php 0000666 00000013341 15226703613 0014141 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-customize-setting-20260605042319.php 0000666 00000072412 15226703613 0014664 0 ustar 00 <?php /** * WordPress Customize Setting classes * * @package WordPress * @subpackage Customize * @since 3.4.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } /** * Customize Setting class. * * Handles saving and sanitizing of settings. * * @since 3.4.0 * * @see WP_Customize_Manager * @link https://developer.wordpress.org/themes/customize-api */ #[AllowDynamicProperties] class WP_Customize_Setting { /** * Customizer bootstrap instance. * * @since 3.4.0 * @var WP_Customize_Manager */ public $manager; /** * Unique string identifier for the setting. * * @since 3.4.0 * @var string */ public $id; /** * Type of customize settings. * * @since 3.4.0 * @var string */ public $type = 'theme_mod'; /** * Capability required to edit this setting. * * @since 3.4.0 * @var string|array */ public $capability = 'edit_theme_options'; /** * Theme features required to support the setting. * * @since 3.4.0 * @var string|string[] */ public $theme_supports = ''; /** * The default value for the setting. * * @since 3.4.0 * @var string */ public $default = ''; /** * Options for rendering the live preview of changes in Customizer. * * Set this value to 'postMessage' to enable a custom JavaScript handler to render changes to this setting * as opposed to reloading the whole page. * * @since 3.4.0 * @var string */ public $transport = 'refresh'; /** * Server-side validation callback for the setting's value. * * @since 4.6.0 * @var callable */ public $validate_callback = ''; /** * Callback to filter a Customize setting value in un-slashed form. * * @since 3.4.0 * @var callable */ public $sanitize_callback = ''; /** * Callback to convert a Customize PHP setting value to a value that is JSON serializable. * * @since 3.4.0 * @var callable */ public $sanitize_js_callback = ''; /** * Whether or not the setting is initially dirty when created. * * This is used to ensure that a setting will be sent from the pane to the * preview when loading the Customizer. Normally a setting only is synced to * the preview if it has been changed. This allows the setting to be sent * from the start. * * @since 4.2.0 * @var bool */ public $dirty = false; /** * ID Data. * * @since 3.4.0 * @var array */ protected $id_data = array(); /** * Whether or not preview() was called. * * @since 4.4.0 * @var bool */ protected $is_previewed = false; /** * Cache of multidimensional values to improve performance. * * @since 4.4.0 * @var array */ protected static $aggregated_multidimensionals = array(); /** * Whether the multidimensional setting is aggregated. * * @since 4.4.0 * @var bool */ protected $is_multidimensional_aggregated = false; /** * Constructor. * * Any supplied $args override class property defaults. * * @since 3.4.0 * * @param WP_Customize_Manager $manager Customizer bootstrap instance. * @param string $id A specific ID of the setting. * Can be a theme mod or option name. * @param array $args { * Optional. Array of properties for the new Setting object. Default empty array. * * @type string $type Type of the setting. Default 'theme_mod'. * @type string $capability Capability required for the setting. Default 'edit_theme_options' * @type string|string[] $theme_supports Theme features required to support the panel. Default is none. * @type string $default Default value for the setting. Default is empty string. * @type string $transport Options for rendering the live preview of changes in Customizer. * Using 'refresh' makes the change visible by reloading the whole preview. * Using 'postMessage' allows a custom JavaScript to handle live changes. * Default is 'refresh'. * @type callable $validate_callback Server-side validation callback for the setting's value. * @type callable $sanitize_callback Callback to filter a Customize setting value in un-slashed form. * @type callable $sanitize_js_callback Callback to convert a Customize PHP setting value to a value that is * JSON serializable. * @type bool $dirty Whether or not the setting is initially dirty when created. * } */ public function __construct( $manager, $id, $args = array() ) { $keys = array_keys( get_object_vars( $this ) ); foreach ( $keys as $key ) { if ( isset( $args[ $key ] ) ) { $this->$key = $args[ $key ]; } } $this->manager = $manager; $this->id = $id; // Parse the ID for array keys. $this->id_data['keys'] = preg_split( '/\[/', str_replace( ']', '', $this->id ) ); $this->id_data['base'] = array_shift( $this->id_data['keys'] ); // Rebuild the ID. $this->id = $this->id_data['base']; if ( ! empty( $this->id_data['keys'] ) ) { $this->id .= '[' . implode( '][', $this->id_data['keys'] ) . ']'; } if ( $this->validate_callback ) { add_filter( "customize_validate_{$this->id}", $this->validate_callback, 10, 3 ); } if ( $this->sanitize_callback ) { add_filter( "customize_sanitize_{$this->id}", $this->sanitize_callback, 10, 2 ); } if ( $this->sanitize_js_callback ) { add_filter( "customize_sanitize_js_{$this->id}", $this->sanitize_js_callback, 10, 2 ); } if ( 'option' === $this->type || 'theme_mod' === $this->type ) { // Other setting types can opt-in to aggregate multidimensional explicitly. $this->aggregate_multidimensional(); // Allow option settings to indicate whether they should be autoloaded. if ( 'option' === $this->type && isset( $args['autoload'] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] = $args['autoload']; } } } /** * Get parsed ID data for multidimensional setting. * * @since 4.4.0 * * @return array { * ID data for multidimensional setting. * * @type string $base ID base * @type array $keys Keys for multidimensional array. * } */ final public function id_data() { return $this->id_data; } /** * Set up the setting for aggregated multidimensional values. * * When a multidimensional setting gets aggregated, all of its preview and update * calls get combined into one call, greatly improving performance. * * @since 4.4.0 */ protected function aggregate_multidimensional() { $id_base = $this->id_data['base']; if ( ! isset( self::$aggregated_multidimensionals[ $this->type ] ) ) { self::$aggregated_multidimensionals[ $this->type ] = array(); } if ( ! isset( self::$aggregated_multidimensionals[ $this->type ][ $id_base ] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $id_base ] = array( 'previewed_instances' => array(), // Calling preview() will add the $setting to the array. 'preview_applied_instances' => array(), // Flags for which settings have had their values applied. 'root_value' => $this->get_root_value( array() ), // Root value for initial state, manipulated by preview and update calls. ); } if ( ! empty( $this->id_data['keys'] ) ) { // Note the preview-applied flag is cleared at priority 9 to ensure it is cleared before a deferred-preview runs. add_action( "customize_post_value_set_{$this->id}", array( $this, '_clear_aggregated_multidimensional_preview_applied_flag' ), 9 ); $this->is_multidimensional_aggregated = true; } } /** * Reset `$aggregated_multidimensionals` static variable. * * This is intended only for use by unit tests. * * @since 4.5.0 * @ignore */ public static function reset_aggregated_multidimensionals() { self::$aggregated_multidimensionals = array(); } /** * The ID for the current site when the preview() method was called. * * @since 4.2.0 * @var int */ protected $_previewed_blog_id; /** * Return true if the current site is not the same as the previewed site. * * @since 4.2.0 * * @return bool If preview() has been called. */ public function is_current_blog_previewed() { if ( ! isset( $this->_previewed_blog_id ) ) { return false; } return ( get_current_blog_id() === $this->_previewed_blog_id ); } /** * Original non-previewed value stored by the preview method. * * @see WP_Customize_Setting::preview() * @since 4.1.1 * @var mixed */ protected $_original_value; /** * Add filters to supply the setting's value when accessed. * * If the setting already has a pre-existing value and there is no incoming * post value for the setting, then this method will short-circuit since * there is no change to preview. * * @since 3.4.0 * @since 4.4.0 Added boolean return value. * * @return bool False when preview short-circuits due no change needing to be previewed. */ public function preview() { if ( ! isset( $this->_previewed_blog_id ) ) { $this->_previewed_blog_id = get_current_blog_id(); } // Prevent re-previewing an already-previewed setting. if ( $this->is_previewed ) { return true; } $id_base = $this->id_data['base']; $is_multidimensional = ! empty( $this->id_data['keys'] ); $multidimensional_filter = array( $this, '_multidimensional_preview_filter' ); /* * Check if the setting has a pre-existing value (an isset check), * and if doesn't have any incoming post value. If both checks are true, * then the preview short-circuits because there is nothing that needs * to be previewed. */ $undefined = new stdClass(); $needs_preview = ( $undefined !== $this->post_value( $undefined ) ); $value = null; // Since no post value was defined, check if we have an initial value set. if ( ! $needs_preview ) { if ( $this->is_multidimensional_aggregated ) { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root, $this->id_data['keys'], $undefined ); } else { $default = $this->default; $this->default = $undefined; // Temporarily set default to undefined so we can detect if existing value is set. $value = $this->value(); $this->default = $default; } $needs_preview = ( $undefined === $value ); // Because the default needs to be supplied. } // If the setting does not need previewing now, defer to when it has a value to preview. if ( ! $needs_preview ) { if ( ! has_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ) ) { add_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ); } return false; } switch ( $this->type ) { case 'theme_mod': if ( ! $is_multidimensional ) { add_filter( "theme_mod_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add this filter once for this ID base. add_filter( "theme_mod_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; case 'option': if ( ! $is_multidimensional ) { add_filter( "pre_option_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add these filters once for this ID base. add_filter( "option_{$id_base}", $multidimensional_filter ); add_filter( "default_option_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; default: /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->id}", $this ); /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the setting type. * * @since 4.1.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->type}", $this ); } $this->is_previewed = true; return true; } /** * Clear out the previewed-applied flag for a multidimensional-aggregated value whenever its post value is updated. * * This ensures that the new value will get sanitized and used the next time * that `WP_Customize_Setting::_multidimensional_preview_filter()` * is called for this setting. * * @since 4.4.0 * * @see WP_Customize_Manager::set_post_value() * @see WP_Customize_Setting::_multidimensional_preview_filter() */ final public function _clear_aggregated_multidimensional_preview_applied_flag() { unset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['preview_applied_instances'][ $this->id ] ); } /** * Callback function to filter non-multidimensional theme mods and options. * * If switch_to_blog() was called after the preview() method, and the current * site is now not the same site, then this method does a no-op and returns * the original value. * * @since 3.4.0 * * @param mixed $original Old value. * @return mixed New or old value. */ public function _preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $undefined = new stdClass(); // Symbol hack. $post_value = $this->post_value( $undefined ); if ( $undefined !== $post_value ) { $value = $post_value; } else { /* * Note that we don't use $original here because preview() will * not add the filter in the first place if it has an initial value * and there is no post value. */ $value = $this->default; } return $value; } /** * Callback function to filter multidimensional theme mods and options. * * For all multidimensional settings of a given type, the preview filter for * the first setting previewed will be used to apply the values for the others. * * @since 4.4.0 * * @see WP_Customize_Setting::$aggregated_multidimensionals * @param mixed $original Original root value. * @return mixed New or old value. */ final public function _multidimensional_preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $id_base = $this->id_data['base']; // If no settings have been previewed yet (which should not be the case, since $this is), just pass through the original value. if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { return $original; } foreach ( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] as $previewed_setting ) { // Skip applying previewed value for any settings that have already been applied. if ( ! empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] ) ) { continue; } // Do the replacements of the posted/default sub value into the root value. $value = $previewed_setting->post_value( $previewed_setting->default ); $root = self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value']; $root = $previewed_setting->multidimensional_replace( $root, $previewed_setting->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value'] = $root; // Mark this setting having been applied so that it will be skipped when the filter is called again. self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] = true; } return self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; } /** * Checks user capabilities and theme supports, and then saves * the value of the setting. * * @since 3.4.0 * * @return void|false Void on success, false if cap check fails * or value isn't set or is invalid. */ final public function save() { $value = $this->post_value(); if ( ! $this->check_capabilities() || ! isset( $value ) ) { return false; } $id_base = $this->id_data['base']; /** * Fires when the WP_Customize_Setting::save() method is called. * * The dynamic portion of the hook name, `$id_base` refers to * the base slug of the setting name. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_save_{$id_base}", $this ); $this->update( $value ); } /** * Fetch and sanitize the $_POST value for the setting. * * During a save request prior to save, post_value() provides the new value while value() does not. * * @since 3.4.0 * * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The default value on failure, otherwise the sanitized and validated value. */ final public function post_value( $default_value = null ) { return $this->manager->post_value( $this, $default_value ); } /** * Sanitize an input. * * @since 3.4.0 * * @param string|array $value The value to sanitize. * @return string|array|null|WP_Error Sanitized value, or `null`/`WP_Error` if invalid. */ public function sanitize( $value ) { /** * Filters a Customize setting value in un-slashed form. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ return apply_filters( "customize_sanitize_{$this->id}", $value, $this ); } /** * Validates an input. * * @since 4.6.0 * * @see WP_REST_Request::has_valid_params() * * @param mixed $value Value to validate. * @return true|WP_Error True if the input was validated, otherwise WP_Error. */ public function validate( $value ) { if ( is_wp_error( $value ) ) { return $value; } if ( is_null( $value ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value.' ) ); } $validity = new WP_Error(); /** * Validates a Customize setting value. * * Plugins should amend the `$validity` object via its `WP_Error::add()` method. * * The dynamic portion of the hook name, `$this->ID`, refers to the setting ID. * * @since 4.6.0 * * @param WP_Error $validity Filtered from `true` to `WP_Error` when invalid. * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $validity = apply_filters( "customize_validate_{$this->id}", $validity, $value, $this ); if ( is_wp_error( $validity ) && ! $validity->has_errors() ) { $validity = true; } return $validity; } /** * Get the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $default_value Value to return if root does not exist. * @return mixed */ protected function get_root_value( $default_value = null ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { return get_option( $id_base, $default_value ); } elseif ( 'theme_mod' === $this->type ) { return get_theme_mod( $id_base, $default_value ); } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return $default_value; } } /** * Set the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $value Value to set as root of multidimensional setting. * @return bool Whether the multidimensional root was updated successfully. */ protected function set_root_value( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { $autoload = true; if ( isset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] ) ) { $autoload = self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload']; } return update_option( $id_base, $value, $autoload ); } elseif ( 'theme_mod' === $this->type ) { set_theme_mod( $id_base, $value ); return true; } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return false; } } /** * Save the value of the setting, using the related API. * * @since 3.4.0 * * @param mixed $value The value to update. * @return bool The result of saving the value. */ protected function update( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type || 'theme_mod' === $this->type ) { if ( ! $this->is_multidimensional_aggregated ) { return $this->set_root_value( $value ); } else { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $root = $this->multidimensional_replace( $root, $this->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value'] = $root; return $this->set_root_value( $root ); } } else { /** * Fires when the WP_Customize_Setting::update() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the type of setting. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_update_{$this->type}", $value, $this ); return has_action( "customize_update_{$this->type}" ); } } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_theme_mod() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_option() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Fetch the value of the setting. * * @since 3.4.0 * * @return mixed The value. */ public function value() { $id_base = $this->id_data['base']; $is_core_type = ( 'option' === $this->type || 'theme_mod' === $this->type ); if ( ! $is_core_type && ! $this->is_multidimensional_aggregated ) { // Use post value if previewed and a post value is present. if ( $this->is_previewed ) { $value = $this->post_value( null ); if ( null !== $value ) { return $value; } } $value = $this->get_root_value( $this->default ); /** * Filters a Customize setting value not handled as a theme_mod or option. * * The dynamic portion of the hook name, `$id_base`, refers to * the base slug of the setting name, initialized from `$this->id_data['base']`. * * For settings handled as theme_mods or options, see those corresponding * functions for available hooks. * * @since 3.4.0 * @since 4.6.0 Added the `$this` setting instance as the second parameter. * * @param mixed $default_value The setting default value. Default empty. * @param WP_Customize_Setting $setting The setting instance. */ $value = apply_filters( "customize_value_{$id_base}", $value, $this ); } elseif ( $this->is_multidimensional_aggregated ) { $root_value = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root_value, $this->id_data['keys'], $this->default ); // Ensure that the post value is used if the setting is previewed, since preview filters aren't applying on cached $root_value. if ( $this->is_previewed ) { $value = $this->post_value( $value ); } } else { $value = $this->get_root_value( $this->default ); } return $value; } /** * Sanitize the setting's value for use in JavaScript. * * @since 3.4.0 * * @return mixed The requested escaped value. */ public function js_value() { /** * Filters a Customize setting value for use in JavaScript. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param mixed $value The setting value. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $value = apply_filters( "customize_sanitize_js_{$this->id}", $this->value(), $this ); if ( is_string( $value ) ) { return html_entity_decode( $value, ENT_QUOTES, 'UTF-8' ); } return $value; } /** * Retrieves the data to export to the client via JSON. * * @since 4.6.0 * * @return array Array of parameters passed to JavaScript. */ public function json() { return array( 'value' => $this->js_value(), 'transport' => $this->transport, 'dirty' => $this->dirty, 'type' => $this->type, ); } /** * Validate user capabilities whether the theme supports the setting. * * @since 3.4.0 * * @return bool False if theme doesn't support the setting or user can't change setting, otherwise true. */ final public function check_capabilities() { if ( $this->capability && ! current_user_can( $this->capability ) ) { return false; } if ( $this->theme_supports && ! current_theme_supports( ...(array) $this->theme_supports ) ) { return false; } return true; } /** * Multidimensional helper function. * * @since 3.4.0 * * @param array $root * @param array $keys * @param bool $create Default false. * @return array|void Keys are 'root', 'node', and 'key'. */ final protected function multidimensional( &$root, $keys, $create = false ) { if ( $create && empty( $root ) ) { $root = array(); } if ( ! isset( $root ) || empty( $keys ) ) { return; } $last = array_pop( $keys ); $node = &$root; foreach ( $keys as $key ) { if ( $create && ! isset( $node[ $key ] ) ) { $node[ $key ] = array(); } if ( ! is_array( $node ) || ! isset( $node[ $key ] ) ) { return; } $node = &$node[ $key ]; } if ( $create ) { if ( ! is_array( $node ) ) { // Account for an array overriding a string or object value. $node = array(); } if ( ! isset( $node[ $last ] ) ) { $node[ $last ] = array(); } } if ( ! isset( $node[ $last ] ) ) { return; } return array( 'root' => &$root, 'node' => &$node, 'key' => $last, ); } /** * Will attempt to replace a specific value in a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $value The value to update. * @return mixed */ final protected function multidimensional_replace( $root, $keys, $value ) { if ( ! isset( $value ) ) { return $root; } elseif ( empty( $keys ) ) { // If there are no keys, we're replacing the root. return $value; } $result = $this->multidimensional( $root, $keys, true ); if ( isset( $result ) ) { $result['node'][ $result['key'] ] = $value; } return $root; } /** * Will attempt to fetch a specific value from a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The requested value or the default value. */ final protected function multidimensional_get( $root, $keys, $default_value = null ) { if ( empty( $keys ) ) { // If there are no keys, test the root. return isset( $root ) ? $root : $default_value; } $result = $this->multidimensional( $root, $keys ); return isset( $result ) ? $result['node'][ $result['key'] ] : $default_value; } /** * Will attempt to check if a specific value in a multidimensional array is set. * * @since 3.4.0 * * @param array $root * @param array $keys * @return bool True if value is set, false if not. */ final protected function multidimensional_isset( $root, $keys ) { $result = $this->multidimensional_get( $root, $keys ); return isset( $result ); } } /** * WP_Customize_Filter_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-filter-setting.php'; /** * WP_Customize_Header_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-setting.php'; /** * WP_Customize_Background_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-setting.php'; /** * WP_Customize_Nav_Menu_Item_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-setting.php'; /** * WP_Customize_Nav_Menu_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-setting.php'; HTTP/https-migration-20260605163309.php 0000666 00000011205 15226703613 0012565 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606092626.php 0000666 00000011205 15226703613 0012571 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/script-modules-20260608001324.php 0000666 00000023267 15226703613 0012410 0 ustar 00 <?php /** * Script Modules API: Script Module functions * * @since 6.5.0 * * @package WordPress * @subpackage Script Modules */ /** * Retrieves the main WP_Script_Modules instance. * * This function provides access to the WP_Script_Modules instance, creating one * if it doesn't exist yet. * * @since 6.5.0 * * @global WP_Script_Modules $wp_script_modules * * @return WP_Script_Modules The main WP_Script_Modules instance. */ function wp_script_modules(): WP_Script_Modules { global $wp_script_modules; if ( ! ( $wp_script_modules instanceof WP_Script_Modules ) ) { $wp_script_modules = new WP_Script_Modules(); } return $wp_script_modules; } /** * Registers the script module if no script module with that script module * identifier has already been registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ function wp_register_script_module( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) { wp_script_modules()->register( $id, $src, $deps, $version, $args ); } /** * Marks the script module to be enqueued in the page. * * If a src is provided and the script module has not been registered yet, it * will be registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ function wp_enqueue_script_module( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) { wp_script_modules()->enqueue( $id, $src, $deps, $version, $args ); } /** * Unmarks the script module so it is no longer enqueued in the page. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ function wp_dequeue_script_module( string $id ) { wp_script_modules()->dequeue( $id ); } /** * Deregisters the script module. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ function wp_deregister_script_module( string $id ) { wp_script_modules()->deregister( $id ); } /** * Registers all the default WordPress Script Modules. * * @since 6.7.0 */ function wp_default_script_modules() { $suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix(); /* * Expects multidimensional array like: * * 'interactivity/index.min.js' => array('dependencies' => array(…), 'version' => '…'), * 'interactivity/debug.min.js' => array('dependencies' => array(…), 'version' => '…'), * 'interactivity-router/index.min.js' => … */ $assets = include ABSPATH . WPINC . "/assets/script-modules-packages{$suffix}.php"; foreach ( $assets as $file_name => $script_module_data ) { /* * Build the WordPress Script Module ID from the file name. * Prepend `@wordpress/` and remove extensions and `/index` if present: * - interactivity/index.min.js => @wordpress/interactivity * - interactivity/debug.min.js => @wordpress/interactivity/debug * - block-library/query/view.js => @wordpress/block-library/query/view */ $script_module_id = '@wordpress/' . preg_replace( '~(?:/index)?(?:\.min)?\.js$~D', '', $file_name, 1 ); switch ( $script_module_id ) { /* * Interactivity exposes two entrypoints, "/index" and "/debug". * "/debug" should replace "/index" in development. */ case '@wordpress/interactivity/debug': if ( ! SCRIPT_DEBUG ) { continue 2; } $script_module_id = '@wordpress/interactivity'; break; case '@wordpress/interactivity': if ( SCRIPT_DEBUG ) { continue 2; } break; } /* * The Interactivity API is designed with server-side rendering as its primary goal, so all of its script modules * should be loaded with low fetchpriority and printed in the footer since they should not be needed in the * critical rendering path. Also, the @wordpress/a11y script module is intended to be used as a dynamic import * dependency, in which case the fetchpriority is irrelevant. See <https://make.wordpress.org/core/2024/10/14/updates-to-script-modules-in-6-7/>. * However, in case it is added as a static import dependency, the fetchpriority is explicitly set to be 'low' * since the module should not be involved in the critical rendering path, and if it is, its fetchpriority will * be bumped to match the fetchpriority of the dependent script. */ $args = array(); if ( str_starts_with( $script_module_id, '@wordpress/interactivity' ) || str_starts_with( $script_module_id, '@wordpress/block-library' ) || '@wordpress/a11y' === $script_module_id ) { $args['fetchpriority'] = 'low'; $args['in_footer'] = true; } // Marks all Core blocks as compatible with client-side navigation. if ( str_starts_with( $script_module_id, '@wordpress/block-library' ) ) { wp_interactivity()->add_client_navigation_support_to_script_module( $script_module_id ); } $path = includes_url( "js/dist/script-modules/{$file_name}" ); wp_register_script_module( $script_module_id, $path, $script_module_data['dependencies'], $script_module_data['version'], $args ); } } HTTP/https-detection-20260606132425-20260614193438.php 0000666 00000013341 15226703613 0014147 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605183537-20260606143814.php 0000666 00000013341 15226703613 0014152 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/script-loader-react-refresh-runtime.min-20260614201537.php 0000666 00000000124 15226703613 0017171 0 ustar 00 <?php return array('dependencies' => array(), 'version' => '8f1acdfb845f670b0ef2'); HTTP/ClientException-20260605031318.php 0000666 00000000515 15226703613 0012525 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use SimplePie\Exception as SimplePieException; /** * Client exception class * * @internal */ final class ClientException extends SimplePieException { } HTTP/https-detection-20260605022810-20260606103839.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Exception-20260605074808.php 0000666 00000000543 15226703613 0011402 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; use Exception as NativeException; /** * General SimplePie exception class */ class Exception extends NativeException { } class_alias('SimplePie\Exception', 'SimplePie_Exception'); HTTP/https-migration-20260605100700-20260606111146.php 0000666 00000011205 15226703613 0014130 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605182443-20260609162858.php 0000666 00000011205 15226703613 0014171 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605171925-20260606152322.php 0000666 00000011205 15226703613 0014152 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605032501-20260609174001.php 0000666 00000011205 15226703613 0014135 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606074218-20260609173651.php 0000666 00000013341 15226703613 0014153 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606060413.php 0000666 00000013341 15226703613 0012546 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Psr7Response-20260605050252.php 0000666 00000004201 15226703613 0011774 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use Psr\Http\Message\ResponseInterface; /** * HTTP Response based on a PSR-7 response * * This interface must be interoperable with Psr\Http\Message\ResponseInterface * @see https://www.php-fig.org/psr/psr-7/#33-psrhttpmessageresponseinterface * * @internal */ final class Psr7Response implements Response { /** * @var ResponseInterface */ private $response; /** * @var string */ private $permanent_url; /** * @var string */ private $requested_url; public function __construct(ResponseInterface $response, string $permanent_url, string $requested_url) { $this->response = $response; $this->permanent_url = $permanent_url; $this->requested_url = $requested_url; } public function get_permanent_uri(): string { return $this->permanent_url; } public function get_final_requested_uri(): string { return $this->requested_url; } public function get_status_code(): int { return $this->response->getStatusCode(); } public function get_headers(): array { // The filtering is probably redundant but let’s make PHPStan happy. return array_filter($this->response->getHeaders(), function (array $header): bool { return count($header) >= 1; }); } public function has_header(string $name): bool { return $this->response->hasHeader($name); } public function with_header(string $name, $value) { return new self($this->response->withHeader($name, $value), $this->permanent_url, $this->requested_url); } public function get_header(string $name): array { return $this->response->getHeader($name); } public function get_header_line(string $name): string { return $this->response->getHeaderLine($name); } public function get_body_content(): string { return $this->response->getBody()->__toString(); } } HTTP/https-detection-20260605145451-20260607163943.php 0000666 00000013341 15226703613 0014151 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605111237-20260614124009.php 0000666 00000013341 15226703613 0014130 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605034026-20260610102122.php 0000666 00000013341 15226703613 0014114 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605170805-20260609094825.php 0000666 00000013341 15226703613 0014156 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606102911-20260607135252.php 0000666 00000013341 15226703613 0014134 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605183356-20260607215525.php 0000666 00000011205 15226703613 0014161 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605101013.php 0000666 00000011205 15226703613 0012545 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605195113.php 0000666 00000011205 15226703613 0012563 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606002819.php 0000666 00000013341 15226703613 0012554 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260608120112.php 0000666 00000011205 15226703613 0012551 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605170227-20260608204849.php 0000666 00000011205 15226703613 0014162 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-encoding-20260606190009.php 0000666 00000015041 15226703613 0013726 0 ustar 00 <?php /** * HTTP API: WP_Http_Encoding class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement deflate and gzip transfer encoding support for HTTP requests. * * Includes RFC 1950, RFC 1951, and RFC 1952. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Http_Encoding { /** * Compress raw string using the deflate format. * * Supports the RFC 1951 standard. * * @since 2.8.0 * * @param string $raw String to compress. * @param int $level Optional. Compression level, 9 is highest. Default 9. * @param string $supports Optional, not used. When implemented it will choose * the right compression based on what the server supports. * @return string|false Compressed string on success, false on failure. */ public static function compress( $raw, $level = 9, $supports = null ) { return gzdeflate( $raw, $level ); } /** * Decompression of deflated string. * * Will attempt to decompress using the RFC 1950 standard, and if that fails * then the RFC 1951 standard deflate will be attempted. Finally, the RFC * 1952 standard gzip decode will be attempted. If all fail, then the * original compressed string will be returned. * * @since 2.8.0 * * @param string $compressed String to decompress. * @param int $length The optional length of the compressed data. * @return string|false Decompressed string on success, false on failure. */ public static function decompress( $compressed, $length = null ) { if ( empty( $compressed ) ) { return $compressed; } $decompressed = @gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = self::compatible_gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = @gzuncompress( $compressed ); if ( false !== $decompressed ) { return $decompressed; } if ( function_exists( 'gzdecode' ) ) { $decompressed = @gzdecode( $compressed ); if ( false !== $decompressed ) { return $decompressed; } } return $compressed; } /** * Decompression of deflated string while staying compatible with the majority of servers. * * Certain Servers will return deflated data with headers which PHP's gzinflate() * function cannot handle out of the box. The following function has been created from * various snippets on the gzinflate() PHP documentation. * * Warning: Magic numbers within. Due to the potential different formats that the compressed * data may be returned in, some "magic offsets" are needed to ensure proper decompression * takes place. For a simple pragmatic way to determine the magic offset in use, see: * https://core.trac.wordpress.org/ticket/18273 * * @since 2.8.1 * * @link https://core.trac.wordpress.org/ticket/18273 * @link https://www.php.net/manual/en/function.gzinflate.php#70875 * @link https://www.php.net/manual/en/function.gzinflate.php#77336 * * @param string $gz_data String to decompress. * @return string|false Decompressed string on success, false on failure. */ public static function compatible_gzinflate( $gz_data ) { // Compressed data might contain a full header, if so strip it for gzinflate(). if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) { $i = 10; $flg = ord( substr( $gz_data, 3, 1 ) ); if ( $flg > 0 ) { if ( $flg & 4 ) { list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) ); $i = $i + 2 + $xlen; } if ( $flg & 8 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 16 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 2 ) { $i = $i + 2; } } $decompressed = @gzinflate( substr( $gz_data, $i, -8 ) ); if ( false !== $decompressed ) { return $decompressed; } } // Compressed data from java.util.zip.Deflater amongst others. $decompressed = @gzinflate( substr( $gz_data, 2 ) ); if ( false !== $decompressed ) { return $decompressed; } return false; } /** * What encoding types to accept and their priority values. * * @since 2.8.0 * * @param string $url * @param array $args * @return string Types of encoding to accept. */ public static function accept_encoding( $url, $args ) { $type = array(); $compression_enabled = self::is_available(); if ( ! $args['decompress'] ) { // Decompression specifically disabled. $compression_enabled = false; } elseif ( $args['stream'] ) { // Disable when streaming to file. $compression_enabled = false; } elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it. $compression_enabled = false; } if ( $compression_enabled ) { if ( function_exists( 'gzinflate' ) ) { $type[] = 'deflate;q=1.0'; } if ( function_exists( 'gzuncompress' ) ) { $type[] = 'compress;q=0.5'; } if ( function_exists( 'gzdecode' ) ) { $type[] = 'gzip;q=0.5'; } } /** * Filters the allowed encoding types. * * @since 3.6.0 * * @param string[] $type Array of what encoding types to accept and their priority values. * @param string $url URL of the HTTP request. * @param array $args HTTP request arguments. */ $type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args ); return implode( ', ', $type ); } /** * What encoding the content used when it was compressed to send in the headers. * * @since 2.8.0 * * @return string Content-Encoding string to send in the header. */ public static function content_encoding() { return 'deflate'; } /** * Whether the content be decoded based on the headers. * * @since 2.8.0 * * @param array|string $headers All of the available headers. * @return bool */ public static function should_decode( $headers ) { if ( is_array( $headers ) ) { if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) { return true; } } elseif ( is_string( $headers ) ) { return ( stripos( $headers, 'content-encoding:' ) !== false ); } return false; } /** * Whether decompression and compression are supported by the PHP version. * * Each function is tested instead of checking for the zlib extension, to * ensure that the functions all exist in the PHP version and aren't * disabled. * * @since 2.8.0 * * @return bool */ public static function is_available() { return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) ); } } HTTP/Client-20260605074638.php 0000666 00000001137 15226703613 0010663 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Client interface * * @internal */ interface Client { public const METHOD_GET = 'GET'; /** * send a request and return the response * * @param Client::METHOD_* $method * @param array<string, string> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response; } HTTP/class-wp-http-encoding.php 0000666 00000015041 15226703613 0012340 0 ustar 00 <?php /** * HTTP API: WP_Http_Encoding class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement deflate and gzip transfer encoding support for HTTP requests. * * Includes RFC 1950, RFC 1951, and RFC 1952. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Http_Encoding { /** * Compress raw string using the deflate format. * * Supports the RFC 1951 standard. * * @since 2.8.0 * * @param string $raw String to compress. * @param int $level Optional. Compression level, 9 is highest. Default 9. * @param string $supports Optional, not used. When implemented it will choose * the right compression based on what the server supports. * @return string|false Compressed string on success, false on failure. */ public static function compress( $raw, $level = 9, $supports = null ) { return gzdeflate( $raw, $level ); } /** * Decompression of deflated string. * * Will attempt to decompress using the RFC 1950 standard, and if that fails * then the RFC 1951 standard deflate will be attempted. Finally, the RFC * 1952 standard gzip decode will be attempted. If all fail, then the * original compressed string will be returned. * * @since 2.8.0 * * @param string $compressed String to decompress. * @param int $length The optional length of the compressed data. * @return string|false Decompressed string on success, false on failure. */ public static function decompress( $compressed, $length = null ) { if ( empty( $compressed ) ) { return $compressed; } $decompressed = @gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = self::compatible_gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = @gzuncompress( $compressed ); if ( false !== $decompressed ) { return $decompressed; } if ( function_exists( 'gzdecode' ) ) { $decompressed = @gzdecode( $compressed ); if ( false !== $decompressed ) { return $decompressed; } } return $compressed; } /** * Decompression of deflated string while staying compatible with the majority of servers. * * Certain Servers will return deflated data with headers which PHP's gzinflate() * function cannot handle out of the box. The following function has been created from * various snippets on the gzinflate() PHP documentation. * * Warning: Magic numbers within. Due to the potential different formats that the compressed * data may be returned in, some "magic offsets" are needed to ensure proper decompression * takes place. For a simple pragmatic way to determine the magic offset in use, see: * https://core.trac.wordpress.org/ticket/18273 * * @since 2.8.1 * * @link https://core.trac.wordpress.org/ticket/18273 * @link https://www.php.net/manual/en/function.gzinflate.php#70875 * @link https://www.php.net/manual/en/function.gzinflate.php#77336 * * @param string $gz_data String to decompress. * @return string|false Decompressed string on success, false on failure. */ public static function compatible_gzinflate( $gz_data ) { // Compressed data might contain a full header, if so strip it for gzinflate(). if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) { $i = 10; $flg = ord( substr( $gz_data, 3, 1 ) ); if ( $flg > 0 ) { if ( $flg & 4 ) { list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) ); $i = $i + 2 + $xlen; } if ( $flg & 8 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 16 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 2 ) { $i = $i + 2; } } $decompressed = @gzinflate( substr( $gz_data, $i, -8 ) ); if ( false !== $decompressed ) { return $decompressed; } } // Compressed data from java.util.zip.Deflater amongst others. $decompressed = @gzinflate( substr( $gz_data, 2 ) ); if ( false !== $decompressed ) { return $decompressed; } return false; } /** * What encoding types to accept and their priority values. * * @since 2.8.0 * * @param string $url * @param array $args * @return string Types of encoding to accept. */ public static function accept_encoding( $url, $args ) { $type = array(); $compression_enabled = self::is_available(); if ( ! $args['decompress'] ) { // Decompression specifically disabled. $compression_enabled = false; } elseif ( $args['stream'] ) { // Disable when streaming to file. $compression_enabled = false; } elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it. $compression_enabled = false; } if ( $compression_enabled ) { if ( function_exists( 'gzinflate' ) ) { $type[] = 'deflate;q=1.0'; } if ( function_exists( 'gzuncompress' ) ) { $type[] = 'compress;q=0.5'; } if ( function_exists( 'gzdecode' ) ) { $type[] = 'gzip;q=0.5'; } } /** * Filters the allowed encoding types. * * @since 3.6.0 * * @param string[] $type Array of what encoding types to accept and their priority values. * @param string $url URL of the HTTP request. * @param array $args HTTP request arguments. */ $type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args ); return implode( ', ', $type ); } /** * What encoding the content used when it was compressed to send in the headers. * * @since 2.8.0 * * @return string Content-Encoding string to send in the header. */ public static function content_encoding() { return 'deflate'; } /** * Whether the content be decoded based on the headers. * * @since 2.8.0 * * @param array|string $headers All of the available headers. * @return bool */ public static function should_decode( $headers ) { if ( is_array( $headers ) ) { if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) { return true; } } elseif ( is_string( $headers ) ) { return ( stripos( $headers, 'content-encoding:' ) !== false ); } return false; } /** * Whether decompression and compression are supported by the PHP version. * * Each function is tested instead of checking for the zlib extension, to * ensure that the functions all exist in the PHP version and aren't * disabled. * * @since 2.8.0 * * @return bool */ public static function is_available() { return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) ); } } HTTP/https-migration-20260605102726.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606074205.php 0000666 00000011205 15226703613 0012562 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605170226-20260610183228.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605211544-20260609041805.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605144206.php 0000666 00000011205 15226703613 0012560 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605171920-20260606214746.php 0000666 00000013341 15226703613 0014146 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606114312-20260609031216.php 0000666 00000011205 15226703613 0014137 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606074205-20260607183928.php 0000666 00000011205 15226703613 0014165 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605170228-20260608080214.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605224023.php 0000666 00000011205 15226703613 0012554 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605101142.php 0000666 00000011205 15226703613 0012550 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-theme-json-20260605045931.php 0000666 00000500773 15226703613 0013251 0 ustar 00 <?php /** * WP_Theme_JSON class * * @package WordPress * @subpackage Theme * @since 5.8.0 */ /** * Class that encapsulates the processing of structures that adhere to the theme.json spec. * * This class is for internal core usage and is not supposed to be used by extenders (plugins and/or themes). * This is a low-level API that may need to do breaking changes. Please, * use get_global_settings, get_global_styles, and get_global_stylesheet instead. * * @access private */ #[AllowDynamicProperties] class WP_Theme_JSON { /** * Container of data in theme.json format. * * @since 5.8.0 * @var array */ protected $theme_json = null; /** * Holds block metadata extracted from block.json * to be shared among all instances so we don't * process it twice. * * @since 5.8.0 * @since 6.1.0 Initialize as an empty array. * @var array */ protected static $blocks_metadata = array(); /** * The CSS selector for the top-level preset settings. * * @since 6.6.0 * @var string */ const ROOT_CSS_PROPERTIES_SELECTOR = ':root'; /** * The CSS selector for the top-level styles. * * @since 5.8.0 * @var string */ const ROOT_BLOCK_SELECTOR = 'body'; /** * The sources of data this object can represent. * * @since 5.8.0 * @since 6.1.0 Added 'blocks'. * @var string[] */ const VALID_ORIGINS = array( 'default', 'blocks', 'theme', 'custom', ); /** * Presets are a set of values that serve * to bootstrap some styles: colors, font sizes, etc. * * They are a unkeyed array of values such as: * * array( * array( * 'slug' => 'unique-name-within-the-set', * 'name' => 'Name for the UI', * <value_key> => 'value' * ), * ) * * This contains the necessary metadata to process them: * * - path => Where to find the preset within the settings section. * - prevent_override => Disables override of default presets by theme presets. * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults by setting this false. * - use_default_names => whether to use the default names * - value_key => the key that represents the value * - value_func => optionally, instead of value_key, a function to generate * the value that takes a preset as an argument * (either value_key or value_func should be present) * - css_vars => template string to use in generating the CSS Custom Property. * Example output: "--wp--preset--duotone--blue: <value>" will generate as many CSS Custom Properties as presets defined * substituting the $slug for the slug's value for each preset value. * - classes => array containing a structure with the classes to * generate for the presets, where for each array item * the key is the class name and the value the property name. * The "$slug" substring will be replaced by the slug of each preset. * For example: * 'classes' => array( * '.has-$slug-color' => 'color', * '.has-$slug-background-color' => 'background-color', * '.has-$slug-border-color' => 'border-color', * ) * - properties => array of CSS properties to be used by kses to * validate the content of each preset * by means of the remove_insecure_properties method. * * @since 5.8.0 * @since 5.9.0 Added the `color.duotone` and `typography.fontFamilies` presets, * `use_default_names` preset key, and simplified the metadata structure. * @since 6.0.0 Replaced `override` with `prevent_override` and updated the * `prevent_override` value for `color.duotone` to use `color.defaultDuotone`. * @since 6.2.0 Added 'shadow' presets. * @since 6.3.0 Replaced value_func for duotone with `null`. Custom properties are handled by class-wp-duotone.php. * @since 6.6.0 Added the `dimensions.aspectRatios` and `dimensions.defaultAspectRatios` presets. * Updated the 'prevent_override' value for font size presets to use 'typography.defaultFontSizes' * and spacing size presets to use `spacing.defaultSpacingSizes`. * @since 6.9.0 Added `border.radiusSizes`. * @var array */ const PRESETS_METADATA = array( array( 'path' => array( 'dimensions', 'aspectRatios' ), 'prevent_override' => array( 'dimensions', 'defaultAspectRatios' ), 'use_default_names' => false, 'value_key' => 'ratio', 'css_vars' => '--wp--preset--aspect-ratio--$slug', 'classes' => array(), 'properties' => array( 'aspect-ratio' ), ), array( 'path' => array( 'color', 'palette' ), 'prevent_override' => array( 'color', 'defaultPalette' ), 'use_default_names' => false, 'value_key' => 'color', 'css_vars' => '--wp--preset--color--$slug', 'classes' => array( '.has-$slug-color' => 'color', '.has-$slug-background-color' => 'background-color', '.has-$slug-border-color' => 'border-color', ), 'properties' => array( 'color', 'background-color', 'border-color' ), ), array( 'path' => array( 'color', 'gradients' ), 'prevent_override' => array( 'color', 'defaultGradients' ), 'use_default_names' => false, 'value_key' => 'gradient', 'css_vars' => '--wp--preset--gradient--$slug', 'classes' => array( '.has-$slug-gradient-background' => 'background' ), 'properties' => array( 'background' ), ), array( 'path' => array( 'color', 'duotone' ), 'prevent_override' => array( 'color', 'defaultDuotone' ), 'use_default_names' => false, 'value_func' => null, // CSS Custom Properties for duotone are handled by block supports in class-wp-duotone.php. 'css_vars' => null, 'classes' => array(), 'properties' => array( 'filter' ), ), array( 'path' => array( 'typography', 'fontSizes' ), 'prevent_override' => array( 'typography', 'defaultFontSizes' ), 'use_default_names' => true, 'value_func' => 'wp_get_typography_font_size_value', 'css_vars' => '--wp--preset--font-size--$slug', 'classes' => array( '.has-$slug-font-size' => 'font-size' ), 'properties' => array( 'font-size' ), ), array( 'path' => array( 'typography', 'fontFamilies' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'fontFamily', 'css_vars' => '--wp--preset--font-family--$slug', 'classes' => array( '.has-$slug-font-family' => 'font-family' ), 'properties' => array( 'font-family' ), ), array( 'path' => array( 'spacing', 'spacingSizes' ), 'prevent_override' => array( 'spacing', 'defaultSpacingSizes' ), 'use_default_names' => true, 'value_key' => 'size', 'css_vars' => '--wp--preset--spacing--$slug', 'classes' => array(), 'properties' => array( 'padding', 'margin' ), ), array( 'path' => array( 'shadow', 'presets' ), 'prevent_override' => array( 'shadow', 'defaultPresets' ), 'use_default_names' => false, 'value_key' => 'shadow', 'css_vars' => '--wp--preset--shadow--$slug', 'classes' => array(), 'properties' => array( 'box-shadow' ), ), array( 'path' => array( 'border', 'radiusSizes' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'size', 'css_vars' => '--wp--preset--border-radius--$slug', 'classes' => array(), 'properties' => array( 'border-radius' ), ), ); /** * Metadata for style properties. * * Each element is a direct mapping from the CSS property name to the * path to the value in theme.json & block attributes. * * @since 5.8.0 * @since 5.9.0 Added the `border-*`, `font-family`, `font-style`, `font-weight`, * `letter-spacing`, `margin-*`, `padding-*`, `--wp--style--block-gap`, * `text-decoration`, `text-transform`, and `filter` properties, * simplified the metadata structure. * @since 6.1.0 Added the `border-*-color`, `border-*-width`, `border-*-style`, * `--wp--style--root--padding-*`, and `box-shadow` properties, * removed the `--wp--style--block-gap` property. * @since 6.2.0 Added `outline-*`, and `min-height` properties. * @since 6.3.0 Added `column-count` property. * @since 6.4.0 Added `writing-mode` property. * @since 6.5.0 Added `aspect-ratio` property. * @since 6.6.0 Added `background-[image|position|repeat|size]` properties. * @since 6.7.0 Added `background-attachment` property. * @var array */ const PROPERTIES_METADATA = array( 'aspect-ratio' => array( 'dimensions', 'aspectRatio' ), 'background' => array( 'color', 'gradient' ), 'background-color' => array( 'color', 'background' ), 'background-image' => array( 'background', 'backgroundImage' ), 'background-position' => array( 'background', 'backgroundPosition' ), 'background-repeat' => array( 'background', 'backgroundRepeat' ), 'background-size' => array( 'background', 'backgroundSize' ), 'background-attachment' => array( 'background', 'backgroundAttachment' ), 'border-radius' => array( 'border', 'radius' ), 'border-top-left-radius' => array( 'border', 'radius', 'topLeft' ), 'border-top-right-radius' => array( 'border', 'radius', 'topRight' ), 'border-bottom-left-radius' => array( 'border', 'radius', 'bottomLeft' ), 'border-bottom-right-radius' => array( 'border', 'radius', 'bottomRight' ), 'border-color' => array( 'border', 'color' ), 'border-width' => array( 'border', 'width' ), 'border-style' => array( 'border', 'style' ), 'border-top-color' => array( 'border', 'top', 'color' ), 'border-top-width' => array( 'border', 'top', 'width' ), 'border-top-style' => array( 'border', 'top', 'style' ), 'border-right-color' => array( 'border', 'right', 'color' ), 'border-right-width' => array( 'border', 'right', 'width' ), 'border-right-style' => array( 'border', 'right', 'style' ), 'border-bottom-color' => array( 'border', 'bottom', 'color' ), 'border-bottom-width' => array( 'border', 'bottom', 'width' ), 'border-bottom-style' => array( 'border', 'bottom', 'style' ), 'border-left-color' => array( 'border', 'left', 'color' ), 'border-left-width' => array( 'border', 'left', 'width' ), 'border-left-style' => array( 'border', 'left', 'style' ), 'color' => array( 'color', 'text' ), 'text-align' => array( 'typography', 'textAlign' ), 'column-count' => array( 'typography', 'textColumns' ), 'font-family' => array( 'typography', 'fontFamily' ), 'font-size' => array( 'typography', 'fontSize' ), 'font-style' => array( 'typography', 'fontStyle' ), 'font-weight' => array( 'typography', 'fontWeight' ), 'letter-spacing' => array( 'typography', 'letterSpacing' ), 'line-height' => array( 'typography', 'lineHeight' ), 'margin' => array( 'spacing', 'margin' ), 'margin-top' => array( 'spacing', 'margin', 'top' ), 'margin-right' => array( 'spacing', 'margin', 'right' ), 'margin-bottom' => array( 'spacing', 'margin', 'bottom' ), 'margin-left' => array( 'spacing', 'margin', 'left' ), 'min-height' => array( 'dimensions', 'minHeight' ), 'outline-color' => array( 'outline', 'color' ), 'outline-offset' => array( 'outline', 'offset' ), 'outline-style' => array( 'outline', 'style' ), 'outline-width' => array( 'outline', 'width' ), 'padding' => array( 'spacing', 'padding' ), 'padding-top' => array( 'spacing', 'padding', 'top' ), 'padding-right' => array( 'spacing', 'padding', 'right' ), 'padding-bottom' => array( 'spacing', 'padding', 'bottom' ), 'padding-left' => array( 'spacing', 'padding', 'left' ), '--wp--style--root--padding' => array( 'spacing', 'padding' ), '--wp--style--root--padding-top' => array( 'spacing', 'padding', 'top' ), '--wp--style--root--padding-right' => array( 'spacing', 'padding', 'right' ), '--wp--style--root--padding-bottom' => array( 'spacing', 'padding', 'bottom' ), '--wp--style--root--padding-left' => array( 'spacing', 'padding', 'left' ), 'text-decoration' => array( 'typography', 'textDecoration' ), 'text-transform' => array( 'typography', 'textTransform' ), 'filter' => array( 'filter', 'duotone' ), 'box-shadow' => array( 'shadow' ), 'writing-mode' => array( 'typography', 'writingMode' ), ); /** * Indirect metadata for style properties that are not directly output. * * Each element maps from a CSS property name to an array of * paths to the value in theme.json & block attributes. * * Indirect properties are not output directly by `compute_style_properties`, * but are used elsewhere in the processing of global styles. The indirect * property is used to validate whether a style value is allowed. * * @since 6.2.0 * @since 6.6.0 Added background-image properties. * @var array */ const INDIRECT_PROPERTIES_METADATA = array( 'gap' => array( array( 'spacing', 'blockGap' ), ), 'column-gap' => array( array( 'spacing', 'blockGap', 'left' ), ), 'row-gap' => array( array( 'spacing', 'blockGap', 'top' ), ), 'max-width' => array( array( 'layout', 'contentSize' ), array( 'layout', 'wideSize' ), ), 'background-image' => array( array( 'background', 'backgroundImage', 'url' ), ), ); /** * Protected style properties. * * These style properties are only rendered if a setting enables it * via a value other than `null`. * * Each element maps the style property to the corresponding theme.json * setting key. * * @since 5.9.0 * @var array */ const PROTECTED_PROPERTIES = array( 'spacing.blockGap' => array( 'spacing', 'blockGap' ), ); /** * The top-level keys a theme.json can have. * * @since 5.8.0 As `ALLOWED_TOP_LEVEL_KEYS`. * @since 5.9.0 Renamed from `ALLOWED_TOP_LEVEL_KEYS` to `VALID_TOP_LEVEL_KEYS`, * added the `customTemplates` and `templateParts` values. * @since 6.3.0 Added the `description` value. * @since 6.6.0 Added `blockTypes` to support block style variation theme.json partials. * @var string[] */ const VALID_TOP_LEVEL_KEYS = array( 'blockTypes', 'customTemplates', 'description', 'patterns', 'settings', 'slug', 'styles', 'templateParts', 'title', 'version', ); /** * The valid properties under the settings key. * * @since 5.8.0 As `ALLOWED_SETTINGS`. * @since 5.9.0 Renamed from `ALLOWED_SETTINGS` to `VALID_SETTINGS`, * added new properties for `border`, `color`, `spacing`, * and `typography`, and renamed others according to the new schema. * @since 6.0.0 Added `color.defaultDuotone`. * @since 6.1.0 Added `layout.definitions` and `useRootPaddingAwareAlignments`. * @since 6.2.0 Added `dimensions.minHeight`, 'shadow.presets', 'shadow.defaultPresets', * `position.fixed` and `position.sticky`. * @since 6.3.0 Added support for `typography.textColumns`, removed `layout.definitions`. * @since 6.4.0 Added support for `layout.allowEditing`, `background.backgroundImage`, * `typography.writingMode`, `lightbox.enabled` and `lightbox.allowEditing`. * @since 6.5.0 Added support for `layout.allowCustomContentAndWideSize`, * `background.backgroundSize` and `dimensions.aspectRatio`. * @since 6.6.0 Added support for 'dimensions.aspectRatios', 'dimensions.defaultAspectRatios', * 'typography.defaultFontSizes', and 'spacing.defaultSpacingSizes'. * @since 6.9.0 Added support for `border.radiusSizes`. * @var array */ const VALID_SETTINGS = array( 'appearanceTools' => null, 'useRootPaddingAwareAlignments' => null, 'background' => array( 'backgroundImage' => null, 'backgroundSize' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'radiusSizes' => null, 'style' => null, 'width' => null, ), 'color' => array( 'background' => null, 'custom' => null, 'customDuotone' => null, 'customGradient' => null, 'defaultDuotone' => null, 'defaultGradients' => null, 'defaultPalette' => null, 'duotone' => null, 'gradients' => null, 'link' => null, 'heading' => null, 'button' => null, 'caption' => null, 'palette' => null, 'text' => null, ), 'custom' => null, 'dimensions' => array( 'aspectRatio' => null, 'aspectRatios' => null, 'defaultAspectRatios' => null, 'minHeight' => null, ), 'layout' => array( 'contentSize' => null, 'wideSize' => null, 'allowEditing' => null, 'allowCustomContentAndWideSize' => null, ), 'lightbox' => array( 'enabled' => null, 'allowEditing' => null, ), 'position' => array( 'fixed' => null, 'sticky' => null, ), 'spacing' => array( 'customSpacingSize' => null, 'defaultSpacingSizes' => null, 'spacingSizes' => null, 'spacingScale' => null, 'blockGap' => null, 'margin' => null, 'padding' => null, 'units' => null, ), 'shadow' => array( 'presets' => null, 'defaultPresets' => null, ), 'typography' => array( 'fluid' => null, 'customFontSize' => null, 'defaultFontSizes' => null, 'dropCap' => null, 'fontFamilies' => null, 'fontSizes' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), ); /** * The valid properties for fontFamilies under settings key. * * @since 6.5.0 * @var array */ const FONT_FAMILY_SCHEMA = array( array( 'fontFamily' => null, 'name' => null, 'slug' => null, 'fontFace' => array( array( 'ascentOverride' => null, 'descentOverride' => null, 'fontDisplay' => null, 'fontFamily' => null, 'fontFeatureSettings' => null, 'fontStyle' => null, 'fontStretch' => null, 'fontVariationSettings' => null, 'fontWeight' => null, 'lineGapOverride' => null, 'sizeAdjust' => null, 'src' => null, 'unicodeRange' => null, ), ), ), ); /** * The valid properties under the styles key. * * @since 5.8.0 As `ALLOWED_STYLES`. * @since 5.9.0 Renamed from `ALLOWED_STYLES` to `VALID_STYLES`, * added new properties for `border`, `filter`, `spacing`, * and `typography`. * @since 6.1.0 Added new side properties for `border`, * added new property `shadow`, * updated `blockGap` to be allowed at any level. * @since 6.2.0 Added `outline`, and `minHeight` properties. * @since 6.3.0 Added support for `typography.textColumns`. * @since 6.5.0 Added support for `dimensions.aspectRatio`. * @since 6.6.0 Added `background` sub properties to top-level only. * @var array */ const VALID_STYLES = array( 'background' => array( 'backgroundImage' => null, 'backgroundPosition' => null, 'backgroundRepeat' => null, 'backgroundSize' => null, 'backgroundAttachment' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'style' => null, 'width' => null, 'top' => null, 'right' => null, 'bottom' => null, 'left' => null, ), 'color' => array( 'background' => null, 'gradient' => null, 'text' => null, ), 'dimensions' => array( 'aspectRatio' => null, 'minHeight' => null, ), 'filter' => array( 'duotone' => null, ), 'outline' => array( 'color' => null, 'offset' => null, 'style' => null, 'width' => null, ), 'shadow' => null, 'spacing' => array( 'margin' => null, 'padding' => null, 'blockGap' => null, ), 'typography' => array( 'fontFamily' => null, 'fontSize' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), 'css' => null, ); /** * Defines which pseudo selectors are enabled for which elements. * * The order of the selectors should be: link, any-link, visited, hover, focus, focus-visible, active. * This is to ensure the user action (hover, focus and active) styles have a higher * specificity than the visited styles, which in turn have a higher specificity than * the unvisited styles. * * See https://core.trac.wordpress.org/ticket/56928. * Note: this will affect both top-level and block-level elements. * * @since 6.1.0 * @since 6.2.0 Added support for ':link' and ':any-link'. * @since 6.8.0 Added support for ':focus-visible'. * @since 6.9.0 Added `textInput` and `select` elements. * @var array */ const VALID_ELEMENT_PSEUDO_SELECTORS = array( 'link' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), 'button' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), ); /** * The valid elements that can be found under styles. * * @since 5.8.0 * @since 6.1.0 Added `heading`, `button`, and `caption` elements. * @var string[] */ const ELEMENTS = array( 'link' => 'a:where(:not(.wp-element-button))', // The `where` is needed to lower the specificity. 'heading' => 'h1, h2, h3, h4, h5, h6', 'h1' => 'h1', 'h2' => 'h2', 'h3' => 'h3', 'h4' => 'h4', 'h5' => 'h5', 'h6' => 'h6', // We have the .wp-block-button__link class so that this will target older buttons that have been serialized. 'button' => '.wp-element-button, .wp-block-button__link', // The block classes are necessary to target older content that won't use the new class names. 'caption' => '.wp-element-caption, .wp-block-audio figcaption, .wp-block-embed figcaption, .wp-block-gallery figcaption, .wp-block-image figcaption, .wp-block-table figcaption, .wp-block-video figcaption', 'cite' => 'cite', 'textInput' => 'textarea, input:where([type=email],[type=number],[type=password],[type=search],[type=text],[type=tel],[type=url])', 'select' => 'select', ); const __EXPERIMENTAL_ELEMENT_CLASS_NAMES = array( 'button' => 'wp-element-button', 'caption' => 'wp-element-caption', ); /** * List of block support features that can have their related styles * generated under their own feature level selector rather than the block's. * * @since 6.1.0 * @var string[] */ const BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS = array( '__experimentalBorder' => 'border', 'color' => 'color', 'spacing' => 'spacing', 'typography' => 'typography', ); /** * Return the input schema at the root and per origin. * * @since 6.5.0 * * @param array $schema The base schema. * @return array The schema at the root and per origin. * * Example: * schema_in_root_and_per_origin( * array( * 'fontFamily' => null, * 'slug' => null, * ) * ) * * Returns: * array( * 'fontFamily' => null, * 'slug' => null, * 'default' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'blocks' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'theme' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'custom' => array( * 'fontFamily' => null, * 'slug' => null, * ), * ) */ protected static function schema_in_root_and_per_origin( $schema ) { $schema_in_root_and_per_origin = $schema; foreach ( static::VALID_ORIGINS as $origin ) { $schema_in_root_and_per_origin[ $origin ] = $schema; } return $schema_in_root_and_per_origin; } /** * Returns a class name by an element name. * * @since 6.1.0 * * @param string $element The name of the element. * @return string The name of the class. */ public static function get_element_class_name( $element ) { $class_name = ''; if ( isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ] ) ) { $class_name = static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ]; } return $class_name; } /** * Options that settings.appearanceTools enables. * * @since 6.0.0 * @since 6.2.0 Added `dimensions.minHeight` and `position.sticky`. * @since 6.4.0 Added `background.backgroundImage`. * @since 6.5.0 Added `background.backgroundSize` and `dimensions.aspectRatio`. * @var array */ const APPEARANCE_TOOLS_OPT_INS = array( array( 'background', 'backgroundImage' ), array( 'background', 'backgroundSize' ), array( 'border', 'color' ), array( 'border', 'radius' ), array( 'border', 'style' ), array( 'border', 'width' ), array( 'color', 'link' ), array( 'color', 'heading' ), array( 'color', 'button' ), array( 'color', 'caption' ), array( 'dimensions', 'aspectRatio' ), array( 'dimensions', 'minHeight' ), array( 'position', 'sticky' ), array( 'spacing', 'blockGap' ), array( 'spacing', 'margin' ), array( 'spacing', 'padding' ), array( 'typography', 'lineHeight' ), ); /** * The latest version of the schema in use. * * @since 5.8.0 * @since 5.9.0 Changed value from 1 to 2. * @since 6.6.0 Changed value from 2 to 3. * @var int */ const LATEST_SCHEMA = 3; /** * Constructor. * * @since 5.8.0 * @since 6.6.0 Key spacingScale by origin, and Pre-generate the spacingSizes from spacingScale. * Added unwrapping of shared block style variations into block type variations if registered. * * @param array $theme_json A structure that follows the theme.json schema. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. */ public function __construct( $theme_json = array( 'version' => self::LATEST_SCHEMA ), $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $this->theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $this->theme_json = static::unwrap_shared_block_style_variations( $this->theme_json, $valid_variations ); $this->theme_json = static::sanitize( $this->theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $this->theme_json = static::maybe_opt_in_into_settings( $this->theme_json ); // Internally, presets are keyed by origin. $nodes = static::get_setting_nodes( $this->theme_json ); foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $subpath ) { $path[] = $subpath; } $preset = _wp_array_get( $this->theme_json, $path, null ); if ( null !== $preset ) { // If the preset is not already keyed by origin. if ( isset( $preset[0] ) || empty( $preset ) ) { _wp_array_set( $this->theme_json, $path, array( $origin => $preset ) ); } } } } // In addition to presets, spacingScale (which generates presets) is also keyed by origin. $scale_path = array( 'settings', 'spacing', 'spacingScale' ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( null !== $spacing_scale ) { // If the spacingScale is not already keyed by origin. if ( empty( array_intersect( array_keys( $spacing_scale ), static::VALID_ORIGINS ) ) ) { _wp_array_set( $this->theme_json, $scale_path, array( $origin => $spacing_scale ) ); } } // Pre-generate the spacingSizes from spacingScale. $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( isset( $spacing_scale ) ) { $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $this->theme_json, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $this->theme_json, $sizes_path, $merged_spacing_sizes ); } } /** * Unwraps shared block style variations. * * It takes the shared variations (styles.variations.variationName) and * applies them to all the blocks that have the given variation registered * (styles.blocks.blockType.variations.variationName). * * For example, given the `core/paragraph` and `core/group` blocks have * registered the `section-a` style variation, and given the following input: * * { * "styles": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * * It returns the following output: * * { * "styles": { * "blocks": { * "core/paragraph": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * }, * }, * "core/group": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * } * } * * @since 6.6.0 * * @param array $theme_json A structure that follows the theme.json schema. * @param array $valid_variations Valid block style variations. * @return array Theme json data with shared variation definitions unwrapped under appropriate block types. */ private static function unwrap_shared_block_style_variations( $theme_json, $valid_variations ) { if ( empty( $theme_json['styles']['variations'] ) || empty( $valid_variations ) ) { return $theme_json; } $new_theme_json = $theme_json; $variations = $new_theme_json['styles']['variations']; foreach ( $valid_variations as $block_type => $registered_variations ) { foreach ( $registered_variations as $variation_name ) { $block_level_data = $new_theme_json['styles']['blocks'][ $block_type ]['variations'][ $variation_name ] ?? array(); $top_level_data = $variations[ $variation_name ] ?? array(); $merged_data = array_replace_recursive( $top_level_data, $block_level_data ); if ( ! empty( $merged_data ) ) { _wp_array_set( $new_theme_json, array( 'styles', 'blocks', $block_type, 'variations', $variation_name ), $merged_data ); } } } unset( $new_theme_json['styles']['variations'] ); return $new_theme_json; } /** * Enables some opt-in settings if theme declared support. * * @since 5.9.0 * * @param array $theme_json A theme.json structure to modify. * @return array The modified theme.json structure. */ protected static function maybe_opt_in_into_settings( $theme_json ) { $new_theme_json = $theme_json; if ( isset( $new_theme_json['settings']['appearanceTools'] ) && true === $new_theme_json['settings']['appearanceTools'] ) { static::do_opt_in_into_settings( $new_theme_json['settings'] ); } if ( isset( $new_theme_json['settings']['blocks'] ) && is_array( $new_theme_json['settings']['blocks'] ) ) { foreach ( $new_theme_json['settings']['blocks'] as &$block ) { if ( isset( $block['appearanceTools'] ) && ( true === $block['appearanceTools'] ) ) { static::do_opt_in_into_settings( $block ); } } } return $new_theme_json; } /** * Enables some settings. * * @since 5.9.0 * * @param array $context The context to which the settings belong. */ protected static function do_opt_in_into_settings( &$context ) { foreach ( static::APPEARANCE_TOOLS_OPT_INS as $path ) { /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ if ( 'unset prop' === _wp_array_get( $context, $path, 'unset prop' ) ) { _wp_array_set( $context, $path, true ); } } unset( $context['appearanceTools'] ); } /** * Sanitizes the input according to the schemas. * * @since 5.8.0 * @since 5.9.0 Added the `$valid_block_names` and `$valid_element_name` parameters. * @since 6.3.0 Added the `$valid_variations` parameter. * @since 6.6.0 Updated schema to allow extended block style variations. * * @param array $input Structure to sanitize. * @param array $valid_block_names List of valid block names. * @param array $valid_element_names List of valid element names. * @param array $valid_variations List of valid variations per block. * @return array The sanitized output. */ protected static function sanitize( $input, $valid_block_names, $valid_element_names, $valid_variations ) { $output = array(); if ( ! is_array( $input ) ) { return $output; } // Preserve only the top most level keys. $output = array_intersect_key( $input, array_flip( static::VALID_TOP_LEVEL_KEYS ) ); /* * Remove any rules that are annotated as "top" in VALID_STYLES constant. * Some styles are only meant to be available at the top-level (e.g.: blockGap), * hence, the schema for blocks & elements should not have them. */ $styles_non_top_level = static::VALID_STYLES; foreach ( array_keys( $styles_non_top_level ) as $section ) { // array_key_exists() needs to be used instead of isset() because the value can be null. if ( array_key_exists( $section, $styles_non_top_level ) && is_array( $styles_non_top_level[ $section ] ) ) { foreach ( array_keys( $styles_non_top_level[ $section ] ) as $prop ) { if ( 'top' === $styles_non_top_level[ $section ][ $prop ] ) { unset( $styles_non_top_level[ $section ][ $prop ] ); } } } } // Build the schema based on valid block & element names. $schema = array(); $schema_styles_elements = array(); /* * Set allowed element pseudo selectors based on per element allow list. * Target data structure in schema: * e.g. * - top level elements: `$schema['styles']['elements']['link'][':hover']`. * - block level elements: `$schema['styles']['blocks']['core/button']['elements']['link'][':hover']`. */ foreach ( $valid_element_names as $element ) { $schema_styles_elements[ $element ] = $styles_non_top_level; if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { $schema_styles_elements[ $element ][ $pseudo_selector ] = $styles_non_top_level; } } } $schema_styles_blocks = array(); $schema_settings_blocks = array(); /* * Generate a schema for blocks. * - Block styles can contain `elements` & `variations` definitions. * - Variations definitions cannot be nested. * - Variations can contain styles for inner `blocks`. * - Variation inner `blocks` styles can contain `elements`. * * As each variation needs a `blocks` schema but further nested * inner `blocks`, the overall schema will be generated in multiple passes. */ foreach ( $valid_block_names as $block ) { $schema_settings_blocks[ $block ] = static::VALID_SETTINGS; $schema_styles_blocks[ $block ] = $styles_non_top_level; $schema_styles_blocks[ $block ]['elements'] = $schema_styles_elements; } $block_style_variation_styles = static::VALID_STYLES; $block_style_variation_styles['blocks'] = $schema_styles_blocks; $block_style_variation_styles['elements'] = $schema_styles_elements; foreach ( $valid_block_names as $block ) { // Build the schema for each block style variation. $style_variation_names = array(); if ( ! empty( $input['styles']['blocks'][ $block ]['variations'] ) && is_array( $input['styles']['blocks'][ $block ]['variations'] ) && isset( $valid_variations[ $block ] ) ) { $style_variation_names = array_intersect( array_keys( $input['styles']['blocks'][ $block ]['variations'] ), $valid_variations[ $block ] ); } $schema_styles_variations = array(); if ( ! empty( $style_variation_names ) ) { $schema_styles_variations = array_fill_keys( $style_variation_names, $block_style_variation_styles ); } $schema_styles_blocks[ $block ]['variations'] = $schema_styles_variations; } $schema['styles'] = static::VALID_STYLES; $schema['styles']['blocks'] = $schema_styles_blocks; $schema['styles']['elements'] = $schema_styles_elements; $schema['settings'] = static::VALID_SETTINGS; $schema['settings']['blocks'] = $schema_settings_blocks; $schema['settings']['typography']['fontFamilies'] = static::schema_in_root_and_per_origin( static::FONT_FAMILY_SCHEMA ); // Remove anything that's not present in the schema. foreach ( array( 'styles', 'settings' ) as $subtree ) { if ( ! isset( $input[ $subtree ] ) ) { continue; } if ( ! is_array( $input[ $subtree ] ) ) { unset( $output[ $subtree ] ); continue; } $result = static::remove_keys_not_in_schema( $input[ $subtree ], $schema[ $subtree ] ); if ( empty( $result ) ) { unset( $output[ $subtree ] ); } else { $output[ $subtree ] = static::resolve_custom_css_format( $result ); } } return $output; } /** * Appends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_append selector ".some-class" the result will be * "h1.some-class, h2.some-class, h3.some-class". * * @since 5.8.0 * @since 6.1.0 Added append position. * @since 6.3.0 Removed append position parameter. * * @param string $selector Original selector. * @param string $to_append Selector to append. * @return string The new selector. */ protected static function append_to_selector( $selector, $to_append ) { if ( ! str_contains( $selector, ',' ) ) { return $selector . $to_append; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $sel . $to_append; } return implode( ',', $new_selectors ); } /** * Prepends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_prepend selector ".some-class " the result will be * ".some-class h1, .some-class h2, .some-class h3". * * @since 6.3.0 * * @param string $selector Original selector. * @param string $to_prepend Selector to prepend. * @return string The new selector. */ protected static function prepend_to_selector( $selector, $to_prepend ) { if ( ! str_contains( $selector, ',' ) ) { return $to_prepend . $selector; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $to_prepend . $sel; } return implode( ',', $new_selectors ); } /** * Returns the metadata for each block. * * Example: * * { * 'core/paragraph': { * 'selector': 'p', * 'elements': { * 'link' => 'link selector', * 'etc' => 'element selector' * } * }, * 'core/heading': { * 'selector': 'h1', * 'elements': {} * }, * 'core/image': { * 'selector': '.wp-block-image', * 'duotone': 'img', * 'elements': {} * } * } * * @since 5.8.0 * @since 5.9.0 Added `duotone` key with CSS selector. * @since 6.1.0 Added `features` key with block support feature level selectors. * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Updated to include block style variations from the block styles registry. * * @return array Block metadata. */ protected static function get_blocks_metadata() { $registry = WP_Block_Type_Registry::get_instance(); $blocks = $registry->get_all_registered(); $style_registry = WP_Block_Styles_Registry::get_instance(); // Is there metadata for all currently registered blocks? $blocks = array_diff_key( $blocks, static::$blocks_metadata ); if ( empty( $blocks ) ) { /* * New block styles may have been registered within WP_Block_Styles_Registry. * Update block metadata for any new block style variations. */ $registered_styles = $style_registry->get_all_registered(); foreach ( static::$blocks_metadata as $block_name => $block_metadata ) { if ( ! empty( $registered_styles[ $block_name ] ) ) { $style_selectors = $block_metadata['styleVariations'] ?? array(); foreach ( $registered_styles[ $block_name ] as $block_style ) { if ( ! isset( $style_selectors[ $block_style['name'] ] ) ) { $style_selectors[ $block_style['name'] ] = static::get_block_style_variation_selector( $block_style['name'], $block_metadata['selector'] ); } } static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } foreach ( $blocks as $block_name => $block_type ) { $root_selector = wp_get_block_css_selector( $block_type ); static::$blocks_metadata[ $block_name ]['selector'] = $root_selector; static::$blocks_metadata[ $block_name ]['selectors'] = static::get_block_selectors( $block_type, $root_selector ); $elements = static::get_block_element_selectors( $root_selector ); if ( ! empty( $elements ) ) { static::$blocks_metadata[ $block_name ]['elements'] = $elements; } // The block may or may not have a duotone selector. $duotone_selector = wp_get_block_css_selector( $block_type, 'filter.duotone' ); // Keep backwards compatibility for support.color.__experimentalDuotone. if ( null === $duotone_selector ) { $duotone_support = isset( $block_type->supports['color']['__experimentalDuotone'] ) ? $block_type->supports['color']['__experimentalDuotone'] : null; if ( $duotone_support ) { $root_selector = wp_get_block_css_selector( $block_type ); $duotone_selector = static::scope_selector( $root_selector, $duotone_support ); } } if ( null !== $duotone_selector ) { static::$blocks_metadata[ $block_name ]['duotone'] = $duotone_selector; } // If the block has style variations, append their selectors to the block metadata. $style_selectors = array(); if ( ! empty( $block_type->styles ) ) { foreach ( $block_type->styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } } // Block style variations can be registered through the WP_Block_Styles_Registry as well as block.json. $registered_styles = $style_registry->get_registered_styles_for_block( $block_name ); foreach ( $registered_styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } if ( ! empty( $style_selectors ) ) { static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } /** * Given a tree, removes the keys that are not present in the schema. * * It is recursive and modifies the input in-place. * * @since 5.8.0 * * @param array $tree Input to process. * @param array $schema Schema to adhere to. * @return array The modified $tree. */ protected static function remove_keys_not_in_schema( $tree, $schema ) { if ( ! is_array( $tree ) ) { return $tree; } foreach ( $tree as $key => $value ) { // Remove keys not in the schema or with null/empty values. if ( ! array_key_exists( $key, $schema ) ) { unset( $tree[ $key ] ); continue; } if ( is_array( $schema[ $key ] ) ) { if ( ! is_array( $value ) ) { unset( $tree[ $key ] ); } elseif ( wp_is_numeric_array( $value ) ) { // If indexed, process each item in the array. foreach ( $value as $item_key => $item_value ) { if ( isset( $schema[ $key ][0] ) && is_array( $schema[ $key ][0] ) ) { $tree[ $key ][ $item_key ] = self::remove_keys_not_in_schema( $item_value, $schema[ $key ][0] ); } else { // If the schema does not define a further structure, keep the value as is. $tree[ $key ][ $item_key ] = $item_value; } } } else { // If associative, process as a single object. $tree[ $key ] = self::remove_keys_not_in_schema( $value, $schema[ $key ] ); if ( empty( $tree[ $key ] ) ) { unset( $tree[ $key ] ); } } } } return $tree; } /** * Returns the existing settings for each block. * * Example: * * { * 'root': { * 'color': { * 'custom': true * } * }, * 'core/paragraph': { * 'spacing': { * 'customPadding': true * } * } * } * * @since 5.8.0 * * @return array Settings per block. */ public function get_settings() { if ( ! isset( $this->theme_json['settings'] ) ) { return array(); } else { return $this->theme_json['settings']; } } /** * Returns the stylesheet that results of processing * the theme.json structure this object represents. * * @since 5.8.0 * @since 5.9.0 Removed the `$type` parameter, added the `$types` and `$origins` parameters. * @since 6.3.0 Add fallback layout styles for Post Template when block gap support isn't available. * @since 6.6.0 Added boolean `skip_root_layout_styles` and `include_block_style_variations` options * to control styles output as desired. * * @param string[] $types Types of styles to load. Will load all by default. It accepts: * - `variables`: only the CSS Custom Properties for presets & custom ones. * - `styles`: only the styles section in theme.json. * - `presets`: only the classes for the presets. * - `base-layout-styles`: only the base layout styles. * - `custom-css`: only the custom CSS. * @param string[] $origins A list of origins to include. By default it includes VALID_ORIGINS. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type string $scope Makes sure all style are scoped to a given selector * @type string $root_selector Overwrites and forces a given selector to be used on the root node * @type bool $skip_root_layout_styles Omits root layout styles from the generated stylesheet. Default false. * @type bool $include_block_style_variations Includes styles for block style variations in the generated stylesheet. Default false. * } * @return string The resulting stylesheet. */ public function get_stylesheet( $types = array( 'variables', 'styles', 'presets' ), $origins = null, $options = array() ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } if ( is_string( $types ) ) { // Dispatch error and map old arguments to new ones. _deprecated_argument( __FUNCTION__, '5.9.0' ); if ( 'block_styles' === $types ) { $types = array( 'styles', 'presets' ); } elseif ( 'css_variables' === $types ) { $types = array( 'variables' ); } else { $types = array( 'variables', 'styles', 'presets' ); } } $blocks_metadata = static::get_blocks_metadata(); $style_nodes = static::get_style_nodes( $this->theme_json, $blocks_metadata, $options ); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $root_style_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $style_nodes, 'selector' ), true ); $root_settings_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $setting_nodes, 'selector' ), true ); if ( ! empty( $options['scope'] ) ) { foreach ( $setting_nodes as &$node ) { $node['selector'] = static::scope_selector( $options['scope'], $node['selector'] ); } foreach ( $style_nodes as &$node ) { $node = static::scope_style_node_selectors( $options['scope'], $node ); } unset( $node ); } if ( ! empty( $options['root_selector'] ) ) { if ( false !== $root_settings_key ) { $setting_nodes[ $root_settings_key ]['selector'] = $options['root_selector']; } if ( false !== $root_style_key ) { $style_nodes[ $root_style_key ]['selector'] = $options['root_selector']; } } $stylesheet = ''; if ( in_array( 'variables', $types, true ) ) { $stylesheet .= $this->get_css_variables( $setting_nodes, $origins ); } if ( in_array( 'styles', $types, true ) ) { if ( false !== $root_style_key && empty( $options['skip_root_layout_styles'] ) ) { $stylesheet .= $this->get_root_layout_rules( $style_nodes[ $root_style_key ]['selector'], $style_nodes[ $root_style_key ] ); } $stylesheet .= $this->get_block_classes( $style_nodes ); } elseif ( in_array( 'base-layout-styles', $types, true ) ) { $root_selector = static::ROOT_BLOCK_SELECTOR; $columns_selector = '.wp-block-columns'; $post_template_selector = '.wp-block-post-template'; if ( ! empty( $options['scope'] ) ) { $root_selector = static::scope_selector( $options['scope'], $root_selector ); $columns_selector = static::scope_selector( $options['scope'], $columns_selector ); $post_template_selector = static::scope_selector( $options['scope'], $post_template_selector ); } if ( ! empty( $options['root_selector'] ) ) { $root_selector = $options['root_selector']; } /* * Base layout styles are provided as part of `styles`, so only output separately if explicitly requested. * For backwards compatibility, the Columns block is explicitly included, to support a different default gap value. */ $base_styles_nodes = array( array( 'path' => array( 'styles' ), 'selector' => $root_selector, ), array( 'path' => array( 'styles', 'blocks', 'core/columns' ), 'selector' => $columns_selector, 'name' => 'core/columns', ), array( 'path' => array( 'styles', 'blocks', 'core/post-template' ), 'selector' => $post_template_selector, 'name' => 'core/post-template', ), ); foreach ( $base_styles_nodes as $base_style_node ) { $stylesheet .= $this->get_layout_styles( $base_style_node, $types ); } } if ( in_array( 'presets', $types, true ) ) { $stylesheet .= $this->get_preset_classes( $setting_nodes, $origins ); } // Load the custom CSS last so it has the highest specificity. if ( in_array( 'custom-css', $types, true ) ) { // Add the global styles root CSS. $stylesheet .= _wp_array_get( $this->theme_json, array( 'styles', 'css' ) ); } return $stylesheet; } /** * Processes the CSS, to apply nesting. * * @since 6.2.0 * @since 6.6.0 Enforced 0-1-0 specificity for block custom CSS selectors. * * @param string $css The CSS to process. * @param string $selector The selector to nest. * @return string The processed CSS. */ protected function process_blocks_custom_css( $css, $selector ) { $processed_css = ''; if ( empty( $css ) ) { return $processed_css; } // Split CSS nested rules. $parts = explode( '&', $css ); foreach ( $parts as $part ) { if ( empty( $part ) ) { continue; } $is_root_css = ( ! str_contains( $part, '{' ) ); if ( $is_root_css ) { // If the part doesn't contain braces, it applies to the root level. $processed_css .= ':root :where(' . trim( $selector ) . '){' . trim( $part ) . '}'; } else { // If the part contains braces, it's a nested CSS rule. $part = explode( '{', str_replace( '}', '', $part ) ); if ( count( $part ) !== 2 ) { continue; } $nested_selector = $part[0]; $css_value = $part[1]; /* * Handle pseudo elements such as ::before, ::after etc. Regex will also * capture any leading combinator such as >, +, or ~, as well as spaces. * This allows pseudo elements as descendants e.g. `.parent ::before`. */ $matches = array(); $has_pseudo_element = preg_match( '/([>+~\s]*::[a-zA-Z-]+)/', $nested_selector, $matches ); $pseudo_part = $has_pseudo_element ? $matches[1] : ''; $nested_selector = $has_pseudo_element ? str_replace( $pseudo_part, '', $nested_selector ) : $nested_selector; // Finalize selector and re-append pseudo element if required. $part_selector = str_starts_with( $nested_selector, ' ' ) ? static::scope_selector( $selector, $nested_selector ) : static::append_to_selector( $selector, $nested_selector ); $final_selector = ":root :where($part_selector)$pseudo_part"; $processed_css .= $final_selector . '{' . trim( $css_value ) . '}'; } } return $processed_css; } /** * Returns the global styles custom CSS. * * @since 6.2.0 * @deprecated 6.7.0 Use {@see 'get_stylesheet'} instead. * * @return string The global styles custom CSS. */ public function get_custom_css() { _deprecated_function( __METHOD__, '6.7.0', 'get_stylesheet' ); // Add the global styles root CSS. $stylesheet = isset( $this->theme_json['styles']['css'] ) ? $this->theme_json['styles']['css'] : ''; // Add the global styles block CSS. if ( isset( $this->theme_json['styles']['blocks'] ) ) { foreach ( $this->theme_json['styles']['blocks'] as $name => $node ) { $custom_block_css = isset( $this->theme_json['styles']['blocks'][ $name ]['css'] ) ? $this->theme_json['styles']['blocks'][ $name ]['css'] : null; if ( $custom_block_css ) { $selector = static::$blocks_metadata[ $name ]['selector']; $stylesheet .= $this->process_blocks_custom_css( $custom_block_css, $selector ); } } } return $stylesheet; } /** * Returns the page templates of the active theme. * * @since 5.9.0 * * @return array */ public function get_custom_templates() { $custom_templates = array(); if ( ! isset( $this->theme_json['customTemplates'] ) || ! is_array( $this->theme_json['customTemplates'] ) ) { return $custom_templates; } foreach ( $this->theme_json['customTemplates'] as $item ) { if ( isset( $item['name'] ) ) { $custom_templates[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'postTypes' => isset( $item['postTypes'] ) ? $item['postTypes'] : array( 'page' ), ); } } return $custom_templates; } /** * Returns the template part data of active theme. * * @since 5.9.0 * * @return array */ public function get_template_parts() { $template_parts = array(); if ( ! isset( $this->theme_json['templateParts'] ) || ! is_array( $this->theme_json['templateParts'] ) ) { return $template_parts; } foreach ( $this->theme_json['templateParts'] as $item ) { if ( isset( $item['name'] ) ) { $template_parts[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'area' => isset( $item['area'] ) ? $item['area'] : '', ); } } return $template_parts; } /** * Converts each style section into a list of rulesets * containing the block styles to be appended to the stylesheet. * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * style-property-one: value; * } * * @since 5.8.0 As `get_block_styles()`. * @since 5.9.0 Renamed from `get_block_styles()` to `get_block_classes()` * and no longer returns preset classes. * Removed the `$setting_nodes` parameter. * @since 6.1.0 Moved most internal logic to `get_styles_for_block()`. * * @param array $style_nodes Nodes with styles. * @return string The new stylesheet. */ protected function get_block_classes( $style_nodes ) { $block_rules = ''; foreach ( $style_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $block_rules .= static::get_styles_for_block( $metadata ); } return $block_rules; } /** * Gets the CSS layout rules for a particular block from theme.json layout definitions. * * @since 6.1.0 * @since 6.3.0 Reduced specificity for layout margin rules. * @since 6.5.1 Only output rules referencing content and wide sizes when values exist. * @since 6.5.3 Add types parameter to check if only base layout styles are needed. * @since 6.6.0 Updated layout style specificity to be compatible with overall 0-1-0 specificity in global styles. * * @param array $block_metadata Metadata about the block to get styles for. * @param array $types Optional. Types of styles to output. If empty, all styles will be output. * @return string Layout styles for the block. */ protected function get_layout_styles( $block_metadata, $types = array() ) { $block_rules = ''; $block_type = null; // Skip outputting layout styles if explicitly disabled. if ( current_theme_supports( 'disable-layout-styles' ) ) { return $block_rules; } if ( isset( $block_metadata['name'] ) ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block_metadata['name'] ); if ( ! block_has_support( $block_type, 'layout', false ) && ! block_has_support( $block_type, '__experimentalLayout', false ) ) { return $block_rules; } } $selector = isset( $block_metadata['selector'] ) ? $block_metadata['selector'] : ''; $has_block_gap_support = isset( $this->theme_json['settings']['spacing']['blockGap'] ); $has_fallback_gap_support = ! $has_block_gap_support; // This setting isn't useful yet: it exists as a placeholder for a future explicit fallback gap styles support. $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $layout_definitions = wp_get_layout_definitions(); $layout_selector_pattern = '/^[a-zA-Z0-9\-\.\,\ *+>:\(\)]*$/'; // Allow alphanumeric classnames, spaces, wildcard, sibling, child combinator and pseudo class selectors. /* * Gap styles will only be output if the theme has block gap support, or supports a fallback gap. * Default layout gap styles will be skipped for themes that do not explicitly opt-in to blockGap with a `true` or `false` value. */ if ( $has_block_gap_support || $has_fallback_gap_support ) { $block_gap_value = null; // Use a fallback gap value if block gap support is not available. if ( ! $has_block_gap_support ) { $block_gap_value = static::ROOT_BLOCK_SELECTOR === $selector ? '0.5em' : null; if ( ! empty( $block_type ) ) { $block_gap_value = isset( $block_type->supports['spacing']['blockGap']['__experimentalDefault'] ) ? $block_type->supports['spacing']['blockGap']['__experimentalDefault'] : null; } } else { $block_gap_value = static::get_property_value( $node, array( 'spacing', 'blockGap' ) ); } // Support split row / column values and concatenate to a shorthand value. if ( is_array( $block_gap_value ) ) { if ( isset( $block_gap_value['top'] ) && isset( $block_gap_value['left'] ) ) { $gap_row = static::get_property_value( $node, array( 'spacing', 'blockGap', 'top' ) ); $gap_column = static::get_property_value( $node, array( 'spacing', 'blockGap', 'left' ) ); $block_gap_value = $gap_row === $gap_column ? $gap_row : $gap_row . ' ' . $gap_column; } else { // Skip outputting gap value if not all sides are provided. $block_gap_value = null; } } // If the block should have custom gap, add the gap styles. if ( null !== $block_gap_value && false !== $block_gap_value && '' !== $block_gap_value ) { foreach ( $layout_definitions as $layout_definition_key => $layout_definition ) { // Allow outputting fallback gap styles for flex and grid layout types when block gap support isn't available. if ( ! $has_block_gap_support && 'flex' !== $layout_definition_key && 'grid' !== $layout_definition_key ) { continue; } $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $spacing_rules = isset( $layout_definition['spacingStyles'] ) ? $layout_definition['spacingStyles'] : array(); if ( ! empty( $class_name ) && ! empty( $spacing_rules ) ) { foreach ( $spacing_rules as $spacing_rule ) { $declarations = array(); if ( isset( $spacing_rule['selector'] ) && preg_match( $layout_selector_pattern, $spacing_rule['selector'] ) && ! empty( $spacing_rule['rules'] ) ) { // Iterate over each of the styling rules and substitute non-string values such as `null` with the real `blockGap` value. foreach ( $spacing_rule['rules'] as $css_property => $css_value ) { $current_css_value = is_string( $css_value ) ? $css_value : $block_gap_value; if ( static::is_safe_css_declaration( $css_property, $current_css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $current_css_value, ); } } if ( ! $has_block_gap_support ) { // For fallback gap styles, use lower specificity, to ensure styles do not unintentionally override theme styles. $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':where(.%2$s%3$s)' : ':where(%1$s.%2$s%3$s)'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } else { $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':root :where(.%2$s)%3$s' : ':root :where(%1$s-%2$s)%3$s'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } } // Output base styles. if ( static::ROOT_BLOCK_SELECTOR === $selector ) { $valid_display_modes = array( 'block', 'flex', 'grid' ); foreach ( $layout_definitions as $layout_definition ) { $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $base_style_rules = isset( $layout_definition['baseStyles'] ) ? $layout_definition['baseStyles'] : array(); if ( ! empty( $class_name ) && is_array( $base_style_rules ) ) { // Output display mode. This requires special handling as `display` is not exposed in `safe_style_css_filter`. if ( ! empty( $layout_definition['displayMode'] ) && is_string( $layout_definition['displayMode'] ) && in_array( $layout_definition['displayMode'], $valid_display_modes, true ) ) { $layout_selector = sprintf( '%s .%s', $selector, $class_name ); $block_rules .= static::to_ruleset( $layout_selector, array( array( 'name' => 'display', 'value' => $layout_definition['displayMode'], ), ) ); } foreach ( $base_style_rules as $base_style_rule ) { $declarations = array(); // Skip outputting base styles for flow and constrained layout types if theme doesn't support theme.json. The 'base-layout-styles' type flags this. if ( in_array( 'base-layout-styles', $types, true ) && ( 'default' === $layout_definition['name'] || 'constrained' === $layout_definition['name'] ) ) { continue; } if ( isset( $base_style_rule['selector'] ) && preg_match( $layout_selector_pattern, $base_style_rule['selector'] ) && ! empty( $base_style_rule['rules'] ) ) { foreach ( $base_style_rule['rules'] as $css_property => $css_value ) { // Skip rules that reference content size or wide size if they are not defined in the theme.json. if ( is_string( $css_value ) && ( str_contains( $css_value, '--global--content-size' ) || str_contains( $css_value, '--global--wide-size' ) ) && ! isset( $this->theme_json['settings']['layout']['contentSize'] ) && ! isset( $this->theme_json['settings']['layout']['wideSize'] ) ) { continue; } if ( static::is_safe_css_declaration( $css_property, $css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $css_value, ); } } $layout_selector = sprintf( '.%s%s', $class_name, $base_style_rule['selector'] ); $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } return $block_rules; } /** * Creates new rulesets as classes for each preset value such as: * * .has-value-color { * color: value; * } * * .has-value-background-color { * background-color: value; * } * * .has-value-font-size { * font-size: value; * } * * .has-value-gradient-background { * background: value; * } * * p.has-value-gradient-background { * background: value; * } * * @since 5.9.0 * * @param array $setting_nodes Nodes with settings. * @param string[] $origins List of origins to process presets from. * @return string The new stylesheet. */ protected function get_preset_classes( $setting_nodes, $origins ) { $preset_rules = ''; foreach ( $setting_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $preset_rules .= static::compute_preset_classes( $node, $selector, $origins ); } return $preset_rules; } /** * Converts each styles section into a list of rulesets * to be appended to the stylesheet. * These rulesets contain all the css variables (custom variables and preset variables). * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * --wp--preset--category--slug: value; * --wp--custom--variable: value; * } * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $nodes Nodes with settings. * @param string[] $origins List of origins to process. * @return string The new stylesheet. */ protected function get_css_variables( $nodes, $origins ) { $stylesheet = ''; foreach ( $nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $declarations = static::compute_preset_vars( $node, $origins ); $theme_vars_declarations = static::compute_theme_vars( $node ); foreach ( $theme_vars_declarations as $theme_vars_declaration ) { $declarations[] = $theme_vars_declaration; } $stylesheet .= static::to_ruleset( $selector, $declarations ); } return $stylesheet; } /** * Given a selector and a declaration list, * creates the corresponding ruleset. * * @since 5.8.0 * * @param string $selector CSS selector. * @param array $declarations List of declarations. * @return string The resulting CSS ruleset. */ protected static function to_ruleset( $selector, $declarations ) { if ( empty( $declarations ) ) { return ''; } $declaration_block = array_reduce( $declarations, static function ( $carry, $element ) { return $carry .= $element['name'] . ': ' . $element['value'] . ';'; }, '' ); return $selector . '{' . $declaration_block . '}'; } /** * Given a settings array, returns the generated rulesets * for the preset classes. * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * @since 6.6.0 Added check for root CSS properties selector. * * @param array $settings Settings to process. * @param string $selector Selector wrapping the classes. * @param string[] $origins List of origins to process. * @return string The result of processing the presets. */ protected static function compute_preset_classes( $settings, $selector, $origins ) { if ( static::ROOT_BLOCK_SELECTOR === $selector || static::ROOT_CSS_PROPERTIES_SELECTOR === $selector ) { /* * Classes at the global level do not need any CSS prefixed, * and we don't want to increase its specificity. */ $selector = ''; } $stylesheet = ''; foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['classes'] ) ) { continue; } $slugs = static::get_settings_slugs( $settings, $preset_metadata, $origins ); foreach ( $preset_metadata['classes'] as $class => $property ) { foreach ( $slugs as $slug ) { $css_var = static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ); $class_name = static::replace_slug_in_string( $class, $slug ); // $selector is often empty, so we can save ourselves the `append_to_selector()` call then. $new_selector = '' === $selector ? $class_name : static::append_to_selector( $selector, $class_name ); $stylesheet .= static::to_ruleset( $new_selector, array( array( 'name' => $property, 'value' => 'var(' . $css_var . ') !important', ), ) ); } } } return $stylesheet; } /** * Function that scopes a selector with another one. This works a bit like * SCSS nesting except the `&` operator isn't supported. * * <code> * $scope = '.a, .b .c'; * $selector = '> .x, .y'; * $merged = scope_selector( $scope, $selector ); * // $merged is '.a > .x, .a .y, .b .c > .x, .b .c .y' * </code> * * @since 5.9.0 * @since 6.6.0 Added early return if missing scope or selector. * * @param string $scope Selector to scope to. * @param string $selector Original selector. * @return string Scoped selector. */ public static function scope_selector( $scope, $selector ) { if ( ! $scope || ! $selector ) { return $selector; } $scopes = explode( ',', $scope ); $selectors = explode( ',', $selector ); $selectors_scoped = array(); foreach ( $scopes as $outer ) { foreach ( $selectors as $inner ) { $outer = trim( $outer ); $inner = trim( $inner ); if ( ! empty( $outer ) && ! empty( $inner ) ) { $selectors_scoped[] = $outer . ' ' . $inner; } elseif ( empty( $outer ) ) { $selectors_scoped[] = $inner; } elseif ( empty( $inner ) ) { $selectors_scoped[] = $outer; } } } $result = implode( ', ', $selectors_scoped ); return $result; } /** * Scopes the selectors for a given style node. * * This includes the primary selector, i.e. `$node['selector']`, as well as any custom * selectors for features and subfeatures, e.g. `$node['selectors']['border']` etc. * * @since 6.6.0 * * @param string $scope Selector to scope to. * @param array $node Style node with selectors to scope. * @return array Node with updated selectors. */ protected static function scope_style_node_selectors( $scope, $node ) { $node['selector'] = static::scope_selector( $scope, $node['selector'] ); if ( empty( $node['selectors'] ) ) { return $node; } foreach ( $node['selectors'] as $feature => $selector ) { if ( is_string( $selector ) ) { $node['selectors'][ $feature ] = static::scope_selector( $scope, $selector ); } if ( is_array( $selector ) ) { foreach ( $selector as $subfeature => $subfeature_selector ) { $node['selectors'][ $feature ][ $subfeature ] = static::scope_selector( $scope, $subfeature_selector ); } } } return $node; } /** * Gets preset values keyed by slugs based on settings and metadata. * * <code> * $settings = array( * 'typography' => array( * 'fontFamilies' => array( * array( * 'slug' => 'sansSerif', * 'fontFamily' => '"Helvetica Neue", sans-serif', * ), * array( * 'slug' => 'serif', * 'colors' => 'Georgia, serif', * ) * ), * ), * ); * $meta = array( * 'path' => array( 'typography', 'fontFamilies' ), * 'value_key' => 'fontFamily', * ); * $values_by_slug = get_settings_values_by_slug(); * // $values_by_slug === array( * // 'sans-serif' => '"Helvetica Neue", sans-serif', * // 'serif' => 'Georgia, serif', * // ); * </code> * * @since 5.9.0 * @since 6.6.0 Passing $settings to the callbacks defined in static::PRESETS_METADATA. * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where each key is a slug and each value is the preset value. */ protected static function get_settings_values_by_slug( $settings, $preset_metadata, $origins ) { $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); $value = ''; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value_key = $preset_metadata['value_key']; $value = $preset[ $value_key ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value_func = $preset_metadata['value_func']; $value = call_user_func( $value_func, $preset, $settings ); } else { // If we don't have a value, then don't add it to the result. continue; } $result[ $slug ] = $value; } } return $result; } /** * Similar to get_settings_values_by_slug, but doesn't compute the value. * * @since 5.9.0 * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where the key and value are both the slug. */ protected static function get_settings_slugs( $settings, $preset_metadata, $origins = null ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); // Use the array as a set so we don't get duplicates. $result[ $slug ] = $slug; } } return $result; } /** * Transforms a slug into a CSS Custom Property. * * @since 5.9.0 * * @param string $input String to replace. * @param string $slug The slug value to use to generate the custom property. * @return string The CSS Custom Property. Something along the lines of `--wp--preset--color--black`. */ protected static function replace_slug_in_string( $input, $slug ) { return strtr( $input, array( '$slug' => $slug ) ); } /** * Given the block settings, extracts the CSS Custom Properties * for the presets and adds them to the $declarations array * following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $settings Settings to process. * @param string[] $origins List of origins to process. * @return array The modified $declarations. */ protected static function compute_preset_vars( $settings, $origins ) { $declarations = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['css_vars'] ) ) { continue; } $values_by_slug = static::get_settings_values_by_slug( $settings, $preset_metadata, $origins ); foreach ( $values_by_slug as $slug => $value ) { $declarations[] = array( 'name' => static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ), 'value' => $value, ); } } return $declarations; } /** * Given an array of settings, extracts the CSS Custom Properties * for the custom values and adds them to the $declarations * array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * * @param array $settings Settings to process. * @return array The modified $declarations. */ protected static function compute_theme_vars( $settings ) { $declarations = array(); $custom_values = isset( $settings['custom'] ) ? $settings['custom'] : array(); $css_vars = static::flatten_tree( $custom_values ); foreach ( $css_vars as $key => $value ) { $declarations[] = array( 'name' => '--wp--custom--' . $key, 'value' => $value, ); } return $declarations; } /** * Given a tree, it creates a flattened one * by merging the keys and binding the leaf values * to the new keys. * * It also transforms camelCase names into kebab-case * and substitutes '/' by '-'. * * This is thought to be useful to generate * CSS Custom Properties from a tree, * although there's nothing in the implementation * of this function that requires that format. * * For example, assuming the given prefix is '--wp' * and the token is '--', for this input tree: * * { * 'some/property': 'value', * 'nestedProperty': { * 'sub-property': 'value' * } * } * * it'll return this output: * * { * '--wp--some-property': 'value', * '--wp--nested-property--sub-property': 'value' * } * * @since 5.8.0 * * @param array $tree Input tree to process. * @param string $prefix Optional. Prefix to prepend to each variable. Default empty string. * @param string $token Optional. Token to use between levels. Default '--'. * @return array The flattened tree. */ protected static function flatten_tree( $tree, $prefix = '', $token = '--' ) { $result = array(); foreach ( $tree as $property => $value ) { $new_key = $prefix . str_replace( '/', '-', strtolower( _wp_to_kebab_case( $property ) ) ); if ( is_array( $value ) ) { $new_prefix = $new_key . $token; $flattened_subtree = static::flatten_tree( $value, $new_prefix, $token ); foreach ( $flattened_subtree as $subtree_key => $subtree_value ) { $result[ $subtree_key ] = $subtree_value; } } else { $result[ $new_key ] = $value; } } return $result; } /** * Given a styles array, it extracts the style properties * and adds them to the $declarations array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value', * ) * * @since 5.8.0 * @since 5.9.0 Added the `$settings` and `$properties` parameters. * @since 6.1.0 Added `$theme_json`, `$selector`, and `$use_root_padding` parameters. * @since 6.5.0 Output a `min-height: unset` rule when `aspect-ratio` is set. * @since 6.6.0 Pass current theme JSON settings to wp_get_typography_font_size_value(), and process background properties. * @since 6.7.0 `ref` resolution of background properties, and assigning custom default values. * * @param array $styles Styles to process. * @param array $settings Theme settings. * @param array $properties Properties metadata. * @param array $theme_json Theme JSON array. * @param string $selector The style block selector. * @param boolean $use_root_padding Whether to add custom properties at root level. * @return array Returns the modified $declarations. */ protected static function compute_style_properties( $styles, $settings = array(), $properties = null, $theme_json = null, $selector = null, $use_root_padding = null ) { if ( empty( $styles ) ) { return array(); } if ( null === $properties ) { $properties = static::PROPERTIES_METADATA; } $declarations = array(); $root_variable_duplicates = array(); $root_style_length = strlen( '--wp--style--root--' ); foreach ( $properties as $css_property => $value_path ) { if ( ! is_array( $value_path ) ) { continue; } $is_root_style = str_starts_with( $css_property, '--wp--style--root--' ); if ( $is_root_style && ( static::ROOT_BLOCK_SELECTOR !== $selector || ! $use_root_padding ) ) { continue; } $value = static::get_property_value( $styles, $value_path, $theme_json ); /* * Root-level padding styles don't currently support strings with CSS shorthand values. * This may change: https://github.com/WordPress/gutenberg/issues/40132. */ if ( '--wp--style--root--padding' === $css_property && is_string( $value ) ) { continue; } if ( $is_root_style && $use_root_padding ) { $root_variable_duplicates[] = substr( $css_property, $root_style_length ); } /* * Processes background image styles. * If the value is a URL, it will be converted to a CSS `url()` value. * For uploaded image (images with a database ID), apply size and position defaults, * equal to those applied in block supports in lib/background.php. */ if ( 'background-image' === $css_property && ! empty( $value ) ) { $background_styles = wp_style_engine_get_styles( array( 'background' => array( 'backgroundImage' => $value ) ) ); $value = $background_styles['declarations'][ $css_property ]; } if ( empty( $value ) && static::ROOT_BLOCK_SELECTOR !== $selector && ! empty( $styles['background']['backgroundImage']['id'] ) ) { if ( 'background-size' === $css_property ) { $value = 'cover'; } // If the background size is set to `contain` and no position is set, set the position to `center`. if ( 'background-position' === $css_property ) { $background_size = $styles['background']['backgroundSize'] ?? null; $value = 'contain' === $background_size ? '50% 50%' : null; } } // Skip if empty and not "0" or value represents array of longhand values. $has_missing_value = empty( $value ) && ! is_numeric( $value ); if ( $has_missing_value || is_array( $value ) ) { continue; } /* * Look up protected properties, keyed by value path. * Skip protected properties that are explicitly set to `null`. */ $path_string = implode( '.', $value_path ); if ( isset( static::PROTECTED_PROPERTIES[ $path_string ] ) && _wp_array_get( $settings, static::PROTECTED_PROPERTIES[ $path_string ], null ) === null ) { continue; } // Calculates fluid typography rules where available. if ( 'font-size' === $css_property ) { /* * wp_get_typography_font_size_value() will check * if fluid typography has been activated and also * whether the incoming value can be converted to a fluid value. * Values that already have a clamp() function will not pass the test, * and therefore the original $value will be returned. * Pass the current theme_json settings to override any global settings. */ $value = wp_get_typography_font_size_value( array( 'size' => $value ), $settings ); } if ( 'aspect-ratio' === $css_property ) { // For aspect ratio to work, other dimensions rules must be unset. // This ensures that a fixed height does not override the aspect ratio. $declarations[] = array( 'name' => 'min-height', 'value' => 'unset', ); } $declarations[] = array( 'name' => $css_property, 'value' => $value, ); } // If a variable value is added to the root, the corresponding property should be removed. foreach ( $root_variable_duplicates as $duplicate ) { $discard = array_search( $duplicate, array_column( $declarations, 'name' ), true ); if ( is_numeric( $discard ) ) { array_splice( $declarations, $discard, 1 ); } } return $declarations; } /** * Returns the style property for the given path. * * It also converts references to a path to the value * stored at that location, e.g. * { "ref": "style.color.background" } => "#fff". * * @since 5.8.0 * @since 5.9.0 Added support for values of array type, which are returned as is. * @since 6.1.0 Added the `$theme_json` parameter. * @since 6.3.0 It no longer converts the internal format "var:preset|color|secondary" * to the standard form "--wp--preset--color--secondary". * This is already done by the sanitize method, * so every property will be in the standard form. * @since 6.7.0 Added support for background image refs. * * @param array $styles Styles subtree. * @param array $path Which property to process. * @param array $theme_json Theme JSON array. * @return string|array Style property value. */ protected static function get_property_value( $styles, $path, $theme_json = null ) { $value = _wp_array_get( $styles, $path, '' ); if ( '' === $value || null === $value ) { // No need to process the value further. return ''; } /* * This converts references to a path to the value at that path * where the value is an array with a "ref" key, pointing to a path. * For example: { "ref": "style.color.background" } => "#fff". * In the case of backgroundImage, if both a ref and a URL are present in the value, * the URL takes precedence and the ref is ignored. */ if ( is_array( $value ) && isset( $value['ref'] ) ) { $value_path = explode( '.', $value['ref'] ); $ref_value = _wp_array_get( $theme_json, $value_path ); // Background Image refs can refer to a string or an array containing a URL string. $ref_value_url = $ref_value['url'] ?? null; // Only use the ref value if we find anything. if ( ! empty( $ref_value ) && ( is_string( $ref_value ) || is_string( $ref_value_url ) ) ) { $value = $ref_value; } if ( is_array( $ref_value ) && isset( $ref_value['ref'] ) ) { $path_string = json_encode( $path ); $ref_value_string = json_encode( $ref_value ); _doing_it_wrong( 'get_property_value', sprintf( /* translators: 1: theme.json, 2: Value name, 3: Value path, 4: Another value name. */ __( 'Your %1$s file uses a dynamic value (%2$s) for the path at %3$s. However, the value at %3$s is also a dynamic value (pointing to %4$s) and pointing to another dynamic value is not supported. Please update %3$s to point directly to %4$s.' ), 'theme.json', $ref_value_string, $path_string, $ref_value['ref'] ), '6.1.0' ); } } if ( is_array( $value ) ) { return $value; } return $value; } /** * Builds metadata for the setting nodes, which returns in the form of: * * [ * [ * 'path' => ['path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node' * ], * [ * 'path' => [ 'path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node' * ], * ] * * @since 5.8.0 * * @param array $theme_json The tree to extract setting nodes from. * @param array $selectors List of selectors per block. * @return array An array of setting nodes metadata. */ protected static function get_setting_nodes( $theme_json, $selectors = array() ) { $nodes = array(); if ( ! isset( $theme_json['settings'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'settings' ), 'selector' => static::ROOT_CSS_PROPERTIES_SELECTOR, ); // Calculate paths for blocks. if ( ! isset( $theme_json['settings']['blocks'] ) ) { return $nodes; } foreach ( $theme_json['settings']['blocks'] as $name => $node ) { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $nodes[] = array( 'path' => array( 'settings', 'blocks', $name ), 'selector' => $selector, ); } return $nodes; } /** * Builds metadata for the style nodes, which returns in the form of: * * [ * [ * 'path' => [ 'path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node', * 'duotone' => 'CSS selector for duotone for some node' * ], * [ * 'path' => ['path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node', * 'duotone' => null * ], * ] * * @since 5.8.0 * @since 6.6.0 Added options array for modifying generated nodes. * * @param array $theme_json The tree to extract style nodes from. * @param array $selectors List of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Includes style nodes for block style variations. Default false. * } * @return array An array of style nodes metadata. */ protected static function get_style_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'styles' ), 'selector' => static::ROOT_BLOCK_SELECTOR, ); if ( isset( $theme_json['styles']['elements'] ) ) { foreach ( self::ELEMENTS as $element => $selector ) { if ( ! isset( $theme_json['styles']['elements'][ $element ] ) ) { continue; } $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::ELEMENTS[ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['elements'][ $element ][ $pseudo_selector ] ) ) { $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::append_to_selector( static::ELEMENTS[ $element ], $pseudo_selector ), ); } } } } } // Blocks. if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $block_nodes = static::get_block_nodes( $theme_json, $selectors, $options ); foreach ( $block_nodes as $block_node ) { $nodes[] = $block_node; } /** * Filters the list of style nodes with metadata. * * This allows for things like loading block CSS independently. * * @since 6.1.0 * * @param array $nodes Style nodes with metadata. */ return apply_filters( 'wp_theme_json_get_style_nodes', $nodes ); } /** * A public helper to get the block nodes from a theme.json file. * * @since 6.1.0 * * @return array The block nodes in theme.json. */ public function get_styles_block_nodes() { return static::get_block_nodes( $this->theme_json ); } /** * Returns a filtered declarations array if there is a separator block with only a background * style defined in theme.json by adding a color attribute to reflect the changes in the front. * * @since 6.1.1 * * @param array $declarations List of declarations. * @return array $declarations List of declarations filtered. */ private static function update_separator_declarations( $declarations ) { $background_color = ''; $border_color_matches = false; $text_color_matches = false; foreach ( $declarations as $declaration ) { if ( 'background-color' === $declaration['name'] && ! $background_color && isset( $declaration['value'] ) ) { $background_color = $declaration['value']; } elseif ( 'border-color' === $declaration['name'] ) { $border_color_matches = true; } elseif ( 'color' === $declaration['name'] ) { $text_color_matches = true; } if ( $background_color && $border_color_matches && $text_color_matches ) { break; } } if ( $background_color && ! $border_color_matches && ! $text_color_matches ) { $declarations[] = array( 'name' => 'color', 'value' => $background_color, ); } return $declarations; } /** * An internal method to get the block nodes from a theme.json file. * * @since 6.1.0 * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Added optional selectors and options for generating block nodes. * @since 6.7.0 Added $include_node_paths_only option. * * @param array $theme_json The theme.json converted to an array. * @param array $selectors Optional list of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Include nodes for block style variations. Default false. * @type bool $include_node_paths_only Return only block nodes node paths. Default false. * } * @return array The block nodes in theme.json. */ private static function get_block_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $include_variations = $options['include_block_style_variations'] ?? false; $include_node_paths_only = $options['include_node_paths_only'] ?? false; // If only node paths are to be returned, skip selector assignment. if ( ! $include_node_paths_only ) { $selectors = empty( $selectors ) ? static::get_blocks_metadata() : $selectors; } foreach ( $theme_json['styles']['blocks'] as $name => $node ) { $node_path = array( 'styles', 'blocks', $name ); if ( $include_node_paths_only ) { $variation_paths = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $variation_node ) { $variation_paths[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), ); } } $node = array( 'path' => $node_path, ); if ( ! empty( $variation_paths ) ) { $node['variations'] = $variation_paths; } $nodes[] = $node; } else { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $duotone_selector = null; if ( isset( $selectors[ $name ]['duotone'] ) ) { $duotone_selector = $selectors[ $name ]['duotone']; } $feature_selectors = null; if ( isset( $selectors[ $name ]['selectors'] ) ) { $feature_selectors = $selectors[ $name ]['selectors']; } $variation_selectors = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $node ) { $variation_selectors[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), 'selector' => $selectors[ $name ]['styleVariations'][ $variation ], ); } } $nodes[] = array( 'name' => $name, 'path' => $node_path, 'selector' => $selector, 'selectors' => $feature_selectors, 'duotone' => $duotone_selector, 'features' => $feature_selectors, 'variations' => $variation_selectors, 'css' => $selector, ); } if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'] ) ) { foreach ( $theme_json['styles']['blocks'][ $name ]['elements'] as $element => $node ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); if ( $include_node_paths_only ) { $nodes[] = array( 'path' => $node_path, ); continue; } $nodes[] = array( 'path' => $node_path, 'selector' => $selectors[ $name ]['elements'][ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'][ $element ][ $pseudo_selector ] ) ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); $nodes[] = array( 'path' => $node_path, 'selector' => static::append_to_selector( $selectors[ $name ]['elements'][ $element ], $pseudo_selector ), ); } } } } } } return $nodes; } /** * Gets the CSS rules for a particular block from theme.json. * * @since 6.1.0 * @since 6.6.0 Setting a min-height of HTML when root styles have a background gradient or image. * Updated general global styles specificity to 0-1-0. * Fixed custom CSS output in block style variations. * * @param array $block_metadata Metadata about the block to get styles for. * @return string Styles for the block. */ public function get_styles_for_block( $block_metadata ) { $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; $selector = $block_metadata['selector']; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $feature_declarations = static::get_feature_declarations_for_node( $block_metadata, $node ); $is_root_selector = static::ROOT_BLOCK_SELECTOR === $selector; // If there are style variations, generate the declarations for them, including any feature selectors the block may have. $style_variation_declarations = array(); $style_variation_custom_css = array(); if ( ! empty( $block_metadata['variations'] ) ) { foreach ( $block_metadata['variations'] as $style_variation ) { $style_variation_node = _wp_array_get( $this->theme_json, $style_variation['path'], array() ); $clean_style_variation_selector = trim( $style_variation['selector'] ); // Generate any feature/subfeature style declarations for the current style variation. $variation_declarations = static::get_feature_declarations_for_node( $block_metadata, $style_variation_node ); // Combine selectors with style variation's selector and add to overall style variation declarations. foreach ( $variation_declarations as $current_selector => $new_declarations ) { /* * Clean up any whitespace between comma separated selectors. * This prevents these spaces breaking compound selectors such as: * - `.wp-block-list:not(.wp-block-list .wp-block-list)` * - `.wp-block-image img, .wp-block-image.my-class img` */ $clean_current_selector = preg_replace( '/,\s+/', ',', $current_selector ); $shortened_selector = str_replace( $block_metadata['selector'], '', $clean_current_selector ); // Prepend the variation selector to the current selector. $split_selectors = explode( ',', $shortened_selector ); $updated_selectors = array_map( static function ( $split_selector ) use ( $clean_style_variation_selector ) { return $clean_style_variation_selector . $split_selector; }, $split_selectors ); $combined_selectors = implode( ',', $updated_selectors ); // Add the new declarations to the overall results under the modified selector. $style_variation_declarations[ $combined_selectors ] = $new_declarations; } // Compute declarations for remaining styles not covered by feature level selectors. $style_variation_declarations[ $style_variation['selector'] ] = static::compute_style_properties( $style_variation_node, $settings, null, $this->theme_json ); // Store custom CSS for the style variation. if ( isset( $style_variation_node['css'] ) ) { $style_variation_custom_css[ $style_variation['selector'] ] = $this->process_blocks_custom_css( $style_variation_node['css'], $style_variation['selector'] ); } } } /* * Get a reference to element name from path. * $block_metadata['path'] = array( 'styles','elements','link' ); * Make sure that $block_metadata['path'] describes an element node, like [ 'styles', 'element', 'link' ]. * Skip non-element paths like just ['styles']. */ $is_processing_element = in_array( 'elements', $block_metadata['path'], true ); $current_element = $is_processing_element ? $block_metadata['path'][ count( $block_metadata['path'] ) - 1 ] : null; $element_pseudo_allowed = array(); if ( isset( $current_element, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { $element_pseudo_allowed = static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ]; } /* * Check for allowed pseudo classes (e.g. ":hover") from the $selector ("a:hover"). * This also resets the array keys. */ $pseudo_matches = array_values( array_filter( $element_pseudo_allowed, static function ( $pseudo_selector ) use ( $selector ) { /* * Check if the pseudo selector is in the current selector, * ensuring it is not followed by a dash (e.g., :focus should not match :focus-visible). */ return preg_match( '/' . preg_quote( $pseudo_selector, '/' ) . '(?!-)/', $selector ) === 1; } ) ); $pseudo_selector = isset( $pseudo_matches[0] ) ? $pseudo_matches[0] : null; /* * If the current selector is a pseudo selector that's defined in the allow list for the current * element then compute the style properties for it. * Otherwise just compute the styles for the default selector as normal. */ if ( $pseudo_selector && isset( $node[ $pseudo_selector ] ) && isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) && in_array( $pseudo_selector, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ], true ) ) { $declarations = static::compute_style_properties( $node[ $pseudo_selector ], $settings, null, $this->theme_json, $selector, $use_root_padding ); } else { $declarations = static::compute_style_properties( $node, $settings, null, $this->theme_json, $selector, $use_root_padding ); } $block_rules = ''; /* * 1. Bespoke declaration modifiers: * - 'filter': Separate the declarations that use the general selector * from the ones using the duotone selector. * - 'background|background-image': set the html min-height to 100% * to ensure the background covers the entire viewport. */ $declarations_duotone = array(); $should_set_root_min_height = false; foreach ( $declarations as $index => $declaration ) { if ( 'filter' === $declaration['name'] ) { /* * 'unset' filters happen when a filter is unset * in the site-editor UI. Because the 'unset' value * in the user origin overrides the value in the * theme origin, we can skip rendering anything * here as no filter needs to be applied anymore. * So only add declarations to with values other * than 'unset'. */ if ( 'unset' !== $declaration['value'] ) { $declarations_duotone[] = $declaration; } unset( $declarations[ $index ] ); } if ( $is_root_selector && ( 'background-image' === $declaration['name'] || 'background' === $declaration['name'] ) ) { $should_set_root_min_height = true; } } /* * If root styles has a background-image or a background (gradient) set, * set the min-height to '100%'. Minus `--wp-admin--admin-bar--height` for logged-in view. * Setting the CSS rule on the HTML tag ensures background gradients and images behave similarly, * and matches the behavior of the site editor. */ if ( $should_set_root_min_height ) { $block_rules .= static::to_ruleset( 'html', array( array( 'name' => 'min-height', 'value' => 'calc(100% - var(--wp-admin--admin-bar--height, 0px))', ), ) ); } // Update declarations if there are separators with only background color defined. if ( '.wp-block-separator' === $selector ) { $declarations = static::update_separator_declarations( $declarations ); } /* * Root selector (body) styles should not be wrapped in `:root where()` to keep * specificity at (0,0,1) and maintain backwards compatibility. * * Top-level element styles using element-only specificity selectors should * not get wrapped in `:root :where()` to maintain backwards compatibility. * * Pseudo classes, e.g. :hover, :focus etc., are a class-level selector so * still need to be wrapped in `:root :where` to cap specificity for nested * variations etc. Pseudo selectors won't match the ELEMENTS selector exactly. */ $element_only_selector = $is_root_selector || ( $current_element && isset( static::ELEMENTS[ $current_element ] ) && // buttons, captions etc. still need `:root :where()` as they are class based selectors. ! isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $current_element ] ) && static::ELEMENTS[ $current_element ] === $selector ); // 2. Generate and append the rules that use the general selector. $general_selector = $element_only_selector ? $selector : ":root :where($selector)"; $block_rules .= static::to_ruleset( $general_selector, $declarations ); // 3. Generate and append the rules that use the duotone selector. if ( isset( $block_metadata['duotone'] ) && ! empty( $declarations_duotone ) ) { $block_rules .= static::to_ruleset( $block_metadata['duotone'], $declarations_duotone ); } // 4. Generate Layout block gap styles. if ( ! $is_root_selector && ! empty( $block_metadata['name'] ) ) { $block_rules .= $this->get_layout_styles( $block_metadata ); } // 5. Generate and append the feature level rulesets. foreach ( $feature_declarations as $feature_selector => $individual_feature_declarations ) { $block_rules .= static::to_ruleset( ":root :where($feature_selector)", $individual_feature_declarations ); } // 6. Generate and append the style variation rulesets. foreach ( $style_variation_declarations as $style_variation_selector => $individual_style_variation_declarations ) { $block_rules .= static::to_ruleset( ":root :where($style_variation_selector)", $individual_style_variation_declarations ); if ( isset( $style_variation_custom_css[ $style_variation_selector ] ) ) { $block_rules .= $style_variation_custom_css[ $style_variation_selector ]; } } // 7. Generate and append any custom CSS rules. if ( isset( $node['css'] ) && ! $is_root_selector ) { $block_rules .= $this->process_blocks_custom_css( $node['css'], $selector ); } return $block_rules; } /** * Outputs the CSS for layout rules on the root. * * @since 6.1.0 * @since 6.6.0 Use `ROOT_CSS_PROPERTIES_SELECTOR` for CSS custom properties and improved consistency of root padding rules. * Updated specificity of body margin reset and first/last child selectors. * * @param string $selector The root node selector. * @param array $block_metadata The metadata for the root block. * @return string The additional root rules CSS. */ public function get_root_layout_rules( $selector, $block_metadata ) { $css = ''; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; /* * If there are content and wide widths in theme.json, output them * as custom properties on the body element so all blocks can use them. */ if ( isset( $settings['layout']['contentSize'] ) || isset( $settings['layout']['wideSize'] ) ) { $content_size = isset( $settings['layout']['contentSize'] ) ? $settings['layout']['contentSize'] : $settings['layout']['wideSize']; $content_size = static::is_safe_css_declaration( 'max-width', $content_size ) ? $content_size : 'initial'; $wide_size = isset( $settings['layout']['wideSize'] ) ? $settings['layout']['wideSize'] : $settings['layout']['contentSize']; $wide_size = static::is_safe_css_declaration( 'max-width', $wide_size ) ? $wide_size : 'initial'; $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . ' { --wp--style--global--content-size: ' . $content_size . ';'; $css .= '--wp--style--global--wide-size: ' . $wide_size . '; }'; } /* * Reset default browser margin on the body element. * This is set on the body selector **before** generating the ruleset * from the `theme.json`. This is to ensure that if the `theme.json` declares * `margin` in its `spacing` declaration for the `body` element then these * user-generated values take precedence in the CSS cascade. * @link https://github.com/WordPress/gutenberg/issues/36147. */ $css .= ':where(body) { margin: 0; }'; if ( $use_root_padding ) { // Top and bottom padding are applied to the outer block container. $css .= '.wp-site-blocks { padding-top: var(--wp--style--root--padding-top); padding-bottom: var(--wp--style--root--padding-bottom); }'; // Right and left padding are applied to the first container with `.has-global-padding` class. $css .= '.has-global-padding { padding-right: var(--wp--style--root--padding-right); padding-left: var(--wp--style--root--padding-left); }'; // Alignfull children of the container with left and right padding have negative margins so they can still be full width. $css .= '.has-global-padding > .alignfull { margin-right: calc(var(--wp--style--root--padding-right) * -1); margin-left: calc(var(--wp--style--root--padding-left) * -1); }'; // Nested children of the container with left and right padding that are not full aligned do not get padding, unless they are direct children of an alignfull flow container. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) { padding-right: 0; padding-left: 0; }'; // Alignfull direct children of the containers that are targeted by the rule above do not need negative margins. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) > .alignfull { margin-left: 0; margin-right: 0; }'; } $css .= '.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }'; $css .= '.wp-site-blocks > .alignright { float: right; margin-left: 2em; }'; $css .= '.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }'; // Block gap styles will be output unless explicitly set to `null`. See static::PROTECTED_PROPERTIES. if ( isset( $this->theme_json['settings']['spacing']['blockGap'] ) ) { $block_gap_value = static::get_property_value( $this->theme_json, array( 'styles', 'spacing', 'blockGap' ) ); $css .= ":where(.wp-site-blocks) > * { margin-block-start: $block_gap_value; margin-block-end: 0; }"; $css .= ':where(.wp-site-blocks) > :first-child { margin-block-start: 0; }'; $css .= ':where(.wp-site-blocks) > :last-child { margin-block-end: 0; }'; // For backwards compatibility, ensure the legacy block gap CSS variable is still available. $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . " { --wp--style--block-gap: $block_gap_value; }"; } $css .= $this->get_layout_styles( $block_metadata ); return $css; } /** * For metadata values that can either be booleans or paths to booleans, gets the value. * * $data = array( * 'color' => array( * 'defaultPalette' => true * ) * ); * * static::get_metadata_boolean( $data, false ); * // => false * * static::get_metadata_boolean( $data, array( 'color', 'defaultPalette' ) ); * // => true * * @since 6.0.0 * * @param array $data The data to inspect. * @param bool|array $path Boolean or path to a boolean. * @param bool $default_value Default value if the referenced path is missing. * Default false. * @return bool Value of boolean metadata. */ protected static function get_metadata_boolean( $data, $path, $default_value = false ) { if ( is_bool( $path ) ) { return $path; } if ( is_array( $path ) ) { $value = _wp_array_get( $data, $path ); if ( null !== $value ) { return $value; } } return $default_value; } /** * Merges new incoming data. * * @since 5.8.0 * @since 5.9.0 Duotone preset also has origins. * @since 6.7.0 Replace background image objects during merge. * * @param WP_Theme_JSON $incoming Data to merge. */ public function merge( $incoming ) { $incoming_data = $incoming->get_raw_data(); $this->theme_json = array_replace_recursive( $this->theme_json, $incoming_data ); /* * Recompute all the spacing sizes based on the new hierarchy of data. In the constructor * spacingScale and spacingSizes are both keyed by origin and VALID_ORIGINS is ordered, so * we can allow partial spacingScale data to inherit missing data from earlier layers when * computing the spacing sizes. * * This happens before the presets are merged to ensure that default spacing sizes can be * removed from the theme origin if $prevent_override is true. */ $flattened_spacing_scale = array(); foreach ( static::VALID_ORIGINS as $origin ) { $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); // Apply the base spacing scale to the current layer. $base_spacing_scale = _wp_array_get( $this->theme_json, $scale_path, array() ); $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $base_spacing_scale ); $spacing_scale = _wp_array_get( $incoming_data, $scale_path, null ); if ( ! isset( $spacing_scale ) ) { continue; } // Allow partial scale settings by merging with lower layers. $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $spacing_scale ); // Generate and merge the scales for this layer. $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $incoming_data, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $flattened_spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $incoming_data, $sizes_path, $merged_spacing_sizes ); } /* * The array_replace_recursive algorithm merges at the leaf level, * but we don't want leaf arrays to be merged, so we overwrite it. * * For leaf values that are sequential arrays it will use the numeric indexes for replacement. * We rather replace the existing with the incoming value, if it exists. * This is the case of spacing.units. * * For leaf values that are associative arrays it will merge them as expected. * This is also not the behavior we want for the current associative arrays (presets). * We rather replace the existing with the incoming value, if it exists. * This happens, for example, when we merge data from theme.json upon existing * theme supports or when we merge anything coming from the same source twice. * This is the case of color.palette, color.gradients, color.duotone, * typography.fontSizes, or typography.fontFamilies. * * Additionally, for some preset types, we also want to make sure the * values they introduce don't conflict with default values. We do so * by checking the incoming slugs for theme presets and compare them * with the equivalent default presets: if a slug is present as a default * we remove it from the theme presets. */ $nodes = static::get_setting_nodes( $incoming_data ); $slugs_global = static::get_default_slugs( $this->theme_json, array( 'settings' ) ); foreach ( $nodes as $node ) { // Replace the spacing.units. $path = $node['path']; $path[] = 'spacing'; $path[] = 'units'; $content = _wp_array_get( $incoming_data, $path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $path, $content ); } // Replace the presets. foreach ( static::PRESETS_METADATA as $preset_metadata ) { $prevent_override = $preset_metadata['prevent_override']; if ( is_array( $prevent_override ) ) { $global_path = array_merge( array( 'settings' ), $prevent_override ); $global_value = _wp_array_get( $this->theme_json, $global_path, null ); $node_level_path = array_merge( $node['path'], $prevent_override ); $prevent_override = _wp_array_get( $this->theme_json, $node_level_path, $global_value ); } foreach ( static::VALID_ORIGINS as $origin ) { $base_path = $node['path']; foreach ( $preset_metadata['path'] as $leaf ) { $base_path[] = $leaf; } $path = $base_path; $path[] = $origin; $content = _wp_array_get( $incoming_data, $path, null ); if ( ! isset( $content ) ) { continue; } // Set names for theme presets based on the slug if they are not set and can use default names. if ( 'theme' === $origin && $preset_metadata['use_default_names'] ) { foreach ( $content as $key => $item ) { if ( ! isset( $item['name'] ) ) { $name = static::get_name_from_defaults( $item['slug'], $base_path ); if ( null !== $name ) { $content[ $key ]['name'] = $name; } } } } // Filter out default slugs from theme presets when defaults should not be overridden. if ( 'theme' === $origin && $prevent_override ) { $slugs_node = static::get_default_slugs( $this->theme_json, $node['path'] ); $preset_global = _wp_array_get( $slugs_global, $preset_metadata['path'], array() ); $preset_node = _wp_array_get( $slugs_node, $preset_metadata['path'], array() ); $preset_slugs = array_merge_recursive( $preset_global, $preset_node ); $content = static::filter_slugs( $content, $preset_slugs ); } _wp_array_set( $this->theme_json, $path, $content ); } } } /* * Style values are merged at the leaf level, however * some values provide exceptions, namely style values that are * objects and represent unique definitions for the style. */ $style_nodes = static::get_block_nodes( $this->theme_json, array(), array( 'include_node_paths_only' => true ) ); // Add top-level styles. $style_nodes[] = array( 'path' => array( 'styles' ) ); foreach ( $style_nodes as $style_node ) { $path = $style_node['path']; /* * Background image styles should be replaced, not merged, * as they themselves are specific object definitions for the style. */ $background_image_path = array_merge( $path, static::PROPERTIES_METADATA['background-image'] ); $content = _wp_array_get( $incoming_data, $background_image_path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $background_image_path, $content ); } } } /** * Converts all filter (duotone) presets into SVGs. * * @since 5.9.1 * * @param array $origins List of origins to process. * @return string SVG filters. */ public function get_svg_filters( $origins ) { $blocks_metadata = static::get_blocks_metadata(); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $filters = ''; foreach ( $setting_nodes as $metadata ) { $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); if ( empty( $node['color']['duotone'] ) ) { continue; } $duotone_presets = $node['color']['duotone']; foreach ( $origins as $origin ) { if ( ! isset( $duotone_presets[ $origin ] ) ) { continue; } foreach ( $duotone_presets[ $origin ] as $duotone_preset ) { $filters .= WP_Duotone::get_filter_svg_from_preset( $duotone_preset ); } } } return $filters; } /** * Determines whether a presets should be overridden or not. * * @since 5.9.0 * @deprecated 6.0.0 Use {@see 'get_metadata_boolean'} instead. * * @param array $theme_json The theme.json like structure to inspect. * @param array $path Path to inspect. * @param bool|array $override Data to compute whether to override the preset. * @return bool */ protected static function should_override_preset( $theme_json, $path, $override ) { _deprecated_function( __METHOD__, '6.0.0', 'get_metadata_boolean' ); if ( is_bool( $override ) ) { return $override; } /* * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults. */ if ( is_array( $override ) ) { $value = _wp_array_get( $theme_json, array_merge( $path, $override ) ); if ( isset( $value ) ) { return ! $value; } // Search the top-level key if none was found for this node. $value = _wp_array_get( $theme_json, array_merge( array( 'settings' ), $override ) ); if ( isset( $value ) ) { return ! $value; } return true; } } /** * Returns the default slugs for all the presets in an associative array * whose keys are the preset paths and the leaves is the list of slugs. * * For example: * * array( * 'color' => array( * 'palette' => array( 'slug-1', 'slug-2' ), * 'gradients' => array( 'slug-3', 'slug-4' ), * ), * ) * * @since 5.9.0 * * @param array $data A theme.json like structure. * @param array $node_path The path to inspect. It's 'settings' by default. * @return array */ protected static function get_default_slugs( $data, $node_path ) { $slugs = array(); foreach ( static::PRESETS_METADATA as $metadata ) { $path = $node_path; foreach ( $metadata['path'] as $leaf ) { $path[] = $leaf; } $path[] = 'default'; $preset = _wp_array_get( $data, $path, null ); if ( ! isset( $preset ) ) { continue; } $slugs_for_preset = array(); foreach ( $preset as $item ) { if ( isset( $item['slug'] ) ) { $slugs_for_preset[] = $item['slug']; } } _wp_array_set( $slugs, $metadata['path'], $slugs_for_preset ); } return $slugs; } /** * Gets a `default`'s preset name by a provided slug. * * @since 5.9.0 * * @param string $slug The slug we want to find a match from default presets. * @param array $base_path The path to inspect. It's 'settings' by default. * @return string|null */ protected function get_name_from_defaults( $slug, $base_path ) { $path = $base_path; $path[] = 'default'; $default_content = _wp_array_get( $this->theme_json, $path, null ); if ( ! $default_content ) { return null; } foreach ( $default_content as $item ) { if ( $slug === $item['slug'] ) { return $item['name']; } } return null; } /** * Removes the preset values whose slug is equal to any of given slugs. * * @since 5.9.0 * * @param array $node The node with the presets to validate. * @param array $slugs The slugs that should not be overridden. * @return array The new node. */ protected static function filter_slugs( $node, $slugs ) { if ( empty( $slugs ) ) { return $node; } $new_node = array(); foreach ( $node as $value ) { if ( isset( $value['slug'] ) && ! in_array( $value['slug'], $slugs, true ) ) { $new_node[] = $value; } } return $new_node; } /** * Removes insecure data from theme.json. * * @since 5.9.0 * @since 6.3.2 Preserves global styles block variations when securing styles. * @since 6.6.0 Updated to allow variation element styles and $origin parameter. * * @param array $theme_json Structure to sanitize. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. * @return array Sanitized structure. */ public static function remove_insecure_properties( $theme_json, $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $sanitized = array(); $theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $theme_json = static::sanitize( $theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $blocks_metadata = static::get_blocks_metadata(); $style_options = array( 'include_block_style_variations' => true ); // Allow variations data. $style_nodes = static::get_style_nodes( $theme_json, $blocks_metadata, $style_options ); foreach ( $style_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } // The global styles custom CSS is not sanitized, but can only be edited by users with 'edit_css' capability. if ( isset( $input['css'] ) && current_user_can( 'edit_css' ) ) { $output = $input; } else { $output = static::remove_insecure_styles( $input ); } /* * Get a reference to element name from path. * $metadata['path'] = array( 'styles', 'elements', 'link' ); */ $current_element = $metadata['path'][ count( $metadata['path'] ) - 1 ]; /* * $output is stripped of pseudo selectors. Re-add and process them * or insecure styles here. */ if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] as $pseudo_selector ) { if ( isset( $input[ $pseudo_selector ] ) ) { $output[ $pseudo_selector ] = static::remove_insecure_styles( $input[ $pseudo_selector ] ); } } } if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } if ( isset( $metadata['variations'] ) ) { foreach ( $metadata['variations'] as $variation ) { $variation_input = _wp_array_get( $theme_json, $variation['path'], array() ); if ( empty( $variation_input ) ) { continue; } $variation_output = static::remove_insecure_styles( $variation_input ); if ( isset( $variation_input['blocks'] ) ) { $variation_output['blocks'] = static::remove_insecure_inner_block_styles( $variation_input['blocks'] ); } if ( isset( $variation_input['elements'] ) ) { $variation_output['elements'] = static::remove_insecure_element_styles( $variation_input['elements'] ); } if ( ! empty( $variation_output ) ) { _wp_array_set( $sanitized, $variation['path'], $variation_output ); } } } } $setting_nodes = static::get_setting_nodes( $theme_json ); foreach ( $setting_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } $output = static::remove_insecure_settings( $input ); if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } } if ( empty( $sanitized['styles'] ) ) { unset( $theme_json['styles'] ); } else { $theme_json['styles'] = $sanitized['styles']; } if ( empty( $sanitized['settings'] ) ) { unset( $theme_json['settings'] ); } else { $theme_json['settings'] = $sanitized['settings']; } return $theme_json; } /** * Remove insecure element styles within a variation or block. * * @since 6.8.0 * * @param array $elements The elements to process. * @return array The sanitized elements styles. */ protected static function remove_insecure_element_styles( $elements ) { $sanitized = array(); $valid_element_names = array_keys( static::ELEMENTS ); foreach ( $valid_element_names as $element_name ) { $element_input = $elements[ $element_name ] ?? null; if ( $element_input ) { $element_output = static::remove_insecure_styles( $element_input ); if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] as $pseudo_selector ) { if ( isset( $element_input[ $pseudo_selector ] ) ) { $element_output[ $pseudo_selector ] = static::remove_insecure_styles( $element_input[ $pseudo_selector ] ); } } } $sanitized[ $element_name ] = $element_output; } } return $sanitized; } /** * Remove insecure styles from inner blocks and their elements. * * @since 6.8.0 * * @param array $blocks The block styles to process. * @return array Sanitized block type styles. */ protected static function remove_insecure_inner_block_styles( $blocks ) { $sanitized = array(); foreach ( $blocks as $block_type => $block_input ) { $block_output = static::remove_insecure_styles( $block_input ); if ( isset( $block_input['elements'] ) ) { $block_output['elements'] = static::remove_insecure_element_styles( $block_input['elements'] ); } $sanitized[ $block_type ] = $block_output; } return $sanitized; } /** * Processes a setting node and returns the same node * without the insecure settings. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_settings( $input ) { $output = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { foreach ( static::VALID_ORIGINS as $origin ) { $path_with_origin = $preset_metadata['path']; $path_with_origin[] = $origin; $presets = _wp_array_get( $input, $path_with_origin, null ); if ( null === $presets ) { continue; } $escaped_preset = array(); foreach ( $presets as $preset ) { if ( esc_attr( esc_html( $preset['name'] ) ) === $preset['name'] && sanitize_html_class( $preset['slug'] ) === $preset['slug'] ) { $value = null; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value = $preset[ $preset_metadata['value_key'] ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value = call_user_func( $preset_metadata['value_func'], $preset ); } $preset_is_valid = true; foreach ( $preset_metadata['properties'] as $property ) { if ( ! static::is_safe_css_declaration( $property, $value ) ) { $preset_is_valid = false; break; } } if ( $preset_is_valid ) { $escaped_preset[] = $preset; } } } if ( ! empty( $escaped_preset ) ) { _wp_array_set( $output, $path_with_origin, $escaped_preset ); } } } // Ensure indirect properties not included in any `PRESETS_METADATA` value are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Processes a style node and returns the same node * without the insecure styles. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_styles( $input ) { $output = array(); $declarations = static::compute_style_properties( $input ); foreach ( $declarations as $declaration ) { if ( static::is_safe_css_declaration( $declaration['name'], $declaration['value'] ) ) { $path = static::PROPERTIES_METADATA[ $declaration['name'] ]; /* * Check the value isn't an array before adding so as to not * double up shorthand and longhand styles. */ $value = _wp_array_get( $input, $path, array() ); if ( ! is_array( $value ) ) { _wp_array_set( $output, $path, $value ); } } } // Ensure indirect properties not handled by `compute_style_properties` are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Checks that a declaration provided by the user is safe. * * @since 5.9.0 * * @param string $property_name Property name in a CSS declaration, i.e. the `color` in `color: red`. * @param string $property_value Value in a CSS declaration, i.e. the `red` in `color: red`. * @return bool */ protected static function is_safe_css_declaration( $property_name, $property_value ) { $style_to_validate = $property_name . ': ' . $property_value; $filtered = esc_html( safecss_filter_attr( $style_to_validate ) ); return ! empty( trim( $filtered ) ); } /** * Removes indirect properties from the given input node and * sets in the given output node. * * @since 6.2.0 * * @param array $input Node to process. * @param array $output The processed node. Passed by reference. */ private static function remove_indirect_properties( $input, &$output ) { foreach ( static::INDIRECT_PROPERTIES_METADATA as $property => $paths ) { foreach ( $paths as $path ) { $value = _wp_array_get( $input, $path ); if ( is_string( $value ) && static::is_safe_css_declaration( $property, $value ) ) { _wp_array_set( $output, $path, $value ); } } } } /** * Returns the raw data. * * @since 5.8.0 * * @return array Raw data. */ public function get_raw_data() { return $this->theme_json; } /** * Transforms the given editor settings according the * add_theme_support format to the theme.json format. * * @since 5.8.0 * * @param array $settings Existing editor settings. * @return array Config that adheres to the theme.json schema. */ public static function get_from_editor_settings( $settings ) { $theme_settings = array( 'version' => static::LATEST_SCHEMA, 'settings' => array(), ); // Deprecated theme supports. if ( isset( $settings['disableCustomColors'] ) ) { $theme_settings['settings']['color']['custom'] = ! $settings['disableCustomColors']; } if ( isset( $settings['disableCustomGradients'] ) ) { $theme_settings['settings']['color']['customGradient'] = ! $settings['disableCustomGradients']; } if ( isset( $settings['disableCustomFontSizes'] ) ) { $theme_settings['settings']['typography']['customFontSize'] = ! $settings['disableCustomFontSizes']; } if ( isset( $settings['enableCustomLineHeight'] ) ) { $theme_settings['settings']['typography']['lineHeight'] = $settings['enableCustomLineHeight']; } if ( isset( $settings['enableCustomUnits'] ) ) { $theme_settings['settings']['spacing']['units'] = ( true === $settings['enableCustomUnits'] ) ? array( 'px', 'em', 'rem', 'vh', 'vw', '%' ) : $settings['enableCustomUnits']; } if ( isset( $settings['colors'] ) ) { $theme_settings['settings']['color']['palette'] = $settings['colors']; } if ( isset( $settings['gradients'] ) ) { $theme_settings['settings']['color']['gradients'] = $settings['gradients']; } if ( isset( $settings['fontSizes'] ) ) { $font_sizes = $settings['fontSizes']; // Back-compatibility for presets without units. foreach ( $font_sizes as $key => $font_size ) { if ( is_numeric( $font_size['size'] ) ) { $font_sizes[ $key ]['size'] = $font_size['size'] . 'px'; } } $theme_settings['settings']['typography']['fontSizes'] = $font_sizes; } if ( isset( $settings['enableCustomSpacing'] ) ) { $theme_settings['settings']['spacing']['padding'] = $settings['enableCustomSpacing']; } if ( isset( $settings['spacingSizes'] ) ) { $theme_settings['settings']['spacing']['spacingSizes'] = $settings['spacingSizes']; } return $theme_settings; } /** * Returns the current theme's wanted patterns(slugs) to be * registered from Pattern Directory. * * @since 6.0.0 * * @return string[] */ public function get_patterns() { if ( isset( $this->theme_json['patterns'] ) && is_array( $this->theme_json['patterns'] ) ) { return $this->theme_json['patterns']; } return array(); } /** * Returns a valid theme.json as provided by a theme. * * Unlike get_raw_data() this returns the presets flattened, as provided by a theme. * This also uses appearanceTools instead of their opt-ins if all of them are true. * * @since 6.0.0 * * @return array */ public function get_data() { $output = $this->theme_json; $nodes = static::get_setting_nodes( $output ); /** * Flatten the theme & custom origins into a single one. * * For example, the following: * * { * "settings": { * "color": { * "palette": { * "theme": [ {} ], * "custom": [ {} ] * } * } * } * } * * will be converted to: * * { * "settings": { * "color": { * "palette": [ {} ] * } * } * } */ foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $preset_metadata_path ) { $path[] = $preset_metadata_path; } $preset = _wp_array_get( $output, $path, null ); if ( null === $preset ) { continue; } $items = array(); if ( isset( $preset['theme'] ) ) { foreach ( $preset['theme'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } if ( isset( $preset['custom'] ) ) { foreach ( $preset['custom'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } $flattened_preset = array(); foreach ( $items as $slug => $value ) { $flattened_preset[] = array_merge( array( 'slug' => (string) $slug ), $value ); } _wp_array_set( $output, $path, $flattened_preset ); } } /* * If all of the static::APPEARANCE_TOOLS_OPT_INS are true, * this code unsets them and sets 'appearanceTools' instead. */ foreach ( $nodes as $node ) { $all_opt_ins_are_set = true; foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( 'unset prop' === $opt_in_value ) { $all_opt_ins_are_set = false; break; } } if ( $all_opt_ins_are_set ) { $node_path_with_appearance_tools = $node['path']; $node_path_with_appearance_tools[] = 'appearanceTools'; _wp_array_set( $output, $node_path_with_appearance_tools, true ); foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( true !== $opt_in_value ) { continue; } /* * The following could be improved to be path independent. * At the moment it relies on a couple of assumptions: * * - all opt-ins having a path of size 2. * - there's two sources of settings: the top-level and the block-level. */ if ( ( 1 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) ) { // Top-level settings. unset( $output['settings'][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings'][ $opt_in_path[0] ] ) ) { unset( $output['settings'][ $opt_in_path[0] ] ); } } elseif ( ( 3 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) && ( 'blocks' === $node['path'][1] ) ) { // Block-level settings. $block_name = $node['path'][2]; unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ) ) { unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ); } } } } } wp_recursive_ksort( $output ); return $output; } /** * Sets the spacingSizes array based on the spacingScale values from theme.json. * * @since 6.1.0 * @deprecated 6.6.0 No longer used as the spacingSizes are automatically * generated in the constructor and merge methods instead * of manually after instantiation. * * @return null|void */ public function set_spacing_sizes() { _deprecated_function( __METHOD__, '6.6.0' ); $spacing_scale = isset( $this->theme_json['settings']['spacing']['spacingScale'] ) ? $this->theme_json['settings']['spacing']['spacingScale'] : array(); if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || ! isset( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) ) { if ( ! empty( $spacing_scale ) ) { wp_trigger_error( __METHOD__, sprintf( /* translators: 1: theme.json, 2: settings.spacing.spacingScale */ __( 'Some of the %1$s %2$s values are invalid' ), 'theme.json', 'settings.spacing.spacingScale' ), E_USER_NOTICE ); } return null; } // If theme authors want to prevent the generation of the core spacing scale they can set their theme.json spacingScale.steps to 0. if ( 0 === $spacing_scale['steps'] ) { return null; } $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); // If there are 7 or fewer steps in the scale revert to numbers for labels instead of t-shirt sizes. if ( $spacing_scale['steps'] <= 7 ) { for ( $spacing_sizes_count = 0; $spacing_sizes_count < count( $spacing_sizes ); $spacing_sizes_count++ ) { $spacing_sizes[ $spacing_sizes_count ]['name'] = (string) ( $spacing_sizes_count + 1 ); } } _wp_array_set( $this->theme_json, array( 'settings', 'spacing', 'spacingSizes', 'default' ), $spacing_sizes ); } /** * Merges two sets of spacing size presets. * * @since 6.6.0 * * @param array $base The base set of spacing sizes. * @param array $incoming The set of spacing sizes to merge with the base. Duplicate slugs will override the base values. * @return array The merged set of spacing sizes. */ private static function merge_spacing_sizes( $base, $incoming ) { // Preserve the order if there are no base (spacingScale) values. if ( empty( $base ) ) { return $incoming; } $merged = array(); foreach ( $base as $item ) { $merged[ $item['slug'] ] = $item; } foreach ( $incoming as $item ) { $merged[ $item['slug'] ] = $item; } ksort( $merged, SORT_NUMERIC ); return array_values( $merged ); } /** * Generates a set of spacing sizes by starting with a medium size and * applying an operator with an increment value to generate the rest of the * sizes outward from the medium size. The medium slug is '50' with the rest * of the slugs being 10 apart. The generated names use t-shirt sizing. * * Example: * * $spacing_scale = array( * 'steps' => 4, * 'mediumStep' => 16, * 'unit' => 'px', * 'operator' => '+', * 'increment' => 2, * ); * $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); * // -> array( * // array( 'name' => 'Small', 'slug' => '40', 'size' => '14px' ), * // array( 'name' => 'Medium', 'slug' => '50', 'size' => '16px' ), * // array( 'name' => 'Large', 'slug' => '60', 'size' => '18px' ), * // array( 'name' => 'X-Large', 'slug' => '70', 'size' => '20px' ), * // ) * * @since 6.6.0 * * @param array $spacing_scale { * The spacing scale values. All are required. * * @type int $steps The number of steps in the scale. (up to 10 steps are supported.) * @type float $mediumStep The middle value that gets the slug '50'. (For even number of steps, this becomes the first middle value.) * @type string $unit The CSS unit to use for the sizes. * @type string $operator The mathematical operator to apply to generate the other sizes. Either '+' or '*'. * @type float $increment The value used with the operator to generate the other sizes. * } * @return array The spacing sizes presets or an empty array if some spacing scale values are missing or invalid. */ private static function compute_spacing_sizes( $spacing_scale ) { /* * This condition is intentionally missing some checks on ranges for the values in order to * keep backwards compatibility with the previous implementation. */ if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || 0 === $spacing_scale['steps'] || ! isset( $spacing_scale['mediumStep'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['increment'] ) ) { return array(); } $unit = '%' === $spacing_scale['unit'] ? '%' : sanitize_title( $spacing_scale['unit'] ); $current_step = $spacing_scale['mediumStep']; $steps_mid_point = round( $spacing_scale['steps'] / 2, 0 ); $x_small_count = null; $below_sizes = array(); $slug = 40; $remainder = 0; for ( $below_midpoint_count = $steps_mid_point - 1; $spacing_scale['steps'] > 1 && $slug > 0 && $below_midpoint_count > 0; $below_midpoint_count-- ) { if ( '+' === $spacing_scale['operator'] ) { $current_step -= $spacing_scale['increment']; } elseif ( $spacing_scale['increment'] > 1 ) { $current_step /= $spacing_scale['increment']; } else { $current_step *= $spacing_scale['increment']; } if ( $current_step <= 0 ) { $remainder = $below_midpoint_count; break; } $below_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Small. */ 'name' => $below_midpoint_count === $steps_mid_point - 1 ? __( 'Small' ) : sprintf( __( '%sX-Small' ), (string) $x_small_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( $below_midpoint_count === $steps_mid_point - 2 ) { $x_small_count = 2; } if ( $below_midpoint_count < $steps_mid_point - 2 ) { ++$x_small_count; } $slug -= 10; } $below_sizes = array_reverse( $below_sizes ); $below_sizes[] = array( 'name' => __( 'Medium' ), 'slug' => '50', 'size' => $spacing_scale['mediumStep'] . $unit, ); $current_step = $spacing_scale['mediumStep']; $x_large_count = null; $above_sizes = array(); $slug = 60; $steps_above = ( $spacing_scale['steps'] - $steps_mid_point ) + $remainder; for ( $above_midpoint_count = 0; $above_midpoint_count < $steps_above; $above_midpoint_count++ ) { $current_step = '+' === $spacing_scale['operator'] ? $current_step + $spacing_scale['increment'] : ( $spacing_scale['increment'] >= 1 ? $current_step * $spacing_scale['increment'] : $current_step / $spacing_scale['increment'] ); $above_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Large. */ 'name' => 0 === $above_midpoint_count ? __( 'Large' ) : sprintf( __( '%sX-Large' ), (string) $x_large_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( 1 === $above_midpoint_count ) { $x_large_count = 2; } if ( $above_midpoint_count > 1 ) { ++$x_large_count; } $slug += 10; } $spacing_sizes = $below_sizes; foreach ( $above_sizes as $above_sizes_item ) { $spacing_sizes[] = $above_sizes_item; } return $spacing_sizes; } /** * This is used to convert the internal representation of variables to the CSS representation. * For example, `var:preset|color|vivid-green-cyan` becomes `var(--wp--preset--color--vivid-green-cyan)`. * * @since 6.3.0 * * @param string $value The variable such as var:preset|color|vivid-green-cyan to convert. * @return string The converted variable. */ private static function convert_custom_properties( $value ) { $prefix = 'var:'; $prefix_len = strlen( $prefix ); $token_in = '|'; $token_out = '--'; if ( str_starts_with( $value, $prefix ) ) { $unwrapped_name = str_replace( $token_in, $token_out, substr( $value, $prefix_len ) ); $value = "var(--wp--$unwrapped_name)"; } return $value; } /** * Given a tree, converts the internal representation of variables to the CSS representation. * It is recursive and modifies the input in-place. * * @since 6.3.0 * * @param array $tree Input to process. * @return array The modified $tree. */ private static function resolve_custom_css_format( $tree ) { $prefix = 'var:'; foreach ( $tree as $key => $data ) { if ( is_string( $data ) && str_starts_with( $data, $prefix ) ) { $tree[ $key ] = self::convert_custom_properties( $data ); } elseif ( is_array( $data ) ) { $tree[ $key ] = self::resolve_custom_css_format( $data ); } } return $tree; } /** * Returns the selectors metadata for a block. * * @since 6.3.0 * * @param object $block_type The block type. * @param string $root_selector The block's root selector. * @return array The custom selectors set by the block. */ protected static function get_block_selectors( $block_type, $root_selector ) { if ( ! empty( $block_type->selectors ) ) { return $block_type->selectors; } $selectors = array( 'root' => $root_selector ); foreach ( static::BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS as $key => $feature ) { $feature_selector = wp_get_block_css_selector( $block_type, $key ); if ( null !== $feature_selector ) { $selectors[ $feature ] = array( 'root' => $feature_selector ); } } return $selectors; } /** * Generates all the element selectors for a block. * * @since 6.3.0 * * @param string $root_selector The block's root CSS selector. * @return array The block's element selectors. */ protected static function get_block_element_selectors( $root_selector ) { /* * Assign defaults, then override those that the block sets by itself. * If the block selector is compounded, will append the element to each * individual block selector. */ $block_selectors = explode( ',', $root_selector ); $element_selectors = array(); foreach ( static::ELEMENTS as $el_name => $el_selector ) { $element_selector = array(); foreach ( $block_selectors as $selector ) { if ( $selector === $el_selector ) { $element_selector = array( $el_selector ); break; } $element_selector[] = static::prepend_to_selector( $el_selector, $selector . ' ' ); } $element_selectors[ $el_name ] = implode( ',', $element_selector ); } return $element_selectors; } /** * Generates style declarations for a node's features e.g., color, border, * typography etc. that have custom selectors in their related block's * metadata. * * @since 6.3.0 * * @param object $metadata The related block metadata containing selectors. * @param object $node A merged theme.json node for block or variation. * @return array The style declarations for the node's features with custom * selectors. */ protected function get_feature_declarations_for_node( $metadata, &$node ) { $declarations = array(); if ( ! isset( $metadata['selectors'] ) ) { return $declarations; } $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); foreach ( $metadata['selectors'] as $feature => $feature_selectors ) { /* * Skip if this is the block's root selector or the block doesn't * have any styles for the feature. */ if ( 'root' === $feature || empty( $node[ $feature ] ) ) { continue; } if ( is_array( $feature_selectors ) ) { foreach ( $feature_selectors as $subfeature => $subfeature_selector ) { if ( 'root' === $subfeature || empty( $node[ $feature ][ $subfeature ] ) ) { continue; } /* * Create temporary node containing only the subfeature data * to leverage existing `compute_style_properties` function. */ $subfeature_node = array( $feature => array( $subfeature => $node[ $feature ][ $subfeature ], ), ); // Generate style declarations. $new_declarations = static::compute_style_properties( $subfeature_node, $settings, null, $this->theme_json ); // Merge subfeature declarations into feature declarations. if ( isset( $declarations[ $subfeature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $subfeature_selector ][] = $new_declaration; } } else { $declarations[ $subfeature_selector ] = $new_declarations; } /* * Remove the subfeature from the block's node now its * styles will be included under its own selector not the * block's. */ unset( $node[ $feature ][ $subfeature ] ); } } /* * Now subfeatures have been processed and removed we can process * feature root selector or simple string selector. */ if ( is_string( $feature_selectors ) || ( isset( $feature_selectors['root'] ) && $feature_selectors['root'] ) ) { $feature_selector = is_string( $feature_selectors ) ? $feature_selectors : $feature_selectors['root']; /* * Create temporary node containing only the feature data * to leverage existing `compute_style_properties` function. */ $feature_node = array( $feature => $node[ $feature ] ); // Generate the style declarations. $new_declarations = static::compute_style_properties( $feature_node, $settings, null, $this->theme_json ); /* * Merge new declarations with any that already exist for * the feature selector. This may occur when multiple block * support features use the same custom selector. */ if ( isset( $declarations[ $feature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $feature_selector ][] = $new_declaration; } } else { $declarations[ $feature_selector ] = $new_declarations; } /* * Remove the feature from the block's node now its styles * will be included under its own selector not the block's. */ unset( $node[ $feature ] ); } } return $declarations; } /** * Replaces CSS variables with their values in place. * * @since 6.3.0 * @since 6.5.0 Check for empty style before processing its value. * * @param array $styles CSS declarations to convert. * @param array $values key => value pairs to use for replacement. * @return array */ private static function convert_variables_to_value( $styles, $values ) { foreach ( $styles as $key => $style ) { if ( empty( $style ) ) { continue; } if ( is_array( $style ) ) { $styles[ $key ] = self::convert_variables_to_value( $style, $values ); continue; } if ( 0 <= strpos( $style, 'var(' ) ) { // find all the variables in the string in the form of var(--variable-name, fallback), with fallback in the second capture group. $has_matches = preg_match_all( '/var\(([^),]+)?,?\s?(\S+)?\)/', $style, $var_parts ); if ( $has_matches ) { $resolved_style = $styles[ $key ]; foreach ( $var_parts[1] as $index => $var_part ) { $key_in_values = 'var(' . $var_part . ')'; $rule_to_replace = $var_parts[0][ $index ]; // the css rule to replace e.g. var(--wp--preset--color--vivid-green-cyan). $fallback = $var_parts[2][ $index ]; // the fallback value. $resolved_style = str_replace( array( $rule_to_replace, $fallback, ), array( isset( $values[ $key_in_values ] ) ? $values[ $key_in_values ] : $rule_to_replace, isset( $values[ $fallback ] ) ? $values[ $fallback ] : $fallback, ), $resolved_style ); } $styles[ $key ] = $resolved_style; } } } return $styles; } /** * Resolves the values of CSS variables in the given styles. * * @since 6.3.0 * * @param WP_Theme_JSON $theme_json The theme json resolver. * @return WP_Theme_JSON The $theme_json with resolved variables. */ public static function resolve_variables( $theme_json ) { $settings = $theme_json->get_settings(); $styles = $theme_json->get_raw_data()['styles']; $preset_vars = static::compute_preset_vars( $settings, static::VALID_ORIGINS ); $theme_vars = static::compute_theme_vars( $settings ); $vars = array_reduce( array_merge( $preset_vars, $theme_vars ), function ( $carry, $item ) { $name = $item['name']; $carry[ "var({$name})" ] = $item['value']; return $carry; }, array() ); $theme_json->theme_json['styles'] = self::convert_variables_to_value( $styles, $vars ); return $theme_json; } /** * Generates a selector for a block style variation. * * @since 6.5.0 * * @param string $variation_name Name of the block style variation. * @param string $block_selector CSS selector for the block. * @return string Block selector with block style variation selector added to it. */ protected static function get_block_style_variation_selector( $variation_name, $block_selector ) { $variation_class = ".is-style-$variation_name"; if ( ! $block_selector ) { return $variation_class; } $limit = 1; $selector_parts = explode( ',', $block_selector ); $result = array(); foreach ( $selector_parts as $part ) { $result[] = preg_replace_callback( '/((?::\([^)]+\))?\s*)([^\s:]+)/', function ( $matches ) use ( $variation_class ) { return $matches[1] . $matches[2] . $variation_class; }, $part, $limit ); } return implode( ',', $result ); } /** * Collects valid block style variations keyed by block type. * * @since 6.6.0 * @since 6.8.0 Added the `$blocks_metadata` parameter. * * @param array $blocks_metadata Optional. List of metadata per block. Default is the metadata for all blocks. * @return array Valid block style variations by block type. */ protected static function get_valid_block_style_variations( $blocks_metadata = array() ) { $valid_variations = array(); $blocks_metadata = empty( $blocks_metadata ) ? static::get_blocks_metadata() : $blocks_metadata; foreach ( $blocks_metadata as $block_name => $block_meta ) { if ( ! isset( $block_meta['styleVariations'] ) ) { continue; } $valid_variations[ $block_name ] = array_keys( $block_meta['styleVariations'] ); } return $valid_variations; } } HTTP/https-migration-20260605234702-20260610080153.php 0000666 00000011205 15226703613 0014140 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605100844-20260609154236.php 0000666 00000013341 15226703613 0014143 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605141018-20260607135247.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/shortcode-20260607134835.php 0000666 00000001337 15226703613 0011437 0 ustar 00 <?php /** * Server-side rendering of the `core/shortcode` block. * * @package WordPress */ /** * Performs wpautop() on the shortcode block content. * * @since 5.0.0 * * @param array $attributes The block attributes. * @param string $content The block content. * * @return string Returns the block content. */ function render_block_core_shortcode( $attributes, $content ) { return wpautop( $content ); } /** * Registers the `core/shortcode` block on server. * * @since 5.0.0 */ function register_block_core_shortcode() { register_block_type_from_metadata( __DIR__ . '/shortcode', array( 'render_callback' => 'render_block_core_shortcode', ) ); } add_action( 'init', 'register_block_core_shortcode' ); HTTP/https-detection-20260605174155-20260607083320.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606051844.php 0000666 00000013341 15226703613 0012556 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606031331-20260606085547.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606030927.php 0000666 00000013341 15226703613 0012555 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605165327-20260609163239.php 0000666 00000013341 15226703613 0014155 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605221843-20260610200949.php 0000666 00000013341 15226703613 0014141 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605133803-20260610183248.php 0000666 00000013341 15226703613 0014141 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605160218.php 0000666 00000013341 15226703613 0012551 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605172057-20260606005115.php 0000666 00000013341 15226703613 0014134 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606042711-20260608183329.php 0000666 00000013341 15226703613 0014146 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/FileClient-20260605064006.php 0000666 00000004333 15226703613 0011450 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use SimplePie\File; use SimplePie\Misc; use SimplePie\Registry; use Throwable; /** * HTTP Client based on \SimplePie\File * * @internal */ final class FileClient implements Client { /** @var Registry */ private $registry; /** @var array{timeout?: int, redirects?: int, useragent?: string, force_fsockopen?: bool, curl_options?: array<mixed>} */ private $options; /** * @param array{timeout?: int, redirects?: int, useragent?: string, force_fsockopen?: bool, curl_options?: array<mixed>} $options */ public function __construct(Registry $registry, array $options = []) { $this->registry = $registry; $this->options = $options; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param array<string, string> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { // @phpstan-ignore-next-line Enforce PHPDoc type. if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } try { $file = $this->registry->create(File::class, [ $url, $this->options['timeout'] ?? 10, $this->options['redirects'] ?? 5, $headers, $this->options['useragent'] ?? Misc::get_default_useragent(), $this->options['force_fsockopen'] ?? false, $this->options['curl_options'] ?? [] ]); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($file->error !== null && $file->get_status_code() === 0) { throw new ClientException($file->error); } return $file; } } HTTP/https-migration-20260605091014.php 0000666 00000011205 15226703613 0012556 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606112432-20260606164009.php 0000666 00000011205 15226703613 0014144 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605171920-20260608092727.php 0000666 00000013341 15226703613 0014153 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605133534.php 0000666 00000013341 15226703613 0012552 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606132727.php 0000666 00000013341 15226703613 0012556 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605164205-20260609103818.php 0000666 00000013341 15226703613 0014144 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606032426-20260608012814.php 0000666 00000011205 15226703613 0014146 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605221159.php 0000666 00000013341 15226703613 0012553 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605170751.php 0000666 00000011205 15226703613 0012564 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606030951.php 0000666 00000011205 15226703613 0012562 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606153059-20260609003801.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-cookie-20260605074648.php 0000666 00000016335 15226703613 0013431 0 ustar 00 <?php /** * HTTP API: WP_Http_Cookie class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to encapsulate a single cookie object for internal use. * * Returned cookies are represented using this class, and when cookies are set, if they are not * already a WP_Http_Cookie() object, then they are turned into one. * * @todo The WordPress convention is to use underscores instead of camelCase for function and method * names. Need to switch to use underscores instead for the methods. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Http_Cookie { /** * Cookie name. * * @since 2.8.0 * * @var string */ public $name; /** * Cookie value. * * @since 2.8.0 * * @var string */ public $value; /** * When the cookie expires. Unix timestamp or formatted date. * * @since 2.8.0 * * @var string|int|null */ public $expires; /** * Cookie URL path. * * @since 2.8.0 * * @var string */ public $path; /** * Cookie Domain. * * @since 2.8.0 * * @var string */ public $domain; /** * Cookie port or comma-separated list of ports. * * @since 2.8.0 * * @var int|string */ public $port; /** * host-only flag. * * @since 5.2.0 * * @var bool */ public $host_only; /** * Sets up this cookie object. * * The parameter $data should be either an associative array containing the indices names below * or a header string detailing it. * * @since 2.8.0 * @since 5.2.0 Added `host_only` to the `$data` parameter. * * @param string|array $data { * Raw cookie data as header string or data array. * * @type string $name Cookie name. * @type mixed $value Value. Should NOT already be urlencoded. * @type string|int|null $expires Optional. Unix timestamp or formatted date. Default null. * @type string $path Optional. Path. Default '/'. * @type string $domain Optional. Domain. Default host of parsed $requested_url. * @type int|string $port Optional. Port or comma-separated list of ports. Default null. * @type bool $host_only Optional. host-only storage flag. Default true. * } * @param string $requested_url The URL which the cookie was set on, used for default $domain * and $port values. */ public function __construct( $data, $requested_url = '' ) { if ( $requested_url ) { $parsed_url = parse_url( $requested_url ); } if ( isset( $parsed_url['host'] ) ) { $this->domain = $parsed_url['host']; } $this->path = isset( $parsed_url['path'] ) ? $parsed_url['path'] : '/'; if ( ! str_ends_with( $this->path, '/' ) ) { $this->path = dirname( $this->path ) . '/'; } if ( is_string( $data ) ) { // Assume it's a header string direct from a previous request. $pairs = explode( ';', $data ); // Special handling for first pair; name=value. Also be careful of "=" in value. $name = trim( substr( $pairs[0], 0, strpos( $pairs[0], '=' ) ) ); $value = substr( $pairs[0], strpos( $pairs[0], '=' ) + 1 ); $this->name = $name; $this->value = urldecode( $value ); // Removes name=value from items. array_shift( $pairs ); // Set everything else as a property. foreach ( $pairs as $pair ) { $pair = rtrim( $pair ); // Handle the cookie ending in ; which results in an empty final pair. if ( empty( $pair ) ) { continue; } list( $key, $val ) = strpos( $pair, '=' ) ? explode( '=', $pair ) : array( $pair, '' ); $key = strtolower( trim( $key ) ); if ( 'expires' === $key ) { $val = strtotime( $val ); } $this->$key = $val; } } else { if ( ! isset( $data['name'] ) ) { return; } // Set properties based directly on parameters. foreach ( array( 'name', 'value', 'path', 'domain', 'port', 'host_only' ) as $field ) { if ( isset( $data[ $field ] ) ) { $this->$field = $data[ $field ]; } } if ( isset( $data['expires'] ) ) { $this->expires = is_int( $data['expires'] ) ? $data['expires'] : strtotime( $data['expires'] ); } else { $this->expires = null; } } } /** * Confirms that it's OK to send this cookie to the URL checked against. * * Decision is based on RFC 2109/2965, so look there for details on validity. * * @since 2.8.0 * * @param string $url URL you intend to send this cookie to * @return bool true if allowed, false otherwise. */ public function test( $url ) { if ( is_null( $this->name ) ) { return false; } // Expires - if expired then nothing else matters. if ( isset( $this->expires ) && time() > $this->expires ) { return false; } // Get details on the URL we're thinking about sending to. $url = parse_url( $url ); $url['port'] = isset( $url['port'] ) ? $url['port'] : ( 'https' === $url['scheme'] ? 443 : 80 ); $url['path'] = isset( $url['path'] ) ? $url['path'] : '/'; // Values to use for comparison against the URL. $path = isset( $this->path ) ? $this->path : '/'; $port = isset( $this->port ) ? $this->port : null; $domain = isset( $this->domain ) ? strtolower( $this->domain ) : strtolower( $url['host'] ); if ( false === stripos( $domain, '.' ) ) { $domain .= '.local'; } // Host - very basic check that the request URL ends with the domain restriction (minus leading dot). $domain = ( str_starts_with( $domain, '.' ) ) ? substr( $domain, 1 ) : $domain; if ( ! str_ends_with( $url['host'], $domain ) ) { return false; } // Port - supports "port-lists" in the format: "80,8000,8080". if ( ! empty( $port ) && ! in_array( $url['port'], array_map( 'intval', explode( ',', $port ) ), true ) ) { return false; } // Path - request path must start with path restriction. if ( ! str_starts_with( $url['path'], $path ) ) { return false; } return true; } /** * Convert cookie name and value back to header string. * * @since 2.8.0 * * @return string Header encoded cookie name and value. */ public function getHeaderValue() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! isset( $this->name ) || ! isset( $this->value ) ) { return ''; } /** * Filters the header-encoded cookie value. * * @since 3.4.0 * * @param string $value The cookie value. * @param string $name The cookie name. */ return $this->name . '=' . apply_filters( 'wp_http_cookie_value', $this->value, $this->name ); } /** * Retrieve cookie header for usage in the rest of the WordPress HTTP API. * * @since 2.8.0 * * @return string */ public function getFullHeader() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid return 'Cookie: ' . $this->getHeaderValue(); } /** * Retrieves cookie attributes. * * @since 4.6.0 * * @return array { * List of attributes. * * @type string|int|null $expires When the cookie expires. Unix timestamp or formatted date. * @type string $path Cookie URL path. * @type string $domain Cookie domain. * } */ public function get_attributes() { return array( 'expires' => $this->expires, 'path' => $this->path, 'domain' => $this->domain, ); } } HTTP/https-migration-20260605171925-20260615114706.php 0000666 00000011205 15226703613 0014156 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606110645-20260608113454.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606052425-20260615005514.php 0000666 00000013341 15226703613 0014134 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606102945-20260609013322.php 0000666 00000011205 15226703613 0014146 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-block-parser-20260605063910.php 0000666 00000026374 15226703613 0013561 0 ustar 00 <?php /** * Block Serialization Parser * * @package WordPress */ /** * Class WP_Block_Parser * * Parses a document and constructs a list of parsed block objects * * @since 5.0.0 * @since 4.0.0 returns arrays not objects, all attributes are arrays */ class WP_Block_Parser { /** * Input document being parsed * * @example "Pre-text\n<!-- wp:paragraph -->This is inside a block!<!-- /wp:paragraph -->" * * @since 5.0.0 * @var string */ public $document; /** * Tracks parsing progress through document * * @since 5.0.0 * @var int */ public $offset; /** * List of parsed blocks * * @since 5.0.0 * @var array[] */ public $output; /** * Stack of partially-parsed structures in memory during parse * * @since 5.0.0 * @var WP_Block_Parser_Frame[] */ public $stack; /** * Parses a document and returns a list of block structures * * When encountering an invalid parse will return a best-effort * parse. In contrast to the specification parser this does not * return an error on invalid inputs. * * @since 5.0.0 * * @param string $document Input document being parsed. * @return array[] */ public function parse( $document ) { $this->document = $document; $this->offset = 0; $this->output = array(); $this->stack = array(); while ( $this->proceed() ) { continue; } return $this->output; } /** * Processes the next token from the input document * and returns whether to proceed eating more tokens * * This is the "next step" function that essentially * takes a token as its input and decides what to do * with that token before descending deeper into a * nested block tree or continuing along the document * or breaking out of a level of nesting. * * @internal * @since 5.0.0 * @return bool */ public function proceed() { $next_token = $this->next_token(); list( $token_type, $block_name, $attrs, $start_offset, $token_length ) = $next_token; $stack_depth = count( $this->stack ); // we may have some HTML soup before the next block. $leading_html_start = $start_offset > $this->offset ? $this->offset : null; switch ( $token_type ) { case 'no-more-tokens': // if not in a block then flush output. if ( 0 === $stack_depth ) { $this->add_freeform(); return false; } /* * Otherwise we have a problem * This is an error * * we have options * - treat it all as freeform text * - assume an implicit closer (easiest when not nesting) */ // for the easy case we'll assume an implicit closer. if ( 1 === $stack_depth ) { $this->add_block_from_stack(); return false; } /* * for the nested case where it's more difficult we'll * have to assume that multiple closers are missing * and so we'll collapse the whole stack piecewise */ while ( 0 < count( $this->stack ) ) { $this->add_block_from_stack(); } return false; case 'void-block': /* * easy case is if we stumbled upon a void block * in the top-level of the document */ if ( 0 === $stack_depth ) { if ( isset( $leading_html_start ) ) { $this->output[] = (array) $this->freeform( substr( $this->document, $leading_html_start, $start_offset - $leading_html_start ) ); } $this->output[] = (array) new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ); $this->offset = $start_offset + $token_length; return true; } // otherwise we found an inner block. $this->add_inner_block( new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ), $start_offset, $token_length ); $this->offset = $start_offset + $token_length; return true; case 'block-opener': // track all newly-opened blocks on the stack. array_push( $this->stack, new WP_Block_Parser_Frame( new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ), $start_offset, $token_length, $start_offset + $token_length, $leading_html_start ) ); $this->offset = $start_offset + $token_length; return true; case 'block-closer': /* * if we're missing an opener we're in trouble * This is an error */ if ( 0 === $stack_depth ) { /* * we have options * - assume an implicit opener * - assume _this_ is the opener * - give up and close out the document */ $this->add_freeform(); return false; } // if we're not nesting then this is easy - close the block. if ( 1 === $stack_depth ) { $this->add_block_from_stack( $start_offset ); $this->offset = $start_offset + $token_length; return true; } /* * otherwise we're nested and we have to close out the current * block and add it as a new innerBlock to the parent */ $stack_top = array_pop( $this->stack ); $html = substr( $this->document, $stack_top->prev_offset, $start_offset - $stack_top->prev_offset ); $stack_top->block->innerHTML .= $html; $stack_top->block->innerContent[] = $html; $stack_top->prev_offset = $start_offset + $token_length; $this->add_inner_block( $stack_top->block, $stack_top->token_start, $stack_top->token_length, $start_offset + $token_length ); $this->offset = $start_offset + $token_length; return true; default: // This is an error. $this->add_freeform(); return false; } } /** * Scans the document from where we last left off * and finds the next valid token to parse if it exists * * Returns the type of the find: kind of find, block information, attributes * * @internal * @since 5.0.0 * @since 4.6.1 fixed a bug in attribute parsing which caused catastrophic backtracking on invalid block comments * @return array */ public function next_token() { $matches = null; /* * aye the magic * we're using a single RegExp to tokenize the block comment delimiters * we're also using a trick here because the only difference between a * block opener and a block closer is the leading `/` before `wp:` (and * a closer has no attributes). we can trap them both and process the * match back in PHP to see which one it was. */ $has_match = preg_match( '/<!--\s+(?P<closer>\/)?wp:(?P<namespace>[a-z][a-z0-9_-]*\/)?(?P<name>[a-z][a-z0-9_-]*)\s+(?P<attrs>{(?:(?:[^}]+|}+(?=})|(?!}\s+\/?-->).)*+)?}\s+)?(?P<void>\/)?-->/s', $this->document, $matches, PREG_OFFSET_CAPTURE, $this->offset ); // if we get here we probably have catastrophic backtracking or out-of-memory in the PCRE. if ( false === $has_match ) { return array( 'no-more-tokens', null, null, null, null ); } // we have no more tokens. if ( 0 === $has_match ) { return array( 'no-more-tokens', null, null, null, null ); } list( $match, $started_at ) = $matches[0]; $length = strlen( $match ); $is_closer = isset( $matches['closer'] ) && -1 !== $matches['closer'][1]; $is_void = isset( $matches['void'] ) && -1 !== $matches['void'][1]; $namespace = $matches['namespace']; $namespace = ( isset( $namespace ) && -1 !== $namespace[1] ) ? $namespace[0] : 'core/'; $name = $namespace . $matches['name'][0]; $has_attrs = isset( $matches['attrs'] ) && -1 !== $matches['attrs'][1]; /* * Fun fact! It's not trivial in PHP to create "an empty associative array" since all arrays * are associative arrays. If we use `array()` we get a JSON `[]` */ $attrs = $has_attrs ? json_decode( $matches['attrs'][0], /* as-associative */ true ) : array(); /* * This state isn't allowed * This is an error */ if ( $is_closer && ( $is_void || $has_attrs ) ) { // we can ignore them since they don't hurt anything. } if ( $is_void ) { return array( 'void-block', $name, $attrs, $started_at, $length ); } if ( $is_closer ) { return array( 'block-closer', $name, null, $started_at, $length ); } return array( 'block-opener', $name, $attrs, $started_at, $length ); } /** * Returns a new block object for freeform HTML * * @internal * @since 5.0.0 * * @param string $inner_html HTML content of block. * @return WP_Block_Parser_Block freeform block object. */ public function freeform( $inner_html ) { return new WP_Block_Parser_Block( null, array(), array(), $inner_html, array( $inner_html ) ); } /** * Pushes a length of text from the input document * to the output list as a freeform block. * * @internal * @since 5.0.0 * @param null $length how many bytes of document text to output. */ public function add_freeform( $length = null ) { $length = $length ? $length : strlen( $this->document ) - $this->offset; if ( 0 === $length ) { return; } $this->output[] = (array) $this->freeform( substr( $this->document, $this->offset, $length ) ); } /** * Given a block structure from memory pushes * a new block to the output list. * * @internal * @since 5.0.0 * @param WP_Block_Parser_Block $block The block to add to the output. * @param int $token_start Byte offset into the document where the first token for the block starts. * @param int $token_length Byte length of entire block from start of opening token to end of closing token. * @param int|null $last_offset Last byte offset into document if continuing form earlier output. */ public function add_inner_block( WP_Block_Parser_Block $block, $token_start, $token_length, $last_offset = null ) { $parent = $this->stack[ count( $this->stack ) - 1 ]; $parent->block->innerBlocks[] = (array) $block; $html = substr( $this->document, $parent->prev_offset, $token_start - $parent->prev_offset ); if ( ! empty( $html ) ) { $parent->block->innerHTML .= $html; $parent->block->innerContent[] = $html; } $parent->block->innerContent[] = null; $parent->prev_offset = $last_offset ? $last_offset : $token_start + $token_length; } /** * Pushes the top block from the parsing stack to the output list. * * @internal * @since 5.0.0 * @param int|null $end_offset byte offset into document for where we should stop sending text output as HTML. */ public function add_block_from_stack( $end_offset = null ) { $stack_top = array_pop( $this->stack ); $prev_offset = $stack_top->prev_offset; $html = isset( $end_offset ) ? substr( $this->document, $prev_offset, $end_offset - $prev_offset ) : substr( $this->document, $prev_offset ); if ( ! empty( $html ) ) { $stack_top->block->innerHTML .= $html; $stack_top->block->innerContent[] = $html; } if ( isset( $stack_top->leading_html_start ) ) { $this->output[] = (array) $this->freeform( substr( $this->document, $stack_top->leading_html_start, $stack_top->token_start - $stack_top->leading_html_start ) ); } $this->output[] = (array) $stack_top->block; } } /** * WP_Block_Parser_Block class. * * Required for backward compatibility in WordPress Core. */ require_once __DIR__ . '/class-wp-block-parser-block.php'; /** * WP_Block_Parser_Frame class. * * Required for backward compatibility in WordPress Core. */ require_once __DIR__ . '/class-wp-block-parser-frame.php'; HTTP/Psr18Client-20260605041922.php 0000666 00000010537 15226703613 0011513 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use Psr\Http\Client\ClientExceptionInterface; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use Psr\Http\Message\UriFactoryInterface; use Throwable; /** * HTTP Client based on PSR-18 and PSR-17 implementations * * @internal */ final class Psr18Client implements Client { /** * @var ClientInterface */ private $httpClient; /** * @var RequestFactoryInterface */ private $requestFactory; /** * @var UriFactoryInterface */ private $uriFactory; /** * @var int */ private $allowedRedirects = 5; public function __construct(ClientInterface $httpClient, RequestFactoryInterface $requestFactory, UriFactoryInterface $uriFactory) { $this->httpClient = $httpClient; $this->requestFactory = $requestFactory; $this->uriFactory = $uriFactory; } public function getHttpClient(): ClientInterface { return $this->httpClient; } public function getRequestFactory(): RequestFactoryInterface { return $this->requestFactory; } public function getUriFactory(): UriFactoryInterface { return $this->uriFactory; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param string $url * @param array<string,string|string[]> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } if (preg_match('/^http(s)?:\/\//i', $url)) { return $this->requestUrl($method, $url, $headers); } return $this->requestLocalFile($url); } /** * @param array<string,string|string[]> $headers */ private function requestUrl(string $method, string $url, array $headers): Response { $permanentUrl = $url; $requestedUrl = $url; $remainingRedirects = $this->allowedRedirects; $request = $this->requestFactory->createRequest( $method, $this->uriFactory->createUri($requestedUrl) ); foreach ($headers as $name => $value) { $request = $request->withHeader($name, $value); } do { $followRedirect = false; try { $response = $this->httpClient->sendRequest($request); } catch (ClientExceptionInterface $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } $statusCode = $response->getStatusCode(); // If we have a redirect if (in_array($statusCode, [300, 301, 302, 303, 307]) && $response->hasHeader('Location')) { // Prevent infinity redirect loops if ($remainingRedirects <= 0) { break; } $remainingRedirects--; $followRedirect = true; $requestedUrl = $response->getHeaderLine('Location'); if ($statusCode === 301) { $permanentUrl = $requestedUrl; } $request = $request->withUri($this->uriFactory->createUri($requestedUrl)); } } while ($followRedirect); return new Psr7Response($response, $permanentUrl, $requestedUrl); } private function requestLocalFile(string $path): Response { if (!is_readable($path)) { throw new ClientException(sprintf('file "%s" is not readable', $path)); } try { $raw = file_get_contents($path); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($raw === false) { throw new ClientException('file_get_contents() could not read the file', 1); } return new RawTextResponse($raw, $path); } } HTTP/https-detection-20260606042711.php 0000666 00000013341 15226703613 0012547 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260607053209-20260608231630.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606144057-20260610092204.php 0000666 00000013341 15226703613 0014134 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/widgets-20260605084146.php 0000666 00000212731 15226703613 0011112 0 ustar 00 <?php /** * Core Widgets API * * This API is used for creating dynamic sidebar without hardcoding functionality into * themes. * * Includes both internal WordPress routines and theme-use routines. * * This functionality was found in a plugin before the WordPress 2.2 release, which * included it in the core from that point on. * * @link https://wordpress.org/documentation/article/manage-wordpress-widgets/ * @link https://developer.wordpress.org/themes/functionality/widgets/ * * @package WordPress * @subpackage Widgets * @since 2.2.0 */ // // Global Variables. // /** @ignore */ global $wp_registered_sidebars, $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates; /** * Stores the sidebars, since many themes can have more than one. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. */ $wp_registered_sidebars = array(); /** * Stores the registered widgets. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. */ $wp_registered_widgets = array(); /** * Stores the registered widget controls (options). * * @since 2.2.0 * * @global array $wp_registered_widget_controls The registered widget controls. */ $wp_registered_widget_controls = array(); /** * Stores the registered widget updates. * * @since 2.8.0 * * @global array $wp_registered_widget_updates The registered widget updates. */ $wp_registered_widget_updates = array(); /** * Private * * @global array $_wp_sidebars_widgets */ $_wp_sidebars_widgets = array(); /** * Private * * @global array $_wp_deprecated_widgets_callbacks */ $GLOBALS['_wp_deprecated_widgets_callbacks'] = array( 'wp_widget_pages', 'wp_widget_pages_control', 'wp_widget_calendar', 'wp_widget_calendar_control', 'wp_widget_archives', 'wp_widget_archives_control', 'wp_widget_links', 'wp_widget_meta', 'wp_widget_meta_control', 'wp_widget_search', 'wp_widget_recent_entries', 'wp_widget_recent_entries_control', 'wp_widget_tag_cloud', 'wp_widget_tag_cloud_control', 'wp_widget_categories', 'wp_widget_categories_control', 'wp_widget_text', 'wp_widget_text_control', 'wp_widget_rss', 'wp_widget_rss_control', 'wp_widget_recent_comments', 'wp_widget_recent_comments_control', ); // // Template tags & API functions. // /** * Registers a widget. * * Registers a WP_Widget widget * * @since 2.8.0 * @since 4.6.0 Updated the `$widget` parameter to also accept a WP_Widget instance object * instead of simply a `WP_Widget` subclass name. * * @see WP_Widget * * @global WP_Widget_Factory $wp_widget_factory * * @param string|WP_Widget $widget Either the name of a `WP_Widget` subclass or an instance of a `WP_Widget` subclass. */ function register_widget( $widget ) { global $wp_widget_factory; $wp_widget_factory->register( $widget ); } /** * Unregisters a widget. * * Unregisters a WP_Widget widget. Useful for un-registering default widgets. * Run within a function hooked to the {@see 'widgets_init'} action. * * @since 2.8.0 * @since 4.6.0 Updated the `$widget` parameter to also accept a WP_Widget instance object * instead of simply a `WP_Widget` subclass name. * * @see WP_Widget * * @global WP_Widget_Factory $wp_widget_factory * * @param string|WP_Widget $widget Either the name of a `WP_Widget` subclass or an instance of a `WP_Widget` subclass. */ function unregister_widget( $widget ) { global $wp_widget_factory; $wp_widget_factory->unregister( $widget ); } /** * Creates multiple sidebars. * * If you wanted to quickly create multiple sidebars for a theme or internally. * This function will allow you to do so. If you don't pass the 'name' and/or * 'id' in `$args`, then they will be built for you. * * @since 2.2.0 * * @see register_sidebar() The second parameter is documented by register_sidebar() and is the same here. * * @global array $wp_registered_sidebars The new sidebars are stored in this array by sidebar ID. * * @param int $number Optional. Number of sidebars to create. Default 1. * @param array|string $args { * Optional. Array or string of arguments for building a sidebar. * * @type string $id The base string of the unique identifier for each sidebar. If provided, and multiple * sidebars are being defined, the ID will have "-2" appended, and so on. * Default 'sidebar-' followed by the number the sidebar creation is currently at. * @type string $name The name or title for the sidebars displayed in the admin dashboard. If registering * more than one sidebar, include '%d' in the string as a placeholder for the uniquely * assigned number for each sidebar. * Default 'Sidebar' for the first sidebar, otherwise 'Sidebar %d'. * } */ function register_sidebars( $number = 1, $args = array() ) { global $wp_registered_sidebars; $number = (int) $number; if ( is_string( $args ) ) { parse_str( $args, $args ); } for ( $i = 1; $i <= $number; $i++ ) { $_args = $args; if ( $number > 1 ) { if ( isset( $args['name'] ) ) { $_args['name'] = sprintf( $args['name'], $i ); } else { /* translators: %d: Sidebar number. */ $_args['name'] = sprintf( __( 'Sidebar %d' ), $i ); } } else { $_args['name'] = isset( $args['name'] ) ? $args['name'] : __( 'Sidebar' ); } /* * Custom specified ID's are suffixed if they exist already. * Automatically generated sidebar names need to be suffixed regardless starting at -0. */ if ( isset( $args['id'] ) ) { $_args['id'] = $args['id']; $n = 2; // Start at -2 for conflicting custom IDs. while ( is_registered_sidebar( $_args['id'] ) ) { $_args['id'] = $args['id'] . '-' . $n++; } } else { $n = count( $wp_registered_sidebars ); do { $_args['id'] = 'sidebar-' . ++$n; } while ( is_registered_sidebar( $_args['id'] ) ); } register_sidebar( $_args ); } } /** * Builds the definition for a single sidebar and returns the ID. * * Accepts either a string or an array and then parses that against a set * of default arguments for the new sidebar. WordPress will automatically * generate a sidebar ID and name based on the current number of registered * sidebars if those arguments are not included. * * When allowing for automatic generation of the name and ID parameters, keep * in mind that the incrementor for your sidebar can change over time depending * on what other plugins and themes are installed. * * If theme support for 'widgets' has not yet been added when this function is * called, it will be automatically enabled through the use of add_theme_support(). * * @since 2.2.0 * @since 5.6.0 Added the `before_sidebar` and `after_sidebar` arguments. * @since 5.9.0 Added the `show_in_rest` argument. * * @global array $wp_registered_sidebars The registered sidebars. * * @param array|string $args { * Optional. Array or string of arguments for the sidebar being registered. * * @type string $name The name or title of the sidebar displayed in the Widgets * interface. Default 'Sidebar $instance'. * @type string $id The unique identifier by which the sidebar will be called. * Default 'sidebar-$instance'. * @type string $description Description of the sidebar, displayed in the Widgets interface. * Default empty string. * @type string $class Extra CSS class to assign to the sidebar in the Widgets interface. * Default empty. * @type string $before_widget HTML content to prepend to each widget's HTML output when assigned * to this sidebar. Receives the widget's ID attribute as `%1$s` * and class name as `%2$s`. Default is an opening list item element. * @type string $after_widget HTML content to append to each widget's HTML output when assigned * to this sidebar. Default is a closing list item element. * @type string $before_title HTML content to prepend to the sidebar title when displayed. * Default is an opening h2 element. * @type string $after_title HTML content to append to the sidebar title when displayed. * Default is a closing h2 element. * @type string $before_sidebar HTML content to prepend to the sidebar when displayed. * Receives the `$id` argument as `%1$s` and `$class` as `%2$s`. * Outputs after the {@see 'dynamic_sidebar_before'} action. * Default empty string. * @type string $after_sidebar HTML content to append to the sidebar when displayed. * Outputs before the {@see 'dynamic_sidebar_after'} action. * Default empty string. * @type bool $show_in_rest Whether to show this sidebar publicly in the REST API. * Defaults to only showing the sidebar to administrator users. * } * @return string Sidebar ID added to $wp_registered_sidebars global. */ function register_sidebar( $args = array() ) { global $wp_registered_sidebars; $i = count( $wp_registered_sidebars ) + 1; $id_is_empty = empty( $args['id'] ); $defaults = array( /* translators: %d: Sidebar number. */ 'name' => sprintf( __( 'Sidebar %d' ), $i ), 'id' => "sidebar-$i", 'description' => '', 'class' => '', 'before_widget' => '<li id="%1$s" class="widget %2$s">', 'after_widget' => "</li>\n", 'before_title' => '<h2 class="widgettitle">', 'after_title' => "</h2>\n", 'before_sidebar' => '', 'after_sidebar' => '', 'show_in_rest' => false, ); /** * Filters the sidebar default arguments. * * @since 5.3.0 * * @see register_sidebar() * * @param array $defaults The default sidebar arguments. */ $sidebar = wp_parse_args( $args, apply_filters( 'register_sidebar_defaults', $defaults ) ); if ( $id_is_empty ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: The 'id' argument, 2: Sidebar name, 3: Recommended 'id' value. */ __( 'No %1$s was set in the arguments array for the "%2$s" sidebar. Defaulting to "%3$s". Manually set the %1$s to "%3$s" to silence this notice and keep existing sidebar content.' ), '<code>id</code>', $sidebar['name'], $sidebar['id'] ), '4.2.0' ); } $wp_registered_sidebars[ $sidebar['id'] ] = $sidebar; add_theme_support( 'widgets' ); /** * Fires once a sidebar has been registered. * * @since 3.0.0 * * @param array $sidebar Parsed arguments for the registered sidebar. */ do_action( 'register_sidebar', $sidebar ); return $sidebar['id']; } /** * Removes a sidebar from the list. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string|int $sidebar_id The ID of the sidebar when it was registered. */ function unregister_sidebar( $sidebar_id ) { global $wp_registered_sidebars; unset( $wp_registered_sidebars[ $sidebar_id ] ); } /** * Checks if a sidebar is registered. * * @since 4.4.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string|int $sidebar_id The ID of the sidebar when it was registered. * @return bool True if the sidebar is registered, false otherwise. */ function is_registered_sidebar( $sidebar_id ) { global $wp_registered_sidebars; return isset( $wp_registered_sidebars[ $sidebar_id ] ); } /** * Registers an instance of a widget. * * The default widget option is 'classname' that can be overridden. * * The function can also be used to un-register widgets when `$output_callback` * parameter is an empty string. * * @since 2.2.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * @since 5.8.0 Added show_instance_in_rest option. * * @global array $wp_registered_widgets Uses stored registered widgets. * @global array $wp_registered_widget_controls Stores the registered widget controls (options). * @global array $wp_registered_widget_updates The registered widget updates. * @global array $_wp_deprecated_widgets_callbacks * * @param int|string $id Widget ID. * @param string $name Widget display title. * @param callable $output_callback Run when widget is called. * @param array $options { * Optional. An array of supplementary widget options for the instance. * * @type string $classname Class name for the widget's HTML container. Default is a shortened * version of the output callback name. * @type string $description Widget description for display in the widget administration * panel and/or theme. * @type bool $show_instance_in_rest Whether to show the widget's instance settings in the REST API. * Only available for WP_Widget based widgets. * } * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function wp_register_sidebar_widget( $id, $name, $output_callback, $options = array(), ...$params ) { global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates, $_wp_deprecated_widgets_callbacks; $id = strtolower( $id ); if ( empty( $output_callback ) ) { unset( $wp_registered_widgets[ $id ] ); return; } $id_base = _get_widget_id_base( $id ); if ( in_array( $output_callback, $_wp_deprecated_widgets_callbacks, true ) && ! is_callable( $output_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); unset( $wp_registered_widget_updates[ $id_base ] ); return; } $defaults = array( 'classname' => $output_callback ); $options = wp_parse_args( $options, $defaults ); $widget = array( 'name' => $name, 'id' => $id, 'callback' => $output_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); if ( is_callable( $output_callback ) && ( ! isset( $wp_registered_widgets[ $id ] ) || did_action( 'widgets_init' ) ) ) { /** * Fires once for each registered widget. * * @since 3.0.0 * * @param array $widget An array of default widget arguments. */ do_action( 'wp_register_sidebar_widget', $widget ); $wp_registered_widgets[ $id ] = $widget; } } /** * Retrieves description for widget. * * When registering widgets, the options can also include 'description' that * describes the widget for display on the widget administration panel or * in the theme. * * @since 2.5.0 * * @global array $wp_registered_widgets The registered widgets. * * @param int|string $id Widget ID. * @return string|void Widget description, if available. */ function wp_widget_description( $id ) { if ( ! is_scalar( $id ) ) { return; } global $wp_registered_widgets; if ( isset( $wp_registered_widgets[ $id ]['description'] ) ) { return esc_html( $wp_registered_widgets[ $id ]['description'] ); } } /** * Retrieves description for a sidebar. * * When registering sidebars a 'description' parameter can be included that * describes the sidebar for display on the widget administration panel. * * @since 2.9.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string $id sidebar ID. * @return string|void Sidebar description, if available. */ function wp_sidebar_description( $id ) { if ( ! is_scalar( $id ) ) { return; } global $wp_registered_sidebars; if ( isset( $wp_registered_sidebars[ $id ]['description'] ) ) { return wp_kses( $wp_registered_sidebars[ $id ]['description'], 'sidebar_description' ); } } /** * Remove widget from sidebar. * * @since 2.2.0 * * @param int|string $id Widget ID. */ function wp_unregister_sidebar_widget( $id ) { /** * Fires just before a widget is removed from a sidebar. * * @since 3.0.0 * * @param int|string $id The widget ID. */ do_action( 'wp_unregister_sidebar_widget', $id ); wp_register_sidebar_widget( $id, '', '' ); wp_unregister_widget_control( $id ); } /** * Registers widget control callback for customizing options. * * @since 2.2.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_controls The registered widget controls. * @global array $wp_registered_widget_updates The registered widget updates. * @global array $wp_registered_widgets The registered widgets. * @global array $_wp_deprecated_widgets_callbacks * * @param int|string $id Sidebar ID. * @param string $name Sidebar display name. * @param callable $control_callback Run when sidebar is displayed. * @param array $options { * Optional. Array or string of control options. Default empty array. * * @type int $height Never used. Default 200. * @type int $width Width of the fully expanded control form (but try hard to use the default width). * Default 250. * @type int|string $id_base Required for multi-widgets, i.e widgets that allow multiple instances such as the * text widget. The widget ID will end up looking like `{$id_base}-{$unique_number}`. * } * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function wp_register_widget_control( $id, $name, $control_callback, $options = array(), ...$params ) { global $wp_registered_widget_controls, $wp_registered_widget_updates, $wp_registered_widgets, $_wp_deprecated_widgets_callbacks; $id = strtolower( $id ); $id_base = _get_widget_id_base( $id ); if ( empty( $control_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); unset( $wp_registered_widget_updates[ $id_base ] ); return; } if ( in_array( $control_callback, $_wp_deprecated_widgets_callbacks, true ) && ! is_callable( $control_callback ) ) { unset( $wp_registered_widgets[ $id ] ); return; } if ( isset( $wp_registered_widget_controls[ $id ] ) && ! did_action( 'widgets_init' ) ) { return; } $defaults = array( 'width' => 250, 'height' => 200, ); // Height is never used. $options = wp_parse_args( $options, $defaults ); $options['width'] = (int) $options['width']; $options['height'] = (int) $options['height']; $widget = array( 'name' => $name, 'id' => $id, 'callback' => $control_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_controls[ $id ] = $widget; if ( isset( $wp_registered_widget_updates[ $id_base ] ) ) { return; } if ( isset( $widget['params'][0]['number'] ) ) { $widget['params'][0]['number'] = -1; } unset( $widget['width'], $widget['height'], $widget['name'], $widget['id'] ); $wp_registered_widget_updates[ $id_base ] = $widget; } /** * Registers the update callback for a widget. * * @since 2.8.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_updates The registered widget updates. * * @param string $id_base The base ID of a widget created by extending WP_Widget. * @param callable $update_callback Update callback method for the widget. * @param array $options Optional. Widget control options. See wp_register_widget_control(). * Default empty array. * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function _register_widget_update_callback( $id_base, $update_callback, $options = array(), ...$params ) { global $wp_registered_widget_updates; if ( isset( $wp_registered_widget_updates[ $id_base ] ) ) { if ( empty( $update_callback ) ) { unset( $wp_registered_widget_updates[ $id_base ] ); } return; } $widget = array( 'callback' => $update_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_updates[ $id_base ] = $widget; } /** * Registers the form callback for a widget. * * @since 2.8.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_controls The registered widget controls. * * @param int|string $id Widget ID. * @param string $name Name attribute for the widget. * @param callable $form_callback Form callback. * @param array $options Optional. Widget control options. See wp_register_widget_control(). * Default empty array. * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function _register_widget_form_callback( $id, $name, $form_callback, $options = array(), ...$params ) { global $wp_registered_widget_controls; $id = strtolower( $id ); if ( empty( $form_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); return; } if ( isset( $wp_registered_widget_controls[ $id ] ) && ! did_action( 'widgets_init' ) ) { return; } $defaults = array( 'width' => 250, 'height' => 200, ); $options = wp_parse_args( $options, $defaults ); $options['width'] = (int) $options['width']; $options['height'] = (int) $options['height']; $widget = array( 'name' => $name, 'id' => $id, 'callback' => $form_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_controls[ $id ] = $widget; } /** * Removes control callback for widget. * * @since 2.2.0 * * @param int|string $id Widget ID. */ function wp_unregister_widget_control( $id ) { wp_register_widget_control( $id, '', '' ); } /** * Displays dynamic sidebar. * * By default this displays the default sidebar or 'sidebar-1'. If your theme specifies the 'id' or * 'name' parameter for its registered sidebars you can pass an ID or name as the $index parameter. * Otherwise, you can pass in a numerical index to display the sidebar at that index. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. * @global array $wp_registered_widgets The registered widgets. * * @param int|string $index Optional. Index, name or ID of dynamic sidebar. Default 1. * @return bool True, if widget sidebar was found and called. False if not found or not called. */ function dynamic_sidebar( $index = 1 ) { global $wp_registered_sidebars, $wp_registered_widgets; if ( is_int( $index ) ) { $index = "sidebar-$index"; } else { $index = sanitize_title( $index ); foreach ( (array) $wp_registered_sidebars as $key => $value ) { if ( sanitize_title( $value['name'] ) === $index ) { $index = $key; break; } } } $sidebars_widgets = wp_get_sidebars_widgets(); if ( empty( $wp_registered_sidebars[ $index ] ) || empty( $sidebars_widgets[ $index ] ) || ! is_array( $sidebars_widgets[ $index ] ) ) { /** This action is documented in wp-includes/widget.php */ do_action( 'dynamic_sidebar_before', $index, false ); /** This action is documented in wp-includes/widget.php */ do_action( 'dynamic_sidebar_after', $index, false ); /** This filter is documented in wp-includes/widget.php */ return apply_filters( 'dynamic_sidebar_has_widgets', false, $index ); } $sidebar = $wp_registered_sidebars[ $index ]; $sidebar['before_sidebar'] = sprintf( $sidebar['before_sidebar'], $sidebar['id'], $sidebar['class'] ); /** * Fires before widgets are rendered in a dynamic sidebar. * * Note: The action also fires for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. * @param bool $has_widgets Whether the sidebar is populated with widgets. * Default true. */ do_action( 'dynamic_sidebar_before', $index, true ); if ( ! is_admin() && ! empty( $sidebar['before_sidebar'] ) ) { echo $sidebar['before_sidebar']; } $did_one = false; foreach ( (array) $sidebars_widgets[ $index ] as $id ) { if ( ! isset( $wp_registered_widgets[ $id ] ) ) { continue; } $params = array_merge( array( array_merge( $sidebar, array( 'widget_id' => $id, 'widget_name' => $wp_registered_widgets[ $id ]['name'], ) ), ), (array) $wp_registered_widgets[ $id ]['params'] ); // Substitute HTML `id` and `class` attributes into `before_widget`. $classname_ = ''; foreach ( (array) $wp_registered_widgets[ $id ]['classname'] as $cn ) { if ( is_string( $cn ) ) { $classname_ .= '_' . $cn; } elseif ( is_object( $cn ) ) { $classname_ .= '_' . get_class( $cn ); } } $classname_ = ltrim( $classname_, '_' ); $params[0]['before_widget'] = sprintf( $params[0]['before_widget'], str_replace( '\\', '_', $id ), $classname_ ); /** * Filters the parameters passed to a widget's display callback. * * Note: The filter is evaluated on both the front end and back end, * including for the Inactive Widgets sidebar on the Widgets screen. * * @since 2.5.0 * * @see register_sidebar() * * @param array $params { * @type array $args { * An array of widget display arguments. * * @type string $name Name of the sidebar the widget is assigned to. * @type string $id ID of the sidebar the widget is assigned to. * @type string $description The sidebar description. * @type string $class CSS class applied to the sidebar container. * @type string $before_widget HTML markup to prepend to each widget in the sidebar. * @type string $after_widget HTML markup to append to each widget in the sidebar. * @type string $before_title HTML markup to prepend to the widget title when displayed. * @type string $after_title HTML markup to append to the widget title when displayed. * @type string $widget_id ID of the widget. * @type string $widget_name Name of the widget. * } * @type array $widget_args { * An array of multi-widget arguments. * * @type int $number Number increment used for multiples of the same widget. * } * } */ $params = apply_filters( 'dynamic_sidebar_params', $params ); $callback = $wp_registered_widgets[ $id ]['callback']; /** * Fires before a widget's display callback is called. * * Note: The action fires on both the front end and back end, including * for widgets in the Inactive Widgets sidebar on the Widgets screen. * * The action is not fired for empty sidebars. * * @since 3.0.0 * * @param array $widget { * An associative array of widget arguments. * * @type string $name Name of the widget. * @type string $id Widget ID. * @type callable $callback When the hook is fired on the front end, `$callback` is an array * containing the widget object. Fired on the back end, `$callback` * is 'wp_widget_control', see `$_callback`. * @type array $params An associative array of multi-widget arguments. * @type string $classname CSS class applied to the widget container. * @type string $description The widget description. * @type array $_callback When the hook is fired on the back end, `$_callback` is populated * with an array containing the widget object, see `$callback`. * } */ do_action( 'dynamic_sidebar', $wp_registered_widgets[ $id ] ); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); $did_one = true; } } if ( ! is_admin() && ! empty( $sidebar['after_sidebar'] ) ) { echo $sidebar['after_sidebar']; } /** * Fires after widgets are rendered in a dynamic sidebar. * * Note: The action also fires for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. * @param bool $has_widgets Whether the sidebar is populated with widgets. * Default true. */ do_action( 'dynamic_sidebar_after', $index, true ); /** * Filters whether a sidebar has widgets. * * Note: The filter is also evaluated for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param bool $did_one Whether at least one widget was rendered in the sidebar. * Default false. * @param int|string $index Index, name, or ID of the dynamic sidebar. */ return apply_filters( 'dynamic_sidebar_has_widgets', $did_one, $index ); } /** * Determines whether a given widget is displayed on the front end. * * Either $callback or $id_base can be used. * $id_base is the first argument when extending WP_Widget class. * Without the optional $widget_id parameter, returns the ID of the first sidebar * in which the first instance of the widget with the given callback or $id_base is found. * With the $widget_id parameter, returns the ID of the sidebar where * the widget with that callback/$id_base AND that ID is found. * * NOTE: $widget_id and $id_base are the same for single widgets. To be effective * this function has to run after widgets have initialized, at action {@see 'init'} or later. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. * * @param callable|false $callback Optional. Widget callback to check. Default false. * @param string|false $widget_id Optional. Widget ID. Optional, but needed for checking. * Default false. * @param string|false $id_base Optional. The base ID of a widget created by extending WP_Widget. * Default false. * @param bool $skip_inactive Optional. Whether to check in 'wp_inactive_widgets'. * Default true. * @return string|false ID of the sidebar in which the widget is active, * false if the widget is not active. */ function is_active_widget( $callback = false, $widget_id = false, $id_base = false, $skip_inactive = true ) { global $wp_registered_widgets; $sidebars_widgets = wp_get_sidebars_widgets(); if ( is_array( $sidebars_widgets ) ) { foreach ( $sidebars_widgets as $sidebar => $widgets ) { if ( $skip_inactive && ( 'wp_inactive_widgets' === $sidebar || str_starts_with( $sidebar, 'orphaned_widgets' ) ) ) { continue; } if ( is_array( $widgets ) ) { foreach ( $widgets as $widget ) { if ( ( $callback && isset( $wp_registered_widgets[ $widget ]['callback'] ) && $wp_registered_widgets[ $widget ]['callback'] === $callback ) || ( $id_base && _get_widget_id_base( $widget ) === $id_base ) ) { if ( ! $widget_id || $widget_id === $wp_registered_widgets[ $widget ]['id'] ) { return $sidebar; } } } } } } return false; } /** * Determines whether the dynamic sidebar is enabled and used by the theme. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. * @global array $wp_registered_sidebars The registered sidebars. * * @return bool True if using widgets, false otherwise. */ function is_dynamic_sidebar() { global $wp_registered_widgets, $wp_registered_sidebars; $sidebars_widgets = get_option( 'sidebars_widgets' ); foreach ( (array) $wp_registered_sidebars as $index => $sidebar ) { if ( ! empty( $sidebars_widgets[ $index ] ) ) { foreach ( (array) $sidebars_widgets[ $index ] as $widget ) { if ( array_key_exists( $widget, $wp_registered_widgets ) ) { return true; } } } } return false; } /** * Determines whether a sidebar contains widgets. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.8.0 * * @param string|int $index Sidebar name, id or number to check. * @return bool True if the sidebar has widgets, false otherwise. */ function is_active_sidebar( $index ) { $index = ( is_int( $index ) ) ? "sidebar-$index" : sanitize_title( $index ); $sidebars_widgets = wp_get_sidebars_widgets(); $is_active_sidebar = ! empty( $sidebars_widgets[ $index ] ); /** * Filters whether a dynamic sidebar is considered "active". * * @since 3.9.0 * * @param bool $is_active_sidebar Whether or not the sidebar should be considered "active". * In other words, whether the sidebar contains any widgets. * @param int|string $index Index, name, or ID of the dynamic sidebar. */ return apply_filters( 'is_active_sidebar', $is_active_sidebar, $index ); } // // Internal Functions. // /** * Retrieves the full list of sidebars and their widget instance IDs. * * Will upgrade sidebar widget list, if needed. Will also save updated list, if * needed. * * @since 2.2.0 * @access private * * @global array $_wp_sidebars_widgets * @global array $sidebars_widgets * * @param bool $deprecated Not used (argument deprecated). * @return array Upgraded list of widgets to version 3 array format when called from the admin. */ function wp_get_sidebars_widgets( $deprecated = true ) { if ( true !== $deprecated ) { _deprecated_argument( __FUNCTION__, '2.8.1' ); } global $_wp_sidebars_widgets, $sidebars_widgets; /* * If loading from front page, consult $_wp_sidebars_widgets rather than options * to see if wp_convert_widget_settings() has made manipulations in memory. */ if ( ! is_admin() ) { if ( empty( $_wp_sidebars_widgets ) ) { $_wp_sidebars_widgets = get_option( 'sidebars_widgets', array() ); } $sidebars_widgets = $_wp_sidebars_widgets; } else { $sidebars_widgets = get_option( 'sidebars_widgets', array() ); } if ( is_array( $sidebars_widgets ) && isset( $sidebars_widgets['array_version'] ) ) { unset( $sidebars_widgets['array_version'] ); } /** * Filters the list of sidebars and their widgets. * * @since 2.7.0 * * @param array $sidebars_widgets An associative array of sidebars and their widgets. */ return apply_filters( 'sidebars_widgets', $sidebars_widgets ); } /** * Retrieves the registered sidebar with the given ID. * * @since 5.9.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string $id The sidebar ID. * @return array|null The discovered sidebar, or null if it is not registered. */ function wp_get_sidebar( $id ) { global $wp_registered_sidebars; foreach ( (array) $wp_registered_sidebars as $sidebar ) { if ( $sidebar['id'] === $id ) { return $sidebar; } } if ( 'wp_inactive_widgets' === $id ) { return array( 'id' => 'wp_inactive_widgets', 'name' => __( 'Inactive widgets' ), ); } return null; } /** * Sets the sidebar widget option to update sidebars. * * @since 2.2.0 * @access private * * @global array $_wp_sidebars_widgets * @param array $sidebars_widgets Sidebar widgets and their settings. */ function wp_set_sidebars_widgets( $sidebars_widgets ) { global $_wp_sidebars_widgets; // Clear cached value used in wp_get_sidebars_widgets(). $_wp_sidebars_widgets = null; if ( ! isset( $sidebars_widgets['array_version'] ) ) { $sidebars_widgets['array_version'] = 3; } update_option( 'sidebars_widgets', $sidebars_widgets ); } /** * Retrieves default registered sidebars list. * * @since 2.2.0 * @access private * * @global array $wp_registered_sidebars The registered sidebars. * * @return array */ function wp_get_widget_defaults() { global $wp_registered_sidebars; $defaults = array(); foreach ( (array) $wp_registered_sidebars as $index => $sidebar ) { $defaults[ $index ] = array(); } return $defaults; } /** * Converts the widget settings from single to multi-widget format. * * @since 2.8.0 * * @global array $_wp_sidebars_widgets * * @param string $base_name Root ID for all widgets of this type. * @param string $option_name Option name for this widget type. * @param array $settings The array of widget instance settings. * @return array The array of widget settings converted to multi-widget format. */ function wp_convert_widget_settings( $base_name, $option_name, $settings ) { // This test may need expanding. $single = false; $changed = false; if ( empty( $settings ) ) { $single = true; } else { foreach ( array_keys( $settings ) as $number ) { if ( 'number' === $number ) { continue; } if ( ! is_numeric( $number ) ) { $single = true; break; } } } if ( $single ) { $settings = array( 2 => $settings ); // If loading from the front page, update sidebar in memory but don't save to options. if ( is_admin() ) { $sidebars_widgets = get_option( 'sidebars_widgets' ); } else { if ( empty( $GLOBALS['_wp_sidebars_widgets'] ) ) { $GLOBALS['_wp_sidebars_widgets'] = get_option( 'sidebars_widgets', array() ); } $sidebars_widgets = &$GLOBALS['_wp_sidebars_widgets']; } foreach ( (array) $sidebars_widgets as $index => $sidebar ) { if ( is_array( $sidebar ) ) { foreach ( $sidebar as $i => $name ) { if ( $base_name === $name ) { $sidebars_widgets[ $index ][ $i ] = "$name-2"; $changed = true; break 2; } } } } if ( is_admin() && $changed ) { update_option( 'sidebars_widgets', $sidebars_widgets ); } } $settings['_multiwidget'] = 1; if ( is_admin() ) { update_option( $option_name, $settings ); } return $settings; } /** * Outputs an arbitrary widget as a template tag. * * @since 2.8.0 * * @global WP_Widget_Factory $wp_widget_factory * * @param string $widget The widget's PHP class name (see class-wp-widget.php). * @param array $instance Optional. The widget's instance settings. Default empty array. * @param array $args { * Optional. Array of arguments to configure the display of the widget. * * @type string $before_widget HTML content that will be prepended to the widget's HTML output. * Default `<div class="widget %s">`, where `%s` is the widget's class name. * @type string $after_widget HTML content that will be appended to the widget's HTML output. * Default `</div>`. * @type string $before_title HTML content that will be prepended to the widget's title when displayed. * Default `<h2 class="widgettitle">`. * @type string $after_title HTML content that will be appended to the widget's title when displayed. * Default `</h2>`. * } */ function the_widget( $widget, $instance = array(), $args = array() ) { global $wp_widget_factory; if ( ! isset( $wp_widget_factory->widgets[ $widget ] ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: register_widget() */ __( 'Widgets need to be registered using %s, before they can be displayed.' ), '<code>register_widget()</code>' ), '4.9.0' ); return; } $widget_obj = $wp_widget_factory->widgets[ $widget ]; if ( ! ( $widget_obj instanceof WP_Widget ) ) { return; } $default_args = array( 'before_widget' => '<div class="widget %s">', 'after_widget' => '</div>', 'before_title' => '<h2 class="widgettitle">', 'after_title' => '</h2>', ); $args = wp_parse_args( $args, $default_args ); $args['before_widget'] = sprintf( $args['before_widget'], $widget_obj->widget_options['classname'] ); $instance = wp_parse_args( $instance ); /** This filter is documented in wp-includes/class-wp-widget.php */ $instance = apply_filters( 'widget_display_callback', $instance, $widget_obj, $args ); if ( false === $instance ) { return; } /** * Fires before rendering the requested widget. * * @since 3.0.0 * * @param string $widget The widget's class name. * @param array $instance The current widget instance's settings. * @param array $args An array of the widget's sidebar arguments. */ do_action( 'the_widget', $widget, $instance, $args ); $widget_obj->_set( -1 ); $widget_obj->widget( $args, $instance ); } /** * Retrieves the widget ID base value. * * @since 2.8.0 * * @param string $id Widget ID. * @return string Widget ID base. */ function _get_widget_id_base( $id ) { return preg_replace( '/-[0-9]+$/', '', $id ); } /** * Handles sidebars config after theme change. * * @access private * @since 3.3.0 * * @global array $sidebars_widgets */ function _wp_sidebars_changed() { global $sidebars_widgets; if ( ! is_array( $sidebars_widgets ) ) { $sidebars_widgets = wp_get_sidebars_widgets(); } retrieve_widgets( true ); } /** * Validates and remaps any "orphaned" widgets to wp_inactive_widgets sidebar, * and saves the widget settings. This has to run at least on each theme change. * * For example, let's say theme A has a "footer" sidebar, and theme B doesn't have one. * After switching from theme A to theme B, all the widgets previously assigned * to the footer would be inaccessible. This function detects this scenario, and * moves all the widgets previously assigned to the footer under wp_inactive_widgets. * * Despite the word "retrieve" in the name, this function actually updates the database * and the global `$sidebars_widgets`. For that reason it should not be run on front end, * unless the `$theme_changed` value is 'customize' (to bypass the database write). * * @since 2.8.0 * * @global array $wp_registered_sidebars The registered sidebars. * @global array $sidebars_widgets * @global array $wp_registered_widgets The registered widgets. * * @param string|bool $theme_changed Whether the theme was changed as a boolean. A value * of 'customize' defers updates for the Customizer. * @return array Updated sidebars widgets. */ function retrieve_widgets( $theme_changed = false ) { global $wp_registered_sidebars, $sidebars_widgets, $wp_registered_widgets; $registered_sidebars_keys = array_keys( $wp_registered_sidebars ); $registered_widgets_ids = array_keys( $wp_registered_widgets ); if ( ! is_array( get_theme_mod( 'sidebars_widgets' ) ) ) { if ( empty( $sidebars_widgets ) ) { return array(); } unset( $sidebars_widgets['array_version'] ); $sidebars_widgets_keys = array_keys( $sidebars_widgets ); sort( $sidebars_widgets_keys ); sort( $registered_sidebars_keys ); if ( $sidebars_widgets_keys === $registered_sidebars_keys ) { $sidebars_widgets = _wp_remove_unregistered_widgets( $sidebars_widgets, $registered_widgets_ids ); return $sidebars_widgets; } } // Discard invalid, theme-specific widgets from sidebars. $sidebars_widgets = _wp_remove_unregistered_widgets( $sidebars_widgets, $registered_widgets_ids ); $sidebars_widgets = wp_map_sidebars_widgets( $sidebars_widgets ); // Replace non-array values inside the array with an empty array. foreach ( $sidebars_widgets as $key => $value ) { if ( ! is_array( $value ) ) { $sidebars_widgets[ $key ] = array(); } } // Find hidden/lost multi-widget instances. $shown_widgets = array_merge( ...array_values( $sidebars_widgets ) ); $lost_widgets = array_diff( $registered_widgets_ids, $shown_widgets ); foreach ( $lost_widgets as $key => $widget_id ) { $number = preg_replace( '/.+?-([0-9]+)$/', '$1', $widget_id ); // Only keep active and default widgets. if ( is_numeric( $number ) && (int) $number < 2 ) { unset( $lost_widgets[ $key ] ); } } $sidebars_widgets['wp_inactive_widgets'] = array_merge( $lost_widgets, (array) $sidebars_widgets['wp_inactive_widgets'] ); if ( 'customize' !== $theme_changed ) { // Update the widgets settings in the database. wp_set_sidebars_widgets( $sidebars_widgets ); } return $sidebars_widgets; } /** * Compares a list of sidebars with their widgets against an allowed list. * * @since 4.9.0 * @since 4.9.2 Always tries to restore widget assignments from previous data, not just if sidebars needed mapping. * * @global array $wp_registered_sidebars The registered sidebars. * * @param array $existing_sidebars_widgets List of sidebars and their widget instance IDs. * @return array Mapped sidebars widgets. */ function wp_map_sidebars_widgets( $existing_sidebars_widgets ) { global $wp_registered_sidebars; $new_sidebars_widgets = array( 'wp_inactive_widgets' => array(), ); // Short-circuit if there are no sidebars to map. if ( ! is_array( $existing_sidebars_widgets ) || empty( $existing_sidebars_widgets ) ) { return $new_sidebars_widgets; } foreach ( $existing_sidebars_widgets as $sidebar => $widgets ) { if ( 'wp_inactive_widgets' === $sidebar || str_starts_with( $sidebar, 'orphaned_widgets' ) ) { $new_sidebars_widgets['wp_inactive_widgets'] = array_merge( $new_sidebars_widgets['wp_inactive_widgets'], (array) $widgets ); unset( $existing_sidebars_widgets[ $sidebar ] ); } } // If old and new theme have just one sidebar, map it and we're done. if ( 1 === count( $existing_sidebars_widgets ) && 1 === count( $wp_registered_sidebars ) ) { $new_sidebars_widgets[ key( $wp_registered_sidebars ) ] = array_pop( $existing_sidebars_widgets ); return $new_sidebars_widgets; } // Map locations with the same slug. $existing_sidebars = array_keys( $existing_sidebars_widgets ); foreach ( $wp_registered_sidebars as $sidebar => $name ) { if ( in_array( $sidebar, $existing_sidebars, true ) ) { $new_sidebars_widgets[ $sidebar ] = $existing_sidebars_widgets[ $sidebar ]; unset( $existing_sidebars_widgets[ $sidebar ] ); } elseif ( ! array_key_exists( $sidebar, $new_sidebars_widgets ) ) { $new_sidebars_widgets[ $sidebar ] = array(); } } // If there are more sidebars, try to map them. if ( ! empty( $existing_sidebars_widgets ) ) { /* * If old and new theme both have sidebars that contain phrases * from within the same group, make an educated guess and map it. */ $common_slug_groups = array( array( 'sidebar', 'primary', 'main', 'right' ), array( 'second', 'left' ), array( 'sidebar-2', 'footer', 'bottom' ), array( 'header', 'top' ), ); // Go through each group... foreach ( $common_slug_groups as $slug_group ) { // ...and see if any of these slugs... foreach ( $slug_group as $slug ) { // ...and any of the new sidebars... foreach ( $wp_registered_sidebars as $new_sidebar => $args ) { // ...actually match! if ( false === stripos( $new_sidebar, $slug ) && false === stripos( $slug, $new_sidebar ) ) { continue; } // Then see if any of the existing sidebars... foreach ( $existing_sidebars_widgets as $sidebar => $widgets ) { // ...and any slug in the same group... foreach ( $slug_group as $slug ) { // ... have a match as well. if ( false === stripos( $sidebar, $slug ) && false === stripos( $slug, $sidebar ) ) { continue; } // Make sure this sidebar wasn't mapped and removed previously. if ( ! empty( $existing_sidebars_widgets[ $sidebar ] ) ) { // We have a match that can be mapped! $new_sidebars_widgets[ $new_sidebar ] = array_merge( $new_sidebars_widgets[ $new_sidebar ], $existing_sidebars_widgets[ $sidebar ] ); // Remove the mapped sidebar so it can't be mapped again. unset( $existing_sidebars_widgets[ $sidebar ] ); // Go back and check the next new sidebar. continue 3; } } // End foreach ( $slug_group as $slug ). } // End foreach ( $existing_sidebars_widgets as $sidebar => $widgets ). } // End foreach ( $wp_registered_sidebars as $new_sidebar => $args ). } // End foreach ( $slug_group as $slug ). } // End foreach ( $common_slug_groups as $slug_group ). } // Move any left over widgets to inactive sidebar. foreach ( $existing_sidebars_widgets as $widgets ) { if ( is_array( $widgets ) && ! empty( $widgets ) ) { $new_sidebars_widgets['wp_inactive_widgets'] = array_merge( $new_sidebars_widgets['wp_inactive_widgets'], $widgets ); } } // Sidebars_widgets settings from when this theme was previously active. $old_sidebars_widgets = get_theme_mod( 'sidebars_widgets' ); $old_sidebars_widgets = isset( $old_sidebars_widgets['data'] ) ? $old_sidebars_widgets['data'] : false; if ( is_array( $old_sidebars_widgets ) ) { // Remove empty sidebars, no need to map those. $old_sidebars_widgets = array_filter( $old_sidebars_widgets ); // Only check sidebars that are empty or have not been mapped to yet. foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ) { if ( array_key_exists( $new_sidebar, $old_sidebars_widgets ) && ! empty( $new_widgets ) ) { unset( $old_sidebars_widgets[ $new_sidebar ] ); } } // Remove orphaned widgets, we're only interested in previously active sidebars. foreach ( $old_sidebars_widgets as $sidebar => $widgets ) { if ( str_starts_with( $sidebar, 'orphaned_widgets' ) ) { unset( $old_sidebars_widgets[ $sidebar ] ); } } $old_sidebars_widgets = _wp_remove_unregistered_widgets( $old_sidebars_widgets ); // Replace non-array values inside the array with an empty array. foreach ( $new_sidebars_widgets as $key => $value ) { if ( ! is_array( $value ) ) { $new_sidebars_widgets[ $key ] = array(); } } if ( ! empty( $old_sidebars_widgets ) ) { // Go through each remaining sidebar... foreach ( $old_sidebars_widgets as $old_sidebar => $old_widgets ) { // ...and check every new sidebar... foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ) { // ...for every widget we're trying to revive. foreach ( $old_widgets as $key => $widget_id ) { $active_key = array_search( $widget_id, $new_widgets, true ); // If the widget is used elsewhere... if ( false !== $active_key ) { // ...and that elsewhere is inactive widgets... if ( 'wp_inactive_widgets' === $new_sidebar ) { // ...remove it from there and keep the active version... unset( $new_sidebars_widgets['wp_inactive_widgets'][ $active_key ] ); } else { // ...otherwise remove it from the old sidebar and keep it in the new one. unset( $old_sidebars_widgets[ $old_sidebar ][ $key ] ); } } // End if ( $active_key ). } // End foreach ( $old_widgets as $key => $widget_id ). } // End foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ). } // End foreach ( $old_sidebars_widgets as $old_sidebar => $old_widgets ). } // End if ( ! empty( $old_sidebars_widgets ) ). // Restore widget settings from when theme was previously active. $new_sidebars_widgets = array_merge( $new_sidebars_widgets, $old_sidebars_widgets ); } return $new_sidebars_widgets; } /** * Compares a list of sidebars with their widgets against an allowed list. * * @since 4.9.0 * * @global array $wp_registered_widgets The registered widgets. * * @param array $sidebars_widgets List of sidebars and their widget instance IDs. * @param array $allowed_widget_ids Optional. List of widget IDs to compare against. Default: Registered widgets. * @return array Sidebars with allowed widgets. */ function _wp_remove_unregistered_widgets( $sidebars_widgets, $allowed_widget_ids = array() ) { if ( empty( $allowed_widget_ids ) ) { $allowed_widget_ids = array_keys( $GLOBALS['wp_registered_widgets'] ); } foreach ( $sidebars_widgets as $sidebar => $widgets ) { if ( is_array( $widgets ) ) { $sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $allowed_widget_ids ); } } return $sidebars_widgets; } /** * Displays the RSS entries in a list. * * @since 2.5.0 * * @param string|array|object $rss RSS url. * @param array $args Widget arguments. */ function wp_widget_rss_output( $rss, $args = array() ) { if ( is_string( $rss ) ) { $rss = fetch_feed( $rss ); } elseif ( is_array( $rss ) && isset( $rss['url'] ) ) { $args = $rss; $rss = fetch_feed( $rss['url'] ); } elseif ( ! is_object( $rss ) ) { return; } if ( is_wp_error( $rss ) ) { if ( is_admin() || current_user_can( 'manage_options' ) ) { echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $rss->get_error_message() ) . '</p>'; } return; } $default_args = array( 'show_author' => 0, 'show_date' => 0, 'show_summary' => 0, 'items' => 0, ); $args = wp_parse_args( $args, $default_args ); $items = (int) $args['items']; if ( $items < 1 || 20 < $items ) { $items = 10; } $show_summary = (int) $args['show_summary']; $show_author = (int) $args['show_author']; $show_date = (int) $args['show_date']; if ( ! $rss->get_item_quantity() ) { echo '<ul><li>' . __( 'An error has occurred, which probably means the feed is down. Try again later.' ) . '</li></ul>'; $rss->__destruct(); unset( $rss ); return; } echo '<ul>'; foreach ( $rss->get_items( 0, $items ) as $item ) { $link = $item->get_link(); while ( ! empty( $link ) && stristr( $link, 'http' ) !== $link ) { $link = substr( $link, 1 ); } $link = esc_url( strip_tags( $link ) ); $title = esc_html( trim( strip_tags( $item->get_title() ) ) ); if ( empty( $title ) ) { $title = __( 'Untitled' ); } $desc = html_entity_decode( $item->get_description(), ENT_QUOTES, get_option( 'blog_charset' ) ); $desc = esc_attr( wp_trim_words( $desc, 55, ' […]' ) ); $summary = ''; if ( $show_summary ) { $summary = $desc; // Change existing [...] to […]. if ( str_ends_with( $summary, '[...]' ) ) { $summary = substr( $summary, 0, -5 ) . '[…]'; } $summary = '<div class="rssSummary">' . esc_html( $summary ) . '</div>'; } $date = ''; if ( $show_date ) { $date = $item->get_date( 'U' ); if ( $date ) { $date = ' <span class="rss-date">' . date_i18n( get_option( 'date_format' ), $date ) . '</span>'; } } $author = ''; if ( $show_author ) { $author = $item->get_author(); if ( is_object( $author ) ) { $author = $author->get_name(); $author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>'; } } if ( '' === $link ) { echo "<li>$title{$date}{$summary}{$author}</li>"; } elseif ( $show_summary ) { echo "<li><a class='rsswidget' href='$link'>$title</a>{$date}{$summary}{$author}</li>"; } else { echo "<li><a class='rsswidget' href='$link'>$title</a>{$date}{$author}</li>"; } } echo '</ul>'; $rss->__destruct(); unset( $rss ); } /** * Displays RSS widget options form. * * The options for what fields are displayed for the RSS form are all booleans * and are as follows: 'url', 'title', 'items', 'show_summary', 'show_author', * 'show_date'. * * @since 2.5.0 * * @param array|string $args Values for input fields. * @param array $inputs Override default display options. */ function wp_widget_rss_form( $args, $inputs = null ) { $default_inputs = array( 'url' => true, 'title' => true, 'items' => true, 'show_summary' => true, 'show_author' => true, 'show_date' => true, ); $inputs = wp_parse_args( $inputs, $default_inputs ); $args['title'] = isset( $args['title'] ) ? $args['title'] : ''; $args['url'] = isset( $args['url'] ) ? $args['url'] : ''; $args['items'] = isset( $args['items'] ) ? (int) $args['items'] : 0; if ( $args['items'] < 1 || 20 < $args['items'] ) { $args['items'] = 10; } $args['show_summary'] = isset( $args['show_summary'] ) ? (int) $args['show_summary'] : (int) $inputs['show_summary']; $args['show_author'] = isset( $args['show_author'] ) ? (int) $args['show_author'] : (int) $inputs['show_author']; $args['show_date'] = isset( $args['show_date'] ) ? (int) $args['show_date'] : (int) $inputs['show_date']; if ( ! empty( $args['error'] ) ) { echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $args['error'] ) . '</p>'; } $esc_number = esc_attr( $args['number'] ); if ( $inputs['url'] ) : ?> <p><label for="rss-url-<?php echo $esc_number; ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label> <input class="widefat" id="rss-url-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][url]" type="text" value="<?php echo esc_url( $args['url'] ); ?>" /></p> <?php endif; if ( $inputs['title'] ) : ?> <p><label for="rss-title-<?php echo $esc_number; ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label> <input class="widefat" id="rss-title-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][title]" type="text" value="<?php echo esc_attr( $args['title'] ); ?>" /></p> <?php endif; if ( $inputs['items'] ) : ?> <p><label for="rss-items-<?php echo $esc_number; ?>"><?php _e( 'How many items would you like to display?' ); ?></label> <select id="rss-items-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][items]"> <?php for ( $i = 1; $i <= 20; ++$i ) { echo "<option value='$i' " . selected( $args['items'], $i, false ) . ">$i</option>"; } ?> </select></p> <?php endif; if ( $inputs['show_summary'] || $inputs['show_author'] || $inputs['show_date'] ) : ?> <p> <?php if ( $inputs['show_summary'] ) : ?> <input id="rss-show-summary-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> /> <label for="rss-show-summary-<?php echo $esc_number; ?>"><?php _e( 'Display item content?' ); ?></label><br /> <?php endif; if ( $inputs['show_author'] ) : ?> <input id="rss-show-author-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> /> <label for="rss-show-author-<?php echo $esc_number; ?>"><?php _e( 'Display item author if available?' ); ?></label><br /> <?php endif; if ( $inputs['show_date'] ) : ?> <input id="rss-show-date-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?> /> <label for="rss-show-date-<?php echo $esc_number; ?>"><?php _e( 'Display item date?' ); ?></label><br /> <?php endif; ?> </p> <?php endif; // End of display options. foreach ( array_keys( $default_inputs ) as $input ) : if ( 'hidden' === $inputs[ $input ] ) : $id = str_replace( '_', '-', $input ); ?> <input type="hidden" id="rss-<?php echo esc_attr( $id ); ?>-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][<?php echo esc_attr( $input ); ?>]" value="<?php echo esc_attr( $args[ $input ] ); ?>" /> <?php endif; endforeach; } /** * Processes RSS feed widget data and optionally retrieve feed items. * * The feed widget can not have more than 20 items or it will reset back to the * default, which is 10. * * The resulting array has the feed title, feed url, feed link (from channel), * feed items, error (if any), and whether to show summary, author, and date. * All respectively in the order of the array elements. * * @since 2.5.0 * * @param array $widget_rss RSS widget feed data. Expects unescaped data. * @param bool $check_feed Optional. Whether to check feed for errors. Default true. * @return array */ function wp_widget_rss_process( $widget_rss, $check_feed = true ) { $items = (int) $widget_rss['items']; if ( $items < 1 || 20 < $items ) { $items = 10; } $url = sanitize_url( strip_tags( $widget_rss['url'] ) ); $title = isset( $widget_rss['title'] ) ? trim( strip_tags( $widget_rss['title'] ) ) : ''; $show_summary = isset( $widget_rss['show_summary'] ) ? (int) $widget_rss['show_summary'] : 0; $show_author = isset( $widget_rss['show_author'] ) ? (int) $widget_rss['show_author'] : 0; $show_date = isset( $widget_rss['show_date'] ) ? (int) $widget_rss['show_date'] : 0; $error = false; $link = ''; if ( $check_feed ) { $rss = fetch_feed( $url ); if ( is_wp_error( $rss ) ) { $error = $rss->get_error_message(); } else { $link = esc_url( strip_tags( $rss->get_permalink() ) ); while ( stristr( $link, 'http' ) !== $link ) { $link = substr( $link, 1 ); } $rss->__destruct(); unset( $rss ); } } return compact( 'title', 'url', 'link', 'items', 'error', 'show_summary', 'show_author', 'show_date' ); } /** * Registers all of the default WordPress widgets on startup. * * Calls {@see 'widgets_init'} action after all of the WordPress widgets have been registered. * * @since 2.2.0 */ function wp_widgets_init() { if ( ! is_blog_installed() ) { return; } register_widget( 'WP_Widget_Pages' ); register_widget( 'WP_Widget_Calendar' ); register_widget( 'WP_Widget_Archives' ); if ( get_option( 'link_manager_enabled' ) ) { register_widget( 'WP_Widget_Links' ); } register_widget( 'WP_Widget_Media_Audio' ); register_widget( 'WP_Widget_Media_Image' ); register_widget( 'WP_Widget_Media_Gallery' ); register_widget( 'WP_Widget_Media_Video' ); register_widget( 'WP_Widget_Meta' ); register_widget( 'WP_Widget_Search' ); register_widget( 'WP_Widget_Text' ); register_widget( 'WP_Widget_Categories' ); register_widget( 'WP_Widget_Recent_Posts' ); register_widget( 'WP_Widget_Recent_Comments' ); register_widget( 'WP_Widget_RSS' ); register_widget( 'WP_Widget_Tag_Cloud' ); register_widget( 'WP_Nav_Menu_Widget' ); register_widget( 'WP_Widget_Custom_HTML' ); register_widget( 'WP_Widget_Block' ); /** * Fires after all default WordPress widgets have been registered. * * @since 2.2.0 */ do_action( 'widgets_init' ); } /** * Enables the widgets block editor. This is hooked into 'after_setup_theme' so * that the block editor is enabled by default but can be disabled by themes. * * @since 5.8.0 * * @access private */ function wp_setup_widgets_block_editor() { add_theme_support( 'widgets-block-editor' ); } /** * Determines whether or not to use the block editor to manage widgets. * Defaults to true unless a theme has removed support for widgets-block-editor * or a plugin has filtered the return value of this function. * * @since 5.8.0 * * @return bool Whether to use the block editor to manage widgets. */ function wp_use_widgets_block_editor() { /** * Filters whether to use the block editor to manage widgets. * * @since 5.8.0 * * @param bool $use_widgets_block_editor Whether to use the block editor to manage widgets. */ return apply_filters( 'use_widgets_block_editor', get_theme_support( 'widgets-block-editor' ) ); } /** * Converts a widget ID into its id_base and number components. * * @since 5.8.0 * * @param string $id Widget ID. * @return array Array containing a widget's id_base and number components. */ function wp_parse_widget_id( $id ) { $parsed = array(); if ( preg_match( '/^(.+)-(\d+)$/', $id, $matches ) ) { $parsed['id_base'] = $matches[1]; $parsed['number'] = (int) $matches[2]; } else { // Likely an old single widget. $parsed['id_base'] = $id; } return $parsed; } /** * Finds the sidebar that a given widget belongs to. * * @since 5.8.0 * * @param string $widget_id The widget ID to look for. * @return string|null The found sidebar's ID, or null if it was not found. */ function wp_find_widgets_sidebar( $widget_id ) { foreach ( wp_get_sidebars_widgets() as $sidebar_id => $widget_ids ) { foreach ( $widget_ids as $maybe_widget_id ) { if ( $maybe_widget_id === $widget_id ) { return (string) $sidebar_id; } } } return null; } /** * Assigns a widget to the given sidebar. * * @since 5.8.0 * * @param string $widget_id The widget ID to assign. * @param string $sidebar_id The sidebar ID to assign to. If empty, the widget won't be added to any sidebar. */ function wp_assign_widget_to_sidebar( $widget_id, $sidebar_id ) { $sidebars = wp_get_sidebars_widgets(); foreach ( $sidebars as $maybe_sidebar_id => $widgets ) { foreach ( $widgets as $i => $maybe_widget_id ) { if ( $widget_id === $maybe_widget_id && $sidebar_id !== $maybe_sidebar_id ) { unset( $sidebars[ $maybe_sidebar_id ][ $i ] ); // We could technically break 2 here, but continue looping in case the ID is duplicated. continue 2; } } } if ( $sidebar_id ) { $sidebars[ $sidebar_id ][] = $widget_id; } wp_set_sidebars_widgets( $sidebars ); } /** * Calls the render callback of a widget and returns the output. * * @since 5.8.0 * * @global array $wp_registered_widgets The registered widgets. * @global array $wp_registered_sidebars The registered sidebars. * * @param string $widget_id Widget ID. * @param string $sidebar_id Sidebar ID. * @return string */ function wp_render_widget( $widget_id, $sidebar_id ) { global $wp_registered_widgets, $wp_registered_sidebars; if ( ! isset( $wp_registered_widgets[ $widget_id ] ) ) { return ''; } if ( isset( $wp_registered_sidebars[ $sidebar_id ] ) ) { $sidebar = $wp_registered_sidebars[ $sidebar_id ]; } elseif ( 'wp_inactive_widgets' === $sidebar_id ) { $sidebar = array(); } else { return ''; } $params = array_merge( array( array_merge( $sidebar, array( 'widget_id' => $widget_id, 'widget_name' => $wp_registered_widgets[ $widget_id ]['name'], ) ), ), (array) $wp_registered_widgets[ $widget_id ]['params'] ); // Substitute HTML `id` and `class` attributes into `before_widget`. $classname_ = ''; foreach ( (array) $wp_registered_widgets[ $widget_id ]['classname'] as $cn ) { if ( is_string( $cn ) ) { $classname_ .= '_' . $cn; } elseif ( is_object( $cn ) ) { $classname_ .= '_' . get_class( $cn ); } } $classname_ = ltrim( $classname_, '_' ); $params[0]['before_widget'] = sprintf( $params[0]['before_widget'], $widget_id, $classname_ ); /** This filter is documented in wp-includes/widgets.php */ $params = apply_filters( 'dynamic_sidebar_params', $params ); $callback = $wp_registered_widgets[ $widget_id ]['callback']; ob_start(); /** This filter is documented in wp-includes/widgets.php */ do_action( 'dynamic_sidebar', $wp_registered_widgets[ $widget_id ] ); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); } return ob_get_clean(); } /** * Calls the control callback of a widget and returns the output. * * @since 5.8.0 * * @global array $wp_registered_widget_controls The registered widget controls. * * @param string $id Widget ID. * @return string|null */ function wp_render_widget_control( $id ) { global $wp_registered_widget_controls; if ( ! isset( $wp_registered_widget_controls[ $id ]['callback'] ) ) { return null; } $callback = $wp_registered_widget_controls[ $id ]['callback']; $params = $wp_registered_widget_controls[ $id ]['params']; ob_start(); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); } return ob_get_clean(); } /** * Displays a _doing_it_wrong() message for conflicting widget editor scripts. * * The 'wp-editor' script module is exposed as window.wp.editor. This overrides * the legacy TinyMCE editor module which is required by the widgets editor. * Because of that conflict, these two shouldn't be enqueued together. * See https://core.trac.wordpress.org/ticket/53569. * * There is also another conflict related to styles where the block widgets * editor is hidden if a block enqueues 'wp-edit-post' stylesheet. * See https://core.trac.wordpress.org/ticket/53569. * * @since 5.8.0 * @access private * * @global WP_Scripts $wp_scripts * @global WP_Styles $wp_styles */ function wp_check_widget_editor_deps() { global $wp_scripts, $wp_styles; if ( $wp_scripts->query( 'wp-edit-widgets', 'enqueued' ) || $wp_scripts->query( 'wp-customize-widgets', 'enqueued' ) ) { if ( $wp_scripts->query( 'wp-editor', 'enqueued' ) ) { _doing_it_wrong( 'wp_enqueue_script()', sprintf( /* translators: 1: 'wp-editor', 2: 'wp-edit-widgets', 3: 'wp-customize-widgets'. */ __( '"%1$s" script should not be enqueued together with the new widgets editor (%2$s or %3$s).' ), 'wp-editor', 'wp-edit-widgets', 'wp-customize-widgets' ), '5.8.0' ); } if ( $wp_styles->query( 'wp-edit-post', 'enqueued' ) ) { _doing_it_wrong( 'wp_enqueue_style()', sprintf( /* translators: 1: 'wp-edit-post', 2: 'wp-edit-widgets', 3: 'wp-customize-widgets'. */ __( '"%1$s" style should not be enqueued together with the new widgets editor (%2$s or %3$s).' ), 'wp-edit-post', 'wp-edit-widgets', 'wp-customize-widgets' ), '5.8.0' ); } } } /** * Registers the previous theme's sidebars for the block themes. * * @since 6.2.0 * @access private * * @global array $wp_registered_sidebars The registered sidebars. */ function _wp_block_theme_register_classic_sidebars() { global $wp_registered_sidebars; if ( ! wp_is_block_theme() ) { return; } $classic_sidebars = get_theme_mod( 'wp_classic_sidebars' ); if ( empty( $classic_sidebars ) ) { return; } // Don't use `register_sidebar` since it will enable the `widgets` support for a theme. foreach ( $classic_sidebars as $sidebar ) { $wp_registered_sidebars[ $sidebar['id'] ] = $sidebar; } } HTTP/https-detection-20260605100735-20260607033916.php 0000666 00000013341 15226703613 0014141 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/script-loader-20260606091047.php 0000666 00000465210 15226703613 0012215 0 ustar 00 <?php /** * WordPress scripts and styles default loader. * * Several constants are used to manage the loading, concatenating and compression of scripts and CSS: * define('SCRIPT_DEBUG', true); loads the development (non-minified) versions of all scripts and CSS, and disables compression and concatenation, * define('CONCATENATE_SCRIPTS', false); disables compression and concatenation of scripts and CSS, * define('COMPRESS_SCRIPTS', false); disables compression of scripts, * define('COMPRESS_CSS', false); disables compression of CSS, * define('ENFORCE_GZIP', true); forces gzip for compression (default is deflate). * * The globals $concatenate_scripts, $compress_scripts and $compress_css can be set by plugins * to temporarily override the above settings. Also a compression test is run once and the result is saved * as option 'can_compress_scripts' (0/1). The test will run again if that option is deleted. * * @package WordPress */ /** WordPress Dependency Class */ require ABSPATH . WPINC . '/class-wp-dependency.php'; /** WordPress Dependencies Class */ require ABSPATH . WPINC . '/class-wp-dependencies.php'; /** WordPress Scripts Class */ require ABSPATH . WPINC . '/class-wp-scripts.php'; /** WordPress Scripts Functions */ require ABSPATH . WPINC . '/functions.wp-scripts.php'; /** WordPress Styles Class */ require ABSPATH . WPINC . '/class-wp-styles.php'; /** WordPress Styles Functions */ require ABSPATH . WPINC . '/functions.wp-styles.php'; /** * Registers TinyMCE scripts. * * @since 5.0.0 * * @global string $tinymce_version * @global bool $concatenate_scripts * @global bool $compress_scripts * * @param WP_Scripts $scripts WP_Scripts object. * @param bool $force_uncompressed Whether to forcibly prevent gzip compression. Default false. */ function wp_register_tinymce_scripts( $scripts, $force_uncompressed = false ) { global $tinymce_version, $concatenate_scripts, $compress_scripts; $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); script_concat_settings(); $compressed = $compress_scripts && $concatenate_scripts && ! $force_uncompressed; /* * Load tinymce.js when running from /src, otherwise load wp-tinymce.js (in production) * or tinymce.min.js (when SCRIPT_DEBUG is true). */ if ( $compressed ) { $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . 'wp-tinymce.js', array(), $tinymce_version ); } else { $scripts->add( 'wp-tinymce-root', includes_url( 'js/tinymce/' ) . "tinymce$dev_suffix.js", array(), $tinymce_version ); $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . "plugins/compat3x/plugin$dev_suffix.js", array( 'wp-tinymce-root' ), $tinymce_version ); } $scripts->add( 'wp-tinymce-lists', includes_url( "js/tinymce/plugins/lists/plugin$suffix.js" ), array( 'wp-tinymce' ), $tinymce_version ); } /** * Registers all the WordPress vendor scripts that are in the standardized * `js/dist/vendor/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @global WP_Locale $wp_locale WordPress date and time locale object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_vendor( $scripts ) { global $wp_locale; $suffix = wp_scripts_get_suffix(); $vendor_scripts = array( 'react', 'react-dom' => array( 'react' ), 'react-jsx-runtime' => array( 'react' ), 'regenerator-runtime', 'moment', 'lodash', 'wp-polyfill-fetch', 'wp-polyfill-formdata', 'wp-polyfill-node-contains', 'wp-polyfill-url', 'wp-polyfill-dom-rect', 'wp-polyfill-element-closest', 'wp-polyfill-object-fit', 'wp-polyfill-inert', 'wp-polyfill', ); $vendor_scripts_versions = array( 'react' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-dom' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-jsx-runtime' => '18.3.1', 'regenerator-runtime' => '0.14.1', 'moment' => '2.30.1', 'lodash' => '4.17.21', 'wp-polyfill-fetch' => '3.6.20', 'wp-polyfill-formdata' => '4.0.10', 'wp-polyfill-node-contains' => '4.8.0', 'wp-polyfill-url' => '3.6.4', 'wp-polyfill-dom-rect' => '4.8.0', 'wp-polyfill-element-closest' => '3.0.2', 'wp-polyfill-object-fit' => '2.3.5', 'wp-polyfill-inert' => '3.1.3', 'wp-polyfill' => '3.15.0', ); foreach ( $vendor_scripts as $handle => $dependencies ) { if ( is_string( $dependencies ) ) { $handle = $dependencies; $dependencies = array(); } $path = "/wp-includes/js/dist/vendor/$handle$suffix.js"; $version = $vendor_scripts_versions[ $handle ]; $scripts->add( $handle, $path, $dependencies, $version, 1 ); } did_action( 'init' ) && $scripts->add_inline_script( 'lodash', 'window.lodash = _.noConflict();' ); did_action( 'init' ) && $scripts->add_inline_script( 'moment', sprintf( "moment.updateLocale( '%s', %s );", esc_js( get_user_locale() ), wp_json_encode( array( 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'week' => array( 'dow' => (int) get_option( 'start_of_week', 0 ), ), 'longDateFormat' => array( 'LT' => get_option( 'time_format', __( 'g:i a' ) ), 'LTS' => null, 'L' => null, 'LL' => get_option( 'date_format', __( 'F j, Y' ) ), 'LLL' => __( 'F j, Y g:i a' ), 'LLLL' => null, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Returns contents of an inline script used in appending polyfill scripts for * browsers which fail the provided tests. The provided array is a mapping from * a condition to verify feature support to its polyfill script handle. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. * @param string[] $tests Features to detect. * @return string Conditional polyfill inline script. */ function wp_get_script_polyfill( $scripts, $tests ) { $polyfill = ''; foreach ( $tests as $test => $handle ) { if ( ! array_key_exists( $handle, $scripts->registered ) ) { continue; } $src = $scripts->registered[ $handle ]->src; $ver = $scripts->registered[ $handle ]->ver; if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $scripts->content_url && str_starts_with( $src, $scripts->content_url ) ) ) { $src = $scripts->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** This filter is documented in wp-includes/class-wp-scripts.php */ $src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) ); if ( ! $src ) { continue; } $polyfill .= ( // Test presence of feature... '( ' . $test . ' ) || ' . /* * ...appending polyfill on any failures. Cautious viewers may balk * at the `document.write`. Its caveat of synchronous mid-stream * blocking write is exactly the behavior we need though. */ 'document.write( \'<script src="' . $src . '"></scr\' + \'ipt>\' );' ); } return $polyfill; } /** * Registers development scripts that integrate with `@wordpress/scripts`. * * @see https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#start * * @since 6.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_register_development_scripts( $scripts ) { if ( ! defined( 'SCRIPT_DEBUG' ) || ! SCRIPT_DEBUG || empty( $scripts->registered['react'] ) || defined( 'WP_RUN_CORE_TESTS' ) ) { return; } $development_scripts = array( 'react-refresh-entry', 'react-refresh-runtime', ); foreach ( $development_scripts as $script_name ) { $assets = include ABSPATH . WPINC . '/assets/script-loader-' . $script_name . '.php'; if ( ! is_array( $assets ) ) { return; } $scripts->add( 'wp-' . $script_name, '/wp-includes/js/dist/development/' . $script_name . '.js', $assets['dependencies'], $assets['version'] ); } // See https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#externalising-react. $scripts->registered['react']->deps[] = 'wp-react-refresh-entry'; } /** * Registers all the WordPress packages scripts that are in the standardized * `js/dist/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_scripts( $scripts ) { $suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix(); /* * Expects multidimensional array like: * * 'a11y.js' => array('dependencies' => array(...), 'version' => '...'), * 'annotations.js' => array('dependencies' => array(...), 'version' => '...'), * 'api-fetch.js' => array(... */ $assets = include ABSPATH . WPINC . "/assets/script-loader-packages{$suffix}.php"; foreach ( $assets as $file_name => $package_data ) { $basename = str_replace( $suffix . '.js', '', basename( $file_name ) ); $handle = 'wp-' . $basename; $path = "/wp-includes/js/dist/{$basename}{$suffix}.js"; if ( ! empty( $package_data['dependencies'] ) ) { $dependencies = $package_data['dependencies']; } else { $dependencies = array(); } // Add dependencies that cannot be detected and generated by build tools. switch ( $handle ) { case 'wp-block-library': array_push( $dependencies, 'editor' ); break; case 'wp-edit-post': array_push( $dependencies, 'media-models', 'media-views', 'postbox', 'wp-dom-ready' ); break; case 'wp-preferences': array_push( $dependencies, 'wp-preferences-persistence' ); break; } $scripts->add( $handle, $path, $dependencies, $package_data['version'], 1 ); if ( in_array( 'wp-i18n', $dependencies, true ) ) { $scripts->set_translations( $handle ); } /* * Manually set the text direction localization after wp-i18n is printed. * This ensures that wp.i18n.isRTL() returns true in RTL languages. * We cannot use $scripts->set_translations( 'wp-i18n' ) to do this * because WordPress prints a script's translations *before* the script, * which means, in the case of wp-i18n, that wp.i18n.setLocaleData() * is called before wp.i18n is defined. */ if ( 'wp-i18n' === $handle ) { $ltr = _x( 'ltr', 'text direction' ); $script = sprintf( "wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ '%s' ] } );", $ltr ); $scripts->add_inline_script( $handle, $script, 'after' ); } } } /** * Adds inline scripts required for the WordPress JavaScript packages. * * @since 5.0.0 * @since 6.4.0 Added relative time strings for the `wp-date` inline script output. * * @global WP_Locale $wp_locale WordPress date and time locale object. * @global wpdb $wpdb WordPress database abstraction object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_inline_scripts( $scripts ) { global $wp_locale, $wpdb; if ( isset( $scripts->registered['wp-api-fetch'] ) ) { $scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks'; } $scripts->add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );', sanitize_url( get_rest_url() ) ), 'after' ); $scripts->add_inline_script( 'wp-api-fetch', implode( "\n", array( sprintf( 'wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );', wp_installing() ? '' : wp_create_nonce( 'wp_rest' ) ), 'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );', 'wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );', sprintf( 'wp.apiFetch.nonceEndpoint = "%s";', admin_url( 'admin-ajax.php?action=rest-nonce' ) ), ) ), 'after' ); $meta_key = $wpdb->get_blog_prefix() . 'persisted_preferences'; $user_id = get_current_user_id(); $preload_data = get_user_meta( $user_id, $meta_key, true ); $scripts->add_inline_script( 'wp-preferences', sprintf( '( function() { var serverData = %s; var userId = "%d"; var persistenceLayer = wp.preferencesPersistence.__unstableCreatePersistenceLayer( serverData, userId ); var preferencesStore = wp.preferences.store; wp.data.dispatch( preferencesStore ).setPersistenceLayer( persistenceLayer ); } ) ();', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), $user_id ) ); // Backwards compatibility - configure the old wp-data persistence system. $scripts->add_inline_script( 'wp-data', implode( "\n", array( '( function() {', ' var userId = ' . get_current_user_id() . ';', ' var storageKey = "WP_DATA_USER_" + userId;', ' wp.data', ' .use( wp.data.plugins.persistence, { storageKey: storageKey } );', '} )();', ) ) ); // Calculate the timezone abbr (EDT, PST) if possible. $timezone_string = get_option( 'timezone_string', 'UTC' ); $timezone_abbr = ''; if ( ! empty( $timezone_string ) ) { $timezone_date = new DateTime( 'now', new DateTimeZone( $timezone_string ) ); $timezone_abbr = $timezone_date->format( 'T' ); } $gmt_offset = get_option( 'gmt_offset', 0 ); $scripts->add_inline_script( 'wp-date', sprintf( 'wp.date.setSettings( %s );', wp_json_encode( array( 'l10n' => array( 'locale' => get_user_locale(), 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'meridiem' => (object) $wp_locale->meridiem, 'relative' => array( /* translators: %s: Duration. */ 'future' => __( '%s from now' ), /* translators: %s: Duration. */ 'past' => __( '%s ago' ), /* translators: One second from or to a particular datetime, e.g., "a second ago" or "a second from now". */ 's' => __( 'a second' ), /* translators: %d: Duration in seconds from or to a particular datetime, e.g., "4 seconds ago" or "4 seconds from now". */ 'ss' => __( '%d seconds' ), /* translators: One minute from or to a particular datetime, e.g., "a minute ago" or "a minute from now". */ 'm' => __( 'a minute' ), /* translators: %d: Duration in minutes from or to a particular datetime, e.g., "4 minutes ago" or "4 minutes from now". */ 'mm' => __( '%d minutes' ), /* translators: One hour from or to a particular datetime, e.g., "an hour ago" or "an hour from now". */ 'h' => __( 'an hour' ), /* translators: %d: Duration in hours from or to a particular datetime, e.g., "4 hours ago" or "4 hours from now". */ 'hh' => __( '%d hours' ), /* translators: One day from or to a particular datetime, e.g., "a day ago" or "a day from now". */ 'd' => __( 'a day' ), /* translators: %d: Duration in days from or to a particular datetime, e.g., "4 days ago" or "4 days from now". */ 'dd' => __( '%d days' ), /* translators: One month from or to a particular datetime, e.g., "a month ago" or "a month from now". */ 'M' => __( 'a month' ), /* translators: %d: Duration in months from or to a particular datetime, e.g., "4 months ago" or "4 months from now". */ 'MM' => __( '%d months' ), /* translators: One year from or to a particular datetime, e.g., "a year ago" or "a year from now". */ 'y' => __( 'a year' ), /* translators: %d: Duration in years from or to a particular datetime, e.g., "4 years ago" or "4 years from now". */ 'yy' => __( '%d years' ), ), 'startOfWeek' => (int) get_option( 'start_of_week', 0 ), ), 'formats' => array( /* translators: Time format, see https://www.php.net/manual/datetime.format.php */ 'time' => get_option( 'time_format', __( 'g:i a' ) ), /* translators: Date format, see https://www.php.net/manual/datetime.format.php */ 'date' => get_option( 'date_format', __( 'F j, Y' ) ), /* translators: Date/Time format, see https://www.php.net/manual/datetime.format.php */ 'datetime' => __( 'F j, Y g:i a' ), /* translators: Abbreviated date/time format, see https://www.php.net/manual/datetime.format.php */ 'datetimeAbbreviated' => __( 'M j, Y g:i a' ), ), 'timezone' => array( 'offset' => (float) $gmt_offset, 'offsetFormatted' => str_replace( array( '.25', '.5', '.75' ), array( ':15', ':30', ':45' ), (string) $gmt_offset ), 'string' => $timezone_string, 'abbr' => $timezone_abbr, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); // Loading the old editor and its config to ensure the classic block works as expected. $scripts->add_inline_script( 'editor', 'window.wp.oldEditor = window.wp.editor;', 'after' ); /* * wp-editor module is exposed as window.wp.editor. * Problem: there is quite some code expecting window.wp.oldEditor object available under window.wp.editor. * Solution: fuse the two objects together to maintain backward compatibility. * For more context, see https://github.com/WordPress/gutenberg/issues/33203. */ $scripts->add_inline_script( 'wp-editor', 'Object.assign( window.wp.editor, window.wp.oldEditor );', 'after' ); } /** * Adds inline scripts required for the TinyMCE in the block editor. * * These TinyMCE init settings are used to extend and override the default settings * from `_WP_Editors::default_settings()` for the Classic block. * * @since 5.0.0 * * @global WP_Scripts $wp_scripts */ function wp_tinymce_inline_scripts() { global $wp_scripts; /** This filter is documented in wp-includes/class-wp-editor.php */ $editor_settings = apply_filters( 'wp_editor_settings', array( 'tinymce' => true ), 'classic-block' ); $tinymce_plugins = array( 'charmap', 'colorpicker', 'hr', 'lists', 'media', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wpdialogs', 'wptextpattern', 'wpview', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_plugins = apply_filters( 'tiny_mce_plugins', $tinymce_plugins, 'classic-block' ); $tinymce_plugins = array_unique( $tinymce_plugins ); $disable_captions = false; // Runs after `tiny_mce_plugins` but before `mce_buttons`. /** This filter is documented in wp-admin/includes/media.php */ if ( apply_filters( 'disable_captions', '' ) ) { $disable_captions = true; } $toolbar1 = array( 'formatselect', 'bold', 'italic', 'bullist', 'numlist', 'blockquote', 'alignleft', 'aligncenter', 'alignright', 'link', 'unlink', 'wp_more', 'spellchecker', 'wp_add_media', 'wp_adv', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar1 = apply_filters( 'mce_buttons', $toolbar1, 'classic-block' ); $toolbar2 = array( 'strikethrough', 'hr', 'forecolor', 'pastetext', 'removeformat', 'charmap', 'outdent', 'indent', 'undo', 'redo', 'wp_help', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar2 = apply_filters( 'mce_buttons_2', $toolbar2, 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar3 = apply_filters( 'mce_buttons_3', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar4 = apply_filters( 'mce_buttons_4', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $external_plugins = apply_filters( 'mce_external_plugins', array(), 'classic-block' ); $tinymce_settings = array( 'plugins' => implode( ',', $tinymce_plugins ), 'toolbar1' => implode( ',', $toolbar1 ), 'toolbar2' => implode( ',', $toolbar2 ), 'toolbar3' => implode( ',', $toolbar3 ), 'toolbar4' => implode( ',', $toolbar4 ), 'external_plugins' => wp_json_encode( $external_plugins ), 'classic_block_editor' => true, ); if ( $disable_captions ) { $tinymce_settings['wpeditimage_disable_captions'] = true; } if ( ! empty( $editor_settings['tinymce'] ) && is_array( $editor_settings['tinymce'] ) ) { $tinymce_settings = array_merge( $tinymce_settings, $editor_settings['tinymce'] ); } /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_settings = apply_filters( 'tiny_mce_before_init', $tinymce_settings, 'classic-block' ); /* * Do "by hand" translation from PHP array to js object. * Prevents breakage in some custom settings. */ $init_obj = ''; foreach ( $tinymce_settings as $key => $value ) { if ( is_bool( $value ) ) { $val = $value ? 'true' : 'false'; $init_obj .= $key . ':' . $val . ','; continue; } elseif ( ! empty( $value ) && is_string( $value ) && ( ( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) || ( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) || preg_match( '/^\(?function ?\(/', $value ) ) ) { $init_obj .= $key . ':' . $value . ','; continue; } $init_obj .= $key . ':"' . $value . '",'; } $init_obj = '{' . trim( $init_obj, ' ,' ) . '}'; $script = 'window.wpEditorL10n = { tinymce: { baseURL: ' . wp_json_encode( includes_url( 'js/tinymce' ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ', suffix: ' . ( SCRIPT_DEBUG ? '""' : '".min"' ) . ', settings: ' . $init_obj . ', } }'; $wp_scripts->add_inline_script( 'wp-block-library', $script, 'before' ); } /** * Registers all the WordPress packages scripts. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages( $scripts ) { wp_default_packages_vendor( $scripts ); wp_register_development_scripts( $scripts ); wp_register_tinymce_scripts( $scripts ); wp_default_packages_scripts( $scripts ); if ( did_action( 'init' ) ) { wp_default_packages_inline_scripts( $scripts ); } } /** * Returns the suffix that can be used for the scripts. * * There are two suffix types, the normal one and the dev suffix. * * @since 5.0.0 * * @param string $type The type of suffix to retrieve. * @return string The script suffix. */ function wp_scripts_get_suffix( $type = '' ) { static $suffixes; if ( null === $suffixes ) { /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ $develop_src = false !== strpos( $wp_version, '-src' ); if ( ! defined( 'SCRIPT_DEBUG' ) ) { define( 'SCRIPT_DEBUG', $develop_src ); } $suffix = SCRIPT_DEBUG ? '' : '.min'; $dev_suffix = $develop_src ? '' : '.min'; $suffixes = array( 'suffix' => $suffix, 'dev_suffix' => $dev_suffix, ); } if ( 'dev' === $type ) { return $suffixes['dev_suffix']; } return $suffixes['suffix']; } /** * Registers all WordPress scripts. * * Localizes some of them. * args order: `$scripts->add( 'handle', 'url', 'dependencies', 'query-string', 1 );` * when last arg === 1 queues the script for the footer * * @since 2.6.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_scripts( $scripts ) { $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); $guessurl = site_url(); if ( ! $guessurl ) { $guessed_url = true; $guessurl = wp_guess_url(); } $scripts->base_url = $guessurl; $scripts->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $scripts->default_version = get_bloginfo( 'version' ); $scripts->default_dirs = array( '/wp-admin/js/', '/wp-includes/js/' ); $scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" ); did_action( 'init' ) && $scripts->localize( 'utils', 'userSettings', array( 'url' => (string) SITECOOKIEPATH, 'uid' => (string) get_current_user_id(), 'time' => (string) time(), 'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ), ) ); $scripts->add( 'common', "/wp-admin/js/common$suffix.js", array( 'jquery', 'hoverIntent', 'utils', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'common' ); $bulk_action_observer_ids = array( 'bulk_action' => 'action', 'changeit' => 'new_role', ); did_action( 'init' ) && $scripts->localize( 'common', 'bulkActionObserverIds', /** * Filters the array of field name attributes for bulk actions. * * @since 6.8.1 * * @param array $bulk_action_observer_ids { * An array of field name attributes for bulk actions. * * @type string $bulk_action The bulk action field name. Default 'action'. * @type string $changeit The new role field name. Default 'new_role'. * } */ apply_filters( 'bulk_action_observer_ids', $bulk_action_observer_ids ) ); $scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array(), false, 1 ); $scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 ); $scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->localize( 'quicktags', 'quicktagsL10n', array( 'closeAllOpenTags' => __( 'Close all open tags' ), 'closeTags' => __( 'close tags' ), 'enterURL' => __( 'Enter the URL' ), 'enterImageURL' => __( 'Enter the URL of the image' ), 'enterImageDescription' => __( 'Enter a description of the image' ), 'textdirection' => __( 'text direction' ), 'toggleTextdirection' => __( 'Toggle Editor Text Direction' ), 'dfw' => __( 'Distraction-free writing mode' ), 'strong' => __( 'Bold' ), 'strongClose' => __( 'Close bold tag' ), 'em' => __( 'Italic' ), 'emClose' => __( 'Close italic tag' ), 'link' => __( 'Insert link' ), 'blockquote' => __( 'Blockquote' ), 'blockquoteClose' => __( 'Close blockquote tag' ), 'del' => __( 'Deleted text (strikethrough)' ), 'delClose' => __( 'Close deleted text tag' ), 'ins' => __( 'Inserted text' ), 'insClose' => __( 'Close inserted text tag' ), 'image' => __( 'Insert image' ), 'ul' => __( 'Bulleted list' ), 'ulClose' => __( 'Close bulleted list tag' ), 'ol' => __( 'Numbered list' ), 'olClose' => __( 'Close numbered list tag' ), 'li' => __( 'List item' ), 'liClose' => __( 'Close list item tag' ), 'code' => __( 'Code' ), 'codeClose' => __( 'Close code tag' ), 'more' => __( 'Insert Read More tag' ), ) ); $scripts->add( 'colorpicker', "/wp-includes/js/colorpicker$suffix.js", array( 'prototype' ), '3517m' ); $scripts->add( 'editor', "/wp-admin/js/editor$suffix.js", array( 'utils', 'jquery' ), false, 1 ); $scripts->add( 'clipboard', "/wp-includes/js/clipboard$suffix.js", array(), '2.0.11', 1 ); $scripts->add( 'wp-ajax-response', "/wp-includes/js/wp-ajax-response$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-ajax-response', 'wpAjax', array( 'noPerm' => __( 'Sorry, you are not allowed to do that.' ), 'broken' => __( 'An error occurred while processing your request. Please try again later.' ), ) ); $scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 ); // `wpApiSettings` is also used by `wp-api`, which depends on this script. did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array( 'root' => sanitize_url( get_rest_url() ), 'nonce' => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ), 'versionString' => 'wp/v2/', ) ); $scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-core' ), false, 1 ); $scripts->set_translations( 'wp-pointer' ); $scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'heartbeat', 'heartbeatSettings', /** * Filters the Heartbeat settings. * * @since 3.6.0 * * @param array $settings Heartbeat settings array. */ apply_filters( 'heartbeat_settings', array() ) ); $scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->set_translations( 'wp-auth-check' ); $scripts->add( 'wp-lists', "/wp-includes/js/wp-lists$suffix.js", array( 'wp-ajax-response', 'jquery-color' ), false, 1 ); $scripts->add( 'site-icon', '/wp-admin/js/site-icon.js', array( 'jquery' ), false, 1 ); $scripts->set_translations( 'site-icon' ); // WordPress no longer uses or bundles Prototype or script.aculo.us. These are now pulled from an external source. $scripts->add( 'prototype', 'https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js', array(), '1.7.1' ); $scripts->add( 'scriptaculous-root', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js', array( 'prototype' ), '1.9.0' ); $scripts->add( 'scriptaculous-builder', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/builder.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-dragdrop', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/dragdrop.js', array( 'scriptaculous-builder', 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-effects', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/effects.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-slider', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/slider.js', array( 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-sound', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/sound.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-controls', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/controls.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous', false, array( 'scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls' ) ); // Not used in core, replaced by Jcrop.js. $scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array( 'scriptaculous-dragdrop' ) ); /* * jQuery. * The unminified jquery.js and jquery-migrate.js are included to facilitate debugging. */ $scripts->add( 'jquery', false, array( 'jquery-core', 'jquery-migrate' ), '3.7.1' ); $scripts->add( 'jquery-core', "/wp-includes/js/jquery/jquery$suffix.js", array(), '3.7.1' ); $scripts->add( 'jquery-migrate', "/wp-includes/js/jquery/jquery-migrate$suffix.js", array(), '3.4.1' ); /* * Full jQuery UI. * The build process in 1.12.1 has changed significantly. * In order to keep backwards compatibility, and to keep the optimized loading, * the source files were flattened and included with some modifications for AMD loading. * A notable change is that 'jquery-ui-core' now contains 'jquery-ui-position' and 'jquery-ui-widget'. */ $scripts->add( 'jquery-ui-core', "/wp-includes/js/jquery/ui/core$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-core', "/wp-includes/js/jquery/ui/effect$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-blind', "/wp-includes/js/jquery/ui/effect-blind$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-bounce', "/wp-includes/js/jquery/ui/effect-bounce$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-clip', "/wp-includes/js/jquery/ui/effect-clip$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-drop', "/wp-includes/js/jquery/ui/effect-drop$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-explode', "/wp-includes/js/jquery/ui/effect-explode$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fade', "/wp-includes/js/jquery/ui/effect-fade$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fold', "/wp-includes/js/jquery/ui/effect-fold$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-highlight', "/wp-includes/js/jquery/ui/effect-highlight$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$suffix.js", array( 'jquery-effects-core', 'jquery-effects-scale' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-pulsate', "/wp-includes/js/jquery/ui/effect-pulsate$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$suffix.js", array( 'jquery-effects-core', 'jquery-effects-size' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-shake', "/wp-includes/js/jquery/ui/effect-shake$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-size', "/wp-includes/js/jquery/ui/effect-size$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-slide', "/wp-includes/js/jquery/ui/effect-slide$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-transfer', "/wp-includes/js/jquery/ui/effect-transfer$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); // Widgets $scripts->add( 'jquery-ui-accordion', "/wp-includes/js/jquery/ui/accordion$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-autocomplete', "/wp-includes/js/jquery/ui/autocomplete$suffix.js", array( 'jquery-ui-menu', 'wp-a11y' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-button', "/wp-includes/js/jquery/ui/button$suffix.js", array( 'jquery-ui-core', 'jquery-ui-controlgroup', 'jquery-ui-checkboxradio' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-datepicker', "/wp-includes/js/jquery/ui/datepicker$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-dialog', "/wp-includes/js/jquery/ui/dialog$suffix.js", array( 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-menu', "/wp-includes/js/jquery/ui/menu$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-mouse', "/wp-includes/js/jquery/ui/mouse$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-progressbar', "/wp-includes/js/jquery/ui/progressbar$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectmenu', "/wp-includes/js/jquery/ui/selectmenu$suffix.js", array( 'jquery-ui-menu' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-slider', "/wp-includes/js/jquery/ui/slider$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-spinner', "/wp-includes/js/jquery/ui/spinner$suffix.js", array( 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tabs', "/wp-includes/js/jquery/ui/tabs$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tooltip', "/wp-includes/js/jquery/ui/tooltip$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // New in 1.12.1 $scripts->add( 'jquery-ui-checkboxradio', "/wp-includes/js/jquery/ui/checkboxradio$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-controlgroup', "/wp-includes/js/jquery/ui/controlgroup$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // Interactions $scripts->add( 'jquery-ui-draggable', "/wp-includes/js/jquery/ui/draggable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-droppable', "/wp-includes/js/jquery/ui/droppable$suffix.js", array( 'jquery-ui-draggable' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-resizable', "/wp-includes/js/jquery/ui/resizable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectable', "/wp-includes/js/jquery/ui/selectable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-sortable', "/wp-includes/js/jquery/ui/sortable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); /* * As of 1.12.1 `jquery-ui-position` and `jquery-ui-widget` are part of `jquery-ui-core`. * Listed here for back-compat. */ $scripts->add( 'jquery-ui-position', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-widget', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); // Deprecated, not used in core, most functionality is included in jQuery 1.3. $scripts->add( 'jquery-form', "/wp-includes/js/jquery/jquery.form$suffix.js", array( 'jquery' ), '4.3.0', 1 ); // jQuery plugins. $scripts->add( 'jquery-color', '/wp-includes/js/jquery/jquery.color.min.js', array( 'jquery' ), '3.0.0', 1 ); $scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array( 'jquery' ), '20m', 1 ); $scripts->add( 'jquery-query', '/wp-includes/js/jquery/jquery.query.js', array( 'jquery' ), '2.2.3', 1 ); $scripts->add( 'jquery-serialize-object', '/wp-includes/js/jquery/jquery.serialize-object.js', array( 'jquery' ), '0.2-wp', 1 ); $scripts->add( 'jquery-hotkeys', "/wp-includes/js/jquery/jquery.hotkeys$suffix.js", array( 'jquery' ), '0.0.2m', 1 ); $scripts->add( 'jquery-table-hotkeys', "/wp-includes/js/jquery/jquery.table-hotkeys$suffix.js", array( 'jquery', 'jquery-hotkeys' ), false, 1 ); $scripts->add( 'jquery-touch-punch', '/wp-includes/js/jquery/jquery.ui.touch-punch.js', array( 'jquery-ui-core', 'jquery-ui-mouse' ), '0.2.2', 1 ); // Not used any more, registered for backward compatibility. $scripts->add( 'suggest', "/wp-includes/js/jquery/suggest$suffix.js", array( 'jquery' ), '1.1-20110113', 1 ); /* * Masonry v2 depended on jQuery. v3 does not. The older jquery-masonry handle is a shiv. * It sets jQuery as a dependency, as the theme may have been implicitly loading it this way. */ $scripts->add( 'imagesloaded', '/wp-includes/js/imagesloaded.min.js', array(), '5.0.0', 1 ); $scripts->add( 'masonry', '/wp-includes/js/masonry.min.js', array( 'imagesloaded' ), '4.2.2', 1 ); $scripts->add( 'jquery-masonry', '/wp-includes/js/jquery/jquery.masonry.min.js', array( 'jquery', 'masonry' ), '3.1.2b', 1 ); $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array( 'jquery' ), '3.1-20121105', 1 ); did_action( 'init' ) && $scripts->localize( 'thickbox', 'thickboxL10n', array( 'next' => __( 'Next >' ), 'prev' => __( '< Prev' ), 'image' => __( 'Image' ), 'of' => __( 'of' ), 'close' => __( 'Close' ), 'noiframes' => __( 'This feature requires inline frames. You have iframes disabled or your browser does not support them.' ), 'loadingAnimation' => includes_url( 'js/thickbox/loadingAnimation.gif' ), ) ); // Not used in core, replaced by imgAreaSelect. $scripts->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.js', array( 'jquery' ), '0.9.15' ); // Error messages for Plupload. $uploader_l10n = array( 'queue_limit_exceeded' => __( 'You have attempted to queue too many files.' ), /* translators: %s: File name. */ 'file_exceeds_size_limit' => __( '%s exceeds the maximum upload size for this site.' ), 'zero_byte_file' => __( 'This file is empty. Please try another.' ), 'invalid_filetype' => __( 'This file cannot be processed by the web server.' ), 'not_an_image' => __( 'This file is not an image. Please try another.' ), 'image_memory_exceeded' => __( 'Memory exceeded. Please try another smaller file.' ), 'image_dimensions_exceeded' => __( 'This is larger than the maximum size. Please try another.' ), 'default_error' => __( 'An error occurred in the upload. Please try again later.' ), 'missing_upload_url' => __( 'There was a configuration error. Please contact the server administrator.' ), 'upload_limit_exceeded' => __( 'You may only upload 1 file.' ), 'http_error' => __( 'Unexpected response from the server. The file may have been uploaded successfully. Check in the Media Library or reload the page.' ), 'http_error_image' => __( 'The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2560 pixels.' ), 'upload_failed' => __( 'Upload failed.' ), /* translators: 1: Opening link tag, 2: Closing link tag. */ 'big_upload_failed' => __( 'Please try uploading this file with the %1$sbrowser uploader%2$s.' ), /* translators: %s: File name. */ 'big_upload_queued' => __( '%s exceeds the maximum upload size for the multi-file uploader when used in your browser.' ), 'io_error' => __( 'IO error.' ), 'security_error' => __( 'Security error.' ), 'file_cancelled' => __( 'File canceled.' ), 'upload_stopped' => __( 'Upload stopped.' ), 'dismiss' => __( 'Dismiss' ), 'crunching' => __( 'Crunching…' ), 'deleted' => __( 'moved to the Trash.' ), /* translators: %s: File name. */ 'error_uploading' => __( '“%s” has failed to upload.' ), 'unsupported_image' => __( 'This image cannot be displayed in a web browser. For best results convert it to JPEG before uploading.' ), 'noneditable_image' => __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ), 'file_url_copied' => __( 'The file URL has been copied to your clipboard' ), ); $scripts->add( 'moxiejs', "/wp-includes/js/plupload/moxie$suffix.js", array(), '1.3.5.1' ); $scripts->add( 'plupload', "/wp-includes/js/plupload/plupload$suffix.js", array( 'moxiejs' ), '2.1.9' ); // Back compat handles: foreach ( array( 'all', 'html5', 'flash', 'silverlight', 'html4' ) as $handle ) { $scripts->add( "plupload-$handle", false, array( 'plupload' ), '2.1.1' ); } $scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array( 'clipboard', 'jquery', 'plupload', 'underscore', 'wp-a11y', 'wp-i18n' ) ); did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'media-models' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 ); if ( did_action( 'init' ) ) { $scripts->add_data( 'comment-reply', 'strategy', 'async' ); $scripts->add_data( 'comment-reply', 'fetchpriority', 'low' ); // In Chrome this is automatically low due to the async strategy, but in Firefox and Safari the priority is normal/medium. } // Not used in core, obsolete. Registered for backward compatibility. $scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' ); did_action( 'init' ) && $scripts->add_data( 'json2', 'conditional', '_required-conditional-dependency_' ); $scripts->add( 'underscore', "/wp-includes/js/underscore$dev_suffix.js", array(), '1.13.7', 1 ); $scripts->add( 'backbone', "/wp-includes/js/backbone$dev_suffix.js", array( 'underscore', 'jquery' ), '1.6.0', 1 ); $scripts->add( 'wp-util', "/wp-includes/js/wp-util$suffix.js", array( 'underscore', 'jquery' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-util', '_wpUtilSettings', array( 'ajax' => array( 'url' => admin_url( 'admin-ajax.php', 'relative' ), ), ) ); $scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array( 'backbone', 'wp-util' ), false, 1 ); $scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 ); $scripts->add( 'imgareaselect', "/wp-includes/js/imgareaselect/jquery.imgareaselect$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'mediaelement', false, array( 'jquery', 'mediaelement-core', 'mediaelement-migrate' ), '4.2.17', 1 ); $scripts->add( 'mediaelement-core', "/wp-includes/js/mediaelement/mediaelement-and-player$suffix.js", array(), '4.2.17', 1 ); $scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->add_inline_script( 'mediaelement-core', sprintf( 'var mejsL10n = %s;', wp_json_encode( array( 'language' => strtolower( strtok( determine_locale(), '_-' ) ), 'strings' => array( 'mejs.download-file' => __( 'Download File' ), 'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ), 'mejs.fullscreen' => __( 'Fullscreen' ), 'mejs.play' => __( 'Play' ), 'mejs.pause' => __( 'Pause' ), 'mejs.time-slider' => __( 'Time Slider' ), 'mejs.time-help-text' => __( 'Use Left/Right Arrow keys to advance one second, Up/Down arrows to advance ten seconds.' ), 'mejs.live-broadcast' => __( 'Live Broadcast' ), 'mejs.volume-help-text' => __( 'Use Up/Down Arrow keys to increase or decrease volume.' ), 'mejs.unmute' => __( 'Unmute' ), 'mejs.mute' => __( 'Mute' ), 'mejs.volume-slider' => __( 'Volume Slider' ), 'mejs.video-player' => __( 'Video Player' ), 'mejs.audio-player' => __( 'Audio Player' ), 'mejs.captions-subtitles' => __( 'Captions/Subtitles' ), 'mejs.captions-chapters' => __( 'Chapters' ), 'mejs.none' => __( 'None' ), 'mejs.afrikaans' => __( 'Afrikaans' ), 'mejs.albanian' => __( 'Albanian' ), 'mejs.arabic' => __( 'Arabic' ), 'mejs.belarusian' => __( 'Belarusian' ), 'mejs.bulgarian' => __( 'Bulgarian' ), 'mejs.catalan' => __( 'Catalan' ), 'mejs.chinese' => __( 'Chinese' ), 'mejs.chinese-simplified' => __( 'Chinese (Simplified)' ), 'mejs.chinese-traditional' => __( 'Chinese (Traditional)' ), 'mejs.croatian' => __( 'Croatian' ), 'mejs.czech' => __( 'Czech' ), 'mejs.danish' => __( 'Danish' ), 'mejs.dutch' => __( 'Dutch' ), 'mejs.english' => __( 'English' ), 'mejs.estonian' => __( 'Estonian' ), 'mejs.filipino' => __( 'Filipino' ), 'mejs.finnish' => __( 'Finnish' ), 'mejs.french' => __( 'French' ), 'mejs.galician' => __( 'Galician' ), 'mejs.german' => __( 'German' ), 'mejs.greek' => __( 'Greek' ), 'mejs.haitian-creole' => __( 'Haitian Creole' ), 'mejs.hebrew' => __( 'Hebrew' ), 'mejs.hindi' => __( 'Hindi' ), 'mejs.hungarian' => __( 'Hungarian' ), 'mejs.icelandic' => __( 'Icelandic' ), 'mejs.indonesian' => __( 'Indonesian' ), 'mejs.irish' => __( 'Irish' ), 'mejs.italian' => __( 'Italian' ), 'mejs.japanese' => __( 'Japanese' ), 'mejs.korean' => __( 'Korean' ), 'mejs.latvian' => __( 'Latvian' ), 'mejs.lithuanian' => __( 'Lithuanian' ), 'mejs.macedonian' => __( 'Macedonian' ), 'mejs.malay' => __( 'Malay' ), 'mejs.maltese' => __( 'Maltese' ), 'mejs.norwegian' => __( 'Norwegian' ), 'mejs.persian' => __( 'Persian' ), 'mejs.polish' => __( 'Polish' ), 'mejs.portuguese' => __( 'Portuguese' ), 'mejs.romanian' => __( 'Romanian' ), 'mejs.russian' => __( 'Russian' ), 'mejs.serbian' => __( 'Serbian' ), 'mejs.slovak' => __( 'Slovak' ), 'mejs.slovenian' => __( 'Slovenian' ), 'mejs.spanish' => __( 'Spanish' ), 'mejs.swahili' => __( 'Swahili' ), 'mejs.swedish' => __( 'Swedish' ), 'mejs.tagalog' => __( 'Tagalog' ), 'mejs.thai' => __( 'Thai' ), 'mejs.turkish' => __( 'Turkish' ), 'mejs.ukrainian' => __( 'Ukrainian' ), 'mejs.vietnamese' => __( 'Vietnamese' ), 'mejs.welsh' => __( 'Welsh' ), 'mejs.yiddish' => __( 'Yiddish' ), ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'before' ); $scripts->add( 'mediaelement-vimeo', '/wp-includes/js/mediaelement/renderers/vimeo.min.js', array( 'mediaelement' ), '4.2.17', 1 ); $scripts->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.js", array( 'mediaelement' ), false, 1 ); $mejs_settings = array( 'pluginPath' => includes_url( 'js/mediaelement/', 'relative' ), 'classPrefix' => 'mejs-', 'stretching' => 'responsive', /** This filter is documented in wp-includes/media.php */ 'audioShortcodeLibrary' => apply_filters( 'wp_audio_shortcode_library', 'mediaelement' ), /** This filter is documented in wp-includes/media.php */ 'videoShortcodeLibrary' => apply_filters( 'wp_video_shortcode_library', 'mediaelement' ), ); did_action( 'init' ) && $scripts->localize( 'mediaelement', '_wpmejsSettings', /** * Filters the MediaElement configuration settings. * * @since 4.4.0 * * @param array $mejs_settings MediaElement settings array. */ apply_filters( 'mejs_settings', $mejs_settings ) ); $scripts->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.js', array(), '5.29.1-alpha-ee20357' ); $scripts->add( 'csslint', '/wp-includes/js/codemirror/csslint.js', array(), '1.0.5' ); $scripts->add( 'esprima', '/wp-includes/js/codemirror/esprima.js', array(), '4.0.0' ); $scripts->add( 'jshint', '/wp-includes/js/codemirror/fakejshint.js', array( 'esprima' ), '2.9.5' ); $scripts->add( 'jsonlint', '/wp-includes/js/codemirror/jsonlint.js', array(), '1.6.2' ); $scripts->add( 'htmlhint', '/wp-includes/js/codemirror/htmlhint.js', array(), '0.9.14-xwp' ); $scripts->add( 'htmlhint-kses', '/wp-includes/js/codemirror/htmlhint-kses.js', array( 'htmlhint' ) ); $scripts->add( 'code-editor', "/wp-admin/js/code-editor$suffix.js", array( 'jquery', 'wp-codemirror', 'underscore' ) ); $scripts->add( 'wp-theme-plugin-editor', "/wp-admin/js/theme-plugin-editor$suffix.js", array( 'common', 'wp-util', 'wp-sanitize', 'jquery', 'jquery-ui-core', 'wp-a11y', 'underscore' ), false, 1 ); $scripts->set_translations( 'wp-theme-plugin-editor' ); $scripts->add( 'wp-playlist', "/wp-includes/js/mediaelement/wp-playlist$suffix.js", array( 'wp-util', 'backbone', 'mediaelement' ), false, 1 ); $scripts->add( 'zxcvbn-async', "/wp-includes/js/zxcvbn-async$suffix.js", array(), '1.0' ); did_action( 'init' ) && $scripts->localize( 'zxcvbn-async', '_zxcvbnSettings', array( 'src' => empty( $guessed_url ) ? includes_url( '/js/zxcvbn.min.js' ) : $scripts->base_url . '/wp-includes/js/zxcvbn.min.js', ) ); $scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'password-strength-meter', 'pwsL10n', array( 'unknown' => _x( 'Password strength unknown', 'password strength' ), 'short' => _x( 'Very weak', 'password strength' ), 'bad' => _x( 'Weak', 'password strength' ), 'good' => _x( 'Medium', 'password strength' ), 'strong' => _x( 'Strong', 'password strength' ), 'mismatch' => _x( 'Mismatch', 'password mismatch' ), ) ); $scripts->set_translations( 'password-strength-meter' ); $scripts->add( 'password-toggle', "/wp-admin/js/password-toggle$suffix.js", array(), false, 1 ); $scripts->set_translations( 'password-toggle' ); $scripts->add( 'application-passwords', "/wp-admin/js/application-passwords$suffix.js", array( 'jquery', 'wp-util', 'wp-api-request', 'wp-date', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'application-passwords' ); $scripts->add( 'auth-app', "/wp-admin/js/auth-app$suffix.js", array( 'jquery', 'wp-api-request', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'auth-app' ); $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'clipboard', 'jquery', 'password-strength-meter', 'wp-util', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'user-profile' ); $user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0; did_action( 'init' ) && $scripts->localize( 'user-profile', 'userProfileL10n', array( 'user_id' => $user_id, 'nonce' => wp_installing() ? '' : wp_create_nonce( 'reset-password-for-' . $user_id ), ) ); $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'user-suggest', "/wp-admin/js/user-suggest$suffix.js", array( 'jquery-ui-autocomplete' ), false, 1 ); $scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", array( 'hoverintent-js' ), false, 1 ); $scripts->add( 'wplink', "/wp-includes/js/wplink$suffix.js", array( 'common', 'jquery', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'wplink' ); did_action( 'init' ) && $scripts->localize( 'wplink', 'wpLinkL10n', array( 'title' => __( 'Insert/edit link' ), 'update' => __( 'Update' ), 'save' => __( 'Add Link' ), 'noTitle' => __( '(no title)' ), 'noMatchesFound' => __( 'No results found.' ), 'linkSelected' => __( 'Link selected.' ), 'linkInserted' => __( 'Link inserted.' ), /* translators: Minimum input length in characters to start searching posts in the "Insert/edit link" modal. */ 'minInputLength' => (int) _x( '3', 'minimum input length for searching post links' ), ) ); $scripts->add( 'wpdialogs', "/wp-includes/js/wpdialog$suffix.js", array( 'jquery-ui-dialog' ), false, 1 ); $scripts->add( 'word-count', "/wp-admin/js/word-count$suffix.js", array(), false, 1 ); $scripts->add( 'media-upload', "/wp-admin/js/media-upload$suffix.js", array( 'thickbox', 'shortcode' ), false, 1 ); $scripts->add( 'hoverIntent', "/wp-includes/js/hoverIntent$suffix.js", array( 'jquery' ), '1.10.2', 1 ); // JS-only version of hoverintent (no dependencies). $scripts->add( 'hoverintent-js', '/wp-includes/js/hoverintent-js.min.js', array(), '2.2.1', 1 ); $scripts->add( 'customize-base', "/wp-includes/js/customize-base$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'customize-loader', "/wp-includes/js/customize-loader$suffix.js", array( 'customize-base' ), false, 1 ); $scripts->add( 'customize-preview', "/wp-includes/js/customize-preview$suffix.js", array( 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'customize-models', '/wp-includes/js/customize-models.js', array( 'underscore', 'backbone' ), false, 1 ); $scripts->add( 'customize-views', '/wp-includes/js/customize-views.js', array( 'jquery', 'underscore', 'imgareaselect', 'customize-models', 'media-editor', 'media-views' ), false, 1 ); $scripts->add( 'customize-controls', "/wp-admin/js/customize-controls$suffix.js", array( 'customize-base', 'wp-a11y', 'wp-util', 'jquery-ui-core' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'customize-controls', '_wpCustomizeControlsL10n', array( 'activate' => __( 'Activate & Publish' ), 'save' => __( 'Save & Publish' ), // @todo Remove as not required. 'publish' => __( 'Publish' ), 'published' => __( 'Published' ), 'saveDraft' => __( 'Save Draft' ), 'draftSaved' => __( 'Draft Saved' ), 'updating' => __( 'Updating' ), 'schedule' => _x( 'Schedule', 'customizer changeset action/button label' ), 'scheduled' => _x( 'Scheduled', 'customizer changeset status' ), 'invalid' => __( 'Invalid' ), 'saveBeforeShare' => __( 'Please save your changes in order to share the preview.' ), 'futureDateError' => __( 'You must supply a future date to schedule.' ), 'saveAlert' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'saved' => __( 'Saved' ), 'cancel' => __( 'Cancel' ), 'close' => __( 'Close' ), 'action' => __( 'Action' ), 'discardChanges' => __( 'Discard changes' ), 'cheatin' => __( 'An error occurred. Please try again later.' ), 'notAllowedHeading' => __( 'You need a higher level of permission.' ), 'notAllowed' => __( 'Sorry, you are not allowed to customize this site.' ), 'previewIframeTitle' => __( 'Site Preview' ), 'loginIframeTitle' => __( 'Session expired' ), 'collapseSidebar' => _x( 'Hide Controls', 'label for hide controls button without length constraints' ), 'expandSidebar' => _x( 'Show Controls', 'label for hide controls button without length constraints' ), 'untitledBlogName' => __( '(Untitled)' ), 'unknownRequestFail' => __( 'Looks like something’s gone wrong. Wait a couple seconds, and then try again.' ), 'themeDownloading' => __( 'Downloading your new theme…' ), 'themePreviewWait' => __( 'Setting up your live preview. This may take a bit.' ), 'revertingChanges' => __( 'Reverting unpublished changes…' ), 'trashConfirm' => __( 'Are you sure you want to discard your unpublished changes?' ), /* translators: %s: Display name of the user who has taken over the changeset in customizer. */ 'takenOverMessage' => __( '%s has taken over and is currently customizing.' ), /* translators: %s: URL to the Customizer to load the autosaved version. */ 'autosaveNotice' => __( 'There is a more recent autosave of your changes than the one you are previewing. <a href="%s">Restore the autosave</a>' ), 'videoHeaderNotice' => __( 'This theme does not support video headers on this page. Navigate to the front page or another page that supports video headers.' ), // Used for overriding the file types allowed in Plupload. 'allowedFiles' => __( 'Allowed Files' ), 'customCssError' => array( /* translators: %d: Error count. */ 'singular' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 1 ), /* translators: %d: Error count. */ 'plural' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'pageOnFrontError' => __( 'Homepage and posts page must be different.' ), 'saveBlockedError' => array( /* translators: %s: Number of invalid settings. */ 'singular' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 1 ), /* translators: %s: Number of invalid settings. */ 'plural' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'scheduleDescription' => __( 'Schedule your customization changes to publish ("go live") at a future date.' ), 'themePreviewUnavailable' => __( 'Sorry, you cannot preview new themes when you have changes scheduled or saved as a draft. Please publish your changes, or wait until they publish to preview new themes.' ), 'themeInstallUnavailable' => sprintf( /* translators: %s: URL to Add Themes admin screen. */ __( 'You will not be able to install new themes from here yet since your install requires SFTP credentials. For now, please <a href="%s">add themes in the admin</a>.' ), esc_url( admin_url( 'theme-install.php' ) ) ), 'publishSettings' => __( 'Publish Settings' ), 'invalidDate' => __( 'Invalid date.' ), 'invalidValue' => __( 'Invalid value.' ), 'blockThemeNotification' => sprintf( /* translators: 1: Link to Site Editor documentation on HelpHub, 2: HTML button. */ __( 'Hurray! Your theme supports site editing with blocks. <a href="%1$s">Tell me more</a>. %2$s' ), __( 'https://wordpress.org/documentation/article/site-editor/' ), sprintf( '<button type="button" data-action="%1$s" class="button switch-to-editor">%2$s</button>', esc_url( admin_url( 'site-editor.php' ) ), __( 'Use Site Editor' ) ) ), ) ); $scripts->add( 'customize-selective-refresh', "/wp-includes/js/customize-selective-refresh$suffix.js", array( 'jquery', 'wp-util', 'customize-preview' ), false, 1 ); $scripts->add( 'customize-widgets', "/wp-admin/js/customize-widgets$suffix.js", array( 'jquery', 'jquery-ui-sortable', 'jquery-ui-droppable', 'wp-backbone', 'customize-controls' ), false, 1 ); $scripts->add( 'customize-preview-widgets', "/wp-includes/js/customize-preview-widgets$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu', 'wp-sanitize' ), false, 1 ); $scripts->add( 'customize-preview-nav-menus', "/wp-includes/js/customize-preview-nav-menus$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'wp-custom-header', "/wp-includes/js/wp-custom-header$suffix.js", array( 'wp-a11y' ), false, 1 ); $scripts->add( 'accordion', "/wp-admin/js/accordion$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'shortcode', "/wp-includes/js/shortcode$suffix.js", array( 'underscore' ), false, 1 ); $scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'wp-backbone' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array( 'settings' => array( 'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ), 'post' => array( 'id' => 0 ), ), ) ); $scripts->add( 'wp-embed', "/wp-includes/js/wp-embed$suffix.js" ); did_action( 'init' ) && $scripts->add_data( 'wp-embed', 'strategy', 'defer' ); /* * To enqueue media-views or media-editor, call wp_enqueue_media(). * Both rely on numerous settings, styles, and templates to operate correctly. */ $scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request', 'wp-a11y', 'clipboard' ), false, 1 ); $scripts->set_translations( 'media-views' ); $scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 ); $scripts->set_translations( 'media-editor' ); $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 ); $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 ); if ( is_admin() ) { $scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 ); $scripts->set_translations( 'admin-tags' ); $scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array( 'wp-lists', 'quicktags', 'jquery-query', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-comments' ); did_action( 'init' ) && $scripts->localize( 'admin-comments', 'adminCommentsSettings', array( 'hotkeys_highlight_first' => isset( $_GET['hotkeys_highlight_first'] ), 'hotkeys_highlight_last' => isset( $_GET['hotkeys_highlight_last'] ), ) ); $scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array( 'jquery-ui-sortable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'postbox' ); $scripts->add( 'tags-box', "/wp-admin/js/tags-box$suffix.js", array( 'jquery', 'tags-suggest' ), false, 1 ); $scripts->set_translations( 'tags-box' ); $scripts->add( 'tags-suggest', "/wp-admin/js/tags-suggest$suffix.js", array( 'common', 'jquery-ui-autocomplete', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'tags-suggest' ); $scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y', 'wp-sanitize', 'clipboard' ), false, 1 ); $scripts->set_translations( 'post' ); $scripts->add( 'editor-expand', "/wp-admin/js/editor-expand$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'link', "/wp-admin/js/link$suffix.js", array( 'wp-lists', 'postbox' ), false, 1 ); $scripts->add( 'comment', "/wp-admin/js/comment$suffix.js", array( 'jquery', 'postbox' ), false, 1 ); $scripts->set_translations( 'comment' ); $scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) ); $scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-widgets' ); $scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) ); $scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' ); $scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) ); $scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-gallery-widget', "/wp-admin/js/widgets/media-gallery-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) ); $scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) ); $scripts->add( 'custom-html-widgets', "/wp-admin/js/widgets/custom-html-widgets$suffix.js", array( 'jquery', 'backbone', 'wp-util', 'jquery-ui-core', 'wp-a11y' ) ); $scripts->add( 'theme', "/wp-admin/js/theme$suffix.js", array( 'wp-backbone', 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'inline-edit-post', "/wp-admin/js/inline-edit-post$suffix.js", array( 'jquery', 'tags-suggest', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-post' ); $scripts->add( 'inline-edit-tax', "/wp-admin/js/inline-edit-tax$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-tax' ); $scripts->add( 'plugin-install', "/wp-admin/js/plugin-install$suffix.js", array( 'jquery', 'jquery-ui-core', 'thickbox' ), false, 1 ); $scripts->set_translations( 'plugin-install' ); $scripts->add( 'site-health', "/wp-admin/js/site-health$suffix.js", array( 'clipboard', 'jquery', 'wp-util', 'wp-a11y', 'wp-api-request', 'wp-url', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'site-health' ); $scripts->add( 'privacy-tools', "/wp-admin/js/privacy-tools$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'privacy-tools' ); $scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'common', 'jquery', 'wp-util', 'wp-a11y', 'wp-sanitize', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'updates' ); did_action( 'init' ) && $scripts->localize( 'updates', '_wpUpdatesSettings', array( 'ajax_nonce' => wp_installing() ? '' : wp_create_nonce( 'updates' ), ) ); $scripts->add( 'farbtastic', '/wp-admin/js/farbtastic.js', array( 'jquery' ), '1.2' ); $scripts->add( 'iris', '/wp-admin/js/iris.min.js', array( 'jquery-ui-draggable', 'jquery-ui-slider', 'jquery-touch-punch' ), '1.1.1', 1 ); $scripts->add( 'wp-color-picker', "/wp-admin/js/color-picker$suffix.js", array( 'iris' ), false, 1 ); $scripts->set_translations( 'wp-color-picker' ); $scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'common', 'jquery', 'admin-comments', 'postbox', 'wp-util', 'wp-a11y', 'wp-date' ), false, 1 ); $scripts->set_translations( 'dashboard' ); $scripts->add( 'list-revisions', "/wp-includes/js/wp-list-revisions$suffix.js" ); $scripts->add( 'media-grid', "/wp-includes/js/media-grid$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'media', "/wp-admin/js/media$suffix.js", array( 'jquery', 'clipboard', 'wp-i18n', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'media' ); $scripts->add( 'image-edit', "/wp-admin/js/image-edit$suffix.js", array( 'jquery', 'jquery-ui-core', 'imgareaselect', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'image-edit' ); $scripts->add( 'set-post-thumbnail', "/wp-admin/js/set-post-thumbnail$suffix.js", array( 'jquery' ), false, 1 ); $scripts->set_translations( 'set-post-thumbnail' ); /* * Navigation Menus: Adding underscore as a dependency to utilize _.debounce * see https://core.trac.wordpress.org/ticket/42321 */ $scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-lists', 'postbox', 'underscore' ) ); $scripts->set_translations( 'nav-menu' ); $scripts->add( 'custom-header', '/wp-admin/js/custom-header.js', array( 'jquery-masonry' ), false, 1 ); $scripts->add( 'custom-background', "/wp-admin/js/custom-background$suffix.js", array( 'wp-color-picker', 'media-views' ), false, 1 ); $scripts->add( 'media-gallery', "/wp-admin/js/media-gallery$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'svg-painter', '/wp-admin/js/svg-painter.js', array( 'jquery' ), false, 1 ); } } /** * Assigns default styles to $styles object. * * Nothing is returned, because the $styles parameter is passed by reference. * Meaning that whatever object is passed will be updated without having to * reassign the variable that was passed back to the same value. This saves * memory. * * Adding default styles is not the only task, it also assigns the base_url * property, the default version, and text direction for the object. * * @since 2.6.0 * * @global array $editor_styles * * @param WP_Styles $styles */ function wp_default_styles( $styles ) { global $editor_styles; /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; if ( ! defined( 'SCRIPT_DEBUG' ) ) { /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ define( 'SCRIPT_DEBUG', false !== strpos( $wp_version, '-src' ) ); } $guessurl = site_url(); if ( ! $guessurl ) { $guessurl = wp_guess_url(); } $styles->base_url = $guessurl; $styles->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $styles->default_version = get_bloginfo( 'version' ); $styles->text_direction = function_exists( 'is_rtl' ) && is_rtl() ? 'rtl' : 'ltr'; $styles->default_dirs = array( '/wp-admin/', '/wp-includes/css/' ); // Open Sans is no longer used by core, but may be relied upon by themes and plugins. $open_sans_font_url = ''; /* * translators: If there are characters in your language that are not supported * by Open Sans, translate this to 'off'. Do not translate into your own language. */ if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) { $subsets = 'latin,latin-ext'; /* * translators: To add an additional Open Sans character subset specific to your language, * translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language. */ $subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' ); if ( 'cyrillic' === $subset ) { $subsets .= ',cyrillic,cyrillic-ext'; } elseif ( 'greek' === $subset ) { $subsets .= ',greek,greek-ext'; } elseif ( 'vietnamese' === $subset ) { $subsets .= ',vietnamese'; } // Hotlink Open Sans, for now. $open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets&display=fallback"; } // Register a stylesheet for the selected admin color scheme. $styles->add( 'colors', true, array( 'wp-admin', 'buttons' ) ); $suffix = SCRIPT_DEBUG ? '' : '.min'; // Admin CSS. $styles->add( 'common', "/wp-admin/css/common$suffix.css" ); $styles->add( 'forms', "/wp-admin/css/forms$suffix.css" ); $styles->add( 'admin-menu', "/wp-admin/css/admin-menu$suffix.css" ); $styles->add( 'dashboard', "/wp-admin/css/dashboard$suffix.css" ); $styles->add( 'list-tables', "/wp-admin/css/list-tables$suffix.css" ); $styles->add( 'edit', "/wp-admin/css/edit$suffix.css" ); $styles->add( 'revisions', "/wp-admin/css/revisions$suffix.css" ); $styles->add( 'media', "/wp-admin/css/media$suffix.css" ); $styles->add( 'themes', "/wp-admin/css/themes$suffix.css" ); $styles->add( 'about', "/wp-admin/css/about$suffix.css" ); $styles->add( 'nav-menus', "/wp-admin/css/nav-menus$suffix.css" ); $styles->add( 'widgets', "/wp-admin/css/widgets$suffix.css", array( 'wp-pointer' ) ); $styles->add( 'site-icon', "/wp-admin/css/site-icon$suffix.css" ); $styles->add( 'l10n', "/wp-admin/css/l10n$suffix.css" ); $styles->add( 'code-editor', "/wp-admin/css/code-editor$suffix.css", array( 'wp-codemirror' ) ); $styles->add( 'site-health', "/wp-admin/css/site-health$suffix.css" ); $styles->add( 'wp-admin', false, array( 'dashicons', 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n' ) ); $styles->add( 'login', "/wp-admin/css/login$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'install', "/wp-admin/css/install$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'wp-color-picker', "/wp-admin/css/color-picker$suffix.css" ); $styles->add( 'customize-controls', "/wp-admin/css/customize-controls$suffix.css", array( 'wp-admin', 'colors', 'imgareaselect' ) ); $styles->add( 'customize-widgets', "/wp-admin/css/customize-widgets$suffix.css", array( 'wp-admin', 'colors' ) ); $styles->add( 'customize-nav-menus', "/wp-admin/css/customize-nav-menus$suffix.css", array( 'wp-admin', 'colors' ) ); // Common dependencies. $styles->add( 'buttons', "/wp-includes/css/buttons$suffix.css" ); $styles->add( 'dashicons', "/wp-includes/css/dashicons$suffix.css" ); // Includes CSS. $styles->add( 'admin-bar', "/wp-includes/css/admin-bar$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-auth-check', "/wp-includes/css/wp-auth-check$suffix.css", array( 'dashicons' ) ); $styles->add( 'editor-buttons', "/wp-includes/css/editor$suffix.css", array( 'dashicons' ) ); $styles->add( 'media-views', "/wp-includes/css/media-views$suffix.css", array( 'buttons', 'dashicons', 'wp-mediaelement' ) ); $styles->add( 'wp-pointer', "/wp-includes/css/wp-pointer$suffix.css", array( 'dashicons' ) ); $styles->add( 'customize-preview', "/wp-includes/css/customize-preview$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-empty-template-alert', "/wp-includes/css/wp-empty-template-alert$suffix.css" ); // External libraries and friends. $styles->add( 'imgareaselect', '/wp-includes/js/imgareaselect/imgareaselect.css', array(), '0.9.8' ); $styles->add( 'wp-jquery-ui-dialog', "/wp-includes/css/jquery-ui-dialog$suffix.css", array( 'dashicons' ) ); $styles->add( 'mediaelement', '/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css', array(), '4.2.17' ); $styles->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.css", array( 'mediaelement' ) ); $styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ) ); $styles->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.css', array(), '5.29.1-alpha-ee20357' ); // Deprecated CSS. $styles->add( 'deprecated-media', "/wp-admin/css/deprecated-media$suffix.css" ); $styles->add( 'farbtastic', "/wp-admin/css/farbtastic$suffix.css", array(), '1.3u1' ); $styles->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.css', array(), '0.9.15' ); $styles->add( 'colors-fresh', false, array( 'wp-admin', 'buttons' ) ); // Old handle. $styles->add( 'open-sans', $open_sans_font_url ); // No longer used in core as of 4.6. $styles->add( 'wp-embed-template-ie', false ); $styles->add_data( 'wp-embed-template-ie', 'conditional', '_required-conditional-dependency_' ); // Noto Serif is no longer used by core, but may be relied upon by themes and plugins. $fonts_url = ''; /* * translators: Use this to specify the proper Google Font name and variants * to load that is supported by your language. Do not translate. * Set to 'off' to disable loading. */ $font_family = _x( 'Noto Serif:400,400i,700,700i', 'Google Font Name and Variants' ); if ( 'off' !== $font_family ) { $fonts_url = 'https://fonts.googleapis.com/css?family=' . urlencode( $font_family ); } $styles->add( 'wp-editor-font', $fonts_url ); // No longer used in core as of 5.7. $block_library_theme_path = WPINC . "/css/dist/block-library/theme$suffix.css"; $styles->add( 'wp-block-library-theme', "/$block_library_theme_path" ); $styles->add_data( 'wp-block-library-theme', 'path', ABSPATH . $block_library_theme_path ); $classic_theme_styles_path = WPINC . "/css/classic-themes$suffix.css"; $styles->add( 'classic-theme-styles', "/$classic_theme_styles_path" ); $styles->add_data( 'classic-theme-styles', 'path', ABSPATH . $classic_theme_styles_path ); $styles->add( 'wp-reset-editor-styles', "/wp-includes/css/dist/block-library/reset$suffix.css", array( 'common', 'forms' ) // Make sure the reset is loaded after the default WP Admin styles. ); $styles->add( 'wp-editor-classic-layout-styles', "/wp-includes/css/dist/edit-post/classic$suffix.css", array() ); $styles->add( 'wp-block-editor-content', "/wp-includes/css/dist/block-editor/content$suffix.css", array( 'wp-components' ) ); // Only add CONTENT styles here that should be enqueued in the iframe! $wp_edit_blocks_dependencies = array( 'wp-components', /* * This needs to be added before the block library styles, * The block library styles override the "reset" styles. */ 'wp-reset-editor-styles', 'wp-block-library', 'wp-block-editor-content', ); // Only load the default layout and margin styles for themes without theme.json file. if ( ! wp_theme_has_theme_json() ) { $wp_edit_blocks_dependencies[] = 'wp-editor-classic-layout-styles'; } if ( current_theme_supports( 'wp-block-styles' ) && ( ! is_array( $editor_styles ) || count( $editor_styles ) === 0 ) ) { /* * Include opinionated block styles if the theme supports block styles and * no $editor_styles are declared, so the editor never appears broken. */ $wp_edit_blocks_dependencies[] = 'wp-block-library-theme'; } $styles->add( 'wp-edit-blocks', "/wp-includes/css/dist/block-library/editor$suffix.css", $wp_edit_blocks_dependencies ); $package_styles = array( 'block-editor' => array( 'wp-components', 'wp-preferences' ), 'block-library' => array(), 'block-directory' => array(), 'components' => array(), 'commands' => array( 'wp-components' ), 'edit-post' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-commands', 'wp-preferences', ), 'editor' => array( 'wp-components', 'wp-block-editor', 'wp-reusable-blocks', 'wp-patterns', 'wp-preferences', ), 'format-library' => array(), 'list-reusable-blocks' => array( 'wp-components' ), 'reusable-blocks' => array( 'wp-components' ), 'patterns' => array( 'wp-components' ), 'preferences' => array( 'wp-components' ), 'nux' => array( 'wp-components' ), 'widgets' => array( 'wp-components', ), 'edit-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'customize-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'edit-site' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-commands', 'wp-preferences', ), ); foreach ( $package_styles as $package => $dependencies ) { $handle = 'wp-' . $package; $path = "/wp-includes/css/dist/$package/style$suffix.css"; if ( 'block-library' === $package && wp_should_load_separate_core_block_assets() ) { $path = "/wp-includes/css/dist/$package/common$suffix.css"; } $styles->add( $handle, $path, $dependencies ); $styles->add_data( $handle, 'path', ABSPATH . $path ); } // RTL CSS. $rtl_styles = array( // Admin CSS. 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n', 'install', 'wp-color-picker', 'customize-controls', 'customize-widgets', 'customize-nav-menus', 'customize-preview', 'login', 'site-health', 'wp-empty-template-alert', // Includes CSS. 'buttons', 'admin-bar', 'wp-auth-check', 'editor-buttons', 'media-views', 'wp-pointer', 'wp-jquery-ui-dialog', // Package styles. 'wp-reset-editor-styles', 'wp-editor-classic-layout-styles', 'wp-block-library-theme', 'wp-edit-blocks', 'wp-block-editor', 'wp-block-library', 'wp-block-directory', 'wp-commands', 'wp-components', 'wp-customize-widgets', 'wp-edit-post', 'wp-edit-site', 'wp-edit-widgets', 'wp-editor', 'wp-format-library', 'wp-list-reusable-blocks', 'wp-reusable-blocks', 'wp-patterns', 'wp-nux', 'wp-widgets', // Deprecated CSS. 'deprecated-media', 'farbtastic', ); foreach ( $rtl_styles as $rtl_style ) { $styles->add_data( $rtl_style, 'rtl', 'replace' ); if ( $suffix ) { $styles->add_data( $rtl_style, 'suffix', $suffix ); } } } /** * Reorders JavaScript scripts array to place prototype before jQuery. * * @since 2.3.1 * * @param string[] $js_array JavaScript scripts array * @return string[] Reordered array, if needed. */ function wp_prototype_before_jquery( $js_array ) { $prototype = array_search( 'prototype', $js_array, true ); if ( false === $prototype ) { return $js_array; } $jquery = array_search( 'jquery', $js_array, true ); if ( false === $jquery ) { return $js_array; } if ( $prototype < $jquery ) { return $js_array; } unset( $js_array[ $prototype ] ); array_splice( $js_array, $jquery, 0, 'prototype' ); return $js_array; } /** * Loads localized data on print rather than initialization. * * These localizations require information that may not be loaded even by init. * * @since 2.5.0 * * @global array $shortcode_tags */ function wp_just_in_time_script_localization() { wp_localize_script( 'autosave', 'autosaveL10n', array( 'autosaveInterval' => AUTOSAVE_INTERVAL, 'blog_id' => get_current_blog_id(), ) ); wp_localize_script( 'mce-view', 'mceViewL10n', array( 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); wp_localize_script( 'word-count', 'wordCountL10n', array( 'type' => wp_get_word_count_type(), 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); } /** * Localizes the jQuery UI datepicker. * * @since 4.6.0 * * @link https://api.jqueryui.com/datepicker/#options * * @global WP_Locale $wp_locale WordPress date and time locale object. */ function wp_localize_jquery_ui_datepicker() { global $wp_locale; if ( ! wp_script_is( 'jquery-ui-datepicker', 'enqueued' ) ) { return; } // Convert the PHP date format into jQuery UI's format. $datepicker_date_format = str_replace( array( 'd', 'j', 'l', 'z', // Day. 'F', 'M', 'n', 'm', // Month. 'Y', 'y', // Year. ), array( 'dd', 'd', 'DD', 'o', 'MM', 'M', 'm', 'mm', 'yy', 'y', ), get_option( 'date_format' ) ); $datepicker_defaults = wp_json_encode( array( 'closeText' => __( 'Close' ), 'currentText' => __( 'Today' ), 'monthNames' => array_values( $wp_locale->month ), 'monthNamesShort' => array_values( $wp_locale->month_abbrev ), 'nextText' => __( 'Next' ), 'prevText' => __( 'Previous' ), 'dayNames' => array_values( $wp_locale->weekday ), 'dayNamesShort' => array_values( $wp_locale->weekday_abbrev ), 'dayNamesMin' => array_values( $wp_locale->weekday_initial ), 'dateFormat' => $datepicker_date_format, 'firstDay' => absint( get_option( 'start_of_week' ) ), 'isRTL' => $wp_locale->is_rtl(), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); wp_add_inline_script( 'jquery-ui-datepicker', "jQuery(function(jQuery){jQuery.datepicker.setDefaults({$datepicker_defaults});});" ); } /** * Localizes community events data that needs to be passed to dashboard.js. * * @since 4.8.0 */ function wp_localize_community_events() { if ( ! wp_script_is( 'dashboard' ) ) { return; } require_once ABSPATH . 'wp-admin/includes/class-wp-community-events.php'; $user_id = get_current_user_id(); $saved_location = get_user_option( 'community-events-location', $user_id ); $saved_ip_address = isset( $saved_location['ip'] ) ? $saved_location['ip'] : false; $current_ip_address = WP_Community_Events::get_unsafe_client_ip(); /* * If the user's location is based on their IP address, then update their * location when their IP address changes. This allows them to see events * in their current city when travelling. Otherwise, they would always be * shown events in the city where they were when they first loaded the * Dashboard, which could have been months or years ago. */ if ( $saved_ip_address && $current_ip_address && $current_ip_address !== $saved_ip_address ) { $saved_location['ip'] = $current_ip_address; update_user_meta( $user_id, 'community-events-location', $saved_location ); } $events_client = new WP_Community_Events( $user_id, $saved_location ); wp_localize_script( 'dashboard', 'communityEventsData', array( 'nonce' => wp_create_nonce( 'community_events' ), 'cache' => $events_client->get_cached_events(), 'time_format' => get_option( 'time_format' ), ) ); } /** * Administration Screen CSS for changing the styles. * * If installing the 'wp-admin/' directory will be replaced with './'. * * The $_wp_admin_css_colors global manages the Administration Screens CSS * stylesheet that is loaded. The option that is set is 'admin_color' and is the * color and key for the array. The value for the color key is an object with * a 'url' parameter that has the URL path to the CSS file. * * The query from $src parameter will be appended to the URL that is given from * the $_wp_admin_css_colors array value URL. * * @since 2.6.0 * * @global array $_wp_admin_css_colors * * @param string $src Source URL. * @param string $handle Either 'colors' or 'colors-rtl'. * @return string|false URL path to CSS stylesheet for Administration Screens. */ function wp_style_loader_src( $src, $handle ) { global $_wp_admin_css_colors; if ( wp_installing() ) { return preg_replace( '#^wp-admin/#', './', $src ); } if ( 'colors' === $handle ) { $color = get_user_option( 'admin_color' ); if ( empty( $color ) || ! isset( $_wp_admin_css_colors[ $color ] ) ) { $color = 'fresh'; } $color = $_wp_admin_css_colors[ $color ]; $url = $color->url; if ( ! $url ) { return false; } $parsed = parse_url( $src ); if ( isset( $parsed['query'] ) && $parsed['query'] ) { wp_parse_str( $parsed['query'], $qv ); $url = add_query_arg( $qv, $url ); } return $url; } return $src; } /** * Prints the script queue in the HTML head on admin pages. * * Postpones the scripts that were queued for the footer. * print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @see wp_print_scripts() * * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_head_scripts() { global $concatenate_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } $wp_scripts = wp_scripts(); script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_head_items(); /** * Filters whether to print the head scripts. * * @since 2.8.0 * * @param bool $print Whether to print the head scripts. Default true. */ if ( apply_filters( 'print_head_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints the scripts that were queued for the footer or too late for the HTML head. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_footer_scripts() { global $wp_scripts, $concatenate_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if not instantiated. } script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_footer_items(); /** * Filters whether to print the footer scripts. * * @since 2.8.0 * * @param bool $print Whether to print the footer scripts. Default true. */ if ( apply_filters( 'print_footer_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints scripts (internal use only) * * @since 2.8.0 * * @ignore * * @global WP_Scripts $wp_scripts * @global bool $compress_scripts */ function _print_scripts() { global $wp_scripts, $compress_scripts; $zip = $compress_scripts ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_scripts->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'script' ) ? '' : " type='text/javascript'"; if ( $concat ) { if ( ! empty( $wp_scripts->print_code ) ) { echo "\n<script{$type_attr}>\n"; echo "/* <![CDATA[ */\n"; // Not needed in HTML 5. echo $wp_scripts->print_code; echo sprintf( "\n//# sourceURL=%s\n", rawurlencode( 'js-inline-concat-' . $concat ) ); echo "/* ]]> */\n"; echo "</script>\n"; } $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version; echo "<script{$type_attr} src='" . esc_attr( $src ) . "'></script>\n"; } if ( ! empty( $wp_scripts->print_html ) ) { echo $wp_scripts->print_html; } } /** * Prints the script queue in the HTML head on the front end. * * Postpones the scripts that were queued for the footer. * wp_print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * * @return string[] Handles of the scripts that were printed. */ function wp_print_head_scripts() { global $wp_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if nothing is queued. } return print_head_scripts(); } /** * Private, for use in *_footer_scripts hooks * * In classic themes, when block styles are loaded on demand via wp_load_classic_theme_block_styles_on_demand(), * this function is replaced by a closure in wp_hoist_late_printed_styles() which will capture the printing of * two sets of "late" styles to be hoisted to the HEAD by means of the template enhancement output buffer: * * 1. Styles related to blocks are inserted right after the wp-block-library stylesheet. * 2. All other styles are appended to the end of the HEAD. * * The closure calls print_footer_scripts() to print scripts in the footer as usual. * * @since 3.3.0 */ function _wp_footer_scripts() { print_late_styles(); print_footer_scripts(); } /** * Hooks to print the scripts and styles in the footer. * * @since 2.8.0 */ function wp_print_footer_scripts() { /** * Fires when footer scripts are printed. * * @since 2.8.0 */ do_action( 'wp_print_footer_scripts' ); } /** * Wrapper for do_action( 'wp_enqueue_scripts' ). * * Allows plugins to queue scripts for the front end using wp_enqueue_script(). * Runs first in wp_head() where all is_home(), is_page(), etc. functions are available. * * @since 2.8.0 */ function wp_enqueue_scripts() { /** * Fires when scripts and styles are enqueued. * * @since 2.8.0 */ do_action( 'wp_enqueue_scripts' ); } /** * Prints the styles queue in the HTML head on admin pages. * * @since 2.8.0 * * @global bool $concatenate_scripts * * @return string[] Handles of the styles that were printed. */ function print_admin_styles() { global $concatenate_scripts; $wp_styles = wp_styles(); script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_items( false ); /** * Filters whether to print the admin styles. * * @since 2.8.0 * * @param bool $print Whether to print the admin styles. Default true. */ if ( apply_filters( 'print_admin_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints the styles that were queued too late for the HTML head. * * @since 3.3.0 * * @global WP_Styles $wp_styles * @global bool $concatenate_scripts * * @return array|void */ function print_late_styles() { global $wp_styles, $concatenate_scripts; if ( ! ( $wp_styles instanceof WP_Styles ) ) { return; } script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_footer_items(); /** * Filters whether to print the styles queued too late for the HTML head. * * @since 3.3.0 * * @param bool $print Whether to print the 'late' styles. Default true. */ if ( apply_filters( 'print_late_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints styles (internal use only). * * @ignore * @since 3.3.0 * * @global bool $compress_css */ function _print_styles() { global $compress_css; $wp_styles = wp_styles(); $zip = $compress_css ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_styles->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; if ( $concat ) { $dir = $wp_styles->text_direction; $ver = $wp_styles->default_version; $concat_source_url = 'css-inline-concat-' . $concat; $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver; echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "'{$type_attr} media='all' />\n"; if ( ! empty( $wp_styles->print_code ) ) { echo "<style{$type_attr}>\n"; echo $wp_styles->print_code; echo sprintf( "\n/*# sourceURL=%s */", rawurlencode( $concat_source_url ) ); echo "\n</style>\n"; } } if ( ! empty( $wp_styles->print_html ) ) { echo $wp_styles->print_html; } } /** * Determines the concatenation and compression settings for scripts and styles. * * @since 2.8.0 * * @global bool $concatenate_scripts * @global bool $compress_scripts * @global bool $compress_css */ function script_concat_settings() { global $concatenate_scripts, $compress_scripts, $compress_css; $compressed_output = ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' === ini_get( 'output_handler' ) ); $can_compress_scripts = ! wp_installing() && get_site_option( 'can_compress_scripts' ); if ( ! isset( $concatenate_scripts ) ) { $concatenate_scripts = defined( 'CONCATENATE_SCRIPTS' ) ? CONCATENATE_SCRIPTS : true; if ( ( ! is_admin() && ! did_action( 'login_init' ) ) || ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ) { $concatenate_scripts = false; } } if ( ! isset( $compress_scripts ) ) { $compress_scripts = defined( 'COMPRESS_SCRIPTS' ) ? COMPRESS_SCRIPTS : true; if ( $compress_scripts && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_scripts = false; } } if ( ! isset( $compress_css ) ) { $compress_css = defined( 'COMPRESS_CSS' ) ? COMPRESS_CSS : true; if ( $compress_css && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_css = false; } } } /** * Handles the enqueueing of block scripts and styles that are common to both * the editor and the front-end. * * @since 5.0.0 */ function wp_common_block_scripts_and_styles() { if ( is_admin() && ! wp_should_load_block_editor_scripts_and_styles() ) { return; } wp_enqueue_style( 'wp-block-library' ); if ( current_theme_supports( 'wp-block-styles' ) && ! wp_should_load_separate_core_block_assets() ) { wp_enqueue_style( 'wp-block-library-theme' ); } /** * Fires after enqueuing block assets for both editor and front-end. * * Call `add_action` on any hook before 'wp_enqueue_scripts'. * * In the function call you supply, simply use `wp_enqueue_script` and * `wp_enqueue_style` to add your functionality to the Gutenberg editor. * * @since 5.0.0 */ do_action( 'enqueue_block_assets' ); } /** * Applies a filter to the list of style nodes that comes from WP_Theme_JSON::get_style_nodes(). * * This particular filter removes all of the blocks from the array. * * We want WP_Theme_JSON to be ignorant of the implementation details of how the CSS is being used. * This filter allows us to modify the output of WP_Theme_JSON depending on whether or not we are * loading separate assets, without making the class aware of that detail. * * @since 6.1.0 * * @param array $nodes The nodes to filter. * @return array A filtered array of style nodes. */ function wp_filter_out_block_nodes( $nodes ) { return array_filter( $nodes, static function ( $node ) { return ! in_array( 'blocks', $node['path'], true ); }, ARRAY_FILTER_USE_BOTH ); } /** * Enqueues the global styles defined via theme.json. * * @since 5.8.0 */ function wp_enqueue_global_styles() { $assets_on_demand = wp_should_load_block_assets_on_demand(); $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * Global styles should be printed in the head for block themes, or for classic themes when loading assets on * demand is disabled, which is the default. * The footer should only be used for classic themes when loading assets on demand is enabled. * * See https://core.trac.wordpress.org/ticket/53494 and https://core.trac.wordpress.org/ticket/61965. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_footer' ) && ! $assets_on_demand ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) && $assets_on_demand ) ) { return; } /* * If loading the CSS for each block separately, then load the theme.json CSS conditionally. * This removes the CSS from the global-styles stylesheet and adds it to the inline CSS for each block. * This filter must be registered before calling wp_get_global_stylesheet(); */ add_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' ); $stylesheet = wp_get_global_stylesheet(); if ( $is_block_theme ) { /* * Dequeue the Customizer's custom CSS * and add it before the global styles custom CSS. */ remove_action( 'wp_head', 'wp_custom_css_cb', 101 ); /* * Get the custom CSS from the Customizer and add it to the global stylesheet. * Always do this in Customizer preview for the sake of live preview since it be empty. */ $custom_css = trim( wp_get_custom_css() ); if ( $custom_css || is_customize_preview() ) { if ( is_customize_preview() ) { /* * When in the Customizer preview, wrap the Custom CSS in milestone comments to allow customize-preview.js * to locate the CSS to replace for live previewing. Make sure that the milestone comments are omitted from * the stored Custom CSS if by chance someone tried to add them, which would be highly unlikely, but it * would break live previewing. */ $before_milestone = '/*BEGIN_CUSTOMIZER_CUSTOM_CSS*/'; $after_milestone = '/*END_CUSTOMIZER_CUSTOM_CSS*/'; $custom_css = str_replace( array( $before_milestone, $after_milestone ), '', $custom_css ); $custom_css = $before_milestone . "\n" . $custom_css . "\n" . $after_milestone; } $custom_css = "\n" . $custom_css; } $stylesheet .= $custom_css; // Add the global styles custom CSS at the end. $stylesheet .= wp_get_global_stylesheet( array( 'custom-css' ) ); } if ( empty( $stylesheet ) ) { return; } wp_register_style( 'global-styles', false ); wp_add_inline_style( 'global-styles', $stylesheet ); wp_enqueue_style( 'global-styles' ); // Add each block as an inline css. wp_add_global_styles_for_blocks(); } /** * Checks if the editor scripts and styles for all registered block types * should be enqueued on the current screen. * * @since 5.6.0 * * @global WP_Screen $current_screen WordPress current screen object. * * @return bool Whether scripts and styles should be enqueued. */ function wp_should_load_block_editor_scripts_and_styles() { global $current_screen; $is_block_editor_screen = ( $current_screen instanceof WP_Screen ) && $current_screen->is_block_editor(); /** * Filters the flag that decides whether or not block editor scripts and styles * are going to be enqueued on the current screen. * * @since 5.6.0 * * @param bool $is_block_editor_screen Current value of the flag. */ return apply_filters( 'should_load_block_editor_scripts_and_styles', $is_block_editor_screen ); } /** * Checks whether separate styles should be loaded for core blocks. * * When this function returns true, other functions ensure that core blocks use their own separate stylesheets. * When this function returns false, all core blocks will use the single combined 'wp-block-library' stylesheet. * * As a side effect, the return value will by default result in block assets to be loaded on demand, via the * {@see wp_should_load_block_assets_on_demand()} function. This behavior can be separately altered via that function. * * This only affects front end and not the block editor screens. * * @since 5.8.0 * @see @see wp_should_load_block_assets_on_demand() * @see wp_enqueue_registered_block_scripts_and_styles() * @see register_block_style_handle() * * @return bool Whether separate core block assets will be loaded. */ function wp_should_load_separate_core_block_assets() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /** * Filters whether block styles should be loaded separately. * * Returning false loads all core block assets, regardless of whether they are rendered * in a page or not. Returning true loads core block assets only when they are rendered. * * @since 5.8.0 * * @param bool $load_separate_assets Whether separate assets will be loaded. * Default false (all block assets are loaded, even when not used). */ return apply_filters( 'should_load_separate_core_block_assets', false ); } /** * Checks whether block styles should be loaded only on-render. * * When this function returns true, other functions ensure that blocks only load their assets on-render. * When this function returns false, all block assets are loaded regardless of whether they are rendered in a page. * * The default return value depends on the result of {@see wp_should_load_separate_core_block_assets()}, which controls * whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' stylesheet. * * This only affects front end and not the block editor screens. * * @since 6.8.0 * @see wp_should_load_separate_core_block_assets() * * @return bool Whether to load block assets only when they are rendered. */ function wp_should_load_block_assets_on_demand() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /* * For backward compatibility, the default return value for this function is based on the return value of * `wp_should_load_separate_core_block_assets()`. Initially, this function used to control both of these concerns. */ $load_assets_on_demand = wp_should_load_separate_core_block_assets(); /** * Filters whether block styles should be loaded on demand. * * Returning false loads all block assets, regardless of whether they are rendered in a page or not. * Returning true loads block assets only when they are rendered. * * The default value of the filter depends on the result of {@see wp_should_load_separate_core_block_assets()}, * which controls whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' * stylesheet. * * @since 6.8.0 * * @param bool $load_assets_on_demand Whether to load block assets only when they are rendered. */ return apply_filters( 'should_load_block_assets_on_demand', $load_assets_on_demand ); } /** * Enqueues registered block scripts and styles, depending on current rendered * context (only enqueuing editor scripts while in context of the editor). * * @since 5.0.0 */ function wp_enqueue_registered_block_scripts_and_styles() { if ( wp_should_load_block_assets_on_demand() ) { return; } $load_editor_scripts_and_styles = is_admin() && wp_should_load_block_editor_scripts_and_styles(); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Block styles are only enqueued if they're registered. For core blocks, this is only the case if * `wp_should_load_separate_core_block_assets()` returns true. Otherwise they use the single combined * 'wp-block-library` stylesheet. See also `register_core_block_style_handles()`. * Since `wp_enqueue_style()` does not trigger warnings if the style is not registered, it is okay to not cater for * this behavior here and simply call `wp_enqueue_style()` unconditionally. */ foreach ( $block_registry->get_all_registered() as $block_name => $block_type ) { // Front-end and editor styles. foreach ( $block_type->style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } // Front-end and editor scripts. foreach ( $block_type->script_handles as $script_handle ) { wp_enqueue_script( $script_handle ); } if ( $load_editor_scripts_and_styles ) { // Editor styles. foreach ( $block_type->editor_style_handles as $editor_style_handle ) { wp_enqueue_style( $editor_style_handle ); } // Editor scripts. foreach ( $block_type->editor_script_handles as $editor_script_handle ) { wp_enqueue_script( $editor_script_handle ); } } } } /** * Function responsible for enqueuing the styles required for block styles functionality on the editor and on the frontend. * * @since 5.3.0 * * @global WP_Styles $wp_styles */ function enqueue_block_styles_assets() { global $wp_styles; $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { if ( isset( $style_properties['style_handle'] ) ) { // If the site loads block styles on demand, enqueue the stylesheet on render. if ( wp_should_load_block_assets_on_demand() ) { add_filter( 'render_block', static function ( $html, $block ) use ( $block_name, $style_properties ) { if ( $block['blockName'] === $block_name ) { wp_enqueue_style( $style_properties['style_handle'] ); } return $html; }, 10, 2 ); } else { wp_enqueue_style( $style_properties['style_handle'] ); } } if ( isset( $style_properties['inline_style'] ) ) { // Default to "wp-block-library". $handle = 'wp-block-library'; // If the site loads block styles on demand, check if the block has a stylesheet registered. if ( wp_should_load_block_assets_on_demand() ) { $block_stylesheet_handle = generate_block_asset_handle( $block_name, 'style' ); if ( isset( $wp_styles->registered[ $block_stylesheet_handle ] ) ) { $handle = $block_stylesheet_handle; } } // Add inline styles to the calculated handle. wp_add_inline_style( $handle, $style_properties['inline_style'] ); } } } } /** * Function responsible for enqueuing the assets required for block styles functionality on the editor. * * @since 5.3.0 */ function enqueue_editor_block_styles_assets() { $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); $register_script_lines = array( '( function() {' ); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { $block_style = array( 'name' => $style_properties['name'], 'label' => $style_properties['label'], ); if ( isset( $style_properties['is_default'] ) ) { $block_style['isDefault'] = $style_properties['is_default']; } $register_script_lines[] = sprintf( ' wp.blocks.registerBlockStyle( \'%s\', %s );', $block_name, wp_json_encode( $block_style, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); } } $register_script_lines[] = '} )();'; $inline_script = implode( "\n", $register_script_lines ); wp_register_script( 'wp-block-styles', false, array( 'wp-blocks' ), true, array( 'in_footer' => true ) ); wp_add_inline_script( 'wp-block-styles', $inline_script ); wp_enqueue_script( 'wp-block-styles' ); } /** * Enqueues the assets required for the block directory within the block editor. * * @since 5.5.0 */ function wp_enqueue_editor_block_directory_assets() { wp_enqueue_script( 'wp-block-directory' ); wp_enqueue_style( 'wp-block-directory' ); } /** * Enqueues the assets required for the format library within the block editor. * * @since 5.8.0 */ function wp_enqueue_editor_format_library_assets() { wp_enqueue_script( 'wp-format-library' ); wp_enqueue_style( 'wp-format-library' ); } /** * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag. * * Automatically injects type attribute if needed. * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String made of sanitized `<script>` tag attributes. */ function wp_sanitize_script_attributes( $attributes ) { $html5_script_support = is_admin() || current_theme_supports( 'html5', 'script' ); $attributes_string = ''; /* * If HTML5 script tag is supported, only the attribute name is added * to $attributes_string for entries with a boolean value, and that are true. */ foreach ( $attributes as $attribute_name => $attribute_value ) { if ( is_bool( $attribute_value ) ) { if ( $attribute_value ) { $attributes_string .= $html5_script_support ? ' ' . esc_attr( $attribute_name ) : sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ); } } else { $attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) ); } } return $attributes_string; } /** * Formats `<script>` loader tags. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String containing `<script>` opening and closing tags. */ function wp_get_script_tag( $attributes ) { if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. */ $attributes = apply_filters( 'wp_script_attributes', $attributes ); return sprintf( "<script%s></script>\n", wp_sanitize_script_attributes( $attributes ) ); } /** * Prints formatted `<script>` loader tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. */ function wp_print_script_tag( $attributes ) { echo wp_get_script_tag( $attributes ); } /** * Constructs an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. * @return string String containing inline JavaScript code wrapped around `<script>` tag. */ function wp_get_inline_script_tag( $data, $attributes = array() ) { $is_html5 = current_theme_supports( 'html5', 'script' ) || is_admin(); if ( ! isset( $attributes['type'] ) && ! $is_html5 ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /* * XHTML extracts the contents of the SCRIPT element and then the XML parser * decodes character references and other syntax elements. This can lead to * misinterpretation of the script contents or invalid XHTML documents. * * Wrapping the contents in a CDATA section instructs the XML parser not to * transform the contents of the SCRIPT element before passing them to the * JavaScript engine. * * Example: * * <script>console.log('…');</script> * * In an HTML document this would print "…" to the console, * but in an XHTML document it would print "…" to the console. * * <script>console.log('An image is <img> in HTML');</script> * * In an HTML document this would print "An image is <img> in HTML", * but it's an invalid XHTML document because it interprets the `<img>` * as an empty tag missing its closing `/`. * * @see https://www.w3.org/TR/xhtml1/#h-4.8 */ if ( ! $is_html5 && ( ! isset( $attributes['type'] ) || 'module' === $attributes['type'] || str_contains( $attributes['type'], 'javascript' ) || str_contains( $attributes['type'], 'ecmascript' ) || str_contains( $attributes['type'], 'jscript' ) || str_contains( $attributes['type'], 'livescript' ) ) ) { /* * If the string `]]>` exists within the JavaScript it would break * out of any wrapping CDATA section added here, so to start, it's * necessary to escape that sequence which requires splitting the * content into two CDATA sections wherever it's found. * * Note: it's only necessary to escape the closing `]]>` because * an additional `<![CDATA[` leaves the contents unchanged. */ $data = str_replace( ']]>', ']]]]><![CDATA[>', $data ); // Wrap the entire escaped script inside a CDATA section. $data = sprintf( "/* <![CDATA[ */\n%s\n/* ]]> */", $data ); } $data = "\n" . trim( $data, "\n\r " ) . "\n"; /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. * @param string $data Inline data. */ $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $data ); } /** * Prints an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. */ function wp_print_inline_script_tag( $data, $attributes = array() ) { echo wp_get_inline_script_tag( $data, $attributes ); } /** * Allows small styles to be inlined. * * This improves performance and sustainability, and is opt-in. Stylesheets can opt in * by adding `path` data using `wp_style_add_data`, and defining the file's absolute path: * * wp_style_add_data( $style_handle, 'path', $file_path ); * * @since 5.8.0 * * @global WP_Styles $wp_styles */ function wp_maybe_inline_styles() { global $wp_styles; $total_inline_limit = 40000; /** * The maximum size of inlined styles in bytes. * * @since 5.8.0 * @since 6.9.0 The default limit increased from 20K to 40K. * * @param int $total_inline_limit The file-size threshold, in bytes. Default 40000. */ $total_inline_limit = apply_filters( 'styles_inline_size_limit', $total_inline_limit ); $styles = array(); // Build an array of styles that have a path defined. foreach ( $wp_styles->queue as $handle ) { if ( ! isset( $wp_styles->registered[ $handle ] ) ) { continue; } $src = $wp_styles->registered[ $handle ]->src; $path = $wp_styles->get_data( $handle, 'path' ); if ( $path && $src ) { $size = wp_filesize( $path ); if ( ! $size ) { continue; } $styles[] = array( 'handle' => $handle, 'src' => $src, 'path' => $path, 'size' => $size, ); } } if ( ! empty( $styles ) ) { // Reorder styles array based on size. usort( $styles, static function ( $a, $b ) { return ( $a['size'] <= $b['size'] ) ? -1 : 1; } ); /* * The total inlined size. * * On each iteration of the loop, if a style gets added inline the value of this var increases * to reflect the total size of inlined styles. */ $total_inline_size = 0; // Loop styles. foreach ( $styles as $style ) { // Size check. Since styles are ordered by size, we can break the loop. if ( $total_inline_size + $style['size'] > $total_inline_limit ) { break; } // Get the styles if we don't already have them. $style['css'] = file_get_contents( $style['path'] ); /* * Check if the style contains relative URLs that need to be modified. * URLs relative to the stylesheet's path should be converted to relative to the site's root. */ $style['css'] = _wp_normalize_relative_css_links( $style['css'], $style['src'] ); // Keep track of the original `src` for the style that was inlined so that the `sourceURL` comment can be added. $wp_styles->add_data( $style['handle'], 'inlined_src', $style['src'] ); // Set `src` to `false` and add styles inline. $wp_styles->registered[ $style['handle'] ]->src = false; if ( empty( $wp_styles->registered[ $style['handle'] ]->extra['after'] ) ) { $wp_styles->registered[ $style['handle'] ]->extra['after'] = array(); } array_unshift( $wp_styles->registered[ $style['handle'] ]->extra['after'], $style['css'] ); // Add the styles size to the $total_inline_size var. $total_inline_size += (int) $style['size']; } } } /** * Makes URLs relative to the WordPress installation. * * @since 5.9.0 * @access private * * @param string $css The CSS to make URLs relative to the WordPress installation. * @param string $stylesheet_url The URL to the stylesheet. * * @return string The CSS with URLs made relative to the WordPress installation. */ function _wp_normalize_relative_css_links( $css, $stylesheet_url ) { return preg_replace_callback( '#(url\s*\(\s*[\'"]?\s*)([^\'"\)]+)#', static function ( $matches ) use ( $stylesheet_url ) { list( , $prefix, $url ) = $matches; // Short-circuit if the URL does not require normalization. if ( str_starts_with( $url, 'http:' ) || str_starts_with( $url, 'https:' ) || str_starts_with( $url, '/' ) || str_starts_with( $url, '#' ) || str_starts_with( $url, 'data:' ) ) { return $matches[0]; } // Build the absolute URL. $absolute_url = dirname( $stylesheet_url ) . '/' . $url; $absolute_url = str_replace( '/./', '/', $absolute_url ); // Convert to URL related to the site root. $url = wp_make_link_relative( $absolute_url ); return $prefix . $url; }, $css ); } /** * Function that enqueues the CSS Custom Properties coming from theme.json. * * @since 5.9.0 */ function wp_enqueue_global_styles_css_custom_properties() { wp_register_style( 'global-styles-css-custom-properties', false ); wp_add_inline_style( 'global-styles-css-custom-properties', wp_get_global_stylesheet( array( 'variables' ) ) ); wp_enqueue_style( 'global-styles-css-custom-properties' ); } /** * Hooks inline styles in the proper place, depending on the active theme. * * @since 5.9.1 * @since 6.1.0 Added the `$priority` parameter. * * For block themes, styles are loaded in the head. * For classic ones, styles are loaded in the body because the wp_head action happens before render_block. * * @link https://core.trac.wordpress.org/ticket/53494. * * @param string $style String containing the CSS styles to be added. * @param int $priority To set the priority for the add_action. */ function wp_enqueue_block_support_styles( $style, $priority = 10 ) { $action_hook_name = 'wp_footer'; if ( wp_is_block_theme() ) { $action_hook_name = 'wp_head'; } add_action( $action_hook_name, static function () use ( $style ) { echo "<style>$style</style>\n"; }, $priority ); } /** * Fetches, processes and compiles stored core styles, then combines and renders them to the page. * Styles are stored via the style engine API. * * @link https://developer.wordpress.org/block-editor/reference-guides/packages/packages-style-engine/ * * @since 6.1.0 * * @param array $options { * Optional. An array of options to pass to wp_style_engine_get_stylesheet_from_context(). * Default empty array. * * @type bool $optimize Whether to optimize the CSS output, e.g., combine rules. * Default false. * @type bool $prettify Whether to add new lines and indents to output. * Default to whether the `SCRIPT_DEBUG` constant is defined. * } */ function wp_enqueue_stored_styles( $options = array() ) { // Note: Styles printed at wp_footer for classic themes may still end up in the head due to wp_load_classic_theme_block_styles_on_demand(). $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * For block themes, this function prints stored styles in the header. * For classic themes, in the footer. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) ) ) { return; } $core_styles_keys = array( 'block-supports' ); $compiled_core_stylesheet = ''; $style_tag_id = 'core'; // Adds comment if code is prettified to identify core styles sections in debugging. $should_prettify = isset( $options['prettify'] ) ? true === $options['prettify'] : defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG; foreach ( $core_styles_keys as $style_key ) { if ( $should_prettify ) { $compiled_core_stylesheet .= "/**\n * Core styles: $style_key\n */\n"; } // Chains core store ids to signify what the styles contain. $style_tag_id .= '-' . $style_key; $compiled_core_stylesheet .= wp_style_engine_get_stylesheet_from_context( $style_key, $options ); } // Combines Core styles. if ( ! empty( $compiled_core_stylesheet ) ) { wp_register_style( $style_tag_id, false ); wp_add_inline_style( $style_tag_id, $compiled_core_stylesheet ); wp_enqueue_style( $style_tag_id ); } // Prints out any other stores registered by themes or otherwise. $additional_stores = WP_Style_Engine_CSS_Rules_Store::get_stores(); foreach ( array_keys( $additional_stores ) as $store_name ) { if ( in_array( $store_name, $core_styles_keys, true ) ) { continue; } $styles = wp_style_engine_get_stylesheet_from_context( $store_name, $options ); if ( ! empty( $styles ) ) { $key = "wp-style-engine-$store_name"; wp_register_style( $key, false ); wp_add_inline_style( $key, $styles ); wp_enqueue_style( $key ); } } } /** * Enqueues a stylesheet for a specific block. * * If the theme has opted-in to load block styles on demand, * then the stylesheet will be enqueued on-render, * otherwise when the block inits. * * @since 5.9.0 * * @param string $block_name The block-name, including namespace. * @param array $args { * An array of arguments. See wp_register_style() for full information about each argument. * * @type string $handle The handle for the stylesheet. * @type string|false $src The source URL of the stylesheet. * @type string[] $deps Array of registered stylesheet handles this stylesheet depends on. * @type string|bool|null $ver Stylesheet version number. * @type string $media The media for which this stylesheet has been defined. * @type string|null $path Absolute path to the stylesheet, so that it can potentially be inlined. * } */ function wp_enqueue_block_style( $block_name, $args ) { $args = wp_parse_args( $args, array( 'handle' => '', 'src' => '', 'deps' => array(), 'ver' => false, 'media' => 'all', ) ); /** * Callback function to register and enqueue styles. * * @param string $content When the callback is used for the render_block filter, * the content needs to be returned so the function parameter * is to ensure the content exists. * @return string Block content. */ $callback = static function ( $content ) use ( $args ) { // Register the stylesheet. if ( ! empty( $args['src'] ) ) { wp_register_style( $args['handle'], $args['src'], $args['deps'], $args['ver'], $args['media'] ); } // Add `path` data if provided. if ( isset( $args['path'] ) ) { wp_style_add_data( $args['handle'], 'path', $args['path'] ); // Get the RTL file path. $rtl_file_path = str_replace( '.css', '-rtl.css', $args['path'] ); // Add RTL stylesheet. if ( file_exists( $rtl_file_path ) ) { wp_style_add_data( $args['handle'], 'rtl', 'replace' ); if ( is_rtl() ) { wp_style_add_data( $args['handle'], 'path', $rtl_file_path ); } } } // Enqueue the stylesheet. wp_enqueue_style( $args['handle'] ); return $content; }; $hook = did_action( 'wp_enqueue_scripts' ) ? 'wp_footer' : 'wp_enqueue_scripts'; if ( wp_should_load_block_assets_on_demand() ) { /** * Callback function to register and enqueue styles. * * @param string $content The block content. * @param array $block The full block, including name and attributes. * @return string Block content. */ $callback_separate = static function ( $content, $block ) use ( $block_name, $callback ) { if ( ! empty( $block['blockName'] ) && $block_name === $block['blockName'] ) { return $callback( $content ); } return $content; }; /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( 'render_block', $callback_separate, 10, 2 ); return; } /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( $hook, $callback ); // Enqueue assets in the editor. add_action( 'enqueue_block_assets', $callback ); } /** * Loads classic theme styles on classic themes in the frontend. * * This is used for backwards compatibility for Button and File blocks specifically. * * @since 6.1.0 * @since 6.2.0 Added File block styles. * @since 6.8.0 Moved stylesheet registration outside of this function. */ function wp_enqueue_classic_theme_styles() { if ( ! wp_theme_has_theme_json() ) { wp_enqueue_style( 'classic-theme-styles' ); } } /** * Enqueues the assets required for the Command Palette. * * @since 6.9.0 * * @global array $menu * @global array $submenu */ function wp_enqueue_command_palette_assets() { global $menu, $submenu; $command_palette_settings = array( 'is_network_admin' => is_network_admin(), ); if ( $menu ) { $menu_commands = array(); foreach ( $menu as $menu_item ) { if ( empty( $menu_item[0] ) || ! empty( $menu_item[1] ) && ! current_user_can( $menu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $menu_label = $menu_item[0]; while ( preg_match( '/<[^>]*>/', $menu_label ) ) { $menu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $menu_label ); } $menu_label = trim( $menu_label ); $menu_url = ''; $menu_slug = $menu_item[2]; if ( preg_match( '/\.php($|\?)/', $menu_slug ) || wp_http_validate_url( $menu_slug ) ) { $menu_url = $menu_slug; } elseif ( ! empty( menu_page_url( $menu_slug, false ) ) ) { $menu_url = html_entity_decode( menu_page_url( $menu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $menu_url ) { $menu_commands[] = array( 'label' => $menu_label, 'url' => $menu_url, 'name' => $menu_slug, ); } if ( array_key_exists( $menu_slug, $submenu ) ) { foreach ( $submenu[ $menu_slug ] as $submenu_item ) { if ( empty( $submenu_item[0] ) || ! empty( $submenu_item[1] ) && ! current_user_can( $submenu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $submenu_label = $submenu_item[0]; while ( preg_match( '/<[^>]*>/', $submenu_label ) ) { $submenu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $submenu_label ); } $submenu_label = trim( $submenu_label ); $submenu_url = ''; $submenu_slug = $submenu_item[2]; if ( preg_match( '/\.php($|\?)/', $submenu_slug ) || wp_http_validate_url( $submenu_slug ) ) { $submenu_url = $submenu_slug; } elseif ( ! empty( menu_page_url( $submenu_slug, false ) ) ) { $submenu_url = html_entity_decode( menu_page_url( $submenu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $submenu_url ) { $menu_commands[] = array( 'label' => sprintf( /* translators: 1: Menu label, 2: Submenu label. */ __( '%1$s > %2$s' ), $menu_label, $submenu_label ), 'url' => $submenu_url, 'name' => $menu_slug . '-' . $submenu_item[2], ); } } } } $command_palette_settings['menu_commands'] = $menu_commands; } wp_enqueue_script( 'wp-commands' ); wp_enqueue_style( 'wp-commands' ); wp_enqueue_script( 'wp-core-commands' ); wp_add_inline_script( 'wp-core-commands', sprintf( 'wp.coreCommands.initializeCommandPalette( %s );', wp_json_encode( $command_palette_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); } /** * Removes leading and trailing _empty_ script tags. * * This is a helper meant to be used for literal script tag construction * within `wp_get_inline_script_tag()` or `wp_print_inline_script_tag()`. * It removes the literal values of "<script>" and "</script>" from * around an inline script after trimming whitespace. Typically this * is used in conjunction with output buffering, where `ob_get_clean()` * is passed as the `$contents` argument. * * Example: * * // Strips exact literal empty SCRIPT tags. * $js = '<script>sayHello();</script>; * 'sayHello();' === wp_remove_surrounding_empty_script_tags( $js ); * * // Otherwise if anything is different it warns in the JS console. * $js = '<script type="text/javascript">console.log( "hi" );</script>'; * 'console.error( ... )' === wp_remove_surrounding_empty_script_tags( $js ); * * @since 6.4.0 * @access private * * @see wp_print_inline_script_tag() * @see wp_get_inline_script_tag() * * @param string $contents Script body with manually created SCRIPT tag literals. * @return string Script body without surrounding script tag literals, or * original contents if both exact literals aren't present. */ function wp_remove_surrounding_empty_script_tags( $contents ) { $contents = trim( $contents ); $opener = '<SCRIPT>'; $closer = '</SCRIPT>'; if ( strlen( $contents ) > strlen( $opener ) + strlen( $closer ) && strtoupper( substr( $contents, 0, strlen( $opener ) ) ) === $opener && strtoupper( substr( $contents, -strlen( $closer ) ) ) === $closer ) { return substr( $contents, strlen( $opener ), -strlen( $closer ) ); } else { $error_message = __( 'Expected string to start with script tag (without attributes) and end with script tag, with optional whitespace.' ); _doing_it_wrong( __FUNCTION__, $error_message, '6.4' ); return sprintf( 'console.error(%s)', wp_json_encode( sprintf( /* translators: %s: wp_remove_surrounding_empty_script_tags() */ __( 'Function %s used incorrectly in PHP.' ), 'wp_remove_surrounding_empty_script_tags()' ) . ' ' . $error_message ) ); } } /** * Adds hooks to load block styles on demand in classic themes. * * @since 6.9.0 * * @see _add_default_theme_supports() */ function wp_load_classic_theme_block_styles_on_demand() { // This is not relevant to block themes, as they are opted in to loading separate styles on demand via _add_default_theme_supports(). if ( wp_is_block_theme() ) { return; } /* * Make sure that wp_should_output_buffer_template_for_enhancement() returns true even if there aren't any * `wp_template_enhancement_output_buffer` filters added, but do so at priority zero so that applications which * wish to stream responses can more easily turn this off. */ add_filter( 'wp_should_output_buffer_template_for_enhancement', '__return_true', 0 ); // If a site has opted out of the template enhancement output buffer, then bail. if ( ! wp_should_output_buffer_template_for_enhancement() ) { return; } // The following two filters are added by default for block themes in _add_default_theme_supports(). /* * Load separate block styles so that the large block-library stylesheet is not enqueued unconditionally, and so * that block-specific styles will only be enqueued when they are used on the page. A priority of zero allows for * this to be easily overridden by themes which wish to opt out. If a site has explicitly opted out of loading * separate block styles, then abort. */ add_filter( 'should_load_separate_core_block_assets', '__return_true', 0 ); if ( ! wp_should_load_separate_core_block_assets() ) { return; } /* * Also ensure that block assets are loaded on demand (although the default value is from should_load_separate_core_block_assets). * As above, a priority of zero allows for this to be easily overridden by themes which wish to opt out. If a site * has explicitly opted out of loading block styles on demand, then abort. */ add_filter( 'should_load_block_assets_on_demand', '__return_true', 0 ); if ( ! wp_should_load_block_assets_on_demand() ) { return; } // Add hooks which require the presence of the output buffer. Ideally the above two filters could be added here, but they run too early. add_action( 'wp_template_enhancement_output_buffer_started', 'wp_hoist_late_printed_styles' ); } /** * Adds the hooks needed for CSS output to be delayed until after the content of the page has been established. * * @since 6.9.0 * * @see wp_load_classic_theme_block_styles_on_demand() * @see _wp_footer_scripts() */ function wp_hoist_late_printed_styles() { // Skip the embed template on-demand styles aren't relevant, and there is no wp_head action. if ( is_embed() ) { return; } // Capture the styles enqueued at the enqueue_block_assets action, so that non-core block styles and global styles can be inserted afterwards during hoisting. $style_handles_at_enqueue_block_assets = array(); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = wp_styles()->queue; }, PHP_INT_MIN ); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = array_values( array_diff( wp_styles()->queue, $style_handles_at_enqueue_block_assets ) ); }, PHP_INT_MAX ); /* * Add a placeholder comment into the inline styles for wp-block-library, after which the late block styles * can be hoisted from the footer to be printed in the header by means of a filter below on the template enhancement * output buffer. The `wp_print_styles` action is used to ensure that if the inline style gets replaced at * `enqueue_block_assets` or `wp_enqueue_scripts` that the placeholder will be sure to be present. */ $placeholder = sprintf( '/*%s*/', uniqid( 'wp_block_styles_on_demand_placeholder:' ) ); add_action( 'wp_print_styles', static function () use ( $placeholder ) { wp_add_inline_style( 'wp-block-library', $placeholder ); } ); /* * Create a substitute for `print_late_styles()` which is aware of block styles. This substitute does not print * the styles, but it captures what would be printed for block styles and non-block styles so that they can be * later hoisted to the HEAD in the template enhancement output buffer. This will run at `wp_print_footer_scripts` * before `print_footer_scripts()` is called. */ $printed_core_block_styles = ''; $printed_other_block_styles = ''; $printed_global_styles = ''; $printed_late_styles = ''; $capture_late_styles = static function () use ( &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Gather the styles related to on-demand block enqueues. $all_core_block_style_handles = array(); $all_other_block_style_handles = array(); foreach ( WP_Block_Type_Registry::get_instance()->get_all_registered() as $block_type ) { if ( str_starts_with( $block_type->name, 'core/' ) ) { foreach ( $block_type->style_handles as $style_handle ) { $all_core_block_style_handles[] = $style_handle; } } else { foreach ( $block_type->style_handles as $style_handle ) { $all_other_block_style_handles[] = $style_handle; } } } /* * First print all styles related to blocks which should be inserted right after the wp-block-library stylesheet * to preserve the CSS cascade. The logic in this `if` statement is derived from `wp_print_styles()`. */ $enqueued_core_block_styles = array_values( array_intersect( $all_core_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_core_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_core_block_styles ); $printed_core_block_styles = ob_get_clean(); } // Non-core block styles get printed after the classic-theme-styles stylesheet. $enqueued_other_block_styles = array_values( array_intersect( $all_other_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_other_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_other_block_styles ); $printed_other_block_styles = ob_get_clean(); } // Capture the global-styles so that it can be printed separately after classic-theme-styles and other styles enqueued at enqueue_block_assets. if ( wp_style_is( 'global-styles' ) ) { ob_start(); wp_styles()->do_items( array( 'global-styles' ) ); $printed_global_styles = ob_get_clean(); } /* * Print all remaining styles not related to blocks. This contains a subset of the logic from * `print_late_styles()`, without admin-specific logic and the `print_late_styles` filter to control whether * late styles are printed (since they are being hoisted anyway). */ ob_start(); wp_styles()->do_footer_items(); $printed_late_styles = ob_get_clean(); }; /* * If `_wp_footer_scripts()` was unhooked from the `wp_print_footer_scripts` action, or if `wp_print_footer_scripts()` * was unhooked from running at the `wp_footer` action, then only add a callback to `wp_footer` which will capture the * late-printed styles. * * Otherwise, in the normal case where `_wp_footer_scripts()` will run at the `wp_print_footer_scripts` action, then * swap out `_wp_footer_scripts()` with an alternative which captures the printed styles (for hoisting to HEAD) before * proceeding with printing the footer scripts. */ $wp_print_footer_scripts_priority = has_action( 'wp_print_footer_scripts', '_wp_footer_scripts' ); if ( false === $wp_print_footer_scripts_priority || false === has_action( 'wp_footer', 'wp_print_footer_scripts' ) ) { // The normal priority for wp_print_footer_scripts() is to run at 20. add_action( 'wp_footer', $capture_late_styles, 20 ); } else { remove_action( 'wp_print_footer_scripts', '_wp_footer_scripts', $wp_print_footer_scripts_priority ); add_action( 'wp_print_footer_scripts', static function () use ( $capture_late_styles ) { $capture_late_styles(); print_footer_scripts(); }, $wp_print_footer_scripts_priority ); } // Replace placeholder with the captured late styles. add_filter( 'wp_template_enhancement_output_buffer', static function ( $buffer ) use ( $placeholder, &$style_handles_at_enqueue_block_assets, &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Anonymous subclass of WP_HTML_Tag_Processor which exposes underlying bookmark spans. $processor = new class( $buffer ) extends WP_HTML_Tag_Processor { /** * Gets the span for the current token. * * @return WP_HTML_Span Current token span. */ private function get_span(): WP_HTML_Span { // Note: This call will never fail according to the usage of this class, given it is always called after ::next_tag() is true. $this->set_bookmark( 'here' ); return $this->bookmarks['here']; } /** * Inserts text before the current token. * * @param string $text Text to insert. */ public function insert_before( string $text ) { $this->lexical_updates[] = new WP_HTML_Text_Replacement( $this->get_span()->start, 0, $text ); } /** * Inserts text after the current token. * * @param string $text Text to insert. */ public function insert_after( string $text ) { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start + $span->length, 0, $text ); } /** * Removes the current token. */ public function remove() { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start, $span->length, '' ); } }; // Locate the insertion points in the HEAD. while ( $processor->next_tag( array( 'tag_closers' => 'visit' ) ) ) { if ( 'STYLE' === $processor->get_tag() && 'wp-block-library-inline-css' === $processor->get_attribute( 'id' ) ) { $processor->set_bookmark( 'wp_block_library' ); } elseif ( 'HEAD' === $processor->get_tag() && $processor->is_tag_closer() ) { $processor->set_bookmark( 'head_end' ); break; } elseif ( ( 'STYLE' === $processor->get_tag() || 'LINK' === $processor->get_tag() ) && $processor->get_attribute( 'id' ) ) { $id = $processor->get_attribute( 'id' ); $handle = null; if ( 'STYLE' === $processor->get_tag() ) { if ( preg_match( '/^(.+)-inline-css$/', $id, $matches ) ) { $handle = $matches[1]; } } elseif ( preg_match( '/^(.+)-css$/', $id, $matches ) ) { $handle = $matches[1]; } if ( 'classic-theme-styles' === $handle ) { $processor->set_bookmark( 'classic_theme_styles' ); } if ( $handle && in_array( $handle, $style_handles_at_enqueue_block_assets, true ) ) { if ( ! $processor->has_bookmark( 'first_style_at_enqueue_block_assets' ) ) { $processor->set_bookmark( 'first_style_at_enqueue_block_assets' ); } $processor->set_bookmark( 'last_style_at_enqueue_block_assets' ); } } } /* * Insert block styles right after wp-block-library (if it is present). The placeholder CSS comment will * always be added to the wp-block-library inline style since it gets printed at `wp_head` before the blocks * are rendered. This means that there may not actually be any block styles to hoist from the footer to * insert after this inline style. The placeholder CSS comment needs to be added so that the inline style * gets printed, but if the resulting inline style is empty after the placeholder is removed, then the * inline style is removed. */ if ( $processor->has_bookmark( 'wp_block_library' ) ) { $processor->seek( 'wp_block_library' ); $css_text = $processor->get_modifiable_text(); /* * A placeholder CSS comment is added to the inline style in order to force an inline STYLE tag to * be printed. Now that we've located the inline style, the placeholder comment can be removed. If * there is no CSS left in the STYLE tag after removing the placeholder (aside from the sourceURL * comment), then remove the STYLE entirely. */ $css_text = str_replace( $placeholder, '', $css_text ); if ( preg_match( ':^/\*# sourceURL=\S+? \*/$:', trim( $css_text ) ) ) { $processor->remove(); } else { $processor->set_modifiable_text( $css_text ); } $inserted_after = $printed_core_block_styles; $printed_core_block_styles = ''; // If the classic-theme-styles is absent, then the third-party block styles cannot be inserted after it, so they get inserted here. if ( ! $processor->has_bookmark( 'classic_theme_styles' ) ) { if ( '' !== $printed_other_block_styles ) { $inserted_after .= $printed_other_block_styles; } $printed_other_block_styles = ''; // If there aren't any other styles printed at enqueue_block_assets either, then the global styles need to also be printed here. if ( ! $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { if ( '' !== $printed_global_styles ) { $inserted_after .= $printed_global_styles; } $printed_global_styles = ''; } } if ( '' !== $inserted_after ) { $processor->insert_after( "\n" . $inserted_after ); } } // Insert global-styles after the styles enqueued at enqueue_block_assets. if ( '' !== $printed_global_styles && $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { $processor->seek( 'last_style_at_enqueue_block_assets' ); $processor->insert_after( "\n" . $printed_global_styles ); $printed_global_styles = ''; if ( ! $processor->has_bookmark( 'classic_theme_styles' ) && '' !== $printed_other_block_styles ) { $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } } // Insert third-party block styles right after the classic-theme-styles. if ( '' !== $printed_other_block_styles && $processor->has_bookmark( 'classic_theme_styles' ) ) { $processor->seek( 'classic_theme_styles' ); $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } // Print all remaining styles. $remaining_styles = $printed_core_block_styles . $printed_other_block_styles . $printed_global_styles . $printed_late_styles; if ( $remaining_styles && $processor->has_bookmark( 'head_end' ) ) { $processor->seek( 'head_end' ); $processor->insert_before( $remaining_styles . "\n" ); } return $processor->get_updated_html(); } ); } /** * Return the corresponding JavaScript `dataset` name for an attribute * if it represents a custom data attribute, or `null` if not. * * Custom data attributes appear in an element's `dataset` property in a * browser, but there's a specific way the names are translated from HTML * into JavaScript. This function indicates how the name would appear in * JavaScript if a browser would recognize it as a custom data attribute. * * Example: * * // Dash-letter pairs turn into capital letters. * 'postId' === wp_js_dataset_name( 'data-post-id' ); * 'Before' === wp_js_dataset_name( 'data--before' ); * '-One--Two---' === wp_js_dataset_name( 'data---one---two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_js_dataset_name( 'post-id' ); * null === wp_js_dataset_name( 'data' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * '' === wp_js_dataset_name( 'data-' ); * 0 === strlen( wp_js_dataset_name( 'data-' ) ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_html_custom_data_attribute_name() * * @param string $html_attribute_name Raw attribute name as found in the source HTML. * @return string|null Transformed `dataset` name, if interpretable as a custom data attribute, else `null`. */ function wp_js_dataset_name( string $html_attribute_name ): ?string { if ( 0 !== substr_compare( $html_attribute_name, 'data-', 0, 5, true ) ) { return null; } $end = strlen( $html_attribute_name ); /* * If it contains characters which would end the attribute name parsing then * something else is wrong and this contains more than just an attribute name. */ if ( ( $end - 5 ) !== strcspn( $html_attribute_name, "=/> \t\f\r\n", 5 ) ) { return null; } /** * > For each name in list, for each U+002D HYPHEN-MINUS character (-) * > in the name that is followed by an ASCII lower alpha, remove the * > U+002D HYPHEN-MINUS character (-) and replace the character that * > followed it by the same character converted to ASCII uppercase. * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs */ $custom_name = ''; $at = 5; $was_at = $at; while ( $at < $end ) { $next_dash_at = strpos( $html_attribute_name, '-', $at ); if ( false === $next_dash_at || $next_dash_at === $end - 1 ) { break; } // Transform `-a` to `A`, for example. $c = $html_attribute_name[ $next_dash_at + 1 ]; if ( ( $c >= 'A' && $c <= 'Z' ) || ( $c >= 'a' && $c <= 'z' ) ) { $prefix = substr( $html_attribute_name, $was_at, $next_dash_at - $was_at ); $custom_name .= strtolower( $prefix ); $custom_name .= strtoupper( $c ); $at = $next_dash_at + 2; $was_at = $at; continue; } $at = $next_dash_at + 1; } // If nothing has been added it means there are no dash-letter pairs; return the name as-is. return '' === $custom_name ? strtolower( substr( $html_attribute_name, 5 ) ) : ( $custom_name . strtolower( substr( $html_attribute_name, $was_at ) ) ); } /** * Returns a corresponding HTML attribute name for the given name, * if that name were found in a JS element’s `dataset` property. * * Example: * * 'data-post-id' === wp_html_custom_data_attribute_name( 'postId' ); * 'data--before' === wp_html_custom_data_attribute_name( 'Before' ); * 'data---one---two---' === wp_html_custom_data_attribute_name( '-One--Two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_html_custom_data_attribute_name( '/not-an-attribute/' ); * null === wp_html_custom_data_attribute_name( 'no spaces' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * 'data-' === wp_html_custom_data_attribute_name( '' ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_js_dataset_name() * * @param string $js_dataset_name Name of JS `dataset` property to transform. * @return string|null Corresponding name of an HTML custom data attribute for the given dataset name, * if possible to represent in HTML, otherwise `null`. */ function wp_html_custom_data_attribute_name( string $js_dataset_name ): ?string { $end = strlen( $js_dataset_name ); if ( 0 === $end ) { return 'data-'; } /* * If it contains characters which would end the attribute name parsing then * something it’s not possible to represent this in HTML. */ if ( strcspn( $js_dataset_name, "=/> \t\f\r\n" ) !== $end ) { return null; } $html_name = 'data-'; $at = 0; $was_at = $at; while ( $at < $end ) { $next_upper_after = strcspn( $js_dataset_name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', $at ); $next_upper_at = $at + $next_upper_after; if ( $next_upper_at >= $end ) { break; } $prefix = substr( $js_dataset_name, $was_at, $next_upper_at - $was_at ); $html_name .= strtolower( $prefix ); $html_name .= '-' . strtolower( $js_dataset_name[ $next_upper_at ] ); $at = $next_upper_at + 1; $was_at = $at; } if ( $was_at < $end ) { $html_name .= strtolower( substr( $js_dataset_name, $was_at ) ); } return $html_name; } HTTP/script-loader-react-refresh-runtime.min-20260605095626.php 0000666 00000000124 15226703613 0017203 0 ustar 00 <?php return array('dependencies' => array(), 'version' => '8f1acdfb845f670b0ef2'); HTTP/https-migration-20260605111705-20260609163411.php 0000666 00000011205 15226703613 0014144 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Parser-20260605053430.php 0000666 00000035551 15226703613 0010673 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Response Parser * @template Psr7Compatible of bool */ class Parser { /** * HTTP Version * * @var float */ public $http_version = 0.0; /** * Status code * * @var int */ public $status_code = 0; /** * Reason phrase * * @var string */ public $reason = ''; /** * @var Psr7Compatible whether headers are compatible with PSR-7 format. */ private $psr7Compatible; /** * Key/value pairs of the headers * * @var (Psr7Compatible is true ? array<string, non-empty-array<string>> : array<string, string>) */ public $headers = []; /** * Body of the response * * @var string */ public $body = ''; private const STATE_HTTP_VERSION = 'http_version'; private const STATE_STATUS = 'status'; private const STATE_REASON = 'reason'; private const STATE_NEW_LINE = 'new_line'; private const STATE_BODY = 'body'; private const STATE_NAME = 'name'; private const STATE_VALUE = 'value'; private const STATE_VALUE_CHAR = 'value_char'; private const STATE_QUOTE = 'quote'; private const STATE_QUOTE_ESCAPED = 'quote_escaped'; private const STATE_QUOTE_CHAR = 'quote_char'; private const STATE_CHUNKED = 'chunked'; private const STATE_EMIT = 'emit'; private const STATE_ERROR = false; /** * Current state of the state machine * * @var self::STATE_* */ protected $state = self::STATE_HTTP_VERSION; /** * Input data * * @var string */ protected $data = ''; /** * Input data length (to avoid calling strlen() everytime this is needed) * * @var int */ protected $data_length = 0; /** * Current position of the pointer * * @var int */ protected $position = 0; /** * Name of the header currently being parsed * * @var string */ protected $name = ''; /** * Value of the header currently being parsed * * @var string */ protected $value = ''; /** * Create an instance of the class with the input data * * @param string $data Input data * @param Psr7Compatible $psr7Compatible Whether the data types are in format compatible with PSR-7. */ public function __construct(string $data, bool $psr7Compatible = false) { $this->data = $data; $this->data_length = strlen($this->data); $this->psr7Compatible = $psr7Compatible; } /** * Parse the input data * * @return bool true on success, false on failure */ public function parse() { while ($this->state && $this->state !== self::STATE_EMIT && $this->has_data()) { $state = $this->state; $this->$state(); } $this->data = ''; if ($this->state === self::STATE_EMIT || $this->state === self::STATE_BODY) { return true; } // Reset the parser state. $this->http_version = 0.0; $this->status_code = 0; $this->reason = ''; $this->headers = []; $this->body = ''; return false; } /** * Check whether there is data beyond the pointer * * @return bool true if there is further data, false if not */ protected function has_data() { return (bool) ($this->position < $this->data_length); } /** * See if the next character is LWS * * @return bool true if the next character is LWS, false if not */ protected function is_linear_whitespace() { return (bool) ($this->data[$this->position] === "\x09" || $this->data[$this->position] === "\x20" || ($this->data[$this->position] === "\x0A" && isset($this->data[$this->position + 1]) && ($this->data[$this->position + 1] === "\x09" || $this->data[$this->position + 1] === "\x20"))); } /** * Parse the HTTP version * @return void */ protected function http_version() { if (strpos($this->data, "\x0A") !== false && strtoupper(substr($this->data, 0, 5)) === 'HTTP/') { $len = strspn($this->data, '0123456789.', 5); $http_version = substr($this->data, 5, $len); $this->position += 5 + $len; if (substr_count($http_version, '.') <= 1) { $this->http_version = (float) $http_version; $this->position += strspn($this->data, "\x09\x20", $this->position); $this->state = self::STATE_STATUS; } else { $this->state = self::STATE_ERROR; } } else { $this->state = self::STATE_ERROR; } } /** * Parse the status code * @return void */ protected function status() { if ($len = strspn($this->data, '0123456789', $this->position)) { $this->status_code = (int) substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_REASON; } else { $this->state = self::STATE_ERROR; } } /** * Parse the reason phrase * @return void */ protected function reason() { $len = strcspn($this->data, "\x0A", $this->position); $this->reason = trim(substr($this->data, $this->position, $len), "\x09\x0D\x20"); $this->position += $len + 1; $this->state = self::STATE_NEW_LINE; } private function add_header(string $name, string $value): void { if ($this->psr7Compatible) { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, non-empty-array<string>> */ $headers = &$this->headers; $headers[$name][] = $value; } else { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, string>) */ $headers = &$this->headers; $headers[$name] .= ', ' . $value; } } private function replace_header(string $name, string $value): void { if ($this->psr7Compatible) { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, non-empty-array<string>> */ $headers = &$this->headers; $headers[$name] = [$value]; } else { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, string>) */ $headers = &$this->headers; $headers[$name] = $value; } } /** * Deal with a new line, shifting data around as needed * @return void */ protected function new_line() { $this->value = trim($this->value, "\x0D\x20"); if ($this->name !== '' && $this->value !== '') { $this->name = strtolower($this->name); // We should only use the last Content-Type header. c.f. issue #1 if (isset($this->headers[$this->name]) && $this->name !== 'content-type') { $this->add_header($this->name, $this->value); } else { $this->replace_header($this->name, $this->value); } } $this->name = ''; $this->value = ''; if (substr($this->data[$this->position], 0, 2) === "\x0D\x0A") { $this->position += 2; $this->state = self::STATE_BODY; } elseif ($this->data[$this->position] === "\x0A") { $this->position++; $this->state = self::STATE_BODY; } else { $this->state = self::STATE_NAME; } } /** * Parse a header name * @return void */ protected function name() { $len = strcspn($this->data, "\x0A:", $this->position); if (isset($this->data[$this->position + $len])) { if ($this->data[$this->position + $len] === "\x0A") { $this->position += $len; $this->state = self::STATE_NEW_LINE; } else { $this->name = substr($this->data, $this->position, $len); $this->position += $len + 1; $this->state = self::STATE_VALUE; } } else { $this->state = self::STATE_ERROR; } } /** * Parse LWS, replacing consecutive LWS characters with a single space * @return void */ protected function linear_whitespace() { do { if (substr($this->data, $this->position, 2) === "\x0D\x0A") { $this->position += 2; } elseif ($this->data[$this->position] === "\x0A") { $this->position++; } $this->position += strspn($this->data, "\x09\x20", $this->position); } while ($this->has_data() && $this->is_linear_whitespace()); $this->value .= "\x20"; } /** * See what state to move to while within non-quoted header values * @return void */ protected function value() { if ($this->is_linear_whitespace()) { $this->linear_whitespace(); } else { switch ($this->data[$this->position]) { case '"': // Workaround for ETags: we have to include the quotes as // part of the tag. if (strtolower($this->name) === 'etag') { $this->value .= '"'; $this->position++; $this->state = self::STATE_VALUE_CHAR; break; } $this->position++; $this->state = self::STATE_QUOTE; break; case "\x0A": $this->position++; $this->state = self::STATE_NEW_LINE; break; default: $this->state = self::STATE_VALUE_CHAR; break; } } } /** * Parse a header value while outside quotes * @return void */ protected function value_char() { $len = strcspn($this->data, "\x09\x20\x0A\"", $this->position); $this->value .= substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_VALUE; } /** * See what state to move to while within quoted header values * @return void */ protected function quote() { if ($this->is_linear_whitespace()) { $this->linear_whitespace(); } else { switch ($this->data[$this->position]) { case '"': $this->position++; $this->state = self::STATE_VALUE; break; case "\x0A": $this->position++; $this->state = self::STATE_NEW_LINE; break; case '\\': $this->position++; $this->state = self::STATE_QUOTE_ESCAPED; break; default: $this->state = self::STATE_QUOTE_CHAR; break; } } } /** * Parse a header value while within quotes * @return void */ protected function quote_char() { $len = strcspn($this->data, "\x09\x20\x0A\"\\", $this->position); $this->value .= substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_VALUE; } /** * Parse an escaped character within quotes * @return void */ protected function quote_escaped() { $this->value .= $this->data[$this->position]; $this->position++; $this->state = self::STATE_QUOTE; } /** * Parse the body * @return void */ protected function body() { $this->body = substr($this->data, $this->position); if (!empty($this->headers['transfer-encoding'])) { unset($this->headers['transfer-encoding']); $this->state = self::STATE_CHUNKED; } else { $this->state = self::STATE_EMIT; } } /** * Parsed a "Transfer-Encoding: chunked" body * @return void */ protected function chunked() { if (!preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', trim($this->body))) { $this->state = self::STATE_EMIT; return; } $decoded = ''; $encoded = $this->body; while (true) { $is_chunked = (bool) preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', $encoded, $matches); if (!$is_chunked) { // Looks like it's not chunked after all $this->state = self::STATE_EMIT; return; } $length = hexdec(trim($matches[1])); // For PHPStan: this will only be float when larger than PHP_INT_MAX. // But even on 32-bit systems, it would mean 2GiB chunk, which sounds unlikely. \assert(\is_int($length), "Length needs to be shorter than PHP_INT_MAX"); if ($length === 0) { // Ignore trailer headers $this->state = self::STATE_EMIT; $this->body = $decoded; return; } $chunk_length = strlen($matches[0]); $decoded .= substr($encoded, $chunk_length, $length); $encoded = substr($encoded, $chunk_length + $length + 2); // BC for PHP < 8.0: substr() can return bool instead of string $encoded = ($encoded === false) ? '' : $encoded; if (trim($encoded) === '0' || empty($encoded)) { $this->state = self::STATE_EMIT; $this->body = $decoded; return; } } } /** * Prepare headers (take care of proxies headers) * * @param string $headers Raw headers * @param non-negative-int $count Redirection count. Default to 1. * * @return string */ public static function prepareHeaders(string $headers, int $count = 1) { $data = explode("\r\n\r\n", $headers, $count); $data = array_pop($data); if (false !== stripos($data, "HTTP/1.0 200 Connection established\r\n")) { $exploded = explode("\r\n\r\n", $data, 2); $data = end($exploded); } if (false !== stripos($data, "HTTP/1.1 200 Connection established\r\n")) { $exploded = explode("\r\n\r\n", $data, 2); $data = end($exploded); } return $data; } } class_alias('SimplePie\HTTP\Parser', 'SimplePie_HTTP_Parser'); HTTP/https-migration-20260605171821.php 0000666 00000011205 15226703613 0012563 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/script-loader-react-refresh-runtime.php 0000666 00000000124 15226703613 0015023 0 ustar 00 <?php return array('dependencies' => array(), 'version' => '8f1acdfb845f670b0ef2'); HTTP/https-migration-20260607022644-20260608100742.php 0000666 00000011205 15226703613 0014146 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606142425-20260607173647.php 0000666 00000013341 15226703613 0014152 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605110709-20260607181347.php 0000666 00000011205 15226703613 0014155 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/http-20260605063415.php 0000666 00000062426 15226703613 0010423 0 ustar 00 <?php /** * Core HTTP Request API * * Standardizes the HTTP requests for WordPress. Handles cookies, gzip encoding and decoding, chunk * decoding, if HTTP 1.1 and various other difficult HTTP protocol implementations. * * @package WordPress * @subpackage HTTP */ /** * Returns the initialized WP_Http Object * * @since 2.7.0 * @access private * * @return WP_Http HTTP Transport object. */ function _wp_http_get_object() { static $http = null; if ( is_null( $http ) ) { $http = new WP_Http(); } return $http; } /** * Retrieves the raw response from a safe HTTP request. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_request( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->request( $url, $args ); } /** * Retrieves the raw response from a safe HTTP request using the GET method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_get( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->get( $url, $args ); } /** * Retrieves the raw response from a safe HTTP request using the POST method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_post( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->post( $url, $args ); } /** * Retrieves the raw response from a safe HTTP request using the HEAD method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_head( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->head( $url, $args ); } /** * Performs an HTTP request and returns its response. * * There are other API functions available which abstract away the HTTP method: * * - Default 'GET' for wp_remote_get() * - Default 'POST' for wp_remote_post() * - Default 'HEAD' for wp_remote_head() * * Important: If the URL is user-controlled, use `wp_safe_remote_request()` instead. * * @since 2.7.0 * * @see WP_Http::request() For information on default arguments. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response array or a WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_request( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->request( $url, $args ); } /** * Performs an HTTP request using the GET method and returns its response. * * Important: If the URL is user-controlled, use `wp_safe_remote_get()` instead. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_get( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->get( $url, $args ); } /** * Performs an HTTP request using the POST method and returns its response. * * Important: If the URL is user-controlled, use `wp_safe_remote_post()` instead. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_post( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->post( $url, $args ); } /** * Performs an HTTP request using the HEAD method and returns its response. * * Important: If the URL is user-controlled, use `wp_safe_remote_head()` instead. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_head( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->head( $url, $args ); } /** * Retrieves only the headers from the raw response. * * @since 2.7.0 * @since 4.6.0 Return value changed from an array to an WpOrg\Requests\Utility\CaseInsensitiveDictionary instance. * * @see \WpOrg\Requests\Utility\CaseInsensitiveDictionary * * @param array|WP_Error $response HTTP response. * @return \WpOrg\Requests\Utility\CaseInsensitiveDictionary|array The headers of the response, or empty array * if incorrect parameter given. */ function wp_remote_retrieve_headers( $response ) { if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return array(); } return $response['headers']; } /** * Retrieves a single header by name from the raw response. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @param string $header Header name to retrieve value from. * @return array|string The header(s) value(s). Array if multiple headers with the same name are retrieved. * Empty string if incorrect parameter given, or if the header doesn't exist. */ function wp_remote_retrieve_header( $response, $header ) { if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return ''; } if ( isset( $response['headers'][ $header ] ) ) { return $response['headers'][ $header ]; } return ''; } /** * Retrieves only the response code from the raw response. * * Will return an empty string if incorrect parameter value is given. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @return int|string The response code as an integer. Empty string if incorrect parameter given. */ function wp_remote_retrieve_response_code( $response ) { if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { return ''; } return $response['response']['code']; } /** * Retrieves only the response message from the raw response. * * Will return an empty string if incorrect parameter value is given. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @return string The response message. Empty string if incorrect parameter given. */ function wp_remote_retrieve_response_message( $response ) { if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { return ''; } return $response['response']['message']; } /** * Retrieves only the body from the raw response. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @return string The body of the response. Empty string if no body or incorrect parameter given. */ function wp_remote_retrieve_body( $response ) { if ( is_wp_error( $response ) || ! isset( $response['body'] ) ) { return ''; } return $response['body']; } /** * Retrieves only the cookies from the raw response. * * @since 4.4.0 * * @param array|WP_Error $response HTTP response. * @return WP_Http_Cookie[] An array of `WP_Http_Cookie` objects from the response. * Empty array if there are none, or the response is a WP_Error. */ function wp_remote_retrieve_cookies( $response ) { if ( is_wp_error( $response ) || empty( $response['cookies'] ) ) { return array(); } return $response['cookies']; } /** * Retrieves a single cookie by name from the raw response. * * @since 4.4.0 * * @param array|WP_Error $response HTTP response. * @param string $name The name of the cookie to retrieve. * @return WP_Http_Cookie|string The `WP_Http_Cookie` object, or empty string * if the cookie is not present in the response. */ function wp_remote_retrieve_cookie( $response, $name ) { $cookies = wp_remote_retrieve_cookies( $response ); if ( empty( $cookies ) ) { return ''; } foreach ( $cookies as $cookie ) { if ( $cookie->name === $name ) { return $cookie; } } return ''; } /** * Retrieves a single cookie's value by name from the raw response. * * @since 4.4.0 * * @param array|WP_Error $response HTTP response. * @param string $name The name of the cookie to retrieve. * @return string The value of the cookie, or empty string * if the cookie is not present in the response. */ function wp_remote_retrieve_cookie_value( $response, $name ) { $cookie = wp_remote_retrieve_cookie( $response, $name ); if ( ! ( $cookie instanceof WP_Http_Cookie ) ) { return ''; } return $cookie->value; } /** * Determines if there is an HTTP Transport that can process this request. * * @since 3.2.0 * * @param array $capabilities Array of capabilities to test or a wp_remote_request() $args array. * @param string $url Optional. If given, will check if the URL requires SSL and adds * that requirement to the capabilities array. * * @return bool */ function wp_http_supports( $capabilities = array(), $url = null ) { $capabilities = wp_parse_args( $capabilities ); $count = count( $capabilities ); // If we have a numeric $capabilities array, spoof a wp_remote_request() associative $args array. if ( $count && count( array_filter( array_keys( $capabilities ), 'is_numeric' ) ) === $count ) { $capabilities = array_combine( array_values( $capabilities ), array_fill( 0, $count, true ) ); } if ( $url && ! isset( $capabilities['ssl'] ) ) { $scheme = parse_url( $url, PHP_URL_SCHEME ); if ( 'https' === $scheme || 'ssl' === $scheme ) { $capabilities['ssl'] = true; } } return WpOrg\Requests\Requests::has_capabilities( $capabilities ); } /** * Gets the HTTP Origin of the current request. * * @since 3.4.0 * * @return string URL of the origin. Empty string if no origin. */ function get_http_origin() { $origin = ''; if ( ! empty( $_SERVER['HTTP_ORIGIN'] ) ) { $origin = $_SERVER['HTTP_ORIGIN']; } /** * Changes the origin of an HTTP request. * * @since 3.4.0 * * @param string $origin The HTTP origin for the request. */ return apply_filters( 'http_origin', $origin ); } /** * Retrieves list of allowed HTTP origins. * * @since 3.4.0 * * @return string[] Array of origin URLs. */ function get_allowed_http_origins() { $admin_origin = parse_url( admin_url() ); $home_origin = parse_url( home_url() ); // @todo Preserve port? $allowed_origins = array_unique( array( 'http://' . $admin_origin['host'], 'https://' . $admin_origin['host'], 'http://' . $home_origin['host'], 'https://' . $home_origin['host'], ) ); /** * Changes the origin types allowed for HTTP requests. * * @since 3.4.0 * * @param string[] $allowed_origins Array of allowed HTTP origins. */ return apply_filters( 'allowed_http_origins', $allowed_origins ); } /** * Determines if the HTTP origin is an authorized one. * * @since 3.4.0 * * @param string|null $origin Origin URL. If not provided, the value of get_http_origin() is used. * @return string Origin URL if allowed, empty string if not. */ function is_allowed_http_origin( $origin = null ) { $origin_arg = $origin; if ( null === $origin ) { $origin = get_http_origin(); } if ( $origin && ! in_array( $origin, get_allowed_http_origins(), true ) ) { $origin = ''; } /** * Changes the allowed HTTP origin result. * * @since 3.4.0 * * @param string $origin Origin URL if allowed, empty string if not. * @param string $origin_arg Original origin string passed into is_allowed_http_origin function. */ return apply_filters( 'allowed_http_origin', $origin, $origin_arg ); } /** * Sends Access-Control-Allow-Origin and related headers if the current request * is from an allowed origin. * * If the request is an OPTIONS request, the script exits with either access * control headers sent, or a 403 response if the origin is not allowed. For * other request methods, you will receive a return value. * * @since 3.4.0 * * @return string|false Returns the origin URL if headers are sent. Returns false * if headers are not sent. */ function send_origin_headers() { $origin = get_http_origin(); if ( is_allowed_http_origin( $origin ) ) { header( 'Access-Control-Allow-Origin: ' . $origin ); header( 'Access-Control-Allow-Credentials: true' ); if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { exit; } return $origin; } if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { status_header( 403 ); exit; } return false; } /** * Validates a URL as safe for use in the HTTP API. * * The only supported protocols are `http` and `https`. * * Examples of URLs that are considered unsafe: * * - `ftp://example.com/caniload.php` - Invalid protocol - only http and https are allowed. * - `http:///example.com/caniload.php` - Malformed URL. * - `http://user:pass@example.com/caniload.php` - Login information. * - `http://example.invalid/caniload.php` - Invalid hostname, as the IP cannot be looked up in DNS. * * Examples of URLs that are considered unsafe by default but can be allowed with filters: * * - `http://192.168.0.1/caniload.php` - IP address from LAN network. * This can be changed with the {@see 'http_request_host_is_external'} filter. * - `http://198.143.164.252:81/caniload.php` - By default, only ports 80, 443, and 8080 are allowed. * This can be changed with the {@see 'http_allowed_safe_ports'} filter. * * @since 3.5.2 * * @param string $url Request URL. * @return string|false Returns false if the URL is not safe, or the original URL if it is safe. */ function wp_http_validate_url( $url ) { if ( ! is_string( $url ) || '' === $url || is_numeric( $url ) ) { return false; } $original_url = $url; $url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) ); if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) ) { return false; } $parsed_url = parse_url( $url ); if ( ! $parsed_url || empty( $parsed_url['host'] ) ) { return false; } if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) ) { return false; } if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) ) { return false; } $parsed_home = parse_url( get_option( 'home' ) ); $same_host = isset( $parsed_home['host'] ) && strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ); $host = trim( $parsed_url['host'], '.' ); if ( ! $same_host ) { if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) { $ip = $host; } else { $ip = gethostbyname( $host ); if ( $ip === $host ) { // Error condition for gethostbyname(). return false; } } if ( $ip ) { $parts = array_map( 'intval', explode( '.', $ip ) ); if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0] || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) || ( 192 === $parts[0] && 168 === $parts[1] ) ) { // If host appears local, reject unless specifically allowed. /** * Checks if HTTP request is external or not. * * Allows to change and allow external requests for the HTTP request. * * @since 3.6.0 * * @param bool $external Whether HTTP request is external or not. * @param string $host Host name of the requested URL. * @param string $url Requested URL. */ if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) { return false; } } } } if ( empty( $parsed_url['port'] ) ) { return $url; } $port = $parsed_url['port']; /** * Controls the list of ports considered safe in HTTP API. * * Allows to change and allow external requests for the HTTP request. * * @since 5.9.0 * * @param int[] $allowed_ports Array of integers for valid ports. Default allowed ports * are 80, 443, and 8080. * @param string $host Host name of the requested URL. * @param string $url Requested URL. */ $allowed_ports = apply_filters( 'http_allowed_safe_ports', array( 80, 443, 8080 ), $host, $url ); if ( is_array( $allowed_ports ) && in_array( $port, $allowed_ports, true ) ) { return $url; } if ( $parsed_home && $same_host && isset( $parsed_home['port'] ) && $parsed_home['port'] === $port ) { return $url; } return false; } /** * Marks allowed redirect hosts safe for HTTP requests as well. * * Attached to the {@see 'http_request_host_is_external'} filter. * * @since 3.6.0 * * @param bool $is_external * @param string $host * @return bool */ function allowed_http_request_hosts( $is_external, $host ) { if ( ! $is_external && wp_validate_redirect( 'http://' . $host ) ) { $is_external = true; } return $is_external; } /** * Adds any domain in a multisite installation for safe HTTP requests to the * allowed list. * * Attached to the {@see 'http_request_host_is_external'} filter. * * @since 3.6.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param bool $is_external * @param string $host * @return bool */ function ms_allowed_http_request_hosts( $is_external, $host ) { global $wpdb; static $queried = array(); if ( $is_external ) { return $is_external; } if ( get_network()->domain === $host ) { return true; } if ( isset( $queried[ $host ] ) ) { return $queried[ $host ]; } $queried[ $host ] = (bool) $wpdb->get_var( $wpdb->prepare( "SELECT domain FROM $wpdb->blogs WHERE domain = %s LIMIT 1", $host ) ); return $queried[ $host ]; } /** * A wrapper for PHP's parse_url() function that handles consistency in the return values * across PHP versions. * * Across various PHP versions, schemeless URLs containing a ":" in the query * are being handled inconsistently. This function works around those differences. * * @since 4.4.0 * @since 4.7.0 The `$component` parameter was added for parity with PHP's `parse_url()`. * * @link https://www.php.net/manual/en/function.parse-url.php * * @param string $url The URL to parse. * @param int $component The specific component to retrieve. Use one of the PHP * predefined constants to specify which one. * Defaults to -1 (= return all parts as an array). * @return mixed False on parse failure; Array of URL components on success; * When a specific component has been requested: null if the component * doesn't exist in the given URL; a string or - in the case of * PHP_URL_PORT - integer when it does. See parse_url()'s return values. */ function wp_parse_url( $url, $component = -1 ) { $to_unset = array(); $url = (string) $url; if ( str_starts_with( $url, '//' ) ) { $to_unset[] = 'scheme'; $url = 'placeholder:' . $url; } elseif ( str_starts_with( $url, '/' ) ) { $to_unset[] = 'scheme'; $to_unset[] = 'host'; $url = 'placeholder://placeholder' . $url; } $parts = parse_url( $url ); if ( false === $parts ) { // Parsing failure. return $parts; } // Remove the placeholder values. foreach ( $to_unset as $key ) { unset( $parts[ $key ] ); } return _get_component_from_parsed_url_array( $parts, $component ); } /** * Retrieves a specific component from a parsed URL array. * * @internal * * @since 4.7.0 * @access private * * @link https://www.php.net/manual/en/function.parse-url.php * * @param array|false $url_parts The parsed URL. Can be false if the URL failed to parse. * @param int $component The specific component to retrieve. Use one of the PHP * predefined constants to specify which one. * Defaults to -1 (= return all parts as an array). * @return mixed False on parse failure; Array of URL components on success; * When a specific component has been requested: null if the component * doesn't exist in the given URL; a string or - in the case of * PHP_URL_PORT - integer when it does. See parse_url()'s return values. */ function _get_component_from_parsed_url_array( $url_parts, $component = -1 ) { if ( -1 === $component ) { return $url_parts; } $key = _wp_translate_php_url_constant_to_key( $component ); if ( false !== $key && is_array( $url_parts ) && isset( $url_parts[ $key ] ) ) { return $url_parts[ $key ]; } else { return null; } } /** * Translates a PHP_URL_* constant to the named array keys PHP uses. * * @internal * * @since 4.7.0 * @access private * * @link https://www.php.net/manual/en/url.constants.php * * @param int $constant PHP_URL_* constant. * @return string|false The named key or false. */ function _wp_translate_php_url_constant_to_key( $constant ) { $translation = array( PHP_URL_SCHEME => 'scheme', PHP_URL_HOST => 'host', PHP_URL_PORT => 'port', PHP_URL_USER => 'user', PHP_URL_PASS => 'pass', PHP_URL_PATH => 'path', PHP_URL_QUERY => 'query', PHP_URL_FRAGMENT => 'fragment', ); if ( isset( $translation[ $constant ] ) ) { return $translation[ $constant ]; } else { return false; } } HTTP/https-detection-20260605144804-20260606125411.php 0000666 00000013341 15226703613 0014135 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605183207-20260607071137.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605212351-20260609073320.php 0000666 00000013341 15226703613 0014132 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605121855-20260609051513.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606000940-20260608114038.php 0000666 00000013341 15226703613 0014133 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-scripts-20260605094228.php 0000666 00000104060 15226703613 0012657 0 ustar 00 <?php /** * Dependencies API: WP_Scripts class * * @since 2.6.0 * * @package WordPress * @subpackage Dependencies */ /** * Core class used to register scripts. * * @since 2.1.0 * * @see WP_Dependencies */ class WP_Scripts extends WP_Dependencies { /** * Base URL for scripts. * * Full URL with trailing slash. * * @since 2.6.0 * @var string */ public $base_url; /** * URL of the content directory. * * @since 2.8.0 * @var string */ public $content_url; /** * Default version string for scripts. * * @since 2.6.0 * @var string */ public $default_version; /** * Holds handles of scripts which are enqueued in footer. * * @since 2.8.0 * @var array */ public $in_footer = array(); /** * Holds a list of script handles which will be concatenated. * * @since 2.8.0 * @var string */ public $concat = ''; /** * Holds a string which contains script handles and their version. * * @since 2.8.0 * @deprecated 3.4.0 * @var string */ public $concat_version = ''; /** * Whether to perform concatenation. * * @since 2.8.0 * @var bool */ public $do_concat = false; /** * Holds HTML markup of scripts and additional data if concatenation * is enabled. * * @since 2.8.0 * @var string */ public $print_html = ''; /** * Holds inline code if concatenation is enabled. * * @since 2.8.0 * @var string */ public $print_code = ''; /** * Holds a list of script handles which are not in the default directory * if concatenation is enabled. * * Unused in core. * * @since 2.8.0 * @var string */ public $ext_handles = ''; /** * Holds a string which contains handles and versions of scripts which * are not in the default directory if concatenation is enabled. * * Unused in core. * * @since 2.8.0 * @var string */ public $ext_version = ''; /** * List of default directories. * * @since 2.8.0 * @var array */ public $default_dirs; /** * Holds a mapping of dependents (as handles) for a given script handle. * Used to optimize recursive dependency tree checks. * * @since 6.3.0 * @var array<string, string[]> */ private $dependents_map = array(); /** * Holds a reference to the delayed (non-blocking) script loading strategies. * Used by methods that validate loading strategies. * * @since 6.3.0 * @var string[] */ private $delayed_strategies = array( 'defer', 'async' ); /** * Constructor. * * @since 2.6.0 */ public function __construct() { $this->init(); add_action( 'init', array( $this, 'init' ), 0 ); } /** * Initialize the class. * * @since 3.4.0 */ public function init() { /** * Fires when the WP_Scripts instance is initialized. * * @since 2.6.0 * * @param WP_Scripts $wp_scripts WP_Scripts instance (passed by reference). */ do_action_ref_array( 'wp_default_scripts', array( &$this ) ); } /** * Prints scripts. * * Prints the scripts passed to it or the print queue. Also prints all necessary dependencies. * * @since 2.1.0 * @since 2.8.0 Added the `$group` parameter. * * @param string|string[]|false $handles Optional. Scripts to be printed: queue (false), * single script (string), or multiple scripts (array of strings). * Default false. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return string[] Handles of scripts that have been printed. */ public function print_scripts( $handles = false, $group = false ) { return $this->do_items( $handles, $group ); } /** * Prints extra scripts of a registered script. * * @since 2.1.0 * @since 2.8.0 Added the `$display` parameter. * @deprecated 3.3.0 * * @see print_extra_script() * * @param string $handle The script's registered handle. * @param bool $display Optional. Whether to print the extra script * instead of just returning it. Default true. * @return bool|string|void Void if no data exists, extra scripts if `$display` is true, * true otherwise. */ public function print_scripts_l10n( $handle, $display = true ) { _deprecated_function( __FUNCTION__, '3.3.0', 'WP_Scripts::print_extra_script()' ); return $this->print_extra_script( $handle, $display ); } /** * Prints extra scripts of a registered script. * * @since 3.3.0 * * @param string $handle The script's registered handle. * @param bool $display Optional. Whether to print the extra script * instead of just returning it. Default true. * @return bool|string|void Void if no data exists, extra scripts if `$display` is true, * true otherwise. */ public function print_extra_script( $handle, $display = true ) { $output = $this->get_data( $handle, 'data' ); if ( ! $output ) { return; } /* * Do not print a sourceURL comment if concatenation is enabled. * * Extra scripts may be concatenated into a single script. * The line-based sourceURL comments may break concatenated scripts * and do not make sense when multiple scripts are joined together. */ if ( ! $this->do_concat ) { $output .= sprintf( "\n//# sourceURL=%s", rawurlencode( "{$handle}-js-extra" ) ); } if ( ! $display ) { return $output; } wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-extra" ) ); return true; } /** * Checks whether all dependents of a given handle are in the footer. * * If there are no dependents, this is considered the same as if all dependents were in the footer. * * @since 6.4.0 * * @param string $handle Script handle. * @return bool Whether all dependents are in the footer. */ private function are_all_dependents_in_footer( $handle ) { foreach ( $this->get_dependents( $handle ) as $dep ) { if ( isset( $this->groups[ $dep ] ) && 0 === $this->groups[ $dep ] ) { return false; } } return true; } /** * Processes a script dependency. * * @since 2.6.0 * @since 2.8.0 Added the `$group` parameter. * * @see WP_Dependencies::do_item() * * @param string $handle The script's registered handle. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool True on success, false on failure. */ public function do_item( $handle, $group = false ) { if ( ! parent::do_item( $handle ) ) { return false; } if ( 0 === $group && $this->groups[ $handle ] > 0 ) { $this->in_footer[] = $handle; return false; } if ( false === $group && in_array( $handle, $this->in_footer, true ) ) { $this->in_footer = array_diff( $this->in_footer, (array) $handle ); } $obj = $this->registered[ $handle ]; if ( $obj->extra['conditional'] ?? false ) { return false; } if ( null === $obj->ver ) { $ver = ''; } else { $ver = $obj->ver ? $obj->ver : $this->default_version; } if ( isset( $this->args[ $handle ] ) ) { $ver = $ver ? $ver . '&' . $this->args[ $handle ] : $this->args[ $handle ]; } $src = $obj->src; $strategy = $this->get_eligible_loading_strategy( $handle ); $intended_strategy = (string) $this->get_data( $handle, 'strategy' ); if ( ! $this->is_delayed_strategy( $intended_strategy ) ) { $intended_strategy = ''; } /* * Move this script to the footer if: * 1. The script is in the header group. * 2. The current output is the header. * 3. The intended strategy is delayed. * 4. The actual strategy is not delayed. * 5. All dependent scripts are in the footer. */ if ( 0 === $group && 0 === $this->groups[ $handle ] && $intended_strategy && ! $this->is_delayed_strategy( $strategy ) && $this->are_all_dependents_in_footer( $handle ) ) { $this->in_footer[] = $handle; return false; } $before_script = $this->get_inline_script_tag( $handle, 'before' ); $after_script = $this->get_inline_script_tag( $handle, 'after' ); if ( $before_script || $after_script ) { $inline_script_tag = $before_script . $after_script; } else { $inline_script_tag = ''; } /* * Prevent concatenation of scripts if the text domain is defined * to ensure the dependency order is respected. */ $translations_stop_concat = ! empty( $obj->textdomain ); $translations = $this->print_translations( $handle, false ); if ( $translations ) { /* * The sourceURL comment is not included by WP_Scripts::print_translations() * when `$display` is `false` to prevent issues where the script tag contents are used * by extenders for other purposes, for example concatenated with other script content. * * Include the sourceURL comment here as it would be when printed directly. */ $source_url = rawurlencode( "{$handle}-js-translations" ); $translations .= "\n//# sourceURL={$source_url}"; $translations = wp_get_inline_script_tag( $translations, array( 'id' => "{$handle}-js-translations" ) ); } if ( $this->do_concat ) { /** * Filters the script loader source. * * @since 2.2.0 * * @param string $src Script loader source path. * @param string $handle Script handle. */ $filtered_src = apply_filters( 'script_loader_src', $src, $handle ); if ( $this->in_default_dir( $filtered_src ) && ( $before_script || $after_script || $translations_stop_concat || $this->is_delayed_strategy( $strategy ) ) ) { $this->do_concat = false; // Have to print the so-far concatenated scripts right away to maintain the right order. _print_scripts(); $this->reset(); } elseif ( $this->in_default_dir( $filtered_src ) ) { $this->print_code .= $this->print_extra_script( $handle, false ); $this->concat .= "$handle,"; $this->concat_version .= "$handle$ver"; return true; } else { $this->ext_handles .= "$handle,"; $this->ext_version .= "$handle$ver"; } } $this->print_extra_script( $handle ); // A single item may alias a set of items, by having dependencies, but no source. if ( ! $src ) { if ( $inline_script_tag ) { if ( $this->do_concat ) { $this->print_html .= $inline_script_tag; } else { echo $inline_script_tag; } } return true; } if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $this->content_url && str_starts_with( $src, $this->content_url ) ) ) { $src = $this->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** This filter is documented in wp-includes/class-wp-scripts.php */ $src = esc_url_raw( apply_filters( 'script_loader_src', $src, $handle ) ); if ( ! $src ) { return true; } $attr = array( 'src' => $src, 'id' => "{$handle}-js", ); if ( $strategy ) { $attr[ $strategy ] = true; } if ( $intended_strategy ) { $attr['data-wp-strategy'] = $intended_strategy; } // Determine fetchpriority. $original_fetchpriority = isset( $obj->extra['fetchpriority'] ) ? $obj->extra['fetchpriority'] : null; if ( null === $original_fetchpriority || ! $this->is_valid_fetchpriority( $original_fetchpriority ) ) { $original_fetchpriority = 'auto'; } $actual_fetchpriority = $this->get_highest_fetchpriority_with_dependents( $handle ); if ( null === $actual_fetchpriority ) { // If null, it's likely this script was not explicitly enqueued, so in this case use the original priority. $actual_fetchpriority = $original_fetchpriority; } if ( is_string( $actual_fetchpriority ) && 'auto' !== $actual_fetchpriority ) { $attr['fetchpriority'] = $actual_fetchpriority; } if ( $original_fetchpriority !== $actual_fetchpriority ) { $attr['data-wp-fetchpriority'] = $original_fetchpriority; } $tag = $translations . $before_script; $tag .= wp_get_script_tag( $attr ); $tag .= $after_script; /** * Filters the HTML script tag of an enqueued script. * * @since 4.1.0 * * @param string $tag The `<script>` tag for the enqueued script. * @param string $handle The script's registered handle. * @param string $src The script's source URL. */ $tag = apply_filters( 'script_loader_tag', $tag, $handle, $src ); if ( $this->do_concat ) { $this->print_html .= $tag; } else { echo $tag; } return true; } /** * Adds extra code to a registered script. * * @since 4.5.0 * * @param string $handle Name of the script to add the inline script to. * Must be lowercase. * @param string $data String containing the JavaScript to be added. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @return bool True on success, false on failure. */ public function add_inline_script( $handle, $data, $position = 'after' ) { if ( ! $data ) { return false; } if ( 'after' !== $position ) { $position = 'before'; } $script = (array) $this->get_data( $handle, $position ); $script[] = $data; return $this->add_data( $handle, $position, $script ); } /** * Prints inline scripts registered for a specific handle. * * @since 4.5.0 * @deprecated 6.3.0 Use methods get_inline_script_tag() or get_inline_script_data() instead. * * @param string $handle Name of the script to print inline scripts for. * Must be lowercase. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @param bool $display Optional. Whether to print the script tag * instead of just returning the script data. Default true. * @return string|false Script data on success, false otherwise. */ public function print_inline_script( $handle, $position = 'after', $display = true ) { _deprecated_function( __METHOD__, '6.3.0', 'WP_Scripts::get_inline_script_data() or WP_Scripts::get_inline_script_tag()' ); $output = $this->get_inline_script_data( $handle, $position ); if ( empty( $output ) ) { return false; } if ( $display ) { echo $this->get_inline_script_tag( $handle, $position ); } return $output; } /** * Gets data for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get data for. * Must be lowercase. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @return string Inline script, which may be empty string. */ public function get_inline_script_data( $handle, $position = 'after' ) { $data = $this->get_data( $handle, $position ); if ( empty( $data ) || ! is_array( $data ) ) { return ''; } /* * Print sourceURL comment regardless of concatenation. * * Inline scripts prevent scripts from being concatenated, so * sourceURL comments are safe to print for inline scripts. */ $data[] = sprintf( '//# sourceURL=%s', rawurlencode( "{$handle}-js-{$position}" ) ); return trim( implode( "\n", $data ), "\n" ); } /** * Gets tags for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get associated inline script tag for. * Must be lowercase. * @param string $position Optional. Whether to get tag for inline * scripts in the before or after position. Default 'after'. * @return string Inline script, which may be empty string. */ public function get_inline_script_tag( $handle, $position = 'after' ) { $js = $this->get_inline_script_data( $handle, $position ); if ( empty( $js ) ) { return ''; } $id = "{$handle}-js-{$position}"; return wp_get_inline_script_tag( $js, compact( 'id' ) ); } /** * Localizes a script, only if the script has already been added. * * @since 2.1.0 * * @param string $handle Name of the script to attach data to. * @param string $object_name Name of the variable that will contain the data. * @param array $l10n Array of data to localize. * @return bool True on success, false on failure. */ public function localize( $handle, $object_name, $l10n ) { if ( 'jquery' === $handle ) { $handle = 'jquery-core'; } if ( is_array( $l10n ) && isset( $l10n['l10n_print_after'] ) ) { // back compat, preserve the code in 'l10n_print_after' if present. $after = $l10n['l10n_print_after']; unset( $l10n['l10n_print_after'] ); } if ( ! is_array( $l10n ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $l10n, 2: wp_add_inline_script() */ __( 'The %1$s parameter must be an array. To pass arbitrary data to scripts, use the %2$s function instead.' ), '<code>$l10n</code>', '<code>wp_add_inline_script()</code>' ), '5.7.0' ); if ( false === $l10n ) { // This should really not be needed, but is necessary for backward compatibility. $l10n = array( $l10n ); } } if ( is_string( $l10n ) ) { $l10n = html_entity_decode( $l10n, ENT_QUOTES, 'UTF-8' ); } elseif ( is_array( $l10n ) ) { foreach ( $l10n as $key => $value ) { if ( ! is_scalar( $value ) ) { continue; } $l10n[ $key ] = html_entity_decode( (string) $value, ENT_QUOTES, 'UTF-8' ); } } $script = "var $object_name = " . wp_json_encode( $l10n, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ';'; if ( ! empty( $after ) ) { $script .= "\n$after;"; } $data = $this->get_data( $handle, 'data' ); if ( ! empty( $data ) ) { $script = "$data\n$script"; } return $this->add_data( $handle, 'data', $script ); } /** * Sets handle group. * * @since 2.8.0 * * @see WP_Dependencies::set_group() * * @param string $handle Name of the item. Should be unique. * @param bool $recursion Internal flag that calling function was called recursively. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool Not already in the group or a lower group. */ public function set_group( $handle, $recursion, $group = false ) { if ( isset( $this->registered[ $handle ]->args ) && 1 === $this->registered[ $handle ]->args ) { $calculated_group = 1; } else { $calculated_group = (int) $this->get_data( $handle, 'group' ); } if ( false !== $group && $calculated_group > $group ) { $calculated_group = $group; } return parent::set_group( $handle, $recursion, $calculated_group ); } /** * Sets a translation textdomain. * * @since 5.0.0 * @since 5.1.0 The `$domain` parameter was made optional. * * @param string $handle Name of the script to register a translation domain to. * @param string $domain Optional. Text domain. Default 'default'. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool True if the text domain was registered, false if not. */ public function set_translations( $handle, $domain = 'default', $path = '' ) { if ( ! isset( $this->registered[ $handle ] ) ) { return false; } /** @var \_WP_Dependency $obj */ $obj = $this->registered[ $handle ]; if ( ! in_array( 'wp-i18n', $obj->deps, true ) ) { $obj->deps[] = 'wp-i18n'; } return $obj->set_translations( $domain, $path ); } /** * Prints translations set for a specific handle. * * @since 5.0.0 * * @param string $handle Name of the script to add the inline script to. * Must be lowercase. * @param bool $display Optional. Whether to print the script * instead of just returning it. Default true. * @return string|false Script on success, false otherwise. */ public function print_translations( $handle, $display = true ) { if ( ! isset( $this->registered[ $handle ] ) || empty( $this->registered[ $handle ]->textdomain ) ) { return false; } $domain = $this->registered[ $handle ]->textdomain; $path = ''; if ( isset( $this->registered[ $handle ]->translations_path ) ) { $path = $this->registered[ $handle ]->translations_path; } $json_translations = load_script_textdomain( $handle, $domain, $path ); if ( ! $json_translations ) { return false; } $output = <<<JS ( function( domain, translations ) { var localeData = translations.locale_data[ domain ] || translations.locale_data.messages; localeData[""].domain = domain; wp.i18n.setLocaleData( localeData, domain ); } )( "{$domain}", {$json_translations} ); JS; if ( $display ) { $source_url = rawurlencode( "{$handle}-js-translations" ); $output .= "\n//# sourceURL={$source_url}"; wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-translations" ) ); } return $output; } /** * Determines script dependencies. * * @since 2.1.0 * * @see WP_Dependencies::all_deps() * * @param string|string[] $handles Item handle (string) or item handles (array of strings). * @param bool $recursion Optional. Internal flag that function is calling itself. * Default false. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool True on success, false on failure. */ public function all_deps( $handles, $recursion = false, $group = false ) { $result = parent::all_deps( $handles, $recursion, $group ); if ( ! $recursion ) { /** * Filters the list of script dependencies left to print. * * @since 2.3.0 * * @param string[] $to_do An array of script dependency handles. */ $this->to_do = apply_filters( 'print_scripts_array', $this->to_do ); } return $result; } /** * Processes items and dependencies for the head group. * * @since 2.8.0 * * @see WP_Dependencies::do_items() * * @return string[] Handles of items that have been processed. */ public function do_head_items() { $this->do_items( false, 0 ); return $this->done; } /** * Processes items and dependencies for the footer group. * * @since 2.8.0 * * @see WP_Dependencies::do_items() * * @return string[] Handles of items that have been processed. */ public function do_footer_items() { $this->do_items( false, 1 ); return $this->done; } /** * Whether a handle's source is in a default directory. * * @since 2.8.0 * * @param string $src The source of the enqueued script. * @return bool True if found, false if not. */ public function in_default_dir( $src ) { if ( ! $this->default_dirs ) { return true; } if ( str_starts_with( $src, '/' . WPINC . '/js/l10n' ) ) { return false; } foreach ( (array) $this->default_dirs as $test ) { if ( str_starts_with( $src, $test ) ) { return true; } } return false; } /** * This overrides the add_data method from WP_Dependencies, to support normalizing of $args. * * @since 6.3.0 * * @param string $handle Name of the item. Should be unique. * @param string $key The data key. * @param mixed $value The data value. * @return bool True on success, false on failure. */ public function add_data( $handle, $key, $value ) { if ( ! isset( $this->registered[ $handle ] ) ) { return false; } if ( 'conditional' === $key ) { // If a dependency is declared by a conditional script, remove it. $this->registered[ $handle ]->deps = array(); } if ( 'strategy' === $key ) { if ( ! empty( $value ) && ! $this->is_delayed_strategy( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $strategy, 2: $handle */ __( 'Invalid strategy `%1$s` defined for `%2$s` during script registration.' ), $value, $handle ), '6.3.0' ); return false; } elseif ( ! $this->registered[ $handle ]->src && $this->is_delayed_strategy( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $strategy, 2: $handle */ __( 'Cannot supply a strategy `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ), $value, $handle ), '6.3.0' ); return false; } } elseif ( 'fetchpriority' === $key ) { if ( empty( $value ) ) { $value = 'auto'; } if ( ! $this->is_valid_fetchpriority( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $handle */ __( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ), is_string( $value ) ? $value : gettype( $value ), $handle ), '6.9.0' ); return false; } elseif ( ! $this->registered[ $handle ]->src ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $handle */ __( 'Cannot supply a fetchpriority `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ), is_string( $value ) ? $value : gettype( $value ), $handle ), '6.9.0' ); return false; } } return parent::add_data( $handle, $key, $value ); } /** * Gets all dependents of a script. * * This is not recursive. * * @since 6.3.0 * * @param string $handle The script handle. * @return string[] Script handles. */ private function get_dependents( $handle ) { // Check if dependents map for the handle in question is present. If so, use it. if ( isset( $this->dependents_map[ $handle ] ) ) { return $this->dependents_map[ $handle ]; } $dependents = array(); // Iterate over all registered scripts, finding dependents of the script passed to this method. foreach ( $this->registered as $registered_handle => $args ) { if ( in_array( $handle, $args->deps, true ) ) { $dependents[] = $registered_handle; } } // Add the handles dependents to the map to ease future lookups. $this->dependents_map[ $handle ] = $dependents; return $dependents; } /** * Checks if the strategy passed is a valid delayed (non-blocking) strategy. * * @since 6.3.0 * * @param string|mixed $strategy The strategy to check. * @return bool True if $strategy is one of the delayed strategies, otherwise false. */ private function is_delayed_strategy( $strategy ): bool { return in_array( $strategy, $this->delayed_strategies, true ); } /** * Checks if the provided fetchpriority is valid. * * @since 6.9.0 * * @param string|mixed $priority Fetch priority. * @return bool Whether valid fetchpriority. */ private function is_valid_fetchpriority( $priority ): bool { return in_array( $priority, array( 'auto', 'low', 'high' ), true ); } /** * Gets the best eligible loading strategy for a script. * * @since 6.3.0 * * @param string $handle The script handle. * @return string The best eligible loading strategy. */ private function get_eligible_loading_strategy( $handle ) { $intended_strategy = (string) $this->get_data( $handle, 'strategy' ); // Bail early if there is no intended strategy. if ( ! $intended_strategy ) { return ''; } /* * If the intended strategy is 'defer', limit the initial list of eligible * strategies, since 'async' can fallback to 'defer', but not vice-versa. */ $initial_strategy = ( 'defer' === $intended_strategy ) ? array( 'defer' ) : null; $eligible_strategies = $this->filter_eligible_strategies( $handle, $initial_strategy ); // Return early once we know the eligible strategy is blocking. if ( empty( $eligible_strategies ) ) { return ''; } return in_array( 'async', $eligible_strategies, true ) ? 'async' : 'defer'; } /** * Filter the list of eligible loading strategies for a script. * * @since 6.3.0 * * @param string $handle The script handle. * @param string[]|null $eligible_strategies Optional. The list of strategies to filter. Default null. * @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops. * @param array<string, string[]> $stored_results Optional. An array of already computed eligible loading strategies by handle, used to increase performance in large dependency lists. * @return string[] A list of eligible loading strategies that could be used. */ private function filter_eligible_strategies( $handle, $eligible_strategies = null, $checked = array(), array &$stored_results = array() ) { if ( isset( $stored_results[ $handle ] ) ) { return $stored_results[ $handle ]; } // If no strategies are being passed, all strategies are eligible. if ( null === $eligible_strategies ) { $eligible_strategies = $this->delayed_strategies; } // If this handle was already checked, return early. if ( isset( $checked[ $handle ] ) ) { return $eligible_strategies; } // Mark this handle as checked. $checked[ $handle ] = true; // If this handle isn't registered, don't filter anything and return. if ( ! isset( $this->registered[ $handle ] ) ) { return $eligible_strategies; } // If the handle is not enqueued, don't filter anything and return. if ( ! $this->query( $handle, 'enqueued' ) ) { return $eligible_strategies; } $is_alias = (bool) ! $this->registered[ $handle ]->src; $intended_strategy = $this->get_data( $handle, 'strategy' ); // For non-alias handles, an empty intended strategy filters all strategies. if ( ! $is_alias && empty( $intended_strategy ) ) { return array(); } // Handles with inline scripts attached in the 'after' position cannot be delayed. if ( $this->has_inline_script( $handle, 'after' ) ) { return array(); } // If the intended strategy is 'defer', filter out 'async'. if ( 'defer' === $intended_strategy ) { $eligible_strategies = array( 'defer' ); } $dependents = $this->get_dependents( $handle ); // Recursively filter eligible strategies for dependents. foreach ( $dependents as $dependent ) { // Bail early once we know the eligible strategy is blocking. if ( empty( $eligible_strategies ) ) { return array(); } $eligible_strategies = $this->filter_eligible_strategies( $dependent, $eligible_strategies, $checked, $stored_results ); } $stored_results[ $handle ] = $eligible_strategies; return $eligible_strategies; } /** * Gets the highest fetch priority for a given script and all of its dependent scripts. * * @since 6.9.0 * @see self::filter_eligible_strategies() * @see WP_Script_Modules::get_highest_fetchpriority() * * @param string $handle Script module ID. * @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops. * @param array<string, string> $stored_results Optional. An array of already computed max priority by handle, used to increase performance in large dependency lists. * @return string|null Highest fetch priority for the script and its dependents. */ private function get_highest_fetchpriority_with_dependents( string $handle, array $checked = array(), array &$stored_results = array() ): ?string { if ( isset( $stored_results[ $handle ] ) ) { return $stored_results[ $handle ]; } // If there is a recursive dependency, return early. if ( isset( $checked[ $handle ] ) ) { return null; } // Mark this handle as checked to guard against infinite recursion. $checked[ $handle ] = true; // Abort if the script is not enqueued or a dependency of an enqueued script. if ( ! $this->query( $handle, 'enqueued' ) ) { return null; } $fetchpriority = $this->get_data( $handle, 'fetchpriority' ); if ( ! $this->is_valid_fetchpriority( $fetchpriority ) ) { $fetchpriority = 'auto'; } static $priorities = array( 'low', 'auto', 'high', ); $high_priority_index = count( $priorities ) - 1; $highest_priority_index = (int) array_search( $fetchpriority, $priorities, true ); if ( $highest_priority_index !== $high_priority_index ) { foreach ( $this->get_dependents( $handle ) as $dependent_handle ) { $dependent_priority = $this->get_highest_fetchpriority_with_dependents( $dependent_handle, $checked, $stored_results ); if ( is_string( $dependent_priority ) ) { $highest_priority_index = max( $highest_priority_index, (int) array_search( $dependent_priority, $priorities, true ) ); if ( $highest_priority_index === $high_priority_index ) { break; } } } } $stored_results[ $handle ] = $priorities[ $highest_priority_index ]; // @phpstan-ignore parameterByRef.type (We know the index is valid and that this will be a string.) return $priorities[ $highest_priority_index ]; } /** * Gets data for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get data for. Must be lowercase. * @param string $position The position of the inline script. * @return bool Whether the handle has an inline script (either before or after). */ private function has_inline_script( $handle, $position = null ) { if ( $position && in_array( $position, array( 'before', 'after' ), true ) ) { return (bool) $this->get_data( $handle, $position ); } return (bool) ( $this->get_data( $handle, 'before' ) || $this->get_data( $handle, 'after' ) ); } /** * Resets class properties. * * @since 2.8.0 */ public function reset() { $this->do_concat = false; $this->print_code = ''; $this->concat = ''; $this->concat_version = ''; $this->print_html = ''; $this->ext_version = ''; $this->ext_handles = ''; } /** * Gets a script-specific dependency warning message. * * @since 6.9.1 * * @param string $handle Script handle with missing dependencies. * @param string[] $missing_dependency_handles Missing dependency handles. * @return string Formatted, localized warning message. */ protected function get_dependency_warning_message( $handle, $missing_dependency_handles ) { return sprintf( /* translators: 1: Script handle, 2: List of missing dependency handles. */ __( 'The script with the handle "%1$s" was enqueued with dependencies that are not registered: %2$s.' ), $handle, implode( wp_get_list_item_separator(), $missing_dependency_handles ) ); } } HTTP/plugin-20260605051417.php 0000666 00000107225 15226703613 0010736 0 ustar 00 <?php /** * The plugin API is located in this file, which allows for creating actions * and filters and hooking functions, and methods. The functions or methods will * then be run when the action or filter is called. * * The API callback examples reference functions, but can be methods of classes. * To hook methods, you'll need to pass an array one of two ways. * * Any of the syntaxes explained in the PHP documentation for the * {@link https://www.php.net/manual/en/language.pseudo-types.php#language.types.callback 'callback'} * type are valid. * * Also see the {@link https://developer.wordpress.org/plugins/ Plugin API} for * more information and examples on how to use a lot of these functions. * * This file should have no external dependencies. * * @package WordPress * @subpackage Plugin * @since 1.5.0 */ // Initialize the filter globals. require __DIR__ . '/class-wp-hook.php'; /** @var WP_Hook[] $wp_filter */ global $wp_filter; /** @var int[] $wp_actions */ global $wp_actions; /** @var int[] $wp_filters */ global $wp_filters; /** @var string[] $wp_current_filter */ global $wp_current_filter; if ( $wp_filter ) { $wp_filter = WP_Hook::build_preinitialized_hooks( $wp_filter ); } else { $wp_filter = array(); } if ( ! isset( $wp_actions ) ) { $wp_actions = array(); } if ( ! isset( $wp_filters ) ) { $wp_filters = array(); } if ( ! isset( $wp_current_filter ) ) { $wp_current_filter = array(); } /** * Adds a callback function to a filter hook. * * WordPress offers filter hooks to allow plugins to modify * various types of internal data at runtime. * * A plugin can modify data by binding a callback to a filter hook. When the filter * is later applied, each bound callback is run in order of priority, and given * the opportunity to modify a value by returning a new value. * * The following example shows how a callback function is bound to a filter hook. * * Note that `$example` is passed to the callback, (maybe) modified, then returned: * * function example_callback( $example ) { * // Maybe modify $example in some way. * return $example; * } * add_filter( 'example_filter', 'example_callback' ); * * Bound callbacks can accept from none to the total number of arguments passed as parameters * in the corresponding apply_filters() call. * * In other words, if an apply_filters() call passes four total arguments, callbacks bound to * it can accept none (the same as 1) of the arguments or up to four. The important part is that * the `$accepted_args` value must reflect the number of arguments the bound callback *actually* * opted to accept. If no arguments were accepted by the callback that is considered to be the * same as accepting 1 argument. For example: * * // Filter call. * $value = apply_filters( 'hook', $value, $arg2, $arg3 ); * * // Accepting zero/one arguments. * function example_callback() { * ... * return 'some value'; * } * add_filter( 'hook', 'example_callback' ); // Where $priority is default 10, $accepted_args is default 1. * * // Accepting two arguments (three possible). * function example_callback( $value, $arg2 ) { * ... * return $maybe_modified_value; * } * add_filter( 'hook', 'example_callback', 10, 2 ); // Where $priority is 10, $accepted_args is 2. * * *Note:* The function will return true whether or not the callback is valid. * It is up to you to take care. This is done for optimization purposes, so * everything is as quick as possible. * * @since 0.71 * * @global WP_Hook[] $wp_filter A multidimensional array of all hooks and the callbacks hooked to them. * * @param string $hook_name The name of the filter to add the callback to. * @param callable $callback The callback to be run when the filter is applied. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular filter are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the filter. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_filter( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ] = new WP_Hook(); } $wp_filter[ $hook_name ]->add_filter( $hook_name, $callback, $priority, $accepted_args ); return true; } /** * Calls the callback functions that have been added to a filter hook. * * This function invokes all functions attached to filter hook `$hook_name`. * It is possible to create new filter hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * The function also allows for multiple additional arguments to be passed to hooks. * * Example usage: * * // The filter callback function. * function example_callback( $string, $arg1, $arg2 ) { * // (maybe) modify $string. * return $string; * } * add_filter( 'example_filter', 'example_callback', 10, 3 ); * * /* * * Apply the filters by calling the 'example_callback()' function * * that's hooked onto `example_filter` above. * * * * - 'example_filter' is the filter hook. * * - 'filter me' is the value being filtered. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * $value = apply_filters( 'example_filter', 'filter me', $arg1, $arg2 ); * * @since 0.71 * @since 6.0.0 Formalized the existing and already documented `...$args` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param mixed $value The value to filter. * @param mixed ...$args Optional. Additional parameters to pass to the callback functions. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters( $hook_name, $value, ...$args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $value; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } // Pass the value to WP_Hook. array_unshift( $args, $value ); $filtered = $wp_filter[ $hook_name ]->apply_filters( $value, $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Calls the callback functions that have been added to a filter hook, specifying arguments in an array. * * @since 3.0.0 * * @see apply_filters() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_ref_array( $hook_name, $args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $args[0]; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $filtered = $wp_filter[ $hook_name ]->apply_filters( $args[0], $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Checks if any filter has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The name of the filter hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_filter( $hook_name, $callback = false, $priority = false ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { return false; } return $wp_filter[ $hook_name ]->has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from a filter hook. * * This can be used to remove default functions attached to a specific filter * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter hook to which the function to be removed is hooked. * @param callable|string|array $callback The callback to be removed from running when the filter is applied. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * filter callback. Default 10. * @return bool Whether the function existed before it was removed. */ function remove_filter( $hook_name, $callback, $priority = 10 ) { global $wp_filter; $r = false; if ( isset( $wp_filter[ $hook_name ] ) ) { $r = $wp_filter[ $hook_name ]->remove_filter( $hook_name, $callback, $priority ); if ( ! $wp_filter[ $hook_name ]->callbacks ) { unset( $wp_filter[ $hook_name ] ); } } return $r; } /** * Removes all of the callback functions from a filter hook. * * @since 2.7.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_filters( $hook_name, $priority = false ) { global $wp_filter; if ( isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ]->remove_all_filters( $priority ); if ( ! $wp_filter[ $hook_name ]->has_filters() ) { unset( $wp_filter[ $hook_name ] ); } } return true; } /** * Retrieves the name of the current filter hook. * * @since 2.5.0 * * @global string[] $wp_current_filter Stores the list of current filters with the current one last * * @return string|false Hook name of the current filter, false if no filter is running. */ function current_filter() { global $wp_current_filter; return end( $wp_current_filter ); } /** * Returns whether or not a filter hook is currently being processed. * * The function current_filter() only returns the most recent filter being executed. * did_filter() returns the number of times a filter has been applied during * the current request. * * This function allows detection for any filter currently being executed * (regardless of whether it's the most recent filter to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_filter() * @see did_filter() * @global string[] $wp_current_filter Current filter. * * @param string|null $hook_name Optional. Filter hook to check. Defaults to null, * which checks if any filter is currently being run. * @return bool Whether the filter is currently in the stack. */ function doing_filter( $hook_name = null ) { global $wp_current_filter; if ( null === $hook_name ) { return ! empty( $wp_current_filter ); } return in_array( $hook_name, $wp_current_filter, true ); } /** * Retrieves the number of times a filter has been applied during the current request. * * @since 6.1.0 * * @global int[] $wp_filters Stores the number of times each filter was triggered. * * @param string $hook_name The name of the filter hook. * @return int The number of times the filter hook has been applied. */ function did_filter( $hook_name ) { global $wp_filters; if ( ! isset( $wp_filters[ $hook_name ] ) ) { return 0; } return $wp_filters[ $hook_name ]; } /** * Adds a callback function to an action hook. * * Actions are the hooks that the WordPress core launches at specific points * during execution, or when specific events occur. Plugins can specify that * one or more of its PHP functions are executed at these points, using the * Action API. * * @since 1.2.0 * * @param string $hook_name The name of the action to add the callback to. * @param callable $callback The callback to be run when the action is called. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular action are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the action. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_action( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { return add_filter( $hook_name, $callback, $priority, $accepted_args ); } /** * Calls the callback functions that have been added to an action hook. * * This function invokes all functions attached to action hook `$hook_name`. * It is possible to create new action hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * You can pass extra arguments to the hooks, much like you can with `apply_filters()`. * * Example usage: * * // The action callback function. * function example_callback( $arg1, $arg2 ) { * // (maybe) do something with the args. * } * add_action( 'example_action', 'example_callback', 10, 2 ); * * /* * * Trigger the actions by calling the 'example_callback()' function * * that's hooked onto `example_action` above. * * * * - 'example_action' is the action hook. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * do_action( 'example_action', $arg1, $arg2 ); * * @since 1.2.0 * @since 5.3.0 Formalized the existing and already documented `...$arg` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param mixed ...$arg Optional. Additional arguments which are passed on to the * functions hooked to the action. Default empty. */ function do_action( $hook_name, ...$arg ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } if ( empty( $arg ) ) { $arg[] = ''; } elseif ( is_array( $arg[0] ) && 1 === count( $arg[0] ) && isset( $arg[0][0] ) && is_object( $arg[0][0] ) ) { // Backward compatibility for PHP4-style passing of `array( &$this )` as action `$arg`. $arg[0] = $arg[0][0]; } $wp_filter[ $hook_name ]->do_action( $arg ); array_pop( $wp_current_filter ); } /** * Calls the callback functions that have been added to an action hook, specifying arguments in an array. * * @since 2.1.0 * * @see do_action() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. */ function do_action_ref_array( $hook_name, $args ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $wp_filter[ $hook_name ]->do_action( $args ); array_pop( $wp_current_filter ); } /** * Checks if any action has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @see has_filter() This function is an alias of has_filter(). * * @param string $hook_name The name of the action hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_action( $hook_name, $callback = false, $priority = false ) { return has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from an action hook. * * This can be used to remove default functions attached to a specific action * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @param string $hook_name The action hook to which the function to be removed is hooked. * @param callable|string|array $callback The name of the function which should be removed. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * action callback. Default 10. * @return bool Whether the function is removed. */ function remove_action( $hook_name, $callback, $priority = 10 ) { return remove_filter( $hook_name, $callback, $priority ); } /** * Removes all of the callback functions from an action hook. * * @since 2.7.0 * * @param string $hook_name The action to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_actions( $hook_name, $priority = false ) { return remove_all_filters( $hook_name, $priority ); } /** * Retrieves the name of the current action hook. * * @since 3.9.0 * * @return string|false Hook name of the current action, false if no action is running. */ function current_action() { return current_filter(); } /** * Returns whether or not an action hook is currently being processed. * * The function current_action() only returns the most recent action being executed. * did_action() returns the number of times an action has been fired during * the current request. * * This function allows detection for any action currently being executed * (regardless of whether it's the most recent action to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_action() * @see did_action() * * @param string|null $hook_name Optional. Action hook to check. Defaults to null, * which checks if any action is currently being run. * @return bool Whether the action is currently in the stack. */ function doing_action( $hook_name = null ) { return doing_filter( $hook_name ); } /** * Retrieves the number of times an action has been fired during the current request. * * @since 2.1.0 * * @global int[] $wp_actions Stores the number of times each action was triggered. * * @param string $hook_name The name of the action hook. * @return int The number of times the action hook has been fired. */ function did_action( $hook_name ) { global $wp_actions; if ( ! isset( $wp_actions[ $hook_name ] ) ) { return 0; } return $wp_actions[ $hook_name ]; } /** * Fires functions attached to a deprecated filter hook. * * When a filter hook is deprecated, the apply_filters() call is replaced with * apply_filters_deprecated(), which triggers a deprecation notice and then fires * the original filter hook. * * Note: the value and extra arguments passed to the original apply_filters() call * must be passed here to `$args` as an array. For example: * * // Old filter. * return apply_filters( 'wpdocs_filter', $value, $extra_arg ); * * // Deprecated. * return apply_filters_deprecated( 'wpdocs_filter', array( $value, $extra_arg ), '4.9.0', 'wpdocs_new_filter' ); * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the filter hook. * @param array $args Array of additional function arguments to be passed to apply_filters(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_filter( $hook_name ) ) { return $args[0]; } _deprecated_hook( $hook_name, $version, $replacement, $message ); return apply_filters_ref_array( $hook_name, $args ); } /** * Fires functions attached to a deprecated action hook. * * When an action hook is deprecated, the do_action() call is replaced with * do_action_deprecated(), which triggers a deprecation notice and then fires * the original hook. * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the action hook. * @param array $args Array of additional function arguments to be passed to do_action(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. */ function do_action_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_action( $hook_name ) ) { return; } _deprecated_hook( $hook_name, $version, $replacement, $message ); do_action_ref_array( $hook_name, $args ); } // // Functions for handling plugins. // /** * Gets the basename of a plugin. * * This method extracts the name of a plugin from its filename. * * @since 1.5.0 * * @global array $wp_plugin_paths * * @param string $file The filename of plugin. * @return string The name of a plugin. */ function plugin_basename( $file ) { global $wp_plugin_paths; // $wp_plugin_paths contains normalized paths. $file = wp_normalize_path( $file ); arsort( $wp_plugin_paths ); foreach ( $wp_plugin_paths as $dir => $realdir ) { if ( str_starts_with( $file, $realdir ) ) { $file = $dir . substr( $file, strlen( $realdir ) ); } } $plugin_dir = wp_normalize_path( WP_PLUGIN_DIR ); $mu_plugin_dir = wp_normalize_path( WPMU_PLUGIN_DIR ); // Get relative path from plugins directory. $file = preg_replace( '#^' . preg_quote( $plugin_dir, '#' ) . '/|^' . preg_quote( $mu_plugin_dir, '#' ) . '/#', '', $file ); $file = trim( $file, '/' ); return $file; } /** * Register a plugin's real path. * * This is used in plugin_basename() to resolve symlinked paths. * * @since 3.9.0 * * @see wp_normalize_path() * * @global array $wp_plugin_paths * * @param string $file Known path to the file. * @return bool Whether the path was able to be registered. */ function wp_register_plugin_realpath( $file ) { global $wp_plugin_paths; // Normalize, but store as static to avoid recalculation of a constant value. static $wp_plugin_path = null, $wpmu_plugin_path = null; if ( ! isset( $wp_plugin_path ) ) { $wp_plugin_path = wp_normalize_path( WP_PLUGIN_DIR ); $wpmu_plugin_path = wp_normalize_path( WPMU_PLUGIN_DIR ); } $plugin_path = wp_normalize_path( dirname( $file ) ); $plugin_realpath = wp_normalize_path( dirname( realpath( $file ) ) ); if ( $plugin_path === $wp_plugin_path || $plugin_path === $wpmu_plugin_path ) { return false; } if ( $plugin_path !== $plugin_realpath ) { $wp_plugin_paths[ $plugin_path ] = $plugin_realpath; } return true; } /** * Get the filesystem directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the filesystem path of the directory that contains the plugin. */ function plugin_dir_path( $file ) { return trailingslashit( dirname( $file ) ); } /** * Get the URL directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the URL path of the directory that contains the plugin. */ function plugin_dir_url( $file ) { return trailingslashit( plugins_url( '', $file ) ); } /** * Set the activation hook for a plugin. * * When a plugin is activated, the action 'activate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'activate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'activate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'activate_PLUGIN' action. */ function register_activation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'activate_' . $file, $callback ); } /** * Sets the deactivation hook for a plugin. * * When a plugin is deactivated, the action 'deactivate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'deactivate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'deactivate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'deactivate_PLUGIN' action. */ function register_deactivation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'deactivate_' . $file, $callback ); } /** * Sets the uninstallation hook for a plugin. * * Registers the uninstall hook that will be called when the user clicks on the * uninstall link that calls for the plugin to uninstall itself. The link won't * be active unless the plugin hooks into the action. * * The plugin should not run arbitrary code outside of functions, when * registering the uninstall hook. In order to run using the hook, the plugin * will have to be included, which means that any code laying outside of a * function will be run during the uninstallation process. The plugin should not * hinder the uninstallation process. * * If the plugin can not be written without running code within the plugin, then * the plugin should create a file named 'uninstall.php' in the base plugin * folder. This file will be called, if it exists, during the uninstallation process * bypassing the uninstall hook. The plugin, when using the 'uninstall.php' * should always check for the 'WP_UNINSTALL_PLUGIN' constant, before * executing. * * @since 2.7.0 * * @param string $file Plugin file. * @param callable $callback The callback to run when the hook is called. Must be * a static method or function. */ function register_uninstall_hook( $file, $callback ) { if ( is_array( $callback ) && is_object( $callback[0] ) ) { _doing_it_wrong( __FUNCTION__, __( 'Only a static class method or function can be used in an uninstall hook.' ), '3.1.0' ); return; } /* * The option should not be autoloaded, because it is not needed in most * cases. Emphasis should be put on using the 'uninstall.php' way of * uninstalling the plugin. */ $uninstallable_plugins = (array) get_option( 'uninstall_plugins' ); $plugin_basename = plugin_basename( $file ); if ( ! isset( $uninstallable_plugins[ $plugin_basename ] ) || $uninstallable_plugins[ $plugin_basename ] !== $callback ) { $uninstallable_plugins[ $plugin_basename ] = $callback; update_option( 'uninstall_plugins', $uninstallable_plugins ); } } /** * Calls the 'all' hook, which will process the functions hooked into it. * * The 'all' hook passes all of the arguments or parameters that were used for * the hook, which this function was called for. * * This function is used internally for apply_filters(), do_action(), and * do_action_ref_array() and is not meant to be used from outside those * functions. This function does not check for the existence of the all hook, so * it will fail unless the all hook exists prior to this function call. * * @since 2.5.0 * @access private * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param array $args The collected parameters from the hook that was called. */ function _wp_call_all_hook( $args ) { global $wp_filter; $wp_filter['all']->do_all_hook( $args ); } /** * Builds a unique string ID for a hook callback function. * * Functions and static method callbacks are just returned as strings and * shouldn't have any speed penalty. * * @link https://core.trac.wordpress.org/ticket/3875 * * @since 2.2.3 * @since 5.3.0 Removed workarounds for spl_object_hash(). * `$hook_name` and `$priority` are no longer used, * and the function always returns a string. * * @access private * * @param string $hook_name Unused. The name of the filter to build ID for. * @param callable|string|array $callback The callback to generate ID for. The callback may * or may not exist. * @param int $priority Unused. The order in which the functions * associated with a particular action are executed. * @return string|null Unique function ID for usage as array key. * Null if a valid `$callback` is not passed. */ function _wp_filter_build_unique_id( $hook_name, $callback, $priority ) { if ( is_string( $callback ) ) { return $callback; } if ( is_object( $callback ) ) { // Closures are currently implemented as objects. $callback = array( $callback, '' ); } else { $callback = (array) $callback; } if ( is_object( $callback[0] ) ) { // Object class calling. return spl_object_hash( $callback[0] ) . $callback[1]; } elseif ( is_string( $callback[0] ) ) { // Static calling. return $callback[0] . '::' . $callback[1]; } return null; } HTTP/ClientException-20260605063430.php 0000666 00000000515 15226703613 0012525 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use SimplePie\Exception as SimplePieException; /** * Client exception class * * @internal */ final class ClientException extends SimplePieException { } HTTP/https-migration-20260606010046.php 0000666 00000011205 15226703613 0012553 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605172257-20260609122108.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606183054-20260610034319.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606100547-20260608221834.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-http-20260605074823.php 0000666 00000121142 15226703613 0012146 0 ustar 00 <?php /** * HTTP API: WP_Http class * * @package WordPress * @subpackage HTTP * @since 2.7.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) { require ABSPATH . WPINC . '/Requests/src/Autoload.php'; WpOrg\Requests\Autoload::register(); WpOrg\Requests\Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' ); } /** * Core class used for managing HTTP transports and making HTTP requests. * * This class is used to consistently make outgoing HTTP requests easy for developers * while still being compatible with the many PHP configurations under which * WordPress runs. * * Debugging includes several actions, which pass different variables for debugging the HTTP API. * * @since 2.7.0 */ #[AllowDynamicProperties] class WP_Http { // Aliases for HTTP response codes. const HTTP_CONTINUE = 100; const SWITCHING_PROTOCOLS = 101; const PROCESSING = 102; const EARLY_HINTS = 103; const OK = 200; const CREATED = 201; const ACCEPTED = 202; const NON_AUTHORITATIVE_INFORMATION = 203; const NO_CONTENT = 204; const RESET_CONTENT = 205; const PARTIAL_CONTENT = 206; const MULTI_STATUS = 207; const IM_USED = 226; const MULTIPLE_CHOICES = 300; const MOVED_PERMANENTLY = 301; const FOUND = 302; const SEE_OTHER = 303; const NOT_MODIFIED = 304; const USE_PROXY = 305; const RESERVED = 306; const TEMPORARY_REDIRECT = 307; const PERMANENT_REDIRECT = 308; const BAD_REQUEST = 400; const UNAUTHORIZED = 401; const PAYMENT_REQUIRED = 402; const FORBIDDEN = 403; const NOT_FOUND = 404; const METHOD_NOT_ALLOWED = 405; const NOT_ACCEPTABLE = 406; const PROXY_AUTHENTICATION_REQUIRED = 407; const REQUEST_TIMEOUT = 408; const CONFLICT = 409; const GONE = 410; const LENGTH_REQUIRED = 411; const PRECONDITION_FAILED = 412; const REQUEST_ENTITY_TOO_LARGE = 413; const REQUEST_URI_TOO_LONG = 414; const UNSUPPORTED_MEDIA_TYPE = 415; const REQUESTED_RANGE_NOT_SATISFIABLE = 416; const EXPECTATION_FAILED = 417; const IM_A_TEAPOT = 418; const MISDIRECTED_REQUEST = 421; const UNPROCESSABLE_ENTITY = 422; const LOCKED = 423; const FAILED_DEPENDENCY = 424; const TOO_EARLY = 425; const UPGRADE_REQUIRED = 426; const PRECONDITION_REQUIRED = 428; const TOO_MANY_REQUESTS = 429; const REQUEST_HEADER_FIELDS_TOO_LARGE = 431; const UNAVAILABLE_FOR_LEGAL_REASONS = 451; const INTERNAL_SERVER_ERROR = 500; const NOT_IMPLEMENTED = 501; const BAD_GATEWAY = 502; const SERVICE_UNAVAILABLE = 503; const GATEWAY_TIMEOUT = 504; const HTTP_VERSION_NOT_SUPPORTED = 505; const VARIANT_ALSO_NEGOTIATES = 506; const INSUFFICIENT_STORAGE = 507; const NOT_EXTENDED = 510; const NETWORK_AUTHENTICATION_REQUIRED = 511; /** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', 'PUT', 'DELETE', * 'TRACE', 'OPTIONS', or 'PATCH'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type float $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports. * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through wp_http_validate_url(). * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string $sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be dropped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error { * Array of response data, or a WP_Error instance upon error. * * @type \WpOrg\Requests\Utility\CaseInsensitiveDictionary $headers Response headers keyed by name. * @type string $body Response body. * @type array $response { * Array of HTTP response data. * * @type int|false $code HTTP response status code. * @type string|false $message HTTP response message. * } * @type WP_HTTP_Cookie[] $cookies Array of cookies set by the server. * @type string|null $filename Optional. Filename of the response. * @type WP_HTTP_Requests_Response|null $http_response Response object. * } */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', /** * Filters the timeout value for an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param float $timeout_value Time in seconds until a request times out. Default 5. * @param string $url The request URL. */ 'timeout' => apply_filters( 'http_request_timeout', 5, $url ), /** * Filters the number of redirects allowed during an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param int $redirect_count Number of redirects allowed. Default 5. * @param string $url The request URL. */ 'redirection' => apply_filters( 'http_request_redirection_count', 5, $url ), /** * Filters the version of the HTTP protocol used in a request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $version Version of HTTP used. Accepts '1.0' and '1.1'. Default '1.0'. * @param string $url The request URL. */ 'httpversion' => apply_filters( 'http_request_version', '1.0', $url ), /** * Filters the user agent value sent with an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $user_agent WordPress user agent string. * @param string $url The request URL. */ 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $url ), /** * Filters whether to pass URLs through wp_http_validate_url() in an HTTP request. * * @since 3.6.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $pass_url Whether to pass URLs through wp_http_validate_url(). Default false. * @param string $url The request URL. */ 'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false, $url ), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null, ); // Pre-parse for the HEAD checks. $args = wp_parse_args( $args ); // By default, HEAD requests do not cause redirections. if ( isset( $args['method'] ) && 'HEAD' === $args['method'] ) { $defaults['redirection'] = 0; } $parsed_args = wp_parse_args( $args, $defaults ); /** * Filters the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $parsed_args An array of HTTP request arguments. * @param string $url The request URL. */ $parsed_args = apply_filters( 'http_request_args', $parsed_args, $url ); // The transports decrement this, store a copy of the original value for loop purposes. if ( ! isset( $parsed_args['_redirection'] ) ) { $parsed_args['_redirection'] = $parsed_args['redirection']; } /** * Filters the preemptive return value of an HTTP request. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return one of: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - Boolean false to avoid short-circuiting the response * * Returning any other value may result in unexpected behavior. * * @since 2.9.0 * * @param false|array|WP_Error $response A preemptive return value of an HTTP request. Default false. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters( 'pre_http_request', false, $parsed_args, $url ); if ( false !== $pre ) { return $pre; } if ( function_exists( 'wp_kses_bad_protocol' ) ) { if ( $parsed_args['reject_unsafe_urls'] ) { $url = wp_http_validate_url( $url ); } if ( $url ) { $url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) ); } } $parsed_url = parse_url( $url ); if ( empty( $url ) || empty( $parsed_url['scheme'] ) ) { $response = new WP_Error( 'http_request_failed', __( 'A valid URL was not provided.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } if ( $this->block_request( $url ) ) { $response = new WP_Error( 'http_request_not_executed', __( 'User has blocked requests through HTTP.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } // If we are streaming to a file but no filename was given drop it in the WP temp dir // and pick its name using the basename of the $url. if ( $parsed_args['stream'] ) { if ( empty( $parsed_args['filename'] ) ) { $parsed_args['filename'] = get_temp_dir() . basename( $url ); } // Force some settings if we are streaming to a file and check for existence // and perms of destination directory. $parsed_args['blocking'] = true; if ( ! wp_is_writable( dirname( $parsed_args['filename'] ) ) ) { $response = new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } } if ( is_null( $parsed_args['headers'] ) ) { $parsed_args['headers'] = array(); } // WP allows passing in headers as a string, weirdly. if ( ! is_array( $parsed_args['headers'] ) ) { $processed_headers = self::processHeaders( $parsed_args['headers'] ); $parsed_args['headers'] = $processed_headers['headers']; } // Setup arguments. $headers = $parsed_args['headers']; $data = $parsed_args['body']; $type = $parsed_args['method']; $options = array( 'timeout' => $parsed_args['timeout'], 'useragent' => $parsed_args['user-agent'], 'blocking' => $parsed_args['blocking'], 'hooks' => new WP_HTTP_Requests_Hooks( $url, $parsed_args ), ); // Ensure redirects follow browser behavior. $options['hooks']->register( 'requests.before_redirect', array( static::class, 'browser_redirect_compatibility' ) ); // Validate redirected URLs. if ( function_exists( 'wp_kses_bad_protocol' ) && $parsed_args['reject_unsafe_urls'] ) { $options['hooks']->register( 'requests.before_redirect', array( static::class, 'validate_redirects' ) ); } if ( $parsed_args['stream'] ) { $options['filename'] = $parsed_args['filename']; } if ( empty( $parsed_args['redirection'] ) ) { $options['follow_redirects'] = false; } else { $options['redirects'] = $parsed_args['redirection']; } // Use byte limit, if we can. if ( isset( $parsed_args['limit_response_size'] ) ) { $options['max_bytes'] = $parsed_args['limit_response_size']; } // If we've got cookies, use and convert them to WpOrg\Requests\Cookie. if ( ! empty( $parsed_args['cookies'] ) ) { $options['cookies'] = self::normalize_cookies( $parsed_args['cookies'] ); } // SSL certificate handling. if ( ! $parsed_args['sslverify'] ) { $options['verify'] = false; $options['verifyname'] = false; } else { $options['verify'] = $parsed_args['sslcertificates']; } // All non-GET/HEAD requests should put the arguments in the form body. if ( 'HEAD' !== $type && 'GET' !== $type ) { $options['data_format'] = 'body'; } /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection * or path to an SSL certificate. * @param string $url The request URL. */ $options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'], $url ); // Check for proxies. $proxy = new WP_HTTP_Proxy(); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $options['proxy'] = new WpOrg\Requests\Proxy\Http( $proxy->host() . ':' . $proxy->port() ); if ( $proxy->use_authentication() ) { $options['proxy']->use_authentication = true; $options['proxy']->user = $proxy->username(); $options['proxy']->pass = $proxy->password(); } } // Avoid issues where mbstring.func_overload is enabled. mbstring_binary_safe_encoding(); try { $requests_response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options ); // Convert the response into an array. $http_response = new WP_HTTP_Requests_Response( $requests_response, $parsed_args['filename'] ); $response = $http_response->to_array(); // Add the original object to the array. $response['http_response'] = $http_response; } catch ( WpOrg\Requests\Exception $e ) { $response = new WP_Error( 'http_request_failed', $e->getMessage() ); } reset_mbstring_encoding(); /** * Fires after an HTTP API response is received and before the response is returned. * * @since 2.8.0 * * @param array|WP_Error $response HTTP response or WP_Error object. * @param string $context Context under which the hook is fired. * @param string $class HTTP transport used. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); if ( is_wp_error( $response ) ) { return $response; } if ( ! $parsed_args['blocking'] ) { return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), 'http_response' => null, ); } /** * Filters a successful HTTP API response immediately before the response is returned. * * @since 2.9.0 * * @param array $response HTTP response. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ return apply_filters( 'http_response', $response, $parsed_args, $url ); } /** * Normalizes cookies for using in Requests. * * @since 4.6.0 * * @param array $cookies Array of cookies to send with the request. * @return WpOrg\Requests\Cookie\Jar Cookie holder object. */ public static function normalize_cookies( $cookies ) { $cookie_jar = new WpOrg\Requests\Cookie\Jar(); foreach ( $cookies as $name => $value ) { if ( $value instanceof WP_Http_Cookie ) { $attributes = array_filter( $value->get_attributes(), static function ( $attr ) { return null !== $attr; } ); $cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) ); } elseif ( is_scalar( $value ) ) { $cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value ); } } return $cookie_jar; } /** * Match redirect behavior to browser handling. * * Changes 302 redirects from POST to GET to match browser handling. Per * RFC 7231, user agents can deviate from the strict reading of the * specification for compatibility purposes. * * @since 4.6.0 * * @param string $location URL to redirect to. * @param array $headers Headers for the redirect. * @param string|array $data Body to send with the request. * @param array $options Redirect request options. * @param WpOrg\Requests\Response $original Response object. */ public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) { // Browser compatibility. if ( 302 === $original->status_code ) { $options['type'] = WpOrg\Requests\Requests::GET; } } /** * Validate redirected URLs. * * @since 4.7.5 * * @throws WpOrg\Requests\Exception On unsuccessful URL validation. * @param string $location URL to redirect to. */ public static function validate_redirects( $location ) { if ( ! wp_http_validate_url( $location ) ) { throw new WpOrg\Requests\Exception( __( 'A valid URL was not provided.' ), 'wp_http.redirect_failed_validation' ); } } /** * Tests which transports are capable of supporting the request. * * @since 3.2.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * @see WpOrg\Requests\Requests::get_transport_class() * * @param array $args Request arguments. * @param string $url URL to request. * @return string|false Class name for the first transport that claims to support the request. * False if no transport claims to support the request. */ public function _get_first_available_transport( $args, $url = null ) { $transports = array( 'curl', 'streams' ); /** * Filters which HTTP transports are available and in what order. * * @since 3.7.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * * @param string[] $transports Array of HTTP transports to check. Default array contains * 'curl' and 'streams', in that order. * @param array $args HTTP request arguments. * @param string $url The URL to request. */ $request_order = apply_filters_deprecated( 'http_api_transports', array( $transports, $args, $url ), '6.4.0' ); // Loop over each transport on each HTTP request looking for one which will serve this request's needs. foreach ( $request_order as $transport ) { if ( in_array( $transport, $transports, true ) ) { $transport = ucfirst( $transport ); } $class = 'WP_Http_' . $transport; // Check to see if this transport is a possibility, calls the transport statically. if ( ! call_user_func( array( $class, 'test' ), $args, $url ) ) { continue; } return $class; } return false; } /** * Dispatches a HTTP request to a supporting transport. * * Tests each transport in order to find a transport which matches the request arguments. * Also caches the transport instance to be used later. * * The order for requests is cURL, and then PHP Streams. * * @since 3.2.0 * @deprecated 5.1.0 Use WP_Http::request() * @see WP_Http::request() * * @param string $url URL to request. * @param array $args Request arguments. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ private function _dispatch_request( $url, $args ) { static $transports = array(); $class = $this->_get_first_available_transport( $args, $url ); if ( ! $class ) { return new WP_Error( 'http_failure', __( 'There are no HTTP transports available which can complete the requested request.' ) ); } // Transport claims to support request, instantiate it and give it a whirl. if ( empty( $transports[ $class ] ) ) { $transports[ $class ] = new $class(); } $response = $transports[ $class ]->request( $url, $args ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', $class, $args, $url ); if ( is_wp_error( $response ) ) { return $response; } /** This filter is documented in wp-includes/class-wp-http.php */ return apply_filters( 'http_response', $response, $args, $url ); } /** * Uses the POST HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function post( $url, $args = array() ) { $defaults = array( 'method' => 'POST' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the GET HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function get( $url, $args = array() ) { $defaults = array( 'method' => 'GET' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the HEAD HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function head( $url, $args = array() ) { $defaults = array( 'method' => 'HEAD' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Parses the responses and splits the parts into headers and body. * * @since 2.7.0 * * @param string $response The full response string. * @return array { * Array with response headers and body. * * @type string $headers HTTP response headers. * @type string $body HTTP response body. * } */ public static function processResponse( $response ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid $response = explode( "\r\n\r\n", $response, 2 ); return array( 'headers' => $response[0], 'body' => isset( $response[1] ) ? $response[1] : '', ); } /** * Transforms header string into an array. * * @since 2.7.0 * * @param string|array $headers The original headers. If a string is passed, it will be converted * to an array. If an array is passed, then it is assumed to be * raw header data with numeric keys with the headers as the values. * No headers must be passed that were already processed. * @param string $url Optional. The URL that was requested. Default empty. * @return array { * Processed string headers. If duplicate headers are encountered, * then a numbered array is returned as the value of that header-key. * * @type array $response { * @type int $code The response status code. Default 0. * @type string $message The response message. Default empty. * } * @type array $newheaders The processed header data as a multidimensional array. * @type WP_Http_Cookie[] $cookies If the original headers contain the 'Set-Cookie' key, * an array containing `WP_Http_Cookie` objects is returned. * } */ public static function processHeaders( $headers, $url = '' ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // Split headers, one per array element. if ( is_string( $headers ) ) { // Tolerate line terminator: CRLF = LF (RFC 2616 19.3). $headers = str_replace( "\r\n", "\n", $headers ); /* * Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>, * <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2). */ $headers = preg_replace( '/\n[ \t]/', ' ', $headers ); // Create the headers array. $headers = explode( "\n", $headers ); } $response = array( 'code' => 0, 'message' => '', ); /* * If a redirection has taken place, The headers for each page request may have been passed. * In this case, determine the final HTTP header and parse from there. */ for ( $i = count( $headers ) - 1; $i >= 0; $i-- ) { if ( ! empty( $headers[ $i ] ) && ! str_contains( $headers[ $i ], ':' ) ) { $headers = array_splice( $headers, $i ); break; } } $cookies = array(); $newheaders = array(); foreach ( (array) $headers as $tempheader ) { if ( empty( $tempheader ) ) { continue; } if ( ! str_contains( $tempheader, ':' ) ) { $stack = explode( ' ', $tempheader, 3 ); $stack[] = ''; list( , $response['code'], $response['message']) = $stack; continue; } list($key, $value) = explode( ':', $tempheader, 2 ); $key = strtolower( $key ); $value = trim( $value ); if ( isset( $newheaders[ $key ] ) ) { if ( ! is_array( $newheaders[ $key ] ) ) { $newheaders[ $key ] = array( $newheaders[ $key ] ); } $newheaders[ $key ][] = $value; } else { $newheaders[ $key ] = $value; } if ( 'set-cookie' === $key ) { $cookies[] = new WP_Http_Cookie( $value, $url ); } } // Cast the Response Code to an int. $response['code'] = (int) $response['code']; return array( 'response' => $response, 'headers' => $newheaders, 'cookies' => $cookies, ); } /** * Takes the arguments for a ::request() and checks for the cookie array. * * If it's found, then it upgrades any basic name => value pairs to WP_Http_Cookie instances, * which are each parsed into strings and added to the Cookie: header (within the arguments array). * Edits the array by reference. * * @since 2.8.0 * * @param array $r Full array of args passed into ::request() */ public static function buildCookieHeader( &$r ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! empty( $r['cookies'] ) ) { // Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances. foreach ( $r['cookies'] as $name => $value ) { if ( ! is_object( $value ) ) { $r['cookies'][ $name ] = new WP_Http_Cookie( array( 'name' => $name, 'value' => $value, ) ); } } $cookies_header = ''; foreach ( (array) $r['cookies'] as $cookie ) { $cookies_header .= $cookie->getHeaderValue() . '; '; } $cookies_header = substr( $cookies_header, 0, -2 ); $r['headers']['cookie'] = $cookies_header; } } /** * Decodes chunk transfer-encoding, based off the HTTP 1.1 specification. * * Based off the HTTP http_encoding_dechunk function. * * @link https://tools.ietf.org/html/rfc2616#section-19.4.6 Process for chunked decoding. * * @since 2.7.0 * * @param string $body Body content. * @return string Chunked decoded body on success or raw body on failure. */ public static function chunkTransferDecode( $body ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // The body is not chunked encoded or is malformed. if ( ! preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', trim( $body ) ) ) { return $body; } $parsed_body = ''; // We'll be altering $body, so need a backup in case of error. $body_original = $body; while ( true ) { $has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match ); if ( ! $has_chunk || empty( $match[1] ) ) { return $body_original; } $length = hexdec( $match[1] ); $chunk_length = strlen( $match[0] ); // Parse out the chunk of data. $parsed_body .= substr( $body, $chunk_length, $length ); // Remove the chunk from the raw data. $body = substr( $body, $length + $chunk_length ); // End of the document. if ( '0' === trim( $body ) ) { return $parsed_body; } } } /** * Determines whether an HTTP API request to the given URL should be blocked. * * Those who are behind a proxy and want to prevent access to certain hosts may do so. This will * prevent plugins from working and core functionality, if you don't include `api.wordpress.org`. * * You block external URL requests by defining `WP_HTTP_BLOCK_EXTERNAL` as true in your `wp-config.php` * file and this will only allow localhost and your site to make requests. The constant * `WP_ACCESSIBLE_HOSTS` will allow additional hosts to go through for requests. The format of the * `WP_ACCESSIBLE_HOSTS` constant is a comma separated list of hostnames to allow, wildcard domains * are supported, eg `*.wordpress.org` will allow for all subdomains of `wordpress.org` to be contacted. * * @since 2.8.0 * * @link https://core.trac.wordpress.org/ticket/8927 Allow preventing external requests. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_ACCESSIBLE_HOSTS * * @param string $uri URI of url. * @return bool True to block, false to allow. */ public function block_request( $uri ) { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) { return false; } $check = parse_url( $uri ); if ( ! $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * * A local request is one to `localhost` or to the same host as the site itself. * * @since 2.8.0 * * @param bool $block Whether to block local requests. Default false. */ return apply_filters( 'block_local_requests', false ); } if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) { return true; } static $accessible_hosts = null; static $wildcard_regex = array(); if ( null === $accessible_hosts ) { $accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS ); if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $accessible_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it. } } /** * Used as a wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7. * * @deprecated 4.4.0 Use wp_parse_url() * @see wp_parse_url() * * @param string $url The URL to parse. * @return bool|array False on failure; Array of URL components on success; * See parse_url()'s return values. */ protected static function parse_url( $url ) { _deprecated_function( __METHOD__, '4.4.0', 'wp_parse_url()' ); return wp_parse_url( $url ); } /** * Converts a relative URL to an absolute URL relative to a given URL. * * If an Absolute URL is provided, no processing of that URL is done. * * @since 3.4.0 * * @param string $maybe_relative_path The URL which might be relative. * @param string $url The URL which $maybe_relative_path is relative to. * @return string An Absolute URL, in a failure condition where the URL cannot be parsed, the relative URL will be returned. */ public static function make_absolute_url( $maybe_relative_path, $url ) { if ( empty( $url ) ) { return $maybe_relative_path; } $url_parts = wp_parse_url( $url ); if ( ! $url_parts ) { return $maybe_relative_path; } $relative_url_parts = wp_parse_url( $maybe_relative_path ); if ( ! $relative_url_parts ) { return $maybe_relative_path; } // Check for a scheme on the 'relative' URL. if ( ! empty( $relative_url_parts['scheme'] ) ) { return $maybe_relative_path; } $absolute_path = $url_parts['scheme'] . '://'; // Schemeless URLs will make it this far, so we check for a host in the relative URL // and convert it to a protocol-URL. if ( isset( $relative_url_parts['host'] ) ) { $absolute_path .= $relative_url_parts['host']; if ( isset( $relative_url_parts['port'] ) ) { $absolute_path .= ':' . $relative_url_parts['port']; } } else { $absolute_path .= $url_parts['host']; if ( isset( $url_parts['port'] ) ) { $absolute_path .= ':' . $url_parts['port']; } } // Start off with the absolute URL path. $path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/'; // If it's a root-relative path, then great. if ( ! empty( $relative_url_parts['path'] ) && '/' === $relative_url_parts['path'][0] ) { $path = $relative_url_parts['path']; // Else it's a relative path. } elseif ( ! empty( $relative_url_parts['path'] ) ) { // Strip off any file components from the absolute path. $path = substr( $path, 0, strrpos( $path, '/' ) + 1 ); // Build the new path. $path .= $relative_url_parts['path']; // Strip all /path/../ out of the path. while ( strpos( $path, '../' ) > 1 ) { $path = preg_replace( '![^/]+/\.\./!', '', $path ); } // Strip any final leading ../ from the path. $path = preg_replace( '!^/(\.\./)+!', '', $path ); } // Add the query string. if ( ! empty( $relative_url_parts['query'] ) ) { $path .= '?' . $relative_url_parts['query']; } // Add the fragment. if ( ! empty( $relative_url_parts['fragment'] ) ) { $path .= '#' . $relative_url_parts['fragment']; } return $absolute_path . '/' . ltrim( $path, '/' ); } /** * Handles an HTTP redirect and follows it if appropriate. * * @since 3.7.0 * * @param string $url The URL which was requested. * @param array $args The arguments which were used to make the request. * @param array $response The response of the HTTP request. * @return array|false|WP_Error An HTTP API response array if the redirect is successfully followed, * false if no redirect is present, or a WP_Error object if there's an error. */ public static function handle_redirects( $url, $args, $response ) { // If no redirects are present, or, redirects were not requested, perform no action. if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) { return false; } // Only perform redirections on redirection http codes. if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) { return false; } // Don't redirect if we've run out of redirects. if ( $args['redirection']-- <= 0 ) { return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) ); } $redirect_location = $response['headers']['location']; // If there were multiple Location headers, use the last header specified. if ( is_array( $redirect_location ) ) { $redirect_location = array_pop( $redirect_location ); } $redirect_location = self::make_absolute_url( $redirect_location, $url ); // POST requests should not POST to a redirected location. if ( 'POST' === $args['method'] ) { if ( in_array( $response['response']['code'], array( 302, 303 ), true ) ) { $args['method'] = 'GET'; } } // Include valid cookies in the redirect process. if ( ! empty( $response['cookies'] ) ) { foreach ( $response['cookies'] as $cookie ) { if ( $cookie->test( $redirect_location ) ) { $args['cookies'][] = $cookie; } } } return wp_remote_request( $redirect_location, $args ); } /** * Determines if a specified string represents an IP address or not. * * This function also detects the type of the IP address, returning either * '4' or '6' to represent an IPv4 and IPv6 address respectively. * This does not verify if the IP is a valid IP, only that it appears to be * an IP address. * * @link http://home.deds.nl/~aeron/regex/ for IPv6 regex. * * @since 3.7.0 * * @param string $maybe_ip A suspected IP address. * @return int|false Upon success, '4' or '6' to represent an IPv4 or IPv6 address, false upon failure. */ public static function is_ip_address( $maybe_ip ) { if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $maybe_ip ) ) { return 4; } if ( str_contains( $maybe_ip, ':' ) && preg_match( '/^(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})$/i', trim( $maybe_ip, ' []' ) ) ) { return 6; } return false; } } HTTP/plugin-20260605041951.php 0000666 00000107225 15226703613 0010740 0 ustar 00 <?php /** * The plugin API is located in this file, which allows for creating actions * and filters and hooking functions, and methods. The functions or methods will * then be run when the action or filter is called. * * The API callback examples reference functions, but can be methods of classes. * To hook methods, you'll need to pass an array one of two ways. * * Any of the syntaxes explained in the PHP documentation for the * {@link https://www.php.net/manual/en/language.pseudo-types.php#language.types.callback 'callback'} * type are valid. * * Also see the {@link https://developer.wordpress.org/plugins/ Plugin API} for * more information and examples on how to use a lot of these functions. * * This file should have no external dependencies. * * @package WordPress * @subpackage Plugin * @since 1.5.0 */ // Initialize the filter globals. require __DIR__ . '/class-wp-hook.php'; /** @var WP_Hook[] $wp_filter */ global $wp_filter; /** @var int[] $wp_actions */ global $wp_actions; /** @var int[] $wp_filters */ global $wp_filters; /** @var string[] $wp_current_filter */ global $wp_current_filter; if ( $wp_filter ) { $wp_filter = WP_Hook::build_preinitialized_hooks( $wp_filter ); } else { $wp_filter = array(); } if ( ! isset( $wp_actions ) ) { $wp_actions = array(); } if ( ! isset( $wp_filters ) ) { $wp_filters = array(); } if ( ! isset( $wp_current_filter ) ) { $wp_current_filter = array(); } /** * Adds a callback function to a filter hook. * * WordPress offers filter hooks to allow plugins to modify * various types of internal data at runtime. * * A plugin can modify data by binding a callback to a filter hook. When the filter * is later applied, each bound callback is run in order of priority, and given * the opportunity to modify a value by returning a new value. * * The following example shows how a callback function is bound to a filter hook. * * Note that `$example` is passed to the callback, (maybe) modified, then returned: * * function example_callback( $example ) { * // Maybe modify $example in some way. * return $example; * } * add_filter( 'example_filter', 'example_callback' ); * * Bound callbacks can accept from none to the total number of arguments passed as parameters * in the corresponding apply_filters() call. * * In other words, if an apply_filters() call passes four total arguments, callbacks bound to * it can accept none (the same as 1) of the arguments or up to four. The important part is that * the `$accepted_args` value must reflect the number of arguments the bound callback *actually* * opted to accept. If no arguments were accepted by the callback that is considered to be the * same as accepting 1 argument. For example: * * // Filter call. * $value = apply_filters( 'hook', $value, $arg2, $arg3 ); * * // Accepting zero/one arguments. * function example_callback() { * ... * return 'some value'; * } * add_filter( 'hook', 'example_callback' ); // Where $priority is default 10, $accepted_args is default 1. * * // Accepting two arguments (three possible). * function example_callback( $value, $arg2 ) { * ... * return $maybe_modified_value; * } * add_filter( 'hook', 'example_callback', 10, 2 ); // Where $priority is 10, $accepted_args is 2. * * *Note:* The function will return true whether or not the callback is valid. * It is up to you to take care. This is done for optimization purposes, so * everything is as quick as possible. * * @since 0.71 * * @global WP_Hook[] $wp_filter A multidimensional array of all hooks and the callbacks hooked to them. * * @param string $hook_name The name of the filter to add the callback to. * @param callable $callback The callback to be run when the filter is applied. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular filter are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the filter. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_filter( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ] = new WP_Hook(); } $wp_filter[ $hook_name ]->add_filter( $hook_name, $callback, $priority, $accepted_args ); return true; } /** * Calls the callback functions that have been added to a filter hook. * * This function invokes all functions attached to filter hook `$hook_name`. * It is possible to create new filter hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * The function also allows for multiple additional arguments to be passed to hooks. * * Example usage: * * // The filter callback function. * function example_callback( $string, $arg1, $arg2 ) { * // (maybe) modify $string. * return $string; * } * add_filter( 'example_filter', 'example_callback', 10, 3 ); * * /* * * Apply the filters by calling the 'example_callback()' function * * that's hooked onto `example_filter` above. * * * * - 'example_filter' is the filter hook. * * - 'filter me' is the value being filtered. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * $value = apply_filters( 'example_filter', 'filter me', $arg1, $arg2 ); * * @since 0.71 * @since 6.0.0 Formalized the existing and already documented `...$args` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param mixed $value The value to filter. * @param mixed ...$args Optional. Additional parameters to pass to the callback functions. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters( $hook_name, $value, ...$args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $value; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } // Pass the value to WP_Hook. array_unshift( $args, $value ); $filtered = $wp_filter[ $hook_name ]->apply_filters( $value, $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Calls the callback functions that have been added to a filter hook, specifying arguments in an array. * * @since 3.0.0 * * @see apply_filters() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_ref_array( $hook_name, $args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $args[0]; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $filtered = $wp_filter[ $hook_name ]->apply_filters( $args[0], $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Checks if any filter has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The name of the filter hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_filter( $hook_name, $callback = false, $priority = false ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { return false; } return $wp_filter[ $hook_name ]->has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from a filter hook. * * This can be used to remove default functions attached to a specific filter * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter hook to which the function to be removed is hooked. * @param callable|string|array $callback The callback to be removed from running when the filter is applied. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * filter callback. Default 10. * @return bool Whether the function existed before it was removed. */ function remove_filter( $hook_name, $callback, $priority = 10 ) { global $wp_filter; $r = false; if ( isset( $wp_filter[ $hook_name ] ) ) { $r = $wp_filter[ $hook_name ]->remove_filter( $hook_name, $callback, $priority ); if ( ! $wp_filter[ $hook_name ]->callbacks ) { unset( $wp_filter[ $hook_name ] ); } } return $r; } /** * Removes all of the callback functions from a filter hook. * * @since 2.7.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_filters( $hook_name, $priority = false ) { global $wp_filter; if ( isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ]->remove_all_filters( $priority ); if ( ! $wp_filter[ $hook_name ]->has_filters() ) { unset( $wp_filter[ $hook_name ] ); } } return true; } /** * Retrieves the name of the current filter hook. * * @since 2.5.0 * * @global string[] $wp_current_filter Stores the list of current filters with the current one last * * @return string|false Hook name of the current filter, false if no filter is running. */ function current_filter() { global $wp_current_filter; return end( $wp_current_filter ); } /** * Returns whether or not a filter hook is currently being processed. * * The function current_filter() only returns the most recent filter being executed. * did_filter() returns the number of times a filter has been applied during * the current request. * * This function allows detection for any filter currently being executed * (regardless of whether it's the most recent filter to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_filter() * @see did_filter() * @global string[] $wp_current_filter Current filter. * * @param string|null $hook_name Optional. Filter hook to check. Defaults to null, * which checks if any filter is currently being run. * @return bool Whether the filter is currently in the stack. */ function doing_filter( $hook_name = null ) { global $wp_current_filter; if ( null === $hook_name ) { return ! empty( $wp_current_filter ); } return in_array( $hook_name, $wp_current_filter, true ); } /** * Retrieves the number of times a filter has been applied during the current request. * * @since 6.1.0 * * @global int[] $wp_filters Stores the number of times each filter was triggered. * * @param string $hook_name The name of the filter hook. * @return int The number of times the filter hook has been applied. */ function did_filter( $hook_name ) { global $wp_filters; if ( ! isset( $wp_filters[ $hook_name ] ) ) { return 0; } return $wp_filters[ $hook_name ]; } /** * Adds a callback function to an action hook. * * Actions are the hooks that the WordPress core launches at specific points * during execution, or when specific events occur. Plugins can specify that * one or more of its PHP functions are executed at these points, using the * Action API. * * @since 1.2.0 * * @param string $hook_name The name of the action to add the callback to. * @param callable $callback The callback to be run when the action is called. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular action are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the action. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_action( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { return add_filter( $hook_name, $callback, $priority, $accepted_args ); } /** * Calls the callback functions that have been added to an action hook. * * This function invokes all functions attached to action hook `$hook_name`. * It is possible to create new action hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * You can pass extra arguments to the hooks, much like you can with `apply_filters()`. * * Example usage: * * // The action callback function. * function example_callback( $arg1, $arg2 ) { * // (maybe) do something with the args. * } * add_action( 'example_action', 'example_callback', 10, 2 ); * * /* * * Trigger the actions by calling the 'example_callback()' function * * that's hooked onto `example_action` above. * * * * - 'example_action' is the action hook. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * do_action( 'example_action', $arg1, $arg2 ); * * @since 1.2.0 * @since 5.3.0 Formalized the existing and already documented `...$arg` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param mixed ...$arg Optional. Additional arguments which are passed on to the * functions hooked to the action. Default empty. */ function do_action( $hook_name, ...$arg ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } if ( empty( $arg ) ) { $arg[] = ''; } elseif ( is_array( $arg[0] ) && 1 === count( $arg[0] ) && isset( $arg[0][0] ) && is_object( $arg[0][0] ) ) { // Backward compatibility for PHP4-style passing of `array( &$this )` as action `$arg`. $arg[0] = $arg[0][0]; } $wp_filter[ $hook_name ]->do_action( $arg ); array_pop( $wp_current_filter ); } /** * Calls the callback functions that have been added to an action hook, specifying arguments in an array. * * @since 2.1.0 * * @see do_action() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. */ function do_action_ref_array( $hook_name, $args ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $wp_filter[ $hook_name ]->do_action( $args ); array_pop( $wp_current_filter ); } /** * Checks if any action has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @see has_filter() This function is an alias of has_filter(). * * @param string $hook_name The name of the action hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_action( $hook_name, $callback = false, $priority = false ) { return has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from an action hook. * * This can be used to remove default functions attached to a specific action * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @param string $hook_name The action hook to which the function to be removed is hooked. * @param callable|string|array $callback The name of the function which should be removed. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * action callback. Default 10. * @return bool Whether the function is removed. */ function remove_action( $hook_name, $callback, $priority = 10 ) { return remove_filter( $hook_name, $callback, $priority ); } /** * Removes all of the callback functions from an action hook. * * @since 2.7.0 * * @param string $hook_name The action to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_actions( $hook_name, $priority = false ) { return remove_all_filters( $hook_name, $priority ); } /** * Retrieves the name of the current action hook. * * @since 3.9.0 * * @return string|false Hook name of the current action, false if no action is running. */ function current_action() { return current_filter(); } /** * Returns whether or not an action hook is currently being processed. * * The function current_action() only returns the most recent action being executed. * did_action() returns the number of times an action has been fired during * the current request. * * This function allows detection for any action currently being executed * (regardless of whether it's the most recent action to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_action() * @see did_action() * * @param string|null $hook_name Optional. Action hook to check. Defaults to null, * which checks if any action is currently being run. * @return bool Whether the action is currently in the stack. */ function doing_action( $hook_name = null ) { return doing_filter( $hook_name ); } /** * Retrieves the number of times an action has been fired during the current request. * * @since 2.1.0 * * @global int[] $wp_actions Stores the number of times each action was triggered. * * @param string $hook_name The name of the action hook. * @return int The number of times the action hook has been fired. */ function did_action( $hook_name ) { global $wp_actions; if ( ! isset( $wp_actions[ $hook_name ] ) ) { return 0; } return $wp_actions[ $hook_name ]; } /** * Fires functions attached to a deprecated filter hook. * * When a filter hook is deprecated, the apply_filters() call is replaced with * apply_filters_deprecated(), which triggers a deprecation notice and then fires * the original filter hook. * * Note: the value and extra arguments passed to the original apply_filters() call * must be passed here to `$args` as an array. For example: * * // Old filter. * return apply_filters( 'wpdocs_filter', $value, $extra_arg ); * * // Deprecated. * return apply_filters_deprecated( 'wpdocs_filter', array( $value, $extra_arg ), '4.9.0', 'wpdocs_new_filter' ); * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the filter hook. * @param array $args Array of additional function arguments to be passed to apply_filters(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_filter( $hook_name ) ) { return $args[0]; } _deprecated_hook( $hook_name, $version, $replacement, $message ); return apply_filters_ref_array( $hook_name, $args ); } /** * Fires functions attached to a deprecated action hook. * * When an action hook is deprecated, the do_action() call is replaced with * do_action_deprecated(), which triggers a deprecation notice and then fires * the original hook. * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the action hook. * @param array $args Array of additional function arguments to be passed to do_action(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. */ function do_action_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_action( $hook_name ) ) { return; } _deprecated_hook( $hook_name, $version, $replacement, $message ); do_action_ref_array( $hook_name, $args ); } // // Functions for handling plugins. // /** * Gets the basename of a plugin. * * This method extracts the name of a plugin from its filename. * * @since 1.5.0 * * @global array $wp_plugin_paths * * @param string $file The filename of plugin. * @return string The name of a plugin. */ function plugin_basename( $file ) { global $wp_plugin_paths; // $wp_plugin_paths contains normalized paths. $file = wp_normalize_path( $file ); arsort( $wp_plugin_paths ); foreach ( $wp_plugin_paths as $dir => $realdir ) { if ( str_starts_with( $file, $realdir ) ) { $file = $dir . substr( $file, strlen( $realdir ) ); } } $plugin_dir = wp_normalize_path( WP_PLUGIN_DIR ); $mu_plugin_dir = wp_normalize_path( WPMU_PLUGIN_DIR ); // Get relative path from plugins directory. $file = preg_replace( '#^' . preg_quote( $plugin_dir, '#' ) . '/|^' . preg_quote( $mu_plugin_dir, '#' ) . '/#', '', $file ); $file = trim( $file, '/' ); return $file; } /** * Register a plugin's real path. * * This is used in plugin_basename() to resolve symlinked paths. * * @since 3.9.0 * * @see wp_normalize_path() * * @global array $wp_plugin_paths * * @param string $file Known path to the file. * @return bool Whether the path was able to be registered. */ function wp_register_plugin_realpath( $file ) { global $wp_plugin_paths; // Normalize, but store as static to avoid recalculation of a constant value. static $wp_plugin_path = null, $wpmu_plugin_path = null; if ( ! isset( $wp_plugin_path ) ) { $wp_plugin_path = wp_normalize_path( WP_PLUGIN_DIR ); $wpmu_plugin_path = wp_normalize_path( WPMU_PLUGIN_DIR ); } $plugin_path = wp_normalize_path( dirname( $file ) ); $plugin_realpath = wp_normalize_path( dirname( realpath( $file ) ) ); if ( $plugin_path === $wp_plugin_path || $plugin_path === $wpmu_plugin_path ) { return false; } if ( $plugin_path !== $plugin_realpath ) { $wp_plugin_paths[ $plugin_path ] = $plugin_realpath; } return true; } /** * Get the filesystem directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the filesystem path of the directory that contains the plugin. */ function plugin_dir_path( $file ) { return trailingslashit( dirname( $file ) ); } /** * Get the URL directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the URL path of the directory that contains the plugin. */ function plugin_dir_url( $file ) { return trailingslashit( plugins_url( '', $file ) ); } /** * Set the activation hook for a plugin. * * When a plugin is activated, the action 'activate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'activate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'activate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'activate_PLUGIN' action. */ function register_activation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'activate_' . $file, $callback ); } /** * Sets the deactivation hook for a plugin. * * When a plugin is deactivated, the action 'deactivate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'deactivate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'deactivate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'deactivate_PLUGIN' action. */ function register_deactivation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'deactivate_' . $file, $callback ); } /** * Sets the uninstallation hook for a plugin. * * Registers the uninstall hook that will be called when the user clicks on the * uninstall link that calls for the plugin to uninstall itself. The link won't * be active unless the plugin hooks into the action. * * The plugin should not run arbitrary code outside of functions, when * registering the uninstall hook. In order to run using the hook, the plugin * will have to be included, which means that any code laying outside of a * function will be run during the uninstallation process. The plugin should not * hinder the uninstallation process. * * If the plugin can not be written without running code within the plugin, then * the plugin should create a file named 'uninstall.php' in the base plugin * folder. This file will be called, if it exists, during the uninstallation process * bypassing the uninstall hook. The plugin, when using the 'uninstall.php' * should always check for the 'WP_UNINSTALL_PLUGIN' constant, before * executing. * * @since 2.7.0 * * @param string $file Plugin file. * @param callable $callback The callback to run when the hook is called. Must be * a static method or function. */ function register_uninstall_hook( $file, $callback ) { if ( is_array( $callback ) && is_object( $callback[0] ) ) { _doing_it_wrong( __FUNCTION__, __( 'Only a static class method or function can be used in an uninstall hook.' ), '3.1.0' ); return; } /* * The option should not be autoloaded, because it is not needed in most * cases. Emphasis should be put on using the 'uninstall.php' way of * uninstalling the plugin. */ $uninstallable_plugins = (array) get_option( 'uninstall_plugins' ); $plugin_basename = plugin_basename( $file ); if ( ! isset( $uninstallable_plugins[ $plugin_basename ] ) || $uninstallable_plugins[ $plugin_basename ] !== $callback ) { $uninstallable_plugins[ $plugin_basename ] = $callback; update_option( 'uninstall_plugins', $uninstallable_plugins ); } } /** * Calls the 'all' hook, which will process the functions hooked into it. * * The 'all' hook passes all of the arguments or parameters that were used for * the hook, which this function was called for. * * This function is used internally for apply_filters(), do_action(), and * do_action_ref_array() and is not meant to be used from outside those * functions. This function does not check for the existence of the all hook, so * it will fail unless the all hook exists prior to this function call. * * @since 2.5.0 * @access private * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param array $args The collected parameters from the hook that was called. */ function _wp_call_all_hook( $args ) { global $wp_filter; $wp_filter['all']->do_all_hook( $args ); } /** * Builds a unique string ID for a hook callback function. * * Functions and static method callbacks are just returned as strings and * shouldn't have any speed penalty. * * @link https://core.trac.wordpress.org/ticket/3875 * * @since 2.2.3 * @since 5.3.0 Removed workarounds for spl_object_hash(). * `$hook_name` and `$priority` are no longer used, * and the function always returns a string. * * @access private * * @param string $hook_name Unused. The name of the filter to build ID for. * @param callable|string|array $callback The callback to generate ID for. The callback may * or may not exist. * @param int $priority Unused. The order in which the functions * associated with a particular action are executed. * @return string|null Unique function ID for usage as array key. * Null if a valid `$callback` is not passed. */ function _wp_filter_build_unique_id( $hook_name, $callback, $priority ) { if ( is_string( $callback ) ) { return $callback; } if ( is_object( $callback ) ) { // Closures are currently implemented as objects. $callback = array( $callback, '' ); } else { $callback = (array) $callback; } if ( is_object( $callback[0] ) ) { // Object class calling. return spl_object_hash( $callback[0] ) . $callback[1]; } elseif ( is_string( $callback[0] ) ) { // Static calling. return $callback[0] . '::' . $callback[1]; } return null; } HTTP/https-detection-20260605090837-20260609051257.php 0000666 00000013341 15226703613 0014154 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605070331.php 0000666 00000011205 15226703613 0012555 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605164101-20260610141913.php 0000666 00000011205 15226703613 0014135 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605043510.php 0000666 00000011205 15226703613 0012554 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606165331-20260606215501.php 0000666 00000013341 15226703613 0014134 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605090837-20260609135656.php 0000666 00000013341 15226703613 0014162 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605183207-20260608105827.php 0000666 00000011205 15226703613 0014160 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605195344.php 0000666 00000011205 15226703613 0012571 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606002414.php 0000666 00000011205 15226703613 0012553 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605125016.php 0000666 00000011205 15226703613 0012556 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-proxy.php 0000666 00000013534 15226703613 0011740 0 ustar 00 <?php /** * HTTP API: WP_HTTP_Proxy class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement HTTP API proxy support. * * There are caveats to proxy support. It requires that defines be made in the wp-config.php file to * enable proxy support. There are also a few filters that plugins can hook into for some of the * constants. * * Please note that only BASIC authentication is supported by most transports. * cURL MAY support more methods (such as NTLM authentication) depending on your environment. * * The constants are as follows: * <ol> * <li>WP_PROXY_HOST - Enable proxy support and host for connecting.</li> * <li>WP_PROXY_PORT - Proxy port for connection. No default, must be defined.</li> * <li>WP_PROXY_USERNAME - Proxy username, if it requires authentication.</li> * <li>WP_PROXY_PASSWORD - Proxy password, if it requires authentication.</li> * <li>WP_PROXY_BYPASS_HOSTS - Will prevent the hosts in this list from going through the proxy. * You do not need to have localhost and the site host in this list, because they will not be passed * through the proxy. The list should be presented in a comma separated list, wildcards using * are supported. Example: *.wordpress.org</li> * </ol> * * An example can be as seen below. * * define('WP_PROXY_HOST', '192.168.84.101'); * define('WP_PROXY_PORT', '8080'); * define('WP_PROXY_BYPASS_HOSTS', 'localhost, www.example.com, *.wordpress.org'); * * @link https://core.trac.wordpress.org/ticket/4011 Proxy support ticket in WordPress. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_PROXY_BYPASS_HOSTS * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_HTTP_Proxy { /** * Whether proxy connection should be used. * * Constants which control this behavior: * * - `WP_PROXY_HOST` * - `WP_PROXY_PORT` * * @since 2.8.0 * * @return bool */ public function is_enabled() { return defined( 'WP_PROXY_HOST' ) && defined( 'WP_PROXY_PORT' ); } /** * Whether authentication should be used. * * Constants which control this behavior: * * - `WP_PROXY_USERNAME` * - `WP_PROXY_PASSWORD` * * @since 2.8.0 * * @return bool */ public function use_authentication() { return defined( 'WP_PROXY_USERNAME' ) && defined( 'WP_PROXY_PASSWORD' ); } /** * Retrieve the host for the proxy server. * * @since 2.8.0 * * @return string */ public function host() { if ( defined( 'WP_PROXY_HOST' ) ) { return WP_PROXY_HOST; } return ''; } /** * Retrieve the port for the proxy server. * * @since 2.8.0 * * @return string */ public function port() { if ( defined( 'WP_PROXY_PORT' ) ) { return WP_PROXY_PORT; } return ''; } /** * Retrieve the username for proxy authentication. * * @since 2.8.0 * * @return string */ public function username() { if ( defined( 'WP_PROXY_USERNAME' ) ) { return WP_PROXY_USERNAME; } return ''; } /** * Retrieve the password for proxy authentication. * * @since 2.8.0 * * @return string */ public function password() { if ( defined( 'WP_PROXY_PASSWORD' ) ) { return WP_PROXY_PASSWORD; } return ''; } /** * Retrieve authentication string for proxy authentication. * * @since 2.8.0 * * @return string */ public function authentication() { return $this->username() . ':' . $this->password(); } /** * Retrieve header string for proxy authentication. * * @since 2.8.0 * * @return string */ public function authentication_header() { return 'Proxy-Authorization: Basic ' . base64_encode( $this->authentication() ); } /** * Determines whether the request should be sent through a proxy. * * We want to keep localhost and the site URL from being sent through the proxy, because * some proxies can not handle this. We also have the constant available for defining other * hosts that won't be sent through the proxy. * * @since 2.8.0 * * @param string $uri URL of the request. * @return bool Whether to send the request through the proxy. */ public function send_through_proxy( $uri ) { $check = parse_url( $uri ); // Malformed URL, can not process, but this could mean ssl, so let through anyway. if ( false === $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); /** * Filters whether to preempt sending the request through the proxy. * * Returning false will bypass the proxy; returning true will send * the request through the proxy. Returning null bypasses the filter. * * @since 3.5.0 * * @param bool|null $override Whether to send the request through the proxy. Default null. * @param string $uri URL of the request. * @param array $check Associative array result of parsing the request URL with `parse_url()`. * @param array $home Associative array result of parsing the site URL with `parse_url()`. */ $result = apply_filters( 'pre_http_send_through_proxy', null, $uri, $check, $home ); if ( ! is_null( $result ) ) { return $result; } if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { return false; } if ( ! defined( 'WP_PROXY_BYPASS_HOSTS' ) ) { return true; } static $bypass_hosts = null; static $wildcard_regex = array(); if ( null === $bypass_hosts ) { $bypass_hosts = preg_split( '|,\s*|', WP_PROXY_BYPASS_HOSTS ); if ( str_contains( WP_PROXY_BYPASS_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $bypass_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $bypass_hosts, true ); } } } HTTP/https-detection-20260606132041-20260607135303.php 0000666 00000013341 15226703613 0014126 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606060413-20260609122144.php 0000666 00000013341 15226703613 0014132 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605173712.php 0000666 00000011205 15226703613 0012564 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606095414.php 0000666 00000013341 15226703613 0012557 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-http-20260605075022.php 0000666 00000121142 15226703613 0012136 0 ustar 00 <?php /** * HTTP API: WP_Http class * * @package WordPress * @subpackage HTTP * @since 2.7.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) { require ABSPATH . WPINC . '/Requests/src/Autoload.php'; WpOrg\Requests\Autoload::register(); WpOrg\Requests\Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' ); } /** * Core class used for managing HTTP transports and making HTTP requests. * * This class is used to consistently make outgoing HTTP requests easy for developers * while still being compatible with the many PHP configurations under which * WordPress runs. * * Debugging includes several actions, which pass different variables for debugging the HTTP API. * * @since 2.7.0 */ #[AllowDynamicProperties] class WP_Http { // Aliases for HTTP response codes. const HTTP_CONTINUE = 100; const SWITCHING_PROTOCOLS = 101; const PROCESSING = 102; const EARLY_HINTS = 103; const OK = 200; const CREATED = 201; const ACCEPTED = 202; const NON_AUTHORITATIVE_INFORMATION = 203; const NO_CONTENT = 204; const RESET_CONTENT = 205; const PARTIAL_CONTENT = 206; const MULTI_STATUS = 207; const IM_USED = 226; const MULTIPLE_CHOICES = 300; const MOVED_PERMANENTLY = 301; const FOUND = 302; const SEE_OTHER = 303; const NOT_MODIFIED = 304; const USE_PROXY = 305; const RESERVED = 306; const TEMPORARY_REDIRECT = 307; const PERMANENT_REDIRECT = 308; const BAD_REQUEST = 400; const UNAUTHORIZED = 401; const PAYMENT_REQUIRED = 402; const FORBIDDEN = 403; const NOT_FOUND = 404; const METHOD_NOT_ALLOWED = 405; const NOT_ACCEPTABLE = 406; const PROXY_AUTHENTICATION_REQUIRED = 407; const REQUEST_TIMEOUT = 408; const CONFLICT = 409; const GONE = 410; const LENGTH_REQUIRED = 411; const PRECONDITION_FAILED = 412; const REQUEST_ENTITY_TOO_LARGE = 413; const REQUEST_URI_TOO_LONG = 414; const UNSUPPORTED_MEDIA_TYPE = 415; const REQUESTED_RANGE_NOT_SATISFIABLE = 416; const EXPECTATION_FAILED = 417; const IM_A_TEAPOT = 418; const MISDIRECTED_REQUEST = 421; const UNPROCESSABLE_ENTITY = 422; const LOCKED = 423; const FAILED_DEPENDENCY = 424; const TOO_EARLY = 425; const UPGRADE_REQUIRED = 426; const PRECONDITION_REQUIRED = 428; const TOO_MANY_REQUESTS = 429; const REQUEST_HEADER_FIELDS_TOO_LARGE = 431; const UNAVAILABLE_FOR_LEGAL_REASONS = 451; const INTERNAL_SERVER_ERROR = 500; const NOT_IMPLEMENTED = 501; const BAD_GATEWAY = 502; const SERVICE_UNAVAILABLE = 503; const GATEWAY_TIMEOUT = 504; const HTTP_VERSION_NOT_SUPPORTED = 505; const VARIANT_ALSO_NEGOTIATES = 506; const INSUFFICIENT_STORAGE = 507; const NOT_EXTENDED = 510; const NETWORK_AUTHENTICATION_REQUIRED = 511; /** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', 'PUT', 'DELETE', * 'TRACE', 'OPTIONS', or 'PATCH'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type float $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports. * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through wp_http_validate_url(). * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string $sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be dropped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error { * Array of response data, or a WP_Error instance upon error. * * @type \WpOrg\Requests\Utility\CaseInsensitiveDictionary $headers Response headers keyed by name. * @type string $body Response body. * @type array $response { * Array of HTTP response data. * * @type int|false $code HTTP response status code. * @type string|false $message HTTP response message. * } * @type WP_HTTP_Cookie[] $cookies Array of cookies set by the server. * @type string|null $filename Optional. Filename of the response. * @type WP_HTTP_Requests_Response|null $http_response Response object. * } */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', /** * Filters the timeout value for an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param float $timeout_value Time in seconds until a request times out. Default 5. * @param string $url The request URL. */ 'timeout' => apply_filters( 'http_request_timeout', 5, $url ), /** * Filters the number of redirects allowed during an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param int $redirect_count Number of redirects allowed. Default 5. * @param string $url The request URL. */ 'redirection' => apply_filters( 'http_request_redirection_count', 5, $url ), /** * Filters the version of the HTTP protocol used in a request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $version Version of HTTP used. Accepts '1.0' and '1.1'. Default '1.0'. * @param string $url The request URL. */ 'httpversion' => apply_filters( 'http_request_version', '1.0', $url ), /** * Filters the user agent value sent with an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $user_agent WordPress user agent string. * @param string $url The request URL. */ 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $url ), /** * Filters whether to pass URLs through wp_http_validate_url() in an HTTP request. * * @since 3.6.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $pass_url Whether to pass URLs through wp_http_validate_url(). Default false. * @param string $url The request URL. */ 'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false, $url ), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null, ); // Pre-parse for the HEAD checks. $args = wp_parse_args( $args ); // By default, HEAD requests do not cause redirections. if ( isset( $args['method'] ) && 'HEAD' === $args['method'] ) { $defaults['redirection'] = 0; } $parsed_args = wp_parse_args( $args, $defaults ); /** * Filters the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $parsed_args An array of HTTP request arguments. * @param string $url The request URL. */ $parsed_args = apply_filters( 'http_request_args', $parsed_args, $url ); // The transports decrement this, store a copy of the original value for loop purposes. if ( ! isset( $parsed_args['_redirection'] ) ) { $parsed_args['_redirection'] = $parsed_args['redirection']; } /** * Filters the preemptive return value of an HTTP request. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return one of: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - Boolean false to avoid short-circuiting the response * * Returning any other value may result in unexpected behavior. * * @since 2.9.0 * * @param false|array|WP_Error $response A preemptive return value of an HTTP request. Default false. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters( 'pre_http_request', false, $parsed_args, $url ); if ( false !== $pre ) { return $pre; } if ( function_exists( 'wp_kses_bad_protocol' ) ) { if ( $parsed_args['reject_unsafe_urls'] ) { $url = wp_http_validate_url( $url ); } if ( $url ) { $url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) ); } } $parsed_url = parse_url( $url ); if ( empty( $url ) || empty( $parsed_url['scheme'] ) ) { $response = new WP_Error( 'http_request_failed', __( 'A valid URL was not provided.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } if ( $this->block_request( $url ) ) { $response = new WP_Error( 'http_request_not_executed', __( 'User has blocked requests through HTTP.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } // If we are streaming to a file but no filename was given drop it in the WP temp dir // and pick its name using the basename of the $url. if ( $parsed_args['stream'] ) { if ( empty( $parsed_args['filename'] ) ) { $parsed_args['filename'] = get_temp_dir() . basename( $url ); } // Force some settings if we are streaming to a file and check for existence // and perms of destination directory. $parsed_args['blocking'] = true; if ( ! wp_is_writable( dirname( $parsed_args['filename'] ) ) ) { $response = new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } } if ( is_null( $parsed_args['headers'] ) ) { $parsed_args['headers'] = array(); } // WP allows passing in headers as a string, weirdly. if ( ! is_array( $parsed_args['headers'] ) ) { $processed_headers = self::processHeaders( $parsed_args['headers'] ); $parsed_args['headers'] = $processed_headers['headers']; } // Setup arguments. $headers = $parsed_args['headers']; $data = $parsed_args['body']; $type = $parsed_args['method']; $options = array( 'timeout' => $parsed_args['timeout'], 'useragent' => $parsed_args['user-agent'], 'blocking' => $parsed_args['blocking'], 'hooks' => new WP_HTTP_Requests_Hooks( $url, $parsed_args ), ); // Ensure redirects follow browser behavior. $options['hooks']->register( 'requests.before_redirect', array( static::class, 'browser_redirect_compatibility' ) ); // Validate redirected URLs. if ( function_exists( 'wp_kses_bad_protocol' ) && $parsed_args['reject_unsafe_urls'] ) { $options['hooks']->register( 'requests.before_redirect', array( static::class, 'validate_redirects' ) ); } if ( $parsed_args['stream'] ) { $options['filename'] = $parsed_args['filename']; } if ( empty( $parsed_args['redirection'] ) ) { $options['follow_redirects'] = false; } else { $options['redirects'] = $parsed_args['redirection']; } // Use byte limit, if we can. if ( isset( $parsed_args['limit_response_size'] ) ) { $options['max_bytes'] = $parsed_args['limit_response_size']; } // If we've got cookies, use and convert them to WpOrg\Requests\Cookie. if ( ! empty( $parsed_args['cookies'] ) ) { $options['cookies'] = self::normalize_cookies( $parsed_args['cookies'] ); } // SSL certificate handling. if ( ! $parsed_args['sslverify'] ) { $options['verify'] = false; $options['verifyname'] = false; } else { $options['verify'] = $parsed_args['sslcertificates']; } // All non-GET/HEAD requests should put the arguments in the form body. if ( 'HEAD' !== $type && 'GET' !== $type ) { $options['data_format'] = 'body'; } /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection * or path to an SSL certificate. * @param string $url The request URL. */ $options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'], $url ); // Check for proxies. $proxy = new WP_HTTP_Proxy(); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $options['proxy'] = new WpOrg\Requests\Proxy\Http( $proxy->host() . ':' . $proxy->port() ); if ( $proxy->use_authentication() ) { $options['proxy']->use_authentication = true; $options['proxy']->user = $proxy->username(); $options['proxy']->pass = $proxy->password(); } } // Avoid issues where mbstring.func_overload is enabled. mbstring_binary_safe_encoding(); try { $requests_response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options ); // Convert the response into an array. $http_response = new WP_HTTP_Requests_Response( $requests_response, $parsed_args['filename'] ); $response = $http_response->to_array(); // Add the original object to the array. $response['http_response'] = $http_response; } catch ( WpOrg\Requests\Exception $e ) { $response = new WP_Error( 'http_request_failed', $e->getMessage() ); } reset_mbstring_encoding(); /** * Fires after an HTTP API response is received and before the response is returned. * * @since 2.8.0 * * @param array|WP_Error $response HTTP response or WP_Error object. * @param string $context Context under which the hook is fired. * @param string $class HTTP transport used. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); if ( is_wp_error( $response ) ) { return $response; } if ( ! $parsed_args['blocking'] ) { return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), 'http_response' => null, ); } /** * Filters a successful HTTP API response immediately before the response is returned. * * @since 2.9.0 * * @param array $response HTTP response. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ return apply_filters( 'http_response', $response, $parsed_args, $url ); } /** * Normalizes cookies for using in Requests. * * @since 4.6.0 * * @param array $cookies Array of cookies to send with the request. * @return WpOrg\Requests\Cookie\Jar Cookie holder object. */ public static function normalize_cookies( $cookies ) { $cookie_jar = new WpOrg\Requests\Cookie\Jar(); foreach ( $cookies as $name => $value ) { if ( $value instanceof WP_Http_Cookie ) { $attributes = array_filter( $value->get_attributes(), static function ( $attr ) { return null !== $attr; } ); $cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) ); } elseif ( is_scalar( $value ) ) { $cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value ); } } return $cookie_jar; } /** * Match redirect behavior to browser handling. * * Changes 302 redirects from POST to GET to match browser handling. Per * RFC 7231, user agents can deviate from the strict reading of the * specification for compatibility purposes. * * @since 4.6.0 * * @param string $location URL to redirect to. * @param array $headers Headers for the redirect. * @param string|array $data Body to send with the request. * @param array $options Redirect request options. * @param WpOrg\Requests\Response $original Response object. */ public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) { // Browser compatibility. if ( 302 === $original->status_code ) { $options['type'] = WpOrg\Requests\Requests::GET; } } /** * Validate redirected URLs. * * @since 4.7.5 * * @throws WpOrg\Requests\Exception On unsuccessful URL validation. * @param string $location URL to redirect to. */ public static function validate_redirects( $location ) { if ( ! wp_http_validate_url( $location ) ) { throw new WpOrg\Requests\Exception( __( 'A valid URL was not provided.' ), 'wp_http.redirect_failed_validation' ); } } /** * Tests which transports are capable of supporting the request. * * @since 3.2.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * @see WpOrg\Requests\Requests::get_transport_class() * * @param array $args Request arguments. * @param string $url URL to request. * @return string|false Class name for the first transport that claims to support the request. * False if no transport claims to support the request. */ public function _get_first_available_transport( $args, $url = null ) { $transports = array( 'curl', 'streams' ); /** * Filters which HTTP transports are available and in what order. * * @since 3.7.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * * @param string[] $transports Array of HTTP transports to check. Default array contains * 'curl' and 'streams', in that order. * @param array $args HTTP request arguments. * @param string $url The URL to request. */ $request_order = apply_filters_deprecated( 'http_api_transports', array( $transports, $args, $url ), '6.4.0' ); // Loop over each transport on each HTTP request looking for one which will serve this request's needs. foreach ( $request_order as $transport ) { if ( in_array( $transport, $transports, true ) ) { $transport = ucfirst( $transport ); } $class = 'WP_Http_' . $transport; // Check to see if this transport is a possibility, calls the transport statically. if ( ! call_user_func( array( $class, 'test' ), $args, $url ) ) { continue; } return $class; } return false; } /** * Dispatches a HTTP request to a supporting transport. * * Tests each transport in order to find a transport which matches the request arguments. * Also caches the transport instance to be used later. * * The order for requests is cURL, and then PHP Streams. * * @since 3.2.0 * @deprecated 5.1.0 Use WP_Http::request() * @see WP_Http::request() * * @param string $url URL to request. * @param array $args Request arguments. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ private function _dispatch_request( $url, $args ) { static $transports = array(); $class = $this->_get_first_available_transport( $args, $url ); if ( ! $class ) { return new WP_Error( 'http_failure', __( 'There are no HTTP transports available which can complete the requested request.' ) ); } // Transport claims to support request, instantiate it and give it a whirl. if ( empty( $transports[ $class ] ) ) { $transports[ $class ] = new $class(); } $response = $transports[ $class ]->request( $url, $args ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', $class, $args, $url ); if ( is_wp_error( $response ) ) { return $response; } /** This filter is documented in wp-includes/class-wp-http.php */ return apply_filters( 'http_response', $response, $args, $url ); } /** * Uses the POST HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function post( $url, $args = array() ) { $defaults = array( 'method' => 'POST' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the GET HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function get( $url, $args = array() ) { $defaults = array( 'method' => 'GET' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the HEAD HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function head( $url, $args = array() ) { $defaults = array( 'method' => 'HEAD' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Parses the responses and splits the parts into headers and body. * * @since 2.7.0 * * @param string $response The full response string. * @return array { * Array with response headers and body. * * @type string $headers HTTP response headers. * @type string $body HTTP response body. * } */ public static function processResponse( $response ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid $response = explode( "\r\n\r\n", $response, 2 ); return array( 'headers' => $response[0], 'body' => isset( $response[1] ) ? $response[1] : '', ); } /** * Transforms header string into an array. * * @since 2.7.0 * * @param string|array $headers The original headers. If a string is passed, it will be converted * to an array. If an array is passed, then it is assumed to be * raw header data with numeric keys with the headers as the values. * No headers must be passed that were already processed. * @param string $url Optional. The URL that was requested. Default empty. * @return array { * Processed string headers. If duplicate headers are encountered, * then a numbered array is returned as the value of that header-key. * * @type array $response { * @type int $code The response status code. Default 0. * @type string $message The response message. Default empty. * } * @type array $newheaders The processed header data as a multidimensional array. * @type WP_Http_Cookie[] $cookies If the original headers contain the 'Set-Cookie' key, * an array containing `WP_Http_Cookie` objects is returned. * } */ public static function processHeaders( $headers, $url = '' ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // Split headers, one per array element. if ( is_string( $headers ) ) { // Tolerate line terminator: CRLF = LF (RFC 2616 19.3). $headers = str_replace( "\r\n", "\n", $headers ); /* * Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>, * <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2). */ $headers = preg_replace( '/\n[ \t]/', ' ', $headers ); // Create the headers array. $headers = explode( "\n", $headers ); } $response = array( 'code' => 0, 'message' => '', ); /* * If a redirection has taken place, The headers for each page request may have been passed. * In this case, determine the final HTTP header and parse from there. */ for ( $i = count( $headers ) - 1; $i >= 0; $i-- ) { if ( ! empty( $headers[ $i ] ) && ! str_contains( $headers[ $i ], ':' ) ) { $headers = array_splice( $headers, $i ); break; } } $cookies = array(); $newheaders = array(); foreach ( (array) $headers as $tempheader ) { if ( empty( $tempheader ) ) { continue; } if ( ! str_contains( $tempheader, ':' ) ) { $stack = explode( ' ', $tempheader, 3 ); $stack[] = ''; list( , $response['code'], $response['message']) = $stack; continue; } list($key, $value) = explode( ':', $tempheader, 2 ); $key = strtolower( $key ); $value = trim( $value ); if ( isset( $newheaders[ $key ] ) ) { if ( ! is_array( $newheaders[ $key ] ) ) { $newheaders[ $key ] = array( $newheaders[ $key ] ); } $newheaders[ $key ][] = $value; } else { $newheaders[ $key ] = $value; } if ( 'set-cookie' === $key ) { $cookies[] = new WP_Http_Cookie( $value, $url ); } } // Cast the Response Code to an int. $response['code'] = (int) $response['code']; return array( 'response' => $response, 'headers' => $newheaders, 'cookies' => $cookies, ); } /** * Takes the arguments for a ::request() and checks for the cookie array. * * If it's found, then it upgrades any basic name => value pairs to WP_Http_Cookie instances, * which are each parsed into strings and added to the Cookie: header (within the arguments array). * Edits the array by reference. * * @since 2.8.0 * * @param array $r Full array of args passed into ::request() */ public static function buildCookieHeader( &$r ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! empty( $r['cookies'] ) ) { // Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances. foreach ( $r['cookies'] as $name => $value ) { if ( ! is_object( $value ) ) { $r['cookies'][ $name ] = new WP_Http_Cookie( array( 'name' => $name, 'value' => $value, ) ); } } $cookies_header = ''; foreach ( (array) $r['cookies'] as $cookie ) { $cookies_header .= $cookie->getHeaderValue() . '; '; } $cookies_header = substr( $cookies_header, 0, -2 ); $r['headers']['cookie'] = $cookies_header; } } /** * Decodes chunk transfer-encoding, based off the HTTP 1.1 specification. * * Based off the HTTP http_encoding_dechunk function. * * @link https://tools.ietf.org/html/rfc2616#section-19.4.6 Process for chunked decoding. * * @since 2.7.0 * * @param string $body Body content. * @return string Chunked decoded body on success or raw body on failure. */ public static function chunkTransferDecode( $body ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // The body is not chunked encoded or is malformed. if ( ! preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', trim( $body ) ) ) { return $body; } $parsed_body = ''; // We'll be altering $body, so need a backup in case of error. $body_original = $body; while ( true ) { $has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match ); if ( ! $has_chunk || empty( $match[1] ) ) { return $body_original; } $length = hexdec( $match[1] ); $chunk_length = strlen( $match[0] ); // Parse out the chunk of data. $parsed_body .= substr( $body, $chunk_length, $length ); // Remove the chunk from the raw data. $body = substr( $body, $length + $chunk_length ); // End of the document. if ( '0' === trim( $body ) ) { return $parsed_body; } } } /** * Determines whether an HTTP API request to the given URL should be blocked. * * Those who are behind a proxy and want to prevent access to certain hosts may do so. This will * prevent plugins from working and core functionality, if you don't include `api.wordpress.org`. * * You block external URL requests by defining `WP_HTTP_BLOCK_EXTERNAL` as true in your `wp-config.php` * file and this will only allow localhost and your site to make requests. The constant * `WP_ACCESSIBLE_HOSTS` will allow additional hosts to go through for requests. The format of the * `WP_ACCESSIBLE_HOSTS` constant is a comma separated list of hostnames to allow, wildcard domains * are supported, eg `*.wordpress.org` will allow for all subdomains of `wordpress.org` to be contacted. * * @since 2.8.0 * * @link https://core.trac.wordpress.org/ticket/8927 Allow preventing external requests. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_ACCESSIBLE_HOSTS * * @param string $uri URI of url. * @return bool True to block, false to allow. */ public function block_request( $uri ) { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) { return false; } $check = parse_url( $uri ); if ( ! $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * * A local request is one to `localhost` or to the same host as the site itself. * * @since 2.8.0 * * @param bool $block Whether to block local requests. Default false. */ return apply_filters( 'block_local_requests', false ); } if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) { return true; } static $accessible_hosts = null; static $wildcard_regex = array(); if ( null === $accessible_hosts ) { $accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS ); if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $accessible_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it. } } /** * Used as a wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7. * * @deprecated 4.4.0 Use wp_parse_url() * @see wp_parse_url() * * @param string $url The URL to parse. * @return bool|array False on failure; Array of URL components on success; * See parse_url()'s return values. */ protected static function parse_url( $url ) { _deprecated_function( __METHOD__, '4.4.0', 'wp_parse_url()' ); return wp_parse_url( $url ); } /** * Converts a relative URL to an absolute URL relative to a given URL. * * If an Absolute URL is provided, no processing of that URL is done. * * @since 3.4.0 * * @param string $maybe_relative_path The URL which might be relative. * @param string $url The URL which $maybe_relative_path is relative to. * @return string An Absolute URL, in a failure condition where the URL cannot be parsed, the relative URL will be returned. */ public static function make_absolute_url( $maybe_relative_path, $url ) { if ( empty( $url ) ) { return $maybe_relative_path; } $url_parts = wp_parse_url( $url ); if ( ! $url_parts ) { return $maybe_relative_path; } $relative_url_parts = wp_parse_url( $maybe_relative_path ); if ( ! $relative_url_parts ) { return $maybe_relative_path; } // Check for a scheme on the 'relative' URL. if ( ! empty( $relative_url_parts['scheme'] ) ) { return $maybe_relative_path; } $absolute_path = $url_parts['scheme'] . '://'; // Schemeless URLs will make it this far, so we check for a host in the relative URL // and convert it to a protocol-URL. if ( isset( $relative_url_parts['host'] ) ) { $absolute_path .= $relative_url_parts['host']; if ( isset( $relative_url_parts['port'] ) ) { $absolute_path .= ':' . $relative_url_parts['port']; } } else { $absolute_path .= $url_parts['host']; if ( isset( $url_parts['port'] ) ) { $absolute_path .= ':' . $url_parts['port']; } } // Start off with the absolute URL path. $path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/'; // If it's a root-relative path, then great. if ( ! empty( $relative_url_parts['path'] ) && '/' === $relative_url_parts['path'][0] ) { $path = $relative_url_parts['path']; // Else it's a relative path. } elseif ( ! empty( $relative_url_parts['path'] ) ) { // Strip off any file components from the absolute path. $path = substr( $path, 0, strrpos( $path, '/' ) + 1 ); // Build the new path. $path .= $relative_url_parts['path']; // Strip all /path/../ out of the path. while ( strpos( $path, '../' ) > 1 ) { $path = preg_replace( '![^/]+/\.\./!', '', $path ); } // Strip any final leading ../ from the path. $path = preg_replace( '!^/(\.\./)+!', '', $path ); } // Add the query string. if ( ! empty( $relative_url_parts['query'] ) ) { $path .= '?' . $relative_url_parts['query']; } // Add the fragment. if ( ! empty( $relative_url_parts['fragment'] ) ) { $path .= '#' . $relative_url_parts['fragment']; } return $absolute_path . '/' . ltrim( $path, '/' ); } /** * Handles an HTTP redirect and follows it if appropriate. * * @since 3.7.0 * * @param string $url The URL which was requested. * @param array $args The arguments which were used to make the request. * @param array $response The response of the HTTP request. * @return array|false|WP_Error An HTTP API response array if the redirect is successfully followed, * false if no redirect is present, or a WP_Error object if there's an error. */ public static function handle_redirects( $url, $args, $response ) { // If no redirects are present, or, redirects were not requested, perform no action. if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) { return false; } // Only perform redirections on redirection http codes. if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) { return false; } // Don't redirect if we've run out of redirects. if ( $args['redirection']-- <= 0 ) { return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) ); } $redirect_location = $response['headers']['location']; // If there were multiple Location headers, use the last header specified. if ( is_array( $redirect_location ) ) { $redirect_location = array_pop( $redirect_location ); } $redirect_location = self::make_absolute_url( $redirect_location, $url ); // POST requests should not POST to a redirected location. if ( 'POST' === $args['method'] ) { if ( in_array( $response['response']['code'], array( 302, 303 ), true ) ) { $args['method'] = 'GET'; } } // Include valid cookies in the redirect process. if ( ! empty( $response['cookies'] ) ) { foreach ( $response['cookies'] as $cookie ) { if ( $cookie->test( $redirect_location ) ) { $args['cookies'][] = $cookie; } } } return wp_remote_request( $redirect_location, $args ); } /** * Determines if a specified string represents an IP address or not. * * This function also detects the type of the IP address, returning either * '4' or '6' to represent an IPv4 and IPv6 address respectively. * This does not verify if the IP is a valid IP, only that it appears to be * an IP address. * * @link http://home.deds.nl/~aeron/regex/ for IPv6 regex. * * @since 3.7.0 * * @param string $maybe_ip A suspected IP address. * @return int|false Upon success, '4' or '6' to represent an IPv4 or IPv6 address, false upon failure. */ public static function is_ip_address( $maybe_ip ) { if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $maybe_ip ) ) { return 4; } if ( str_contains( $maybe_ip, ':' ) && preg_match( '/^(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})$/i', trim( $maybe_ip, ' []' ) ) ) { return 6; } return false; } } HTTP/https-migration-20260606015806.php 0000666 00000011205 15226703613 0012564 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605100915.php 0000666 00000011205 15226703613 0012557 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605190434.php 0000666 00000013341 15226703613 0012554 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606083005-20260610205720.php 0000666 00000013341 15226703613 0014126 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605171945.php 0000666 00000011205 15226703613 0012572 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-customize-widgets.php 0000666 00000215637 15226703613 0013300 0 ustar 00 <?php /** * WordPress Customize Widgets classes * * @package WordPress * @subpackage Customize * @since 3.9.0 */ /** * Customize Widgets class. * * Implements widget management in the Customizer. * * @since 3.9.0 * * @see WP_Customize_Manager */ #[AllowDynamicProperties] final class WP_Customize_Widgets { /** * WP_Customize_Manager instance. * * @since 3.9.0 * @var WP_Customize_Manager */ public $manager; /** * All id_bases for widgets defined in core. * * @since 3.9.0 * @var array */ protected $core_widget_id_bases = array( 'archives', 'calendar', 'categories', 'custom_html', 'links', 'media_audio', 'media_image', 'media_video', 'meta', 'nav_menu', 'pages', 'recent-comments', 'recent-posts', 'rss', 'search', 'tag_cloud', 'text', ); /** * @since 3.9.0 * @var array */ protected $rendered_sidebars = array(); /** * @since 3.9.0 * @var array */ protected $rendered_widgets = array(); /** * @since 3.9.0 * @var array */ protected $old_sidebars_widgets = array(); /** * Mapping of widget ID base to whether it supports selective refresh. * * @since 4.5.0 * @var array */ protected $selective_refreshable_widgets; /** * Mapping of setting type to setting ID pattern. * * @since 4.2.0 * @var array */ protected $setting_id_patterns = array( 'widget_instance' => '/^widget_(?P<id_base>.+?)(?:\[(?P<widget_number>\d+)\])?$/', 'sidebar_widgets' => '/^sidebars_widgets\[(?P<sidebar_id>.+?)\]$/', ); /** * Initial loader. * * @since 3.9.0 * * @param WP_Customize_Manager $manager Customizer bootstrap instance. */ public function __construct( $manager ) { $this->manager = $manager; // See https://github.com/xwp/wp-customize-snapshots/blob/962586659688a5b1fd9ae93618b7ce2d4e7a421c/php/class-customize-snapshot-manager.php#L420-L449 add_filter( 'customize_dynamic_setting_args', array( $this, 'filter_customize_dynamic_setting_args' ), 10, 2 ); add_action( 'widgets_init', array( $this, 'register_settings' ), 95 ); add_action( 'customize_register', array( $this, 'schedule_customize_register' ), 1 ); // Skip remaining hooks when the user can't manage widgets anyway. if ( ! current_user_can( 'edit_theme_options' ) ) { return; } add_action( 'wp_loaded', array( $this, 'override_sidebars_widgets_for_theme_switch' ) ); add_action( 'customize_controls_init', array( $this, 'customize_controls_init' ) ); add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_scripts' ) ); add_action( 'customize_controls_print_styles', array( $this, 'print_styles' ) ); add_action( 'customize_controls_print_scripts', array( $this, 'print_scripts' ) ); add_action( 'customize_controls_print_footer_scripts', array( $this, 'print_footer_scripts' ) ); add_action( 'customize_controls_print_footer_scripts', array( $this, 'output_widget_control_templates' ) ); add_action( 'customize_preview_init', array( $this, 'customize_preview_init' ) ); add_filter( 'customize_refresh_nonces', array( $this, 'refresh_nonces' ) ); add_filter( 'should_load_block_editor_scripts_and_styles', array( $this, 'should_load_block_editor_scripts_and_styles' ) ); add_action( 'dynamic_sidebar', array( $this, 'tally_rendered_widgets' ) ); add_filter( 'is_active_sidebar', array( $this, 'tally_sidebars_via_is_active_sidebar_calls' ), 10, 2 ); add_filter( 'dynamic_sidebar_has_widgets', array( $this, 'tally_sidebars_via_dynamic_sidebar_calls' ), 10, 2 ); // Selective Refresh. add_filter( 'customize_dynamic_partial_args', array( $this, 'customize_dynamic_partial_args' ), 10, 2 ); add_action( 'customize_preview_init', array( $this, 'selective_refresh_init' ) ); } /** * List whether each registered widget can be use selective refresh. * * If the theme does not support the customize-selective-refresh-widgets feature, * then this will always return an empty array. * * @since 4.5.0 * * @global WP_Widget_Factory $wp_widget_factory * * @return array Mapping of id_base to support. If theme doesn't support * selective refresh, an empty array is returned. */ public function get_selective_refreshable_widgets() { global $wp_widget_factory; if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return array(); } if ( ! isset( $this->selective_refreshable_widgets ) ) { $this->selective_refreshable_widgets = array(); foreach ( $wp_widget_factory->widgets as $wp_widget ) { $this->selective_refreshable_widgets[ $wp_widget->id_base ] = ! empty( $wp_widget->widget_options['customize_selective_refresh'] ); } } return $this->selective_refreshable_widgets; } /** * Determines if a widget supports selective refresh. * * @since 4.5.0 * * @param string $id_base Widget ID Base. * @return bool Whether the widget can be selective refreshed. */ public function is_widget_selective_refreshable( $id_base ) { $selective_refreshable_widgets = $this->get_selective_refreshable_widgets(); return ! empty( $selective_refreshable_widgets[ $id_base ] ); } /** * Retrieves the widget setting type given a setting ID. * * @since 4.2.0 * * @param string $setting_id Setting ID. * @return string|void Setting type. */ protected function get_setting_type( $setting_id ) { static $cache = array(); if ( isset( $cache[ $setting_id ] ) ) { return $cache[ $setting_id ]; } foreach ( $this->setting_id_patterns as $type => $pattern ) { if ( preg_match( $pattern, $setting_id ) ) { $cache[ $setting_id ] = $type; return $type; } } } /** * Inspects the incoming customized data for any widget settings, and dynamically adds * them up-front so widgets will be initialized properly. * * @since 4.2.0 */ public function register_settings() { $widget_setting_ids = array(); $incoming_setting_ids = array_keys( $this->manager->unsanitized_post_values() ); foreach ( $incoming_setting_ids as $setting_id ) { if ( ! is_null( $this->get_setting_type( $setting_id ) ) ) { $widget_setting_ids[] = $setting_id; } } if ( $this->manager->doing_ajax( 'update-widget' ) && isset( $_REQUEST['widget-id'] ) ) { $widget_setting_ids[] = $this->get_setting_id( wp_unslash( $_REQUEST['widget-id'] ) ); } $settings = $this->manager->add_dynamic_settings( array_unique( $widget_setting_ids ) ); if ( $this->manager->settings_previewed() ) { foreach ( $settings as $setting ) { $setting->preview(); } } } /** * Determines the arguments for a dynamically-created setting. * * @since 4.2.0 * * @param false|array $args The arguments to the WP_Customize_Setting constructor. * @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`. * @return array|false Setting arguments, false otherwise. */ public function filter_customize_dynamic_setting_args( $args, $setting_id ) { if ( $this->get_setting_type( $setting_id ) ) { $args = $this->get_setting_args( $setting_id ); } return $args; } /** * Retrieves an unslashed post value or return a default. * * @since 3.9.0 * * @param string $name Post value. * @param mixed $default_value Default post value. * @return mixed Unslashed post value or default value. */ protected function get_post_value( $name, $default_value = null ) { if ( ! isset( $_POST[ $name ] ) ) { return $default_value; } return wp_unslash( $_POST[ $name ] ); } /** * Override sidebars_widgets for theme switch. * * When switching a theme via the Customizer, supply any previously-configured * sidebars_widgets from the target theme as the initial sidebars_widgets * setting. Also store the old theme's existing settings so that they can * be passed along for storing in the sidebars_widgets theme_mod when the * theme gets switched. * * @since 3.9.0 * * @global array $sidebars_widgets * @global array $_wp_sidebars_widgets */ public function override_sidebars_widgets_for_theme_switch() { global $sidebars_widgets; if ( $this->manager->doing_ajax() || $this->manager->is_theme_active() ) { return; } $this->old_sidebars_widgets = wp_get_sidebars_widgets(); add_filter( 'customize_value_old_sidebars_widgets_data', array( $this, 'filter_customize_value_old_sidebars_widgets_data' ) ); $this->manager->set_post_value( 'old_sidebars_widgets_data', $this->old_sidebars_widgets ); // Override any value cached in changeset. // retrieve_widgets() looks at the global $sidebars_widgets. $sidebars_widgets = $this->old_sidebars_widgets; $sidebars_widgets = retrieve_widgets( 'customize' ); add_filter( 'option_sidebars_widgets', array( $this, 'filter_option_sidebars_widgets_for_theme_switch' ), 1 ); // Reset global cache var used by wp_get_sidebars_widgets(). unset( $GLOBALS['_wp_sidebars_widgets'] ); } /** * Filters old_sidebars_widgets_data Customizer setting. * * When switching themes, filter the Customizer setting old_sidebars_widgets_data * to supply initial $sidebars_widgets before they were overridden by retrieve_widgets(). * The value for old_sidebars_widgets_data gets set in the old theme's sidebars_widgets * theme_mod. * * @since 3.9.0 * * @see WP_Customize_Widgets::handle_theme_switch() * * @param array $old_sidebars_widgets * @return array */ public function filter_customize_value_old_sidebars_widgets_data( $old_sidebars_widgets ) { return $this->old_sidebars_widgets; } /** * Filters sidebars_widgets option for theme switch. * * When switching themes, the retrieve_widgets() function is run when the Customizer initializes, * and then the new sidebars_widgets here get supplied as the default value for the sidebars_widgets * option. * * @since 3.9.0 * * @see WP_Customize_Widgets::handle_theme_switch() * @global array $sidebars_widgets * * @param array $sidebars_widgets * @return array */ public function filter_option_sidebars_widgets_for_theme_switch( $sidebars_widgets ) { $sidebars_widgets = $GLOBALS['sidebars_widgets']; $sidebars_widgets['array_version'] = 3; return $sidebars_widgets; } /** * Ensures all widgets get loaded into the Customizer. * * Note: these actions are also fired in wp_ajax_update_widget(). * * @since 3.9.0 */ public function customize_controls_init() { /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/widgets.php */ do_action( 'sidebar_admin_setup' ); } /** * Ensures widgets are available for all types of previews. * * When in preview, hook to {@see 'customize_register'} for settings after WordPress is loaded * so that all filters have been initialized (e.g. Widget Visibility). * * @since 3.9.0 */ public function schedule_customize_register() { if ( is_admin() ) { $this->customize_register(); } else { add_action( 'wp', array( $this, 'customize_register' ) ); } } /** * Registers Customizer settings and controls for all sidebars and widgets. * * @since 3.9.0 * * @global array $wp_registered_widgets * @global array $wp_registered_widget_controls * @global array $wp_registered_sidebars */ public function customize_register() { global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_sidebars; $use_widgets_block_editor = wp_use_widgets_block_editor(); add_filter( 'sidebars_widgets', array( $this, 'preview_sidebars_widgets' ), 1 ); $sidebars_widgets = array_merge( array( 'wp_inactive_widgets' => array() ), array_fill_keys( array_keys( $wp_registered_sidebars ), array() ), wp_get_sidebars_widgets() ); $new_setting_ids = array(); /* * Register a setting for all widgets, including those which are active, * inactive, and orphaned since a widget may get suppressed from a sidebar * via a plugin (like Widget Visibility). */ foreach ( array_keys( $wp_registered_widgets ) as $widget_id ) { $setting_id = $this->get_setting_id( $widget_id ); $setting_args = $this->get_setting_args( $setting_id ); if ( ! $this->manager->get_setting( $setting_id ) ) { $this->manager->add_setting( $setting_id, $setting_args ); } $new_setting_ids[] = $setting_id; } /* * Add a setting which will be supplied for the theme's sidebars_widgets * theme_mod when the theme is switched. */ if ( ! $this->manager->is_theme_active() ) { $setting_id = 'old_sidebars_widgets_data'; $setting_args = $this->get_setting_args( $setting_id, array( 'type' => 'global_variable', 'dirty' => true, ) ); $this->manager->add_setting( $setting_id, $setting_args ); } $this->manager->add_panel( 'widgets', array( 'type' => 'widgets', 'title' => __( 'Widgets' ), 'description' => __( 'Widgets are independent sections of content that can be placed into widgetized areas provided by your theme (commonly called sidebars).' ), 'priority' => 110, 'active_callback' => array( $this, 'is_panel_active' ), 'auto_expand_sole_section' => true, 'theme_supports' => 'widgets', ) ); foreach ( $sidebars_widgets as $sidebar_id => $sidebar_widget_ids ) { if ( empty( $sidebar_widget_ids ) ) { $sidebar_widget_ids = array(); } $is_registered_sidebar = is_registered_sidebar( $sidebar_id ); $is_inactive_widgets = ( 'wp_inactive_widgets' === $sidebar_id ); $is_active_sidebar = ( $is_registered_sidebar && ! $is_inactive_widgets ); // Add setting for managing the sidebar's widgets. if ( $is_registered_sidebar || $is_inactive_widgets ) { $setting_id = sprintf( 'sidebars_widgets[%s]', $sidebar_id ); $setting_args = $this->get_setting_args( $setting_id ); if ( ! $this->manager->get_setting( $setting_id ) ) { if ( ! $this->manager->is_theme_active() ) { $setting_args['dirty'] = true; } $this->manager->add_setting( $setting_id, $setting_args ); } $new_setting_ids[] = $setting_id; // Add section to contain controls. $section_id = sprintf( 'sidebar-widgets-%s', $sidebar_id ); if ( $is_active_sidebar ) { $section_args = array( 'title' => $wp_registered_sidebars[ $sidebar_id ]['name'], 'priority' => array_search( $sidebar_id, array_keys( $wp_registered_sidebars ), true ), 'panel' => 'widgets', 'sidebar_id' => $sidebar_id, ); if ( $use_widgets_block_editor ) { $section_args['description'] = ''; } else { $section_args['description'] = $wp_registered_sidebars[ $sidebar_id ]['description']; } /** * Filters Customizer widget section arguments for a given sidebar. * * @since 3.9.0 * * @param array $section_args Array of Customizer widget section arguments. * @param string $section_id Customizer section ID. * @param int|string $sidebar_id Sidebar ID. */ $section_args = apply_filters( 'customizer_widgets_section_args', $section_args, $section_id, $sidebar_id ); $section = new WP_Customize_Sidebar_Section( $this->manager, $section_id, $section_args ); $this->manager->add_section( $section ); if ( $use_widgets_block_editor ) { $control = new WP_Sidebar_Block_Editor_Control( $this->manager, $setting_id, array( 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'label' => $section_args['title'], 'description' => $section_args['description'], ) ); } else { $control = new WP_Widget_Area_Customize_Control( $this->manager, $setting_id, array( 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'priority' => count( $sidebar_widget_ids ), // place 'Add Widget' and 'Reorder' buttons at end. ) ); } $this->manager->add_control( $control ); $new_setting_ids[] = $setting_id; } } if ( ! $use_widgets_block_editor ) { // Add a control for each active widget (located in a sidebar). foreach ( $sidebar_widget_ids as $i => $widget_id ) { // Skip widgets that may have gone away due to a plugin being deactivated. if ( ! $is_active_sidebar || ! isset( $wp_registered_widgets[ $widget_id ] ) ) { continue; } $registered_widget = $wp_registered_widgets[ $widget_id ]; $setting_id = $this->get_setting_id( $widget_id ); $id_base = $wp_registered_widget_controls[ $widget_id ]['id_base']; $control = new WP_Widget_Form_Customize_Control( $this->manager, $setting_id, array( 'label' => $registered_widget['name'], 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'widget_id' => $widget_id, 'widget_id_base' => $id_base, 'priority' => $i, 'width' => $wp_registered_widget_controls[ $widget_id ]['width'], 'height' => $wp_registered_widget_controls[ $widget_id ]['height'], 'is_wide' => $this->is_wide_widget( $widget_id ), ) ); $this->manager->add_control( $control ); } } } if ( $this->manager->settings_previewed() ) { foreach ( $new_setting_ids as $new_setting_id ) { $this->manager->get_setting( $new_setting_id )->preview(); } } } /** * Determines whether the widgets panel is active, based on whether there are sidebars registered. * * @since 4.4.0 * * @see WP_Customize_Panel::$active_callback * * @global array $wp_registered_sidebars * * @return bool Active. */ public function is_panel_active() { global $wp_registered_sidebars; return ! empty( $wp_registered_sidebars ); } /** * Converts a widget_id into its corresponding Customizer setting ID (option name). * * @since 3.9.0 * * @param string $widget_id Widget ID. * @return string Maybe-parsed widget ID. */ public function get_setting_id( $widget_id ) { $parsed_widget_id = $this->parse_widget_id( $widget_id ); $setting_id = sprintf( 'widget_%s', $parsed_widget_id['id_base'] ); if ( ! is_null( $parsed_widget_id['number'] ) ) { $setting_id .= sprintf( '[%d]', $parsed_widget_id['number'] ); } return $setting_id; } /** * Determines whether the widget is considered "wide". * * Core widgets which may have controls wider than 250, but can still be shown * in the narrow Customizer panel. The RSS and Text widgets in Core, for example, * have widths of 400 and yet they still render fine in the Customizer panel. * * This method will return all Core widgets as being not wide, but this can be * overridden with the {@see 'is_wide_widget_in_customizer'} filter. * * @since 3.9.0 * * @global array $wp_registered_widget_controls * * @param string $widget_id Widget ID. * @return bool Whether or not the widget is a "wide" widget. */ public function is_wide_widget( $widget_id ) { global $wp_registered_widget_controls; $parsed_widget_id = $this->parse_widget_id( $widget_id ); $width = $wp_registered_widget_controls[ $widget_id ]['width']; $is_core = in_array( $parsed_widget_id['id_base'], $this->core_widget_id_bases, true ); $is_wide = ( $width > 250 && ! $is_core ); /** * Filters whether the given widget is considered "wide". * * @since 3.9.0 * * @param bool $is_wide Whether the widget is wide, Default false. * @param string $widget_id Widget ID. */ return apply_filters( 'is_wide_widget_in_customizer', $is_wide, $widget_id ); } /** * Converts a widget ID into its id_base and number components. * * @since 3.9.0 * * @param string $widget_id Widget ID. * @return array Array containing a widget's id_base and number components. */ public function parse_widget_id( $widget_id ) { $parsed = array( 'number' => null, 'id_base' => null, ); if ( preg_match( '/^(.+)-(\d+)$/', $widget_id, $matches ) ) { $parsed['id_base'] = $matches[1]; $parsed['number'] = (int) $matches[2]; } else { // Likely an old single widget. $parsed['id_base'] = $widget_id; } return $parsed; } /** * Converts a widget setting ID (option path) to its id_base and number components. * * @since 3.9.0 * * @param string $setting_id Widget setting ID. * @return array|WP_Error Array containing a widget's id_base and number components, * or a WP_Error object. */ public function parse_widget_setting_id( $setting_id ) { if ( ! preg_match( '/^(widget_(.+?))(?:\[(\d+)\])?$/', $setting_id, $matches ) ) { return new WP_Error( 'widget_setting_invalid_id' ); } $id_base = $matches[2]; $number = isset( $matches[3] ) ? (int) $matches[3] : null; return compact( 'id_base', 'number' ); } /** * Calls admin_print_styles-widgets.php and admin_print_styles hooks to * allow custom styles from plugins. * * @since 3.9.0 */ public function print_styles() { /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_styles-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_styles' ); } /** * Calls admin_print_scripts-widgets.php and admin_print_scripts hooks to * allow custom scripts from plugins. * * @since 3.9.0 */ public function print_scripts() { /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_scripts' ); } /** * Enqueues scripts and styles for Customizer panel and export data to JavaScript. * * @since 3.9.0 * * @global WP_Scripts $wp_scripts * @global array $wp_registered_sidebars * @global array $wp_registered_widgets */ public function enqueue_scripts() { global $wp_scripts, $wp_registered_sidebars, $wp_registered_widgets; wp_enqueue_style( 'customize-widgets' ); wp_enqueue_script( 'customize-widgets' ); /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_enqueue_scripts', 'widgets.php' ); /* * Export available widgets with control_tpl removed from model * since plugins need templates to be in the DOM. */ $available_widgets = array(); foreach ( $this->get_available_widgets() as $available_widget ) { unset( $available_widget['control_tpl'] ); $available_widgets[] = $available_widget; } $widget_reorder_nav_tpl = sprintf( '<div class="widget-reorder-nav"><span class="move-widget" tabindex="0">%1$s</span><span class="move-widget-down" tabindex="0">%2$s</span><span class="move-widget-up" tabindex="0">%3$s</span></div>', __( 'Move to another area…' ), __( 'Move down' ), __( 'Move up' ) ); $move_widget_area_tpl = str_replace( array( '{description}', '{btn}' ), array( __( 'Select an area to move this widget into:' ), _x( 'Move', 'Move widget' ), ), '<div class="move-widget-area"> <p class="description">{description}</p> <ul class="widget-area-select"> <% _.each( sidebars, function ( sidebar ){ %> <li class="" data-id="<%- sidebar.id %>" tabindex="0"> <div><strong><%- sidebar.name %></strong></div> <div><%- sidebar.description %></div> </li> <% }); %> </ul> <div class="move-widget-actions"> <button class="move-widget-btn button" type="button">{btn}</button> </div> </div>' ); /* * Gather all strings in PHP that may be needed by JS on the client. * Once JS i18n is implemented (in #20491), this can be removed. */ $some_non_rendered_areas_messages = array(); $some_non_rendered_areas_messages[1] = html_entity_decode( __( 'Your theme has 1 other widget area, but this particular page does not display it.' ), ENT_QUOTES, get_bloginfo( 'charset' ) ); $registered_sidebar_count = count( $wp_registered_sidebars ); for ( $non_rendered_count = 2; $non_rendered_count < $registered_sidebar_count; $non_rendered_count++ ) { $some_non_rendered_areas_messages[ $non_rendered_count ] = html_entity_decode( sprintf( /* translators: %s: The number of other widget areas registered but not rendered. */ _n( 'Your theme has %s other widget area, but this particular page does not display it.', 'Your theme has %s other widget areas, but this particular page does not display them.', $non_rendered_count ), number_format_i18n( $non_rendered_count ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( 1 === $registered_sidebar_count ) { $no_areas_shown_message = html_entity_decode( sprintf( __( 'Your theme has 1 widget area, but this particular page does not display it.' ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } else { $no_areas_shown_message = html_entity_decode( sprintf( /* translators: %s: The total number of widget areas registered. */ _n( 'Your theme has %s widget area, but this particular page does not display it.', 'Your theme has %s widget areas, but this particular page does not display them.', $registered_sidebar_count ), number_format_i18n( $registered_sidebar_count ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } $settings = array( 'registeredSidebars' => array_values( $wp_registered_sidebars ), 'registeredWidgets' => $wp_registered_widgets, 'availableWidgets' => $available_widgets, // @todo Merge this with registered_widgets. 'l10n' => array( 'saveBtnLabel' => __( 'Apply' ), 'saveBtnTooltip' => __( 'Save and preview changes before publishing them.' ), 'removeBtnLabel' => __( 'Remove' ), 'removeBtnTooltip' => __( 'Keep widget settings and move it to the inactive widgets' ), 'error' => __( 'An error has occurred. Please reload the page and try again.' ), 'widgetMovedUp' => __( 'Widget moved up' ), 'widgetMovedDown' => __( 'Widget moved down' ), 'navigatePreview' => __( 'You can navigate to other pages on your site while using the Customizer to view and edit the widgets displayed on those pages.' ), 'someAreasShown' => $some_non_rendered_areas_messages, 'noAreasShown' => $no_areas_shown_message, 'reorderModeOn' => __( 'Reorder mode enabled' ), 'reorderModeOff' => __( 'Reorder mode closed' ), 'reorderLabelOn' => esc_attr__( 'Reorder widgets' ), /* translators: %d: The number of widgets found. */ 'widgetsFound' => __( 'Number of widgets found: %d' ), 'noWidgetsFound' => __( 'No widgets found.' ), ), 'tpl' => array( 'widgetReorderNav' => $widget_reorder_nav_tpl, 'moveWidgetArea' => $move_widget_area_tpl, ), 'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(), ); foreach ( $settings['registeredWidgets'] as &$registered_widget ) { unset( $registered_widget['callback'] ); // May not be JSON-serializable. } $wp_scripts->add_data( 'customize-widgets', 'data', sprintf( 'var _wpCustomizeWidgetsSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); /* * TODO: Update 'wp-customize-widgets' to not rely so much on things in * 'customize-widgets'. This will let us skip most of the above and not * enqueue 'customize-widgets' which saves bytes. */ if ( wp_use_widgets_block_editor() ) { $block_editor_context = new WP_Block_Editor_Context( array( 'name' => 'core/customize-widgets', ) ); $editor_settings = get_block_editor_settings( get_legacy_widget_block_editor_settings(), $block_editor_context ); wp_add_inline_script( 'wp-customize-widgets', sprintf( 'wp.domReady( function() { wp.customizeWidgets.initialize( "widgets-customizer", %s ); } );', wp_json_encode( $editor_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); // Preload server-registered block schemas. wp_add_inline_script( 'wp-blocks', 'wp.blocks.unstable__bootstrapServerSideBlockDefinitions(' . wp_json_encode( get_block_editor_server_block_settings(), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ');' ); // Preload server-registered block bindings sources. $registered_sources = get_all_registered_block_bindings_sources(); if ( ! empty( $registered_sources ) ) { $filtered_sources = array(); foreach ( $registered_sources as $source ) { $filtered_sources[] = array( 'name' => $source->name, 'label' => $source->label, 'usesContext' => $source->uses_context, ); } $script = sprintf( 'for ( const source of %s ) { wp.blocks.registerBlockBindingsSource( source ); }', wp_json_encode( $filtered_sources, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); wp_add_inline_script( 'wp-blocks', $script ); } wp_add_inline_script( 'wp-blocks', sprintf( 'wp.blocks.setCategories( %s );', wp_json_encode( get_block_categories( $block_editor_context ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); wp_enqueue_script( 'wp-customize-widgets' ); wp_enqueue_style( 'wp-customize-widgets' ); /** This action is documented in edit-form-blocks.php */ do_action( 'enqueue_block_editor_assets' ); } } /** * Renders the widget form control templates into the DOM. * * @since 3.9.0 */ public function output_widget_control_templates() { ?> <div id="widgets-left"><!-- compatibility with JS which looks for widget templates here --> <div id="available-widgets"> <div class="customize-section-title"> <button class="customize-section-back" tabindex="-1"> <span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Back' ); ?> </span> </button> <h3> <span class="customize-action"> <?php $panel = $this->manager->get_panel( 'widgets' ); $panel_title = isset( $panel->title ) ? $panel->title : __( 'Widgets' ); /* translators: ▸ is the unicode right-pointing triangle. %s: Section title in the Customizer. */ printf( __( 'Customizing ▸ %s' ), esc_html( $panel_title ) ); ?> </span> <?php _e( 'Add a Widget' ); ?> </h3> </div> <div id="available-widgets-filter"> <label for="widgets-search"> <?php /* translators: Hidden accessibility text. */ _e( 'Search Widgets' ); ?> </label> <input type="text" id="widgets-search" aria-describedby="widgets-search-desc" /> <div class="search-icon" aria-hidden="true"></div> <button type="button" class="clear-results"><span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Clear Results' ); ?> </span></button> <p class="screen-reader-text" id="widgets-search-desc"> <?php /* translators: Hidden accessibility text. */ _e( 'The search results will be updated as you type.' ); ?> </p> </div> <div id="available-widgets-list"> <?php foreach ( $this->get_available_widgets() as $available_widget ) : ?> <div id="widget-tpl-<?php echo esc_attr( $available_widget['id'] ); ?>" data-widget-id="<?php echo esc_attr( $available_widget['id'] ); ?>" class="widget-tpl <?php echo esc_attr( $available_widget['id'] ); ?>" tabindex="0"> <?php echo $available_widget['control_tpl']; ?> </div> <?php endforeach; ?> <p class="no-widgets-found-message"><?php _e( 'No widgets found.' ); ?></p> </div><!-- #available-widgets-list --> </div><!-- #available-widgets --> </div><!-- #widgets-left --> <?php } /** * Calls admin_print_footer_scripts and admin_print_scripts hooks to * allow custom scripts from plugins. * * @since 3.9.0 */ public function print_footer_scripts() { /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_print_footer_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_print_footer_scripts' ); /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_footer-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores } /** * Retrieves common arguments to supply when constructing a Customizer setting. * * @since 3.9.0 * * @param string $id Widget setting ID. * @param array $overrides Array of setting overrides. * @return array Possibly modified setting arguments. */ public function get_setting_args( $id, $overrides = array() ) { $args = array( 'type' => 'option', 'capability' => 'edit_theme_options', 'default' => array(), ); if ( preg_match( $this->setting_id_patterns['sidebar_widgets'], $id, $matches ) ) { $args['sanitize_callback'] = array( $this, 'sanitize_sidebar_widgets' ); $args['sanitize_js_callback'] = array( $this, 'sanitize_sidebar_widgets_js_instance' ); $args['transport'] = current_theme_supports( 'customize-selective-refresh-widgets' ) ? 'postMessage' : 'refresh'; } elseif ( preg_match( $this->setting_id_patterns['widget_instance'], $id, $matches ) ) { $id_base = $matches['id_base']; $args['sanitize_callback'] = function ( $value ) use ( $id_base ) { return $this->sanitize_widget_instance( $value, $id_base ); }; $args['sanitize_js_callback'] = function ( $value ) use ( $id_base ) { return $this->sanitize_widget_js_instance( $value, $id_base ); }; $args['transport'] = $this->is_widget_selective_refreshable( $matches['id_base'] ) ? 'postMessage' : 'refresh'; } $args = array_merge( $args, $overrides ); /** * Filters the common arguments supplied when constructing a Customizer setting. * * @since 3.9.0 * * @see WP_Customize_Setting * * @param array $args Array of Customizer setting arguments. * @param string $id Widget setting ID. */ return apply_filters( 'widget_customizer_setting_args', $args, $id ); } /** * Ensures sidebar widget arrays only ever contain widget IDS. * * Used as the 'sanitize_callback' for each $sidebars_widgets setting. * * @since 3.9.0 * * @param string[] $widget_ids Array of widget IDs. * @return string[] Array of sanitized widget IDs. */ public function sanitize_sidebar_widgets( $widget_ids ) { $widget_ids = array_map( 'strval', (array) $widget_ids ); $sanitized_widget_ids = array(); foreach ( $widget_ids as $widget_id ) { $sanitized_widget_ids[] = preg_replace( '/[^a-z0-9_\-]/', '', $widget_id ); } return $sanitized_widget_ids; } /** * Builds up an index of all available widgets for use in Backbone models. * * @since 3.9.0 * * @global array $wp_registered_widgets * @global array $wp_registered_widget_controls * * @see wp_list_widgets() * * @return array List of available widgets. */ public function get_available_widgets() { static $available_widgets = array(); if ( ! empty( $available_widgets ) ) { return $available_widgets; } global $wp_registered_widgets, $wp_registered_widget_controls; require_once ABSPATH . 'wp-admin/includes/widgets.php'; // For next_widget_id_number(). $sort = $wp_registered_widgets; usort( $sort, array( $this, '_sort_name_callback' ) ); $done = array(); foreach ( $sort as $widget ) { if ( in_array( $widget['callback'], $done, true ) ) { // We already showed this multi-widget. continue; } $sidebar = is_active_widget( $widget['callback'], $widget['id'], false, false ); $done[] = $widget['callback']; if ( ! isset( $widget['params'][0] ) ) { $widget['params'][0] = array(); } $available_widget = $widget; unset( $available_widget['callback'] ); // Not serializable to JSON. $args = array( 'widget_id' => $widget['id'], 'widget_name' => $widget['name'], '_display' => 'template', ); $is_disabled = false; $is_multi_widget = ( isset( $wp_registered_widget_controls[ $widget['id'] ]['id_base'] ) && isset( $widget['params'][0]['number'] ) ); if ( $is_multi_widget ) { $id_base = $wp_registered_widget_controls[ $widget['id'] ]['id_base']; $args['_temp_id'] = "$id_base-__i__"; $args['_multi_num'] = next_widget_id_number( $id_base ); $args['_add'] = 'multi'; } else { $args['_add'] = 'single'; if ( $sidebar && 'wp_inactive_widgets' !== $sidebar ) { $is_disabled = true; } $id_base = $widget['id']; } $list_widget_controls_args = wp_list_widget_controls_dynamic_sidebar( array( 0 => $args, 1 => $widget['params'][0], ) ); $control_tpl = $this->get_widget_control( $list_widget_controls_args ); // The properties here are mapped to the Backbone Widget model. $available_widget = array_merge( $available_widget, array( 'temp_id' => isset( $args['_temp_id'] ) ? $args['_temp_id'] : null, 'is_multi' => $is_multi_widget, 'control_tpl' => $control_tpl, 'multi_number' => ( 'multi' === $args['_add'] ) ? $args['_multi_num'] : false, 'is_disabled' => $is_disabled, 'id_base' => $id_base, 'transport' => $this->is_widget_selective_refreshable( $id_base ) ? 'postMessage' : 'refresh', 'width' => $wp_registered_widget_controls[ $widget['id'] ]['width'], 'height' => $wp_registered_widget_controls[ $widget['id'] ]['height'], 'is_wide' => $this->is_wide_widget( $widget['id'] ), ) ); $available_widgets[] = $available_widget; } return $available_widgets; } /** * Naturally orders available widgets by name. * * @since 3.9.0 * * @param array $widget_a The first widget to compare. * @param array $widget_b The second widget to compare. * @return int Reorder position for the current widget comparison. */ protected function _sort_name_callback( $widget_a, $widget_b ) { return strnatcasecmp( $widget_a['name'], $widget_b['name'] ); } /** * Retrieves the widget control markup. * * @since 3.9.0 * * @param array $args Widget control arguments. * @return string Widget control form HTML markup. */ public function get_widget_control( $args ) { $args[0]['before_form'] = '<div class="form">'; $args[0]['after_form'] = '</div><!-- .form -->'; $args[0]['before_widget_content'] = '<div class="widget-content">'; $args[0]['after_widget_content'] = '</div><!-- .widget-content -->'; ob_start(); wp_widget_control( ...$args ); $control_tpl = ob_get_clean(); return $control_tpl; } /** * Retrieves the widget control markup parts. * * @since 4.4.0 * * @param array $args Widget control arguments. * @return array { * @type string $control Markup for widget control wrapping form. * @type string $content The contents of the widget form itself. * } */ public function get_widget_control_parts( $args ) { $args[0]['before_widget_content'] = '<div class="widget-content">'; $args[0]['after_widget_content'] = '</div><!-- .widget-content -->'; $control_markup = $this->get_widget_control( $args ); $content_start_pos = strpos( $control_markup, $args[0]['before_widget_content'] ); $content_end_pos = strrpos( $control_markup, $args[0]['after_widget_content'] ); $control = substr( $control_markup, 0, $content_start_pos + strlen( $args[0]['before_widget_content'] ) ); $control .= substr( $control_markup, $content_end_pos ); $content = trim( substr( $control_markup, $content_start_pos + strlen( $args[0]['before_widget_content'] ), $content_end_pos - $content_start_pos - strlen( $args[0]['before_widget_content'] ) ) ); return compact( 'control', 'content' ); } /** * Adds hooks for the Customizer preview. * * @since 3.9.0 */ public function customize_preview_init() { add_action( 'wp_enqueue_scripts', array( $this, 'customize_preview_enqueue' ) ); add_action( 'wp_print_styles', array( $this, 'print_preview_css' ), 1 ); add_action( 'wp_footer', array( $this, 'export_preview_data' ), 20 ); } /** * Refreshes the nonce for widget updates. * * @since 4.2.0 * * @param array $nonces Array of nonces. * @return array Array of nonces. */ public function refresh_nonces( $nonces ) { $nonces['update-widget'] = wp_create_nonce( 'update-widget' ); return $nonces; } /** * Tells the script loader to load the scripts and styles of custom blocks * if the widgets block editor is enabled. * * @since 5.8.0 * * @param bool $is_block_editor_screen Current decision about loading block assets. * @return bool Filtered decision about loading block assets. */ public function should_load_block_editor_scripts_and_styles( $is_block_editor_screen ) { if ( wp_use_widgets_block_editor() ) { return true; } return $is_block_editor_screen; } /** * When previewing, ensures the proper previewing widgets are used. * * Because wp_get_sidebars_widgets() gets called early at {@see 'init' } (via * wp_convert_widget_settings()) and can set global variable `$_wp_sidebars_widgets` * to the value of `get_option( 'sidebars_widgets' )` before the Customizer preview * filter is added, it has to be reset after the filter has been added. * * @since 3.9.0 * * @param array $sidebars_widgets List of widgets for the current sidebar. * @return array */ public function preview_sidebars_widgets( $sidebars_widgets ) { $sidebars_widgets = get_option( 'sidebars_widgets', array() ); unset( $sidebars_widgets['array_version'] ); return $sidebars_widgets; } /** * Enqueues scripts for the Customizer preview. * * @since 3.9.0 */ public function customize_preview_enqueue() { wp_enqueue_script( 'customize-preview-widgets' ); } /** * Inserts default style for highlighted widget at early point so theme * stylesheet can override. * * @since 3.9.0 */ public function print_preview_css() { ?> <style> .widget-customizer-highlighted-widget { outline: none; -webkit-box-shadow: 0 0 2px rgba(30, 140, 190, 0.8); box-shadow: 0 0 2px rgba(30, 140, 190, 0.8); position: relative; z-index: 1; } </style> <?php } /** * Communicates the sidebars that appeared on the page at the very end of the page, * and at the very end of the wp_footer, * * @since 3.9.0 * * @global array $wp_registered_sidebars * @global array $wp_registered_widgets */ public function export_preview_data() { global $wp_registered_sidebars, $wp_registered_widgets; $switched_locale = switch_to_user_locale( get_current_user_id() ); $l10n = array( 'widgetTooltip' => __( 'Shift-click to edit this widget.' ), ); if ( $switched_locale ) { restore_previous_locale(); } $rendered_sidebars = array_filter( $this->rendered_sidebars ); $rendered_widgets = array_filter( $this->rendered_widgets ); // Prepare Customizer settings to pass to JavaScript. $settings = array( 'renderedSidebars' => array_fill_keys( array_keys( $rendered_sidebars ), true ), 'renderedWidgets' => array_fill_keys( array_keys( $rendered_widgets ), true ), 'registeredSidebars' => array_values( $wp_registered_sidebars ), 'registeredWidgets' => $wp_registered_widgets, 'l10n' => $l10n, 'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(), ); foreach ( $settings['registeredWidgets'] as &$registered_widget ) { unset( $registered_widget['callback'] ); // May not be JSON-serializable. } wp_print_inline_script_tag( sprintf( 'var _wpWidgetCustomizerPreviewSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) . "\n//# sourceURL=" . rawurlencode( __METHOD__ ) ); } /** * Tracks the widgets that were rendered. * * @since 3.9.0 * * @param array $widget Rendered widget to tally. */ public function tally_rendered_widgets( $widget ) { $this->rendered_widgets[ $widget['id'] ] = true; } /** * Determine if a widget is rendered on the page. * * @since 4.0.0 * * @param string $widget_id Widget ID to check. * @return bool Whether the widget is rendered. */ public function is_widget_rendered( $widget_id ) { return ! empty( $this->rendered_widgets[ $widget_id ] ); } /** * Determines if a sidebar is rendered on the page. * * @since 4.0.0 * * @param string $sidebar_id Sidebar ID to check. * @return bool Whether the sidebar is rendered. */ public function is_sidebar_rendered( $sidebar_id ) { return ! empty( $this->rendered_sidebars[ $sidebar_id ] ); } /** * Tallies the sidebars rendered via is_active_sidebar(). * * Keep track of the times that is_active_sidebar() is called in the template, * and assume that this means that the sidebar would be rendered on the template * if there were widgets populating it. * * @since 3.9.0 * * @param bool $is_active Whether the sidebar is active. * @param string $sidebar_id Sidebar ID. * @return bool Whether the sidebar is active. */ public function tally_sidebars_via_is_active_sidebar_calls( $is_active, $sidebar_id ) { if ( is_registered_sidebar( $sidebar_id ) ) { $this->rendered_sidebars[ $sidebar_id ] = true; } /* * We may need to force this to true, and also force-true the value * for 'dynamic_sidebar_has_widgets' if we want to ensure that there * is an area to drop widgets into, if the sidebar is empty. */ return $is_active; } /** * Tallies the sidebars rendered via dynamic_sidebar(). * * Keep track of the times that dynamic_sidebar() is called in the template, * and assume this means the sidebar would be rendered on the template if * there were widgets populating it. * * @since 3.9.0 * * @param bool $has_widgets Whether the current sidebar has widgets. * @param string $sidebar_id Sidebar ID. * @return bool Whether the current sidebar has widgets. */ public function tally_sidebars_via_dynamic_sidebar_calls( $has_widgets, $sidebar_id ) { if ( is_registered_sidebar( $sidebar_id ) ) { $this->rendered_sidebars[ $sidebar_id ] = true; } /* * We may need to force this to true, and also force-true the value * for 'is_active_sidebar' if we want to ensure there is an area to * drop widgets into, if the sidebar is empty. */ return $has_widgets; } /** * Retrieves MAC for a serialized widget instance string. * * Allows values posted back from JS to be rejected if any tampering of the * data has occurred. * * @since 3.9.0 * * @param string $serialized_instance Widget instance. * @return string MAC for serialized widget instance. */ protected function get_instance_hash_key( $serialized_instance ) { return wp_hash( $serialized_instance ); } /** * Sanitizes a widget instance. * * Unserialize the JS-instance for storing in the options. It's important that this filter * only get applied to an instance *once*. * * @since 3.9.0 * @since 5.8.0 Added the `$id_base` parameter. * * @global WP_Widget_Factory $wp_widget_factory * * @param array $value Widget instance to sanitize. * @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null. * @return array|void Sanitized widget instance. */ public function sanitize_widget_instance( $value, $id_base = null ) { global $wp_widget_factory; if ( array() === $value ) { return $value; } if ( isset( $value['raw_instance'] ) && $id_base && wp_use_widgets_block_editor() ) { $widget_object = $wp_widget_factory->get_widget_object( $id_base ); if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) { if ( 'block' === $id_base && ! current_user_can( 'unfiltered_html' ) ) { /* * The content of the 'block' widget is not filtered on the fly while editing. * Filter the content here to prevent vulnerabilities. */ $value['raw_instance']['content'] = wp_kses_post( $value['raw_instance']['content'] ); } return $value['raw_instance']; } } if ( empty( $value['is_widget_customizer_js_value'] ) || empty( $value['instance_hash_key'] ) || empty( $value['encoded_serialized_instance'] ) ) { return; } $decoded = base64_decode( $value['encoded_serialized_instance'], true ); if ( false === $decoded ) { return; } if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) { return; } $instance = unserialize( $decoded ); if ( false === $instance ) { return; } return $instance; } /** * Converts a widget instance into JSON-representable format. * * @since 3.9.0 * @since 5.8.0 Added the `$id_base` parameter. * * @global WP_Widget_Factory $wp_widget_factory * * @param array $value Widget instance to convert to JSON. * @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null. * @return array JSON-converted widget instance. */ public function sanitize_widget_js_instance( $value, $id_base = null ) { global $wp_widget_factory; if ( empty( $value['is_widget_customizer_js_value'] ) ) { $serialized = serialize( $value ); $js_value = array( 'encoded_serialized_instance' => base64_encode( $serialized ), 'title' => empty( $value['title'] ) ? '' : $value['title'], 'is_widget_customizer_js_value' => true, 'instance_hash_key' => $this->get_instance_hash_key( $serialized ), ); if ( $id_base && wp_use_widgets_block_editor() ) { $widget_object = $wp_widget_factory->get_widget_object( $id_base ); if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) { $js_value['raw_instance'] = (object) $value; } } return $js_value; } return $value; } /** * Strips out widget IDs for widgets which are no longer registered. * * One example where this might happen is when a plugin orphans a widget * in a sidebar upon deactivation. * * @since 3.9.0 * * @global array $wp_registered_widgets * * @param array $widget_ids List of widget IDs. * @return array Parsed list of widget IDs. */ public function sanitize_sidebar_widgets_js_instance( $widget_ids ) { global $wp_registered_widgets; $widget_ids = array_values( array_intersect( $widget_ids, array_keys( $wp_registered_widgets ) ) ); return $widget_ids; } /** * Finds and invokes the widget update and control callbacks. * * Requires that `$_POST` be populated with the instance data. * * @since 3.9.0 * * @global array $wp_registered_widget_updates * @global array $wp_registered_widget_controls * * @param string $widget_id Widget ID. * @return array|WP_Error Array containing the updated widget information. * A WP_Error object, otherwise. */ public function call_widget_update( $widget_id ) { global $wp_registered_widget_updates, $wp_registered_widget_controls; $setting_id = $this->get_setting_id( $widget_id ); /* * Make sure that other setting changes have previewed since this widget * may depend on them (e.g. Menus being present for Navigation Menu widget). */ if ( ! did_action( 'customize_preview_init' ) ) { foreach ( $this->manager->settings() as $setting ) { if ( $setting->id !== $setting_id ) { $setting->preview(); } } } $this->start_capturing_option_updates(); $parsed_id = $this->parse_widget_id( $widget_id ); $option_name = 'widget_' . $parsed_id['id_base']; /* * If a previously-sanitized instance is provided, populate the input vars * with its values so that the widget update callback will read this instance */ $added_input_vars = array(); if ( ! empty( $_POST['sanitized_widget_setting'] ) ) { $sanitized_widget_setting = json_decode( $this->get_post_value( 'sanitized_widget_setting' ), true ); if ( false === $sanitized_widget_setting ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_malformed' ); } $instance = $this->sanitize_widget_instance( $sanitized_widget_setting, $parsed_id['id_base'] ); if ( is_null( $instance ) ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_unsanitized' ); } if ( ! is_null( $parsed_id['number'] ) ) { $value = array(); $value[ $parsed_id['number'] ] = $instance; $key = 'widget-' . $parsed_id['id_base']; $_REQUEST[ $key ] = wp_slash( $value ); $_POST[ $key ] = $_REQUEST[ $key ]; $added_input_vars[] = $key; } else { foreach ( $instance as $key => $value ) { $_REQUEST[ $key ] = wp_slash( $value ); $_POST[ $key ] = $_REQUEST[ $key ]; $added_input_vars[] = $key; } } } // Invoke the widget update callback. foreach ( (array) $wp_registered_widget_updates as $name => $control ) { if ( $name === $parsed_id['id_base'] && is_callable( $control['callback'] ) ) { ob_start(); call_user_func_array( $control['callback'], $control['params'] ); ob_end_clean(); break; } } // Clean up any input vars that were manually added. foreach ( $added_input_vars as $key ) { unset( $_POST[ $key ] ); unset( $_REQUEST[ $key ] ); } // Make sure the expected option was updated. if ( 0 !== $this->count_captured_options() ) { if ( $this->count_captured_options() > 1 ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_too_many_options' ); } $updated_option_name = key( $this->get_captured_options() ); if ( $updated_option_name !== $option_name ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_unexpected_option' ); } } // Obtain the widget instance. $option = $this->get_captured_option( $option_name ); if ( null !== $parsed_id['number'] ) { $instance = $option[ $parsed_id['number'] ]; } else { $instance = $option; } /* * Override the incoming $_POST['customized'] for a newly-created widget's * setting with the new $instance so that the preview filter currently * in place from WP_Customize_Setting::preview() will use this value * instead of the default widget instance value (an empty array). */ $this->manager->set_post_value( $setting_id, $this->sanitize_widget_js_instance( $instance, $parsed_id['id_base'] ) ); // Obtain the widget control with the updated instance in place. ob_start(); $form = $wp_registered_widget_controls[ $widget_id ]; if ( $form ) { call_user_func_array( $form['callback'], $form['params'] ); } $form = ob_get_clean(); $this->stop_capturing_option_updates(); return compact( 'instance', 'form' ); } /** * Updates widget settings asynchronously. * * Allows the Customizer to update a widget using its form, but return the new * instance info via Ajax instead of saving it to the options table. * * Most code here copied from wp_ajax_save_widget(). * * @since 3.9.0 * * @see wp_ajax_save_widget() */ public function wp_ajax_update_widget() { if ( ! is_user_logged_in() ) { wp_die( 0 ); } check_ajax_referer( 'update-widget', 'nonce' ); if ( ! current_user_can( 'edit_theme_options' ) ) { wp_die( -1 ); } if ( empty( $_POST['widget-id'] ) ) { wp_send_json_error( 'missing_widget-id' ); } /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/widgets.php */ do_action( 'sidebar_admin_setup' ); $widget_id = $this->get_post_value( 'widget-id' ); $parsed_id = $this->parse_widget_id( $widget_id ); $id_base = $parsed_id['id_base']; $is_updating_widget_template = ( isset( $_POST[ 'widget-' . $id_base ] ) && is_array( $_POST[ 'widget-' . $id_base ] ) && preg_match( '/__i__|%i%/', key( $_POST[ 'widget-' . $id_base ] ) ) ); if ( $is_updating_widget_template ) { wp_send_json_error( 'template_widget_not_updatable' ); } $updated_widget = $this->call_widget_update( $widget_id ); // => {instance,form} if ( is_wp_error( $updated_widget ) ) { wp_send_json_error( $updated_widget->get_error_code() ); } $form = $updated_widget['form']; $instance = $this->sanitize_widget_js_instance( $updated_widget['instance'], $id_base ); wp_send_json_success( compact( 'form', 'instance' ) ); } /* * Selective Refresh Methods */ /** * Filters arguments for dynamic widget partials. * * @since 4.5.0 * * @param array|false $partial_args Partial arguments. * @param string $partial_id Partial ID. * @return array (Maybe) modified partial arguments. */ public function customize_dynamic_partial_args( $partial_args, $partial_id ) { if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return $partial_args; } if ( preg_match( '/^widget\[(?P<widget_id>.+)\]$/', $partial_id, $matches ) ) { if ( false === $partial_args ) { $partial_args = array(); } $partial_args = array_merge( $partial_args, array( 'type' => 'widget', 'render_callback' => array( $this, 'render_widget_partial' ), 'container_inclusive' => true, 'settings' => array( $this->get_setting_id( $matches['widget_id'] ) ), 'capability' => 'edit_theme_options', ) ); } return $partial_args; } /** * Adds hooks for selective refresh. * * @since 4.5.0 */ public function selective_refresh_init() { if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return; } add_filter( 'dynamic_sidebar_params', array( $this, 'filter_dynamic_sidebar_params' ) ); add_filter( 'wp_kses_allowed_html', array( $this, 'filter_wp_kses_allowed_data_attributes' ) ); add_action( 'dynamic_sidebar_before', array( $this, 'start_dynamic_sidebar' ) ); add_action( 'dynamic_sidebar_after', array( $this, 'end_dynamic_sidebar' ) ); } /** * Inject selective refresh data attributes into widget container elements. * * @since 4.5.0 * * @see WP_Customize_Nav_Menus::filter_wp_nav_menu_args() * * @param array $params { * Dynamic sidebar params. * * @type array $args Sidebar args. * @type array $widget_args Widget args. * } * @return array Params. */ public function filter_dynamic_sidebar_params( $params ) { $sidebar_args = array_merge( array( 'before_widget' => '', 'after_widget' => '', ), $params[0] ); // Skip widgets not in a registered sidebar or ones which lack a proper wrapper element to attach the data-* attributes to. $matches = array(); $is_valid = ( isset( $sidebar_args['id'] ) && is_registered_sidebar( $sidebar_args['id'] ) && ( isset( $this->current_dynamic_sidebar_id_stack[0] ) && $this->current_dynamic_sidebar_id_stack[0] === $sidebar_args['id'] ) && preg_match( '#^<(?P<tag_name>\w+)#', $sidebar_args['before_widget'], $matches ) ); if ( ! $is_valid ) { return $params; } $this->before_widget_tags_seen[ $matches['tag_name'] ] = true; $context = array( 'sidebar_id' => $sidebar_args['id'], ); if ( isset( $this->context_sidebar_instance_number ) ) { $context['sidebar_instance_number'] = $this->context_sidebar_instance_number; } elseif ( isset( $sidebar_args['id'] ) && isset( $this->sidebar_instance_count[ $sidebar_args['id'] ] ) ) { $context['sidebar_instance_number'] = $this->sidebar_instance_count[ $sidebar_args['id'] ]; } $attributes = sprintf( ' data-customize-partial-id="%s"', esc_attr( 'widget[' . $sidebar_args['widget_id'] . ']' ) ); $attributes .= ' data-customize-partial-type="widget"'; $attributes .= sprintf( ' data-customize-partial-placement-context="%s"', esc_attr( wp_json_encode( $context ) ) ); $attributes .= sprintf( ' data-customize-widget-id="%s"', esc_attr( $sidebar_args['widget_id'] ) ); $sidebar_args['before_widget'] = preg_replace( '#^(<\w+)#', '$1 ' . $attributes, $sidebar_args['before_widget'] ); $params[0] = $sidebar_args; return $params; } /** * List of the tag names seen for before_widget strings. * * This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the * data-* attributes can be allowed. * * @since 4.5.0 * @var array */ protected $before_widget_tags_seen = array(); /** * Ensures the HTML data-* attributes for selective refresh are allowed by kses. * * This is needed in case the `$before_widget` is run through wp_kses() when printed. * * @since 4.5.0 * * @param array $allowed_html Allowed HTML. * @return array (Maybe) modified allowed HTML. */ public function filter_wp_kses_allowed_data_attributes( $allowed_html ) { foreach ( array_keys( $this->before_widget_tags_seen ) as $tag_name ) { if ( ! isset( $allowed_html[ $tag_name ] ) ) { $allowed_html[ $tag_name ] = array(); } $allowed_html[ $tag_name ] = array_merge( $allowed_html[ $tag_name ], array_fill_keys( array( 'data-customize-partial-id', 'data-customize-partial-type', 'data-customize-partial-placement-context', 'data-customize-partial-widget-id', 'data-customize-partial-options', ), true ) ); } return $allowed_html; } /** * Keep track of the number of times that dynamic_sidebar() was called for a given sidebar index. * * This helps facilitate the uncommon scenario where a single sidebar is rendered multiple times on a template. * * @since 4.5.0 * @var array */ protected $sidebar_instance_count = array(); /** * The current request's sidebar_instance_number context. * * @since 4.5.0 * @var int|null */ protected $context_sidebar_instance_number; /** * Current sidebar ID being rendered. * * @since 4.5.0 * @var array */ protected $current_dynamic_sidebar_id_stack = array(); /** * Begins keeping track of the current sidebar being rendered. * * Insert marker before widgets are rendered in a dynamic sidebar. * * @since 4.5.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. */ public function start_dynamic_sidebar( $index ) { array_unshift( $this->current_dynamic_sidebar_id_stack, $index ); if ( ! isset( $this->sidebar_instance_count[ $index ] ) ) { $this->sidebar_instance_count[ $index ] = 0; } $this->sidebar_instance_count[ $index ] += 1; if ( ! $this->manager->selective_refresh->is_render_partials_request() ) { printf( "\n<!--dynamic_sidebar_before:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] ); } } /** * Finishes keeping track of the current sidebar being rendered. * * Inserts a marker after widgets are rendered in a dynamic sidebar. * * @since 4.5.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. */ public function end_dynamic_sidebar( $index ) { array_shift( $this->current_dynamic_sidebar_id_stack ); if ( ! $this->manager->selective_refresh->is_render_partials_request() ) { printf( "\n<!--dynamic_sidebar_after:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] ); } } /** * Current sidebar being rendered. * * @since 4.5.0 * @var string|null */ protected $rendering_widget_id; /** * Current widget being rendered. * * @since 4.5.0 * @var string|null */ protected $rendering_sidebar_id; /** * Filters sidebars_widgets to ensure the currently-rendered widget is the only widget in the current sidebar. * * @since 4.5.0 * * @param array $sidebars_widgets Sidebars widgets. * @return array Filtered sidebars widgets. */ public function filter_sidebars_widgets_for_rendering_widget( $sidebars_widgets ) { $sidebars_widgets[ $this->rendering_sidebar_id ] = array( $this->rendering_widget_id ); return $sidebars_widgets; } /** * Renders a specific widget using the supplied sidebar arguments. * * @since 4.5.0 * * @see dynamic_sidebar() * * @param WP_Customize_Partial $partial Partial. * @param array $context { * Sidebar args supplied as container context. * * @type string $sidebar_id ID for sidebar for widget to render into. * @type int $sidebar_instance_number Disambiguating instance number. * } * @return string|false */ public function render_widget_partial( $partial, $context ) { $id_data = $partial->id_data(); $widget_id = array_shift( $id_data['keys'] ); if ( ! is_array( $context ) || empty( $context['sidebar_id'] ) || ! is_registered_sidebar( $context['sidebar_id'] ) ) { return false; } $this->rendering_sidebar_id = $context['sidebar_id']; if ( isset( $context['sidebar_instance_number'] ) ) { $this->context_sidebar_instance_number = (int) $context['sidebar_instance_number']; } // Filter sidebars_widgets so that only the queried widget is in the sidebar. $this->rendering_widget_id = $widget_id; $filter_callback = array( $this, 'filter_sidebars_widgets_for_rendering_widget' ); add_filter( 'sidebars_widgets', $filter_callback, 1000 ); // Render the widget. ob_start(); $this->rendering_sidebar_id = $context['sidebar_id']; dynamic_sidebar( $this->rendering_sidebar_id ); $container = ob_get_clean(); // Reset variables for next partial render. remove_filter( 'sidebars_widgets', $filter_callback, 1000 ); $this->context_sidebar_instance_number = null; $this->rendering_sidebar_id = null; $this->rendering_widget_id = null; return $container; } // // Option Update Capturing. // /** * List of captured widget option updates. * * @since 3.9.0 * @var array $_captured_options Values updated while option capture is happening. */ protected $_captured_options = array(); /** * Whether option capture is currently happening. * * @since 3.9.0 * @var bool $_is_current Whether option capture is currently happening or not. */ protected $_is_capturing_option_updates = false; /** * Determines whether the captured option update should be ignored. * * @since 3.9.0 * * @param string $option_name Option name. * @return bool Whether the option capture is ignored. */ protected function is_option_capture_ignored( $option_name ) { return ( str_starts_with( $option_name, '_transient_' ) ); } /** * Retrieves captured widget option updates. * * @since 3.9.0 * * @return array Array of captured options. */ protected function get_captured_options() { return $this->_captured_options; } /** * Retrieves the option that was captured from being saved. * * @since 4.2.0 * * @param string $option_name Option name. * @param mixed $default_value Optional. Default value to return if the option does not exist. Default false. * @return mixed Value set for the option. */ protected function get_captured_option( $option_name, $default_value = false ) { if ( array_key_exists( $option_name, $this->_captured_options ) ) { $value = $this->_captured_options[ $option_name ]; } else { $value = $default_value; } return $value; } /** * Retrieves the number of captured widget option updates. * * @since 3.9.0 * * @return int Number of updated options. */ protected function count_captured_options() { return count( $this->_captured_options ); } /** * Begins keeping track of changes to widget options, caching new values. * * @since 3.9.0 */ protected function start_capturing_option_updates() { if ( $this->_is_capturing_option_updates ) { return; } $this->_is_capturing_option_updates = true; add_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10, 3 ); } /** * Pre-filters captured option values before updating. * * @since 3.9.0 * * @param mixed $new_value The new option value. * @param string $option_name Name of the option. * @param mixed $old_value The old option value. * @return mixed Filtered option value. */ public function capture_filter_pre_update_option( $new_value, $option_name, $old_value ) { if ( $this->is_option_capture_ignored( $option_name ) ) { return $new_value; } if ( ! isset( $this->_captured_options[ $option_name ] ) ) { add_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) ); } $this->_captured_options[ $option_name ] = $new_value; return $old_value; } /** * Pre-filters captured option values before retrieving. * * @since 3.9.0 * * @param mixed $value Value to return instead of the option value. * @return mixed Filtered option value. */ public function capture_filter_pre_get_option( $value ) { $option_name = preg_replace( '/^pre_option_/', '', current_filter() ); if ( isset( $this->_captured_options[ $option_name ] ) ) { $value = $this->_captured_options[ $option_name ]; /** This filter is documented in wp-includes/option.php */ $value = apply_filters( 'option_' . $option_name, $value, $option_name ); } return $value; } /** * Undoes any changes to the options since options capture began. * * @since 3.9.0 */ protected function stop_capturing_option_updates() { if ( ! $this->_is_capturing_option_updates ) { return; } remove_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10 ); foreach ( array_keys( $this->_captured_options ) as $option_name ) { remove_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) ); } $this->_captured_options = array(); $this->_is_capturing_option_updates = false; } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function setup_widget_addition_previews() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function prepreview_added_sidebars_widgets() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function prepreview_added_widget_instance() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function remove_prepreview_filters() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } } HTTP/https-detection-20260605125235-20260610055824.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/ClientException-20260605053336.php 0000666 00000000515 15226703613 0012531 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use SimplePie\Exception as SimplePieException; /** * Client exception class * * @internal */ final class ClientException extends SimplePieException { } HTTP/https-detection-20260605080452-20260606181328.php 0000666 00000013341 15226703613 0014144 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605090852.php 0000666 00000011205 15226703613 0012567 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/default-widgets-20260605060208.php 0000666 00000004367 15226703613 0012531 0 ustar 00 <?php /** * Widget API: Default core widgets * * @package WordPress * @subpackage Widgets * @since 2.8.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } /** WP_Widget_Pages class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-pages.php'; /** WP_Widget_Links class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-links.php'; /** WP_Widget_Search class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-search.php'; /** WP_Widget_Archives class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-archives.php'; /** WP_Widget_Media class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media.php'; /** WP_Widget_Media_Audio class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-audio.php'; /** WP_Widget_Media_Image class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-image.php'; /** WP_Widget_Media_Video class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-video.php'; /** WP_Widget_Media_Gallery class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-gallery.php'; /** WP_Widget_Meta class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-meta.php'; /** WP_Widget_Calendar class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-calendar.php'; /** WP_Widget_Text class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-text.php'; /** WP_Widget_Categories class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-categories.php'; /** WP_Widget_Recent_Posts class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-recent-posts.php'; /** WP_Widget_Recent_Comments class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-recent-comments.php'; /** WP_Widget_RSS class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-rss.php'; /** WP_Widget_Tag_Cloud class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-tag-cloud.php'; /** WP_Nav_Menu_Widget class */ require_once ABSPATH . WPINC . '/widgets/class-wp-nav-menu-widget.php'; /** WP_Widget_Custom_HTML class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-custom-html.php'; /** WP_Widget_Block class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-block.php'; HTTP/class-wp-oembed-20260605042101.php 0000666 00000075666 15226703613 0012425 0 ustar 00 <?php /** * API for fetching the HTML to embed remote content based on a provided URL * * Used internally by the WP_Embed class, but is designed to be generic. * * @link https://developer.wordpress.org/advanced-administration/wordpress/oembed/ * @link http://oembed.com/ * * @package WordPress * @subpackage oEmbed */ /** * Core class used to implement oEmbed functionality. * * @since 2.9.0 */ #[AllowDynamicProperties] class WP_oEmbed { /** * A list of oEmbed providers. * * @since 2.9.0 * @var array */ public $providers = array(); /** * A list of an early oEmbed providers. * * @since 4.0.0 * @var array */ public static $early_providers = array(); /** * A list of private/protected methods, used for backward compatibility. * * @since 4.2.0 * @var array */ private $compat_methods = array( '_fetch_with_format', '_parse_json', '_parse_xml', '_parse_xml_body' ); /** * Constructor. * * @since 2.9.0 */ public function __construct() { $host = urlencode( home_url() ); $providers = array( '#https?://((m|www)\.)?youtube\.com/watch.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/playlist.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/shorts/*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/live/*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://youtu\.be/.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://(.+\.)?vimeo\.com/.*#i' => array( 'https://vimeo.com/api/oembed.{format}', true ), '#https?://(www\.)?dailymotion\.com/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://dai\.ly/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://(www\.)?flickr\.com/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://flic\.kr/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://(.+\.)?smugmug\.com/.*#i' => array( 'https://api.smugmug.com/services/oembed/', true ), '#https?://(www\.)?scribd\.com/(doc|document)/.*#i' => array( 'https://www.scribd.com/services/oembed', true ), '#https?://wordpress\.tv/.*#i' => array( 'https://wordpress.tv/oembed/', true ), '#https?://(.+\.)?crowdsignal\.net/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(.+\.)?polldaddy\.com/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://poll\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(.+\.)?survey\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/status(es)?/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/likes$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/lists/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/timelines/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/i/moments/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?soundcloud\.com/.*#i' => array( 'https://soundcloud.com/oembed', true ), '#https?://(open|play)\.spotify\.com/.*#i' => array( 'https://embed.spotify.com/oembed/', true ), '#https?://(.+\.)?imgur\.com/.*#i' => array( 'https://api.imgur.com/oembed', true ), '#https?://(www\.)?issuu\.com/.+/docs/.+#i' => array( 'https://issuu.com/oembed_wp', true ), '#https?://(www\.)?mixcloud\.com/.*#i' => array( 'https://app.mixcloud.com/oembed/', true ), '#https?://(www\.|embed\.)?ted\.com/talks/.*#i' => array( 'https://www.ted.com/services/v1/oembed.{format}', true ), '#https?://(www\.)?(animoto|video214)\.com/play/.*#i' => array( 'https://animoto.com/oembeds/create', true ), '#https?://(.+)\.tumblr\.com/.*#i' => array( 'https://www.tumblr.com/oembed/1.0', true ), '#https?://(www\.)?kickstarter\.com/projects/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://kck\.st/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://cloudup\.com/.*#i' => array( 'https://cloudup.com/oembed', true ), '#https?://(www\.)?reverbnation\.com/.*#i' => array( 'https://www.reverbnation.com/oembed', true ), '#https?://videopress\.com/v/.*#' => array( 'https://public-api.wordpress.com/oembed/?for=' . $host, true ), '#https?://(www\.)?reddit\.com/r/[^/]+/comments/.*#i' => array( 'https://www.reddit.com/oembed', true ), '#https?://(www\.)?speakerdeck\.com/.*#i' => array( 'https://speakerdeck.com/oembed.{format}', true ), '#https?://([a-z0-9-]+\.)?amazon\.(com|com\.mx|com\.br|ca)/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.uk|de|fr|it|es|in|nl|ru)/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.jp|com\.au)/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://(www\.)?a\.co/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.to/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.eu/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://(www\.)?amzn\.in/.*#i' => array( 'https://read.amazon.in/kp/api/oembed', true ), '#https?://(www\.)?amzn\.asia/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://(www\.)?z\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://www\.someecards\.com/.+-cards/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://www\.someecards\.com/usercards/viewcard/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://some\.ly\/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://(www\.)?tiktok\.com/.*/video/.*#i' => array( 'https://www.tiktok.com/oembed', true ), '#https?://(www\.)?tiktok\.com/@.*#i' => array( 'https://www.tiktok.com/oembed', true ), '#https?://([a-z]{2}|www)\.pinterest\.com(\.(au|mx))?/.*#i' => array( 'https://www.pinterest.com/oembed.json', true ), '#https?://(www\.)?wolframcloud\.com/obj/.+#i' => array( 'https://www.wolframcloud.com/oembed', true ), '#https?://pca\.st/.+#i' => array( 'https://pca.st/oembed.json', true ), '#https?://((play|www)\.)?anghami\.com/.*#i' => array( 'https://api.anghami.com/rest/v1/oembed.view', true ), '#https?://bsky.app/profile/.*/post/.*#i' => array( 'https://embed.bsky.app/oembed', true ), '#https?://(www\.)?canva\.com/design/.*/view.*#i' => array( 'https://canva.com/_oembed', true ), ); if ( ! empty( self::$early_providers['add'] ) ) { foreach ( self::$early_providers['add'] as $format => $data ) { $providers[ $format ] = $data; } } if ( ! empty( self::$early_providers['remove'] ) ) { foreach ( self::$early_providers['remove'] as $format ) { unset( $providers[ $format ] ); } } self::$early_providers = array(); /** * Filters the list of sanctioned oEmbed providers. * * Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized * iframes. The providers in this list are sanctioned, meaning they are trusted and allowed to * embed any content, such as iframes, videos, JavaScript, and arbitrary HTML. * * Supported providers: * * | Provider | Flavor | Since | * | ------------ | ----------------------------------------- | ------- | * | Dailymotion | dailymotion.com | 2.9.0 | * | Flickr | flickr.com | 2.9.0 | * | Scribd | scribd.com | 2.9.0 | * | Vimeo | vimeo.com | 2.9.0 | * | WordPress.tv | wordpress.tv | 2.9.0 | * | YouTube | youtube.com/watch | 2.9.0 | * | Crowdsignal | polldaddy.com | 3.0.0 | * | SmugMug | smugmug.com | 3.0.0 | * | YouTube | youtu.be | 3.0.0 | * | Twitter | twitter.com | 3.4.0 | * | SoundCloud | soundcloud.com | 3.5.0 | * | Dailymotion | dai.ly | 3.6.0 | * | Flickr | flic.kr | 3.6.0 | * | Spotify | spotify.com | 3.6.0 | * | Imgur | imgur.com | 3.9.0 | * | Animoto | animoto.com | 4.0.0 | * | Animoto | video214.com | 4.0.0 | * | Issuu | issuu.com | 4.0.0 | * | Mixcloud | mixcloud.com | 4.0.0 | * | Crowdsignal | poll.fm | 4.0.0 | * | TED | ted.com | 4.0.0 | * | YouTube | youtube.com/playlist | 4.0.0 | * | Tumblr | tumblr.com | 4.2.0 | * | Kickstarter | kickstarter.com | 4.2.0 | * | Kickstarter | kck.st | 4.2.0 | * | Cloudup | cloudup.com | 4.3.0 | * | ReverbNation | reverbnation.com | 4.4.0 | * | VideoPress | videopress.com | 4.4.0 | * | Reddit | reddit.com | 4.4.0 | * | Speaker Deck | speakerdeck.com | 4.4.0 | * | Twitter | twitter.com/timelines | 4.5.0 | * | Twitter | twitter.com/moments | 4.5.0 | * | Twitter | twitter.com/user | 4.7.0 | * | Twitter | twitter.com/likes | 4.7.0 | * | Twitter | twitter.com/lists | 4.7.0 | * | Screencast | screencast.com | 4.8.0 | * | Amazon | amazon.com (com.mx, com.br, ca) | 4.9.0 | * | Amazon | amazon.de (fr, it, es, in, nl, ru, co.uk) | 4.9.0 | * | Amazon | amazon.co.jp (com.au) | 4.9.0 | * | Amazon | amazon.cn | 4.9.0 | * | Amazon | a.co | 4.9.0 | * | Amazon | amzn.to (eu, in, asia) | 4.9.0 | * | Amazon | z.cn | 4.9.0 | * | Someecards | someecards.com | 4.9.0 | * | Someecards | some.ly | 4.9.0 | * | Crowdsignal | survey.fm | 5.1.0 | * | TikTok | tiktok.com | 5.4.0 | * | Pinterest | pinterest.com | 5.9.0 | * | WolframCloud | wolframcloud.com | 5.9.0 | * | Pocket Casts | pocketcasts.com | 6.1.0 | * | Crowdsignal | crowdsignal.net | 6.2.0 | * | Anghami | anghami.com | 6.3.0 | * | Bluesky | bsky.app | 6.6.0 | * | Canva | canva.com | 6.8.0 | * * No longer supported providers: * * | Provider | Flavor | Since | Removed | * | ------------ | -------------------- | --------- | --------- | * | Qik | qik.com | 2.9.0 | 3.9.0 | * | Viddler | viddler.com | 2.9.0 | 4.0.0 | * | Revision3 | revision3.com | 2.9.0 | 4.2.0 | * | Blip | blip.tv | 2.9.0 | 4.4.0 | * | Rdio | rdio.com | 3.6.0 | 4.4.1 | * | Rdio | rd.io | 3.6.0 | 4.4.1 | * | Vine | vine.co | 4.1.0 | 4.9.0 | * | Photobucket | photobucket.com | 2.9.0 | 5.1.0 | * | Funny or Die | funnyordie.com | 3.0.0 | 5.1.0 | * | CollegeHumor | collegehumor.com | 4.0.0 | 5.3.1 | * | Hulu | hulu.com | 2.9.0 | 5.5.0 | * | Instagram | instagram.com | 3.5.0 | 5.5.2 | * | Instagram | instagr.am | 3.5.0 | 5.5.2 | * | Instagram TV | instagram.com | 5.1.0 | 5.5.2 | * | Instagram TV | instagr.am | 5.1.0 | 5.5.2 | * | Facebook | facebook.com | 4.7.0 | 5.5.2 | * | Meetup.com | meetup.com | 3.9.0 | 6.0.1 | * | Meetup.com | meetu.ps | 3.9.0 | 6.0.1 | * | SlideShare | slideshare.net | 3.5.0 | 6.6.0 | * | Screencast | screencast.com | 4.8.0 | 6.8.2 | * * @see wp_oembed_add_provider() * * @since 2.9.0 * * @param array[] $providers An array of arrays containing data about popular oEmbed providers. */ $this->providers = apply_filters( 'oembed_providers', $providers ); // Fix any embeds that contain new lines in the middle of the HTML which breaks wpautop(). add_filter( 'oembed_dataparse', array( $this, '_strip_newlines' ), 10, 3 ); } /** * Exposes private/protected methods for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( in_array( $name, $this->compat_methods, true ) ) { return $this->$name( ...$arguments ); } return false; } /** * Takes a URL and returns the corresponding oEmbed provider's URL, if there is one. * * @since 4.0.0 * * @see WP_oEmbed::discover() * * @param string $url The URL to the content. * @param string|array $args { * Optional. Additional provider arguments. Default empty. * * @type bool $discover Optional. Determines whether to attempt to discover link tags * at the given URL for an oEmbed provider when the provider URL * is not found in the built-in providers list. Default true. * } * @return string|false The oEmbed provider URL on success, false on failure. */ public function get_provider( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = false; if ( ! isset( $args['discover'] ) ) { $args['discover'] = true; } foreach ( $this->providers as $matchmask => $data ) { list( $providerurl, $regex ) = $data; // Turn the asterisk-type provider URLs into regex. if ( ! $regex ) { $matchmask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $matchmask ), '#' ) ) . '#i'; $matchmask = preg_replace( '|^#http\\\://|', '#https?\://', $matchmask ); } if ( preg_match( $matchmask, $url ) ) { $provider = str_replace( '{format}', 'json', $providerurl ); // JSON is easier to deal with than XML. break; } } if ( ! $provider && $args['discover'] ) { $provider = $this->discover( $url ); } return $provider; } /** * Adds an oEmbed provider. * * The provider is added just-in-time when wp_oembed_add_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time addition is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_add_provider() * * @param string $format Format of URL that this provider can handle. You can use * asterisks as wildcards. * @param string $provider The URL to the oEmbed provider.. * @param bool $regex Optional. Whether the $format parameter is in a regex format. * Default false. */ public static function _add_provider_early( $format, $provider, $regex = false ) { if ( empty( self::$early_providers['add'] ) ) { self::$early_providers['add'] = array(); } self::$early_providers['add'][ $format ] = array( $provider, $regex ); } /** * Removes an oEmbed provider. * * The provider is removed just-in-time when wp_oembed_remove_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time removal is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_remove_provider() * * @param string $format The format of URL that this provider can handle. You can use * asterisks as wildcards. */ public static function _remove_provider_early( $format ) { if ( empty( self::$early_providers['remove'] ) ) { self::$early_providers['remove'] = array(); } self::$early_providers['remove'][] = $format; } /** * Takes a URL and attempts to return the oEmbed data. * * @see WP_oEmbed::fetch() * * @since 4.8.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function get_data( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = $this->get_provider( $url, $args ); if ( ! $provider ) { return false; } $data = $this->fetch( $provider, $url, $args ); if ( false === $data ) { return false; } return $data; } /** * The do-it-all function that takes a URL and attempts to return the HTML. * * @see WP_oEmbed::fetch() * @see WP_oEmbed::data2html() * * @since 2.9.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return string|false The UNSANITIZED (and potentially unsafe) HTML that should be used to embed * on success, false on failure. */ public function get_html( $url, $args = '' ) { /** * Filters the oEmbed result before any HTTP requests are made. * * This allows one to short-circuit the default logic, perhaps by * replacing it with a routine that is more optimal for your setup. * * Returning a non-null value from the filter will effectively short-circuit retrieval * and return the passed value instead. * * @since 4.5.3 * * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. * Default null to continue retrieving the result. * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ $pre = apply_filters( 'pre_oembed_result', null, $url, $args ); if ( null !== $pre ) { return $pre; } $data = $this->get_data( $url, $args ); if ( false === $data ) { return false; } /** * Filters the HTML returned by the oEmbed provider. * * @since 2.9.0 * * @param string|false $data The returned oEmbed HTML (false if unsafe). * @param string $url URL of the content to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ return apply_filters( 'oembed_result', $this->data2html( $data, $url ), $url, $args ); } /** * Attempts to discover link tags at the given URL for an oEmbed provider. * * @since 2.9.0 * * @param string $url The URL that should be inspected for discovery `<link>` tags. * @return string|false The oEmbed provider URL on success, false on failure. */ public function discover( $url ) { $providers = array(); $args = array( 'limit_response_size' => 153600, // 150 KB ); /** * Filters oEmbed remote get arguments. * * @since 4.0.0 * * @see WP_Http::request() * * @param array $args oEmbed remote get arguments. * @param string $url URL to be inspected. */ $args = apply_filters( 'oembed_remote_get_args', $args, $url ); // Fetch URL content. $request = wp_safe_remote_get( $url, $args ); $html = wp_remote_retrieve_body( $request ); if ( $html ) { /** * Filters the link types that contain oEmbed provider URLs. * * @since 2.9.0 * * @param string[] $format Array of oEmbed link types. Accepts 'application/json+oembed', * 'text/xml+oembed', and 'application/xml+oembed' (incorrect, * used by at least Vimeo). */ $linktypes = apply_filters( 'oembed_linktypes', array( 'application/json+oembed' => 'json', 'text/xml+oembed' => 'xml', 'application/xml+oembed' => 'xml', ) ); // Strip <body>. $html_head_end = stripos( $html, '</head>' ); if ( $html_head_end ) { $html = substr( $html, 0, $html_head_end ); } // Do a quick check. $tagfound = false; foreach ( $linktypes as $linktype => $format ) { if ( stripos( $html, $linktype ) ) { $tagfound = true; break; } } if ( $tagfound && preg_match_all( '#<link([^<>]+)/?>#iU', $html, $links ) ) { foreach ( $links[1] as $link ) { $atts = shortcode_parse_atts( $link ); if ( ! empty( $atts['type'] ) && ! empty( $linktypes[ $atts['type'] ] ) && ! empty( $atts['href'] ) ) { $providers[ $linktypes[ $atts['type'] ] ] = htmlspecialchars_decode( $atts['href'] ); // Stop here if it's JSON (that's all we need). if ( 'json' === $linktypes[ $atts['type'] ] ) { break; } } } } } // JSON is preferred to XML. if ( ! empty( $providers['json'] ) ) { return $providers['json']; } elseif ( ! empty( $providers['xml'] ) ) { return $providers['xml']; } else { return false; } } /** * Connects to an oEmbed provider and returns the result. * * @since 2.9.0 * * @param string $provider The URL to the oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function fetch( $provider, $url, $args = '' ) { $args = wp_parse_args( $args, wp_embed_defaults( $url ) ); $provider = add_query_arg( 'maxwidth', (int) $args['width'], $provider ); $provider = add_query_arg( 'maxheight', (int) $args['height'], $provider ); $provider = add_query_arg( 'url', urlencode( $url ), $provider ); $provider = add_query_arg( 'dnt', 1, $provider ); /** * Filters the oEmbed URL to be fetched. * * @since 2.9.0 * @since 4.9.0 The `dnt` (Do Not Track) query parameter was added to all oEmbed provider URLs. * * @param string $provider URL of the oEmbed provider. * @param string $url URL of the content to be embedded. * @param array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ $provider = apply_filters( 'oembed_fetch_url', $provider, $url, $args ); foreach ( array( 'json', 'xml' ) as $format ) { $result = $this->_fetch_with_format( $provider, $format ); if ( is_wp_error( $result ) && 'not-implemented' === $result->get_error_code() ) { continue; } return ( $result && ! is_wp_error( $result ) ) ? $result : false; } return false; } /** * Fetches result from an oEmbed provider for a specific format and complete provider URL * * @since 3.0.0 * * @param string $provider_url_with_args URL to the provider with full arguments list (url, maxheight, etc.) * @param string $format Format to use. * @return object|false|WP_Error The result in the form of an object on success, false on failure. */ private function _fetch_with_format( $provider_url_with_args, $format ) { $provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args ); /** This filter is documented in wp-includes/class-wp-oembed.php */ $args = apply_filters( 'oembed_remote_get_args', array(), $provider_url_with_args ); $response = wp_safe_remote_get( $provider_url_with_args, $args ); if ( 501 === wp_remote_retrieve_response_code( $response ) ) { return new WP_Error( 'not-implemented' ); } $body = wp_remote_retrieve_body( $response ); if ( ! $body ) { return false; } $parse_method = "_parse_$format"; return $this->$parse_method( $body ); } /** * Parses a json response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_json( $response_body ) { $data = json_decode( trim( $response_body ) ); return ( $data && is_object( $data ) ) ? $data : false; } /** * Parses an XML response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_xml( $response_body ) { if ( ! function_exists( 'libxml_disable_entity_loader' ) ) { return false; } if ( PHP_VERSION_ID < 80000 ) { /* * This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading * is disabled by default, so this function is no longer needed to protect against XXE attacks. */ $loader = libxml_disable_entity_loader( true ); } $errors = libxml_use_internal_errors( true ); $return = $this->_parse_xml_body( $response_body ); libxml_use_internal_errors( $errors ); if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) { // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated libxml_disable_entity_loader( $loader ); } return $return; } /** * Serves as a helper function for parsing an XML response body. * * @since 3.6.0 * * @param string $response_body * @return stdClass|false */ private function _parse_xml_body( $response_body ) { if ( ! function_exists( 'simplexml_import_dom' ) || ! class_exists( 'DOMDocument', false ) ) { return false; } $dom = new DOMDocument(); $success = $dom->loadXML( $response_body ); if ( ! $success ) { return false; } if ( isset( $dom->doctype ) ) { return false; } foreach ( $dom->childNodes as $child ) { if ( XML_DOCUMENT_TYPE_NODE === $child->nodeType ) { return false; } } $xml = simplexml_import_dom( $dom ); if ( ! $xml ) { return false; } $return = new stdClass(); foreach ( $xml as $key => $value ) { $return->$key = (string) $value; } return $return; } /** * Converts a data object from WP_oEmbed::fetch() and returns the HTML. * * @since 2.9.0 * * @param object $data A data object result from an oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @return string|false The HTML needed to embed on success, false on failure. */ public function data2html( $data, $url ) { if ( ! is_object( $data ) || empty( $data->type ) ) { return false; } $return = false; switch ( $data->type ) { case 'photo': if ( empty( $data->url ) || empty( $data->width ) || empty( $data->height ) ) { break; } if ( ! is_string( $data->url ) || ! is_numeric( $data->width ) || ! is_numeric( $data->height ) ) { break; } $title = ! empty( $data->title ) && is_string( $data->title ) ? $data->title : ''; $return = '<a href="' . esc_url( $url ) . '"><img src="' . esc_url( $data->url ) . '" alt="' . esc_attr( $title ) . '" width="' . esc_attr( $data->width ) . '" height="' . esc_attr( $data->height ) . '" /></a>'; break; case 'video': case 'rich': if ( ! empty( $data->html ) && is_string( $data->html ) ) { $return = $data->html; } break; case 'link': if ( ! empty( $data->title ) && is_string( $data->title ) ) { $return = '<a href="' . esc_url( $url ) . '">' . esc_html( $data->title ) . '</a>'; } break; default: $return = false; } /** * Filters the returned oEmbed HTML. * * Use this filter to add support for custom data types, or to filter the result. * * @since 2.9.0 * * @param string|false $return The returned oEmbed HTML, or false on failure. * @param object $data A data object result from an oEmbed provider. * @param string $url The URL of the content to be embedded. */ return apply_filters( 'oembed_dataparse', $return, $data, $url ); } /** * Strips any new lines from the HTML. * * @since 2.9.0 as strip_scribd_newlines() * @since 3.0.0 * * @param string|false $html Existing HTML. * @param object $data Data object from WP_oEmbed::data2html() * @param string $url The original URL passed to oEmbed. * @return string|false Possibly modified $html. */ public function _strip_newlines( $html, $data, $url ) { if ( ! str_contains( $html, "\n" ) ) { return $html; } $count = 1; $found = array(); $token = '__PRE__'; $search = array( "\t", "\n", "\r", ' ' ); $replace = array( '__TAB__', '__NL__', '__CR__', '__SPACE__' ); $tokenized = str_replace( $search, $replace, $html ); preg_match_all( '#(<pre[^>]*>.+?</pre>)#i', $tokenized, $matches, PREG_SET_ORDER ); foreach ( $matches as $i => $match ) { $tag_html = str_replace( $replace, $search, $match[0] ); $tag_token = $token . $i; $found[ $tag_token ] = $tag_html; $html = str_replace( $tag_html, $tag_token, $html, $count ); } $replaced = str_replace( $replace, $search, $html ); $stripped = str_replace( array( "\r\n", "\n" ), '', $replaced ); $pre = array_values( $found ); $tokens = array_keys( $found ); return str_replace( $tokens, $pre, $stripped ); } } HTTP/https-migration-20260605211440-20260607123936.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605170805-20260609190104.php 0000666 00000013341 15226703613 0014141 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606081222.php 0000666 00000013341 15226703613 0012547 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605172328.php 0000666 00000011205 15226703613 0012566 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606000629-20260609051319.php 0000666 00000011205 15226703613 0014152 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-cookie.php 0000666 00000016335 15226703613 0012032 0 ustar 00 <?php /** * HTTP API: WP_Http_Cookie class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to encapsulate a single cookie object for internal use. * * Returned cookies are represented using this class, and when cookies are set, if they are not * already a WP_Http_Cookie() object, then they are turned into one. * * @todo The WordPress convention is to use underscores instead of camelCase for function and method * names. Need to switch to use underscores instead for the methods. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Http_Cookie { /** * Cookie name. * * @since 2.8.0 * * @var string */ public $name; /** * Cookie value. * * @since 2.8.0 * * @var string */ public $value; /** * When the cookie expires. Unix timestamp or formatted date. * * @since 2.8.0 * * @var string|int|null */ public $expires; /** * Cookie URL path. * * @since 2.8.0 * * @var string */ public $path; /** * Cookie Domain. * * @since 2.8.0 * * @var string */ public $domain; /** * Cookie port or comma-separated list of ports. * * @since 2.8.0 * * @var int|string */ public $port; /** * host-only flag. * * @since 5.2.0 * * @var bool */ public $host_only; /** * Sets up this cookie object. * * The parameter $data should be either an associative array containing the indices names below * or a header string detailing it. * * @since 2.8.0 * @since 5.2.0 Added `host_only` to the `$data` parameter. * * @param string|array $data { * Raw cookie data as header string or data array. * * @type string $name Cookie name. * @type mixed $value Value. Should NOT already be urlencoded. * @type string|int|null $expires Optional. Unix timestamp or formatted date. Default null. * @type string $path Optional. Path. Default '/'. * @type string $domain Optional. Domain. Default host of parsed $requested_url. * @type int|string $port Optional. Port or comma-separated list of ports. Default null. * @type bool $host_only Optional. host-only storage flag. Default true. * } * @param string $requested_url The URL which the cookie was set on, used for default $domain * and $port values. */ public function __construct( $data, $requested_url = '' ) { if ( $requested_url ) { $parsed_url = parse_url( $requested_url ); } if ( isset( $parsed_url['host'] ) ) { $this->domain = $parsed_url['host']; } $this->path = isset( $parsed_url['path'] ) ? $parsed_url['path'] : '/'; if ( ! str_ends_with( $this->path, '/' ) ) { $this->path = dirname( $this->path ) . '/'; } if ( is_string( $data ) ) { // Assume it's a header string direct from a previous request. $pairs = explode( ';', $data ); // Special handling for first pair; name=value. Also be careful of "=" in value. $name = trim( substr( $pairs[0], 0, strpos( $pairs[0], '=' ) ) ); $value = substr( $pairs[0], strpos( $pairs[0], '=' ) + 1 ); $this->name = $name; $this->value = urldecode( $value ); // Removes name=value from items. array_shift( $pairs ); // Set everything else as a property. foreach ( $pairs as $pair ) { $pair = rtrim( $pair ); // Handle the cookie ending in ; which results in an empty final pair. if ( empty( $pair ) ) { continue; } list( $key, $val ) = strpos( $pair, '=' ) ? explode( '=', $pair ) : array( $pair, '' ); $key = strtolower( trim( $key ) ); if ( 'expires' === $key ) { $val = strtotime( $val ); } $this->$key = $val; } } else { if ( ! isset( $data['name'] ) ) { return; } // Set properties based directly on parameters. foreach ( array( 'name', 'value', 'path', 'domain', 'port', 'host_only' ) as $field ) { if ( isset( $data[ $field ] ) ) { $this->$field = $data[ $field ]; } } if ( isset( $data['expires'] ) ) { $this->expires = is_int( $data['expires'] ) ? $data['expires'] : strtotime( $data['expires'] ); } else { $this->expires = null; } } } /** * Confirms that it's OK to send this cookie to the URL checked against. * * Decision is based on RFC 2109/2965, so look there for details on validity. * * @since 2.8.0 * * @param string $url URL you intend to send this cookie to * @return bool true if allowed, false otherwise. */ public function test( $url ) { if ( is_null( $this->name ) ) { return false; } // Expires - if expired then nothing else matters. if ( isset( $this->expires ) && time() > $this->expires ) { return false; } // Get details on the URL we're thinking about sending to. $url = parse_url( $url ); $url['port'] = isset( $url['port'] ) ? $url['port'] : ( 'https' === $url['scheme'] ? 443 : 80 ); $url['path'] = isset( $url['path'] ) ? $url['path'] : '/'; // Values to use for comparison against the URL. $path = isset( $this->path ) ? $this->path : '/'; $port = isset( $this->port ) ? $this->port : null; $domain = isset( $this->domain ) ? strtolower( $this->domain ) : strtolower( $url['host'] ); if ( false === stripos( $domain, '.' ) ) { $domain .= '.local'; } // Host - very basic check that the request URL ends with the domain restriction (minus leading dot). $domain = ( str_starts_with( $domain, '.' ) ) ? substr( $domain, 1 ) : $domain; if ( ! str_ends_with( $url['host'], $domain ) ) { return false; } // Port - supports "port-lists" in the format: "80,8000,8080". if ( ! empty( $port ) && ! in_array( $url['port'], array_map( 'intval', explode( ',', $port ) ), true ) ) { return false; } // Path - request path must start with path restriction. if ( ! str_starts_with( $url['path'], $path ) ) { return false; } return true; } /** * Convert cookie name and value back to header string. * * @since 2.8.0 * * @return string Header encoded cookie name and value. */ public function getHeaderValue() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! isset( $this->name ) || ! isset( $this->value ) ) { return ''; } /** * Filters the header-encoded cookie value. * * @since 3.4.0 * * @param string $value The cookie value. * @param string $name The cookie name. */ return $this->name . '=' . apply_filters( 'wp_http_cookie_value', $this->value, $this->name ); } /** * Retrieve cookie header for usage in the rest of the WordPress HTTP API. * * @since 2.8.0 * * @return string */ public function getFullHeader() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid return 'Cookie: ' . $this->getHeaderValue(); } /** * Retrieves cookie attributes. * * @since 4.6.0 * * @return array { * List of attributes. * * @type string|int|null $expires When the cookie expires. Unix timestamp or formatted date. * @type string $path Cookie URL path. * @type string $domain Cookie domain. * } */ public function get_attributes() { return array( 'expires' => $this->expires, 'path' => $this->path, 'domain' => $this->domain, ); } } HTTP/https-migration-20260606113308-20260606174724.php 0000666 00000011205 15226703613 0014154 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605034026-20260613000854.php 0000666 00000013341 15226703613 0014130 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605221843-20260610130841.php 0000666 00000013341 15226703613 0014132 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/script-loader-react-refresh-runtime-20260615010126.php 0000666 00000000124 15226703613 0016400 0 ustar 00 <?php return array('dependencies' => array(), 'version' => '8f1acdfb845f670b0ef2'); HTTP/https-detection-20260605174155-20260607234928.php 0000666 00000013341 15226703613 0014156 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260608070514-20260610054203.php 0000666 00000011205 15226703613 0014137 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606030927-20260610074000.php 0000666 00000013341 15226703613 0014126 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606062352-20260610194651.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606145445.php 0000666 00000013341 15226703613 0012557 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606103247-20260607165534.php 0000666 00000011205 15226703613 0014155 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605144850-20260610175225.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605094635.php 0000666 00000013341 15226703613 0012562 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606082906-20260607230825.php 0000666 00000011205 15226703613 0014161 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606061114-20260606143720.php 0000666 00000013341 15226703613 0014131 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606052425-20260607053723.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606224027.php 0000666 00000013341 15226703613 0012551 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-oembed-20260605045846.php 0000666 00000075666 15226703613 0012450 0 ustar 00 <?php /** * API for fetching the HTML to embed remote content based on a provided URL * * Used internally by the WP_Embed class, but is designed to be generic. * * @link https://developer.wordpress.org/advanced-administration/wordpress/oembed/ * @link http://oembed.com/ * * @package WordPress * @subpackage oEmbed */ /** * Core class used to implement oEmbed functionality. * * @since 2.9.0 */ #[AllowDynamicProperties] class WP_oEmbed { /** * A list of oEmbed providers. * * @since 2.9.0 * @var array */ public $providers = array(); /** * A list of an early oEmbed providers. * * @since 4.0.0 * @var array */ public static $early_providers = array(); /** * A list of private/protected methods, used for backward compatibility. * * @since 4.2.0 * @var array */ private $compat_methods = array( '_fetch_with_format', '_parse_json', '_parse_xml', '_parse_xml_body' ); /** * Constructor. * * @since 2.9.0 */ public function __construct() { $host = urlencode( home_url() ); $providers = array( '#https?://((m|www)\.)?youtube\.com/watch.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/playlist.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/shorts/*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/live/*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://youtu\.be/.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://(.+\.)?vimeo\.com/.*#i' => array( 'https://vimeo.com/api/oembed.{format}', true ), '#https?://(www\.)?dailymotion\.com/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://dai\.ly/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://(www\.)?flickr\.com/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://flic\.kr/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://(.+\.)?smugmug\.com/.*#i' => array( 'https://api.smugmug.com/services/oembed/', true ), '#https?://(www\.)?scribd\.com/(doc|document)/.*#i' => array( 'https://www.scribd.com/services/oembed', true ), '#https?://wordpress\.tv/.*#i' => array( 'https://wordpress.tv/oembed/', true ), '#https?://(.+\.)?crowdsignal\.net/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(.+\.)?polldaddy\.com/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://poll\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(.+\.)?survey\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/status(es)?/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/likes$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/lists/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/timelines/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/i/moments/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?soundcloud\.com/.*#i' => array( 'https://soundcloud.com/oembed', true ), '#https?://(open|play)\.spotify\.com/.*#i' => array( 'https://embed.spotify.com/oembed/', true ), '#https?://(.+\.)?imgur\.com/.*#i' => array( 'https://api.imgur.com/oembed', true ), '#https?://(www\.)?issuu\.com/.+/docs/.+#i' => array( 'https://issuu.com/oembed_wp', true ), '#https?://(www\.)?mixcloud\.com/.*#i' => array( 'https://app.mixcloud.com/oembed/', true ), '#https?://(www\.|embed\.)?ted\.com/talks/.*#i' => array( 'https://www.ted.com/services/v1/oembed.{format}', true ), '#https?://(www\.)?(animoto|video214)\.com/play/.*#i' => array( 'https://animoto.com/oembeds/create', true ), '#https?://(.+)\.tumblr\.com/.*#i' => array( 'https://www.tumblr.com/oembed/1.0', true ), '#https?://(www\.)?kickstarter\.com/projects/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://kck\.st/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://cloudup\.com/.*#i' => array( 'https://cloudup.com/oembed', true ), '#https?://(www\.)?reverbnation\.com/.*#i' => array( 'https://www.reverbnation.com/oembed', true ), '#https?://videopress\.com/v/.*#' => array( 'https://public-api.wordpress.com/oembed/?for=' . $host, true ), '#https?://(www\.)?reddit\.com/r/[^/]+/comments/.*#i' => array( 'https://www.reddit.com/oembed', true ), '#https?://(www\.)?speakerdeck\.com/.*#i' => array( 'https://speakerdeck.com/oembed.{format}', true ), '#https?://([a-z0-9-]+\.)?amazon\.(com|com\.mx|com\.br|ca)/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.uk|de|fr|it|es|in|nl|ru)/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.jp|com\.au)/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://(www\.)?a\.co/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.to/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.eu/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://(www\.)?amzn\.in/.*#i' => array( 'https://read.amazon.in/kp/api/oembed', true ), '#https?://(www\.)?amzn\.asia/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://(www\.)?z\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://www\.someecards\.com/.+-cards/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://www\.someecards\.com/usercards/viewcard/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://some\.ly\/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://(www\.)?tiktok\.com/.*/video/.*#i' => array( 'https://www.tiktok.com/oembed', true ), '#https?://(www\.)?tiktok\.com/@.*#i' => array( 'https://www.tiktok.com/oembed', true ), '#https?://([a-z]{2}|www)\.pinterest\.com(\.(au|mx))?/.*#i' => array( 'https://www.pinterest.com/oembed.json', true ), '#https?://(www\.)?wolframcloud\.com/obj/.+#i' => array( 'https://www.wolframcloud.com/oembed', true ), '#https?://pca\.st/.+#i' => array( 'https://pca.st/oembed.json', true ), '#https?://((play|www)\.)?anghami\.com/.*#i' => array( 'https://api.anghami.com/rest/v1/oembed.view', true ), '#https?://bsky.app/profile/.*/post/.*#i' => array( 'https://embed.bsky.app/oembed', true ), '#https?://(www\.)?canva\.com/design/.*/view.*#i' => array( 'https://canva.com/_oembed', true ), ); if ( ! empty( self::$early_providers['add'] ) ) { foreach ( self::$early_providers['add'] as $format => $data ) { $providers[ $format ] = $data; } } if ( ! empty( self::$early_providers['remove'] ) ) { foreach ( self::$early_providers['remove'] as $format ) { unset( $providers[ $format ] ); } } self::$early_providers = array(); /** * Filters the list of sanctioned oEmbed providers. * * Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized * iframes. The providers in this list are sanctioned, meaning they are trusted and allowed to * embed any content, such as iframes, videos, JavaScript, and arbitrary HTML. * * Supported providers: * * | Provider | Flavor | Since | * | ------------ | ----------------------------------------- | ------- | * | Dailymotion | dailymotion.com | 2.9.0 | * | Flickr | flickr.com | 2.9.0 | * | Scribd | scribd.com | 2.9.0 | * | Vimeo | vimeo.com | 2.9.0 | * | WordPress.tv | wordpress.tv | 2.9.0 | * | YouTube | youtube.com/watch | 2.9.0 | * | Crowdsignal | polldaddy.com | 3.0.0 | * | SmugMug | smugmug.com | 3.0.0 | * | YouTube | youtu.be | 3.0.0 | * | Twitter | twitter.com | 3.4.0 | * | SoundCloud | soundcloud.com | 3.5.0 | * | Dailymotion | dai.ly | 3.6.0 | * | Flickr | flic.kr | 3.6.0 | * | Spotify | spotify.com | 3.6.0 | * | Imgur | imgur.com | 3.9.0 | * | Animoto | animoto.com | 4.0.0 | * | Animoto | video214.com | 4.0.0 | * | Issuu | issuu.com | 4.0.0 | * | Mixcloud | mixcloud.com | 4.0.0 | * | Crowdsignal | poll.fm | 4.0.0 | * | TED | ted.com | 4.0.0 | * | YouTube | youtube.com/playlist | 4.0.0 | * | Tumblr | tumblr.com | 4.2.0 | * | Kickstarter | kickstarter.com | 4.2.0 | * | Kickstarter | kck.st | 4.2.0 | * | Cloudup | cloudup.com | 4.3.0 | * | ReverbNation | reverbnation.com | 4.4.0 | * | VideoPress | videopress.com | 4.4.0 | * | Reddit | reddit.com | 4.4.0 | * | Speaker Deck | speakerdeck.com | 4.4.0 | * | Twitter | twitter.com/timelines | 4.5.0 | * | Twitter | twitter.com/moments | 4.5.0 | * | Twitter | twitter.com/user | 4.7.0 | * | Twitter | twitter.com/likes | 4.7.0 | * | Twitter | twitter.com/lists | 4.7.0 | * | Screencast | screencast.com | 4.8.0 | * | Amazon | amazon.com (com.mx, com.br, ca) | 4.9.0 | * | Amazon | amazon.de (fr, it, es, in, nl, ru, co.uk) | 4.9.0 | * | Amazon | amazon.co.jp (com.au) | 4.9.0 | * | Amazon | amazon.cn | 4.9.0 | * | Amazon | a.co | 4.9.0 | * | Amazon | amzn.to (eu, in, asia) | 4.9.0 | * | Amazon | z.cn | 4.9.0 | * | Someecards | someecards.com | 4.9.0 | * | Someecards | some.ly | 4.9.0 | * | Crowdsignal | survey.fm | 5.1.0 | * | TikTok | tiktok.com | 5.4.0 | * | Pinterest | pinterest.com | 5.9.0 | * | WolframCloud | wolframcloud.com | 5.9.0 | * | Pocket Casts | pocketcasts.com | 6.1.0 | * | Crowdsignal | crowdsignal.net | 6.2.0 | * | Anghami | anghami.com | 6.3.0 | * | Bluesky | bsky.app | 6.6.0 | * | Canva | canva.com | 6.8.0 | * * No longer supported providers: * * | Provider | Flavor | Since | Removed | * | ------------ | -------------------- | --------- | --------- | * | Qik | qik.com | 2.9.0 | 3.9.0 | * | Viddler | viddler.com | 2.9.0 | 4.0.0 | * | Revision3 | revision3.com | 2.9.0 | 4.2.0 | * | Blip | blip.tv | 2.9.0 | 4.4.0 | * | Rdio | rdio.com | 3.6.0 | 4.4.1 | * | Rdio | rd.io | 3.6.0 | 4.4.1 | * | Vine | vine.co | 4.1.0 | 4.9.0 | * | Photobucket | photobucket.com | 2.9.0 | 5.1.0 | * | Funny or Die | funnyordie.com | 3.0.0 | 5.1.0 | * | CollegeHumor | collegehumor.com | 4.0.0 | 5.3.1 | * | Hulu | hulu.com | 2.9.0 | 5.5.0 | * | Instagram | instagram.com | 3.5.0 | 5.5.2 | * | Instagram | instagr.am | 3.5.0 | 5.5.2 | * | Instagram TV | instagram.com | 5.1.0 | 5.5.2 | * | Instagram TV | instagr.am | 5.1.0 | 5.5.2 | * | Facebook | facebook.com | 4.7.0 | 5.5.2 | * | Meetup.com | meetup.com | 3.9.0 | 6.0.1 | * | Meetup.com | meetu.ps | 3.9.0 | 6.0.1 | * | SlideShare | slideshare.net | 3.5.0 | 6.6.0 | * | Screencast | screencast.com | 4.8.0 | 6.8.2 | * * @see wp_oembed_add_provider() * * @since 2.9.0 * * @param array[] $providers An array of arrays containing data about popular oEmbed providers. */ $this->providers = apply_filters( 'oembed_providers', $providers ); // Fix any embeds that contain new lines in the middle of the HTML which breaks wpautop(). add_filter( 'oembed_dataparse', array( $this, '_strip_newlines' ), 10, 3 ); } /** * Exposes private/protected methods for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( in_array( $name, $this->compat_methods, true ) ) { return $this->$name( ...$arguments ); } return false; } /** * Takes a URL and returns the corresponding oEmbed provider's URL, if there is one. * * @since 4.0.0 * * @see WP_oEmbed::discover() * * @param string $url The URL to the content. * @param string|array $args { * Optional. Additional provider arguments. Default empty. * * @type bool $discover Optional. Determines whether to attempt to discover link tags * at the given URL for an oEmbed provider when the provider URL * is not found in the built-in providers list. Default true. * } * @return string|false The oEmbed provider URL on success, false on failure. */ public function get_provider( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = false; if ( ! isset( $args['discover'] ) ) { $args['discover'] = true; } foreach ( $this->providers as $matchmask => $data ) { list( $providerurl, $regex ) = $data; // Turn the asterisk-type provider URLs into regex. if ( ! $regex ) { $matchmask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $matchmask ), '#' ) ) . '#i'; $matchmask = preg_replace( '|^#http\\\://|', '#https?\://', $matchmask ); } if ( preg_match( $matchmask, $url ) ) { $provider = str_replace( '{format}', 'json', $providerurl ); // JSON is easier to deal with than XML. break; } } if ( ! $provider && $args['discover'] ) { $provider = $this->discover( $url ); } return $provider; } /** * Adds an oEmbed provider. * * The provider is added just-in-time when wp_oembed_add_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time addition is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_add_provider() * * @param string $format Format of URL that this provider can handle. You can use * asterisks as wildcards. * @param string $provider The URL to the oEmbed provider.. * @param bool $regex Optional. Whether the $format parameter is in a regex format. * Default false. */ public static function _add_provider_early( $format, $provider, $regex = false ) { if ( empty( self::$early_providers['add'] ) ) { self::$early_providers['add'] = array(); } self::$early_providers['add'][ $format ] = array( $provider, $regex ); } /** * Removes an oEmbed provider. * * The provider is removed just-in-time when wp_oembed_remove_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time removal is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_remove_provider() * * @param string $format The format of URL that this provider can handle. You can use * asterisks as wildcards. */ public static function _remove_provider_early( $format ) { if ( empty( self::$early_providers['remove'] ) ) { self::$early_providers['remove'] = array(); } self::$early_providers['remove'][] = $format; } /** * Takes a URL and attempts to return the oEmbed data. * * @see WP_oEmbed::fetch() * * @since 4.8.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function get_data( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = $this->get_provider( $url, $args ); if ( ! $provider ) { return false; } $data = $this->fetch( $provider, $url, $args ); if ( false === $data ) { return false; } return $data; } /** * The do-it-all function that takes a URL and attempts to return the HTML. * * @see WP_oEmbed::fetch() * @see WP_oEmbed::data2html() * * @since 2.9.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return string|false The UNSANITIZED (and potentially unsafe) HTML that should be used to embed * on success, false on failure. */ public function get_html( $url, $args = '' ) { /** * Filters the oEmbed result before any HTTP requests are made. * * This allows one to short-circuit the default logic, perhaps by * replacing it with a routine that is more optimal for your setup. * * Returning a non-null value from the filter will effectively short-circuit retrieval * and return the passed value instead. * * @since 4.5.3 * * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. * Default null to continue retrieving the result. * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ $pre = apply_filters( 'pre_oembed_result', null, $url, $args ); if ( null !== $pre ) { return $pre; } $data = $this->get_data( $url, $args ); if ( false === $data ) { return false; } /** * Filters the HTML returned by the oEmbed provider. * * @since 2.9.0 * * @param string|false $data The returned oEmbed HTML (false if unsafe). * @param string $url URL of the content to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ return apply_filters( 'oembed_result', $this->data2html( $data, $url ), $url, $args ); } /** * Attempts to discover link tags at the given URL for an oEmbed provider. * * @since 2.9.0 * * @param string $url The URL that should be inspected for discovery `<link>` tags. * @return string|false The oEmbed provider URL on success, false on failure. */ public function discover( $url ) { $providers = array(); $args = array( 'limit_response_size' => 153600, // 150 KB ); /** * Filters oEmbed remote get arguments. * * @since 4.0.0 * * @see WP_Http::request() * * @param array $args oEmbed remote get arguments. * @param string $url URL to be inspected. */ $args = apply_filters( 'oembed_remote_get_args', $args, $url ); // Fetch URL content. $request = wp_safe_remote_get( $url, $args ); $html = wp_remote_retrieve_body( $request ); if ( $html ) { /** * Filters the link types that contain oEmbed provider URLs. * * @since 2.9.0 * * @param string[] $format Array of oEmbed link types. Accepts 'application/json+oembed', * 'text/xml+oembed', and 'application/xml+oembed' (incorrect, * used by at least Vimeo). */ $linktypes = apply_filters( 'oembed_linktypes', array( 'application/json+oembed' => 'json', 'text/xml+oembed' => 'xml', 'application/xml+oembed' => 'xml', ) ); // Strip <body>. $html_head_end = stripos( $html, '</head>' ); if ( $html_head_end ) { $html = substr( $html, 0, $html_head_end ); } // Do a quick check. $tagfound = false; foreach ( $linktypes as $linktype => $format ) { if ( stripos( $html, $linktype ) ) { $tagfound = true; break; } } if ( $tagfound && preg_match_all( '#<link([^<>]+)/?>#iU', $html, $links ) ) { foreach ( $links[1] as $link ) { $atts = shortcode_parse_atts( $link ); if ( ! empty( $atts['type'] ) && ! empty( $linktypes[ $atts['type'] ] ) && ! empty( $atts['href'] ) ) { $providers[ $linktypes[ $atts['type'] ] ] = htmlspecialchars_decode( $atts['href'] ); // Stop here if it's JSON (that's all we need). if ( 'json' === $linktypes[ $atts['type'] ] ) { break; } } } } } // JSON is preferred to XML. if ( ! empty( $providers['json'] ) ) { return $providers['json']; } elseif ( ! empty( $providers['xml'] ) ) { return $providers['xml']; } else { return false; } } /** * Connects to an oEmbed provider and returns the result. * * @since 2.9.0 * * @param string $provider The URL to the oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function fetch( $provider, $url, $args = '' ) { $args = wp_parse_args( $args, wp_embed_defaults( $url ) ); $provider = add_query_arg( 'maxwidth', (int) $args['width'], $provider ); $provider = add_query_arg( 'maxheight', (int) $args['height'], $provider ); $provider = add_query_arg( 'url', urlencode( $url ), $provider ); $provider = add_query_arg( 'dnt', 1, $provider ); /** * Filters the oEmbed URL to be fetched. * * @since 2.9.0 * @since 4.9.0 The `dnt` (Do Not Track) query parameter was added to all oEmbed provider URLs. * * @param string $provider URL of the oEmbed provider. * @param string $url URL of the content to be embedded. * @param array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ $provider = apply_filters( 'oembed_fetch_url', $provider, $url, $args ); foreach ( array( 'json', 'xml' ) as $format ) { $result = $this->_fetch_with_format( $provider, $format ); if ( is_wp_error( $result ) && 'not-implemented' === $result->get_error_code() ) { continue; } return ( $result && ! is_wp_error( $result ) ) ? $result : false; } return false; } /** * Fetches result from an oEmbed provider for a specific format and complete provider URL * * @since 3.0.0 * * @param string $provider_url_with_args URL to the provider with full arguments list (url, maxheight, etc.) * @param string $format Format to use. * @return object|false|WP_Error The result in the form of an object on success, false on failure. */ private function _fetch_with_format( $provider_url_with_args, $format ) { $provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args ); /** This filter is documented in wp-includes/class-wp-oembed.php */ $args = apply_filters( 'oembed_remote_get_args', array(), $provider_url_with_args ); $response = wp_safe_remote_get( $provider_url_with_args, $args ); if ( 501 === wp_remote_retrieve_response_code( $response ) ) { return new WP_Error( 'not-implemented' ); } $body = wp_remote_retrieve_body( $response ); if ( ! $body ) { return false; } $parse_method = "_parse_$format"; return $this->$parse_method( $body ); } /** * Parses a json response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_json( $response_body ) { $data = json_decode( trim( $response_body ) ); return ( $data && is_object( $data ) ) ? $data : false; } /** * Parses an XML response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_xml( $response_body ) { if ( ! function_exists( 'libxml_disable_entity_loader' ) ) { return false; } if ( PHP_VERSION_ID < 80000 ) { /* * This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading * is disabled by default, so this function is no longer needed to protect against XXE attacks. */ $loader = libxml_disable_entity_loader( true ); } $errors = libxml_use_internal_errors( true ); $return = $this->_parse_xml_body( $response_body ); libxml_use_internal_errors( $errors ); if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) { // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated libxml_disable_entity_loader( $loader ); } return $return; } /** * Serves as a helper function for parsing an XML response body. * * @since 3.6.0 * * @param string $response_body * @return stdClass|false */ private function _parse_xml_body( $response_body ) { if ( ! function_exists( 'simplexml_import_dom' ) || ! class_exists( 'DOMDocument', false ) ) { return false; } $dom = new DOMDocument(); $success = $dom->loadXML( $response_body ); if ( ! $success ) { return false; } if ( isset( $dom->doctype ) ) { return false; } foreach ( $dom->childNodes as $child ) { if ( XML_DOCUMENT_TYPE_NODE === $child->nodeType ) { return false; } } $xml = simplexml_import_dom( $dom ); if ( ! $xml ) { return false; } $return = new stdClass(); foreach ( $xml as $key => $value ) { $return->$key = (string) $value; } return $return; } /** * Converts a data object from WP_oEmbed::fetch() and returns the HTML. * * @since 2.9.0 * * @param object $data A data object result from an oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @return string|false The HTML needed to embed on success, false on failure. */ public function data2html( $data, $url ) { if ( ! is_object( $data ) || empty( $data->type ) ) { return false; } $return = false; switch ( $data->type ) { case 'photo': if ( empty( $data->url ) || empty( $data->width ) || empty( $data->height ) ) { break; } if ( ! is_string( $data->url ) || ! is_numeric( $data->width ) || ! is_numeric( $data->height ) ) { break; } $title = ! empty( $data->title ) && is_string( $data->title ) ? $data->title : ''; $return = '<a href="' . esc_url( $url ) . '"><img src="' . esc_url( $data->url ) . '" alt="' . esc_attr( $title ) . '" width="' . esc_attr( $data->width ) . '" height="' . esc_attr( $data->height ) . '" /></a>'; break; case 'video': case 'rich': if ( ! empty( $data->html ) && is_string( $data->html ) ) { $return = $data->html; } break; case 'link': if ( ! empty( $data->title ) && is_string( $data->title ) ) { $return = '<a href="' . esc_url( $url ) . '">' . esc_html( $data->title ) . '</a>'; } break; default: $return = false; } /** * Filters the returned oEmbed HTML. * * Use this filter to add support for custom data types, or to filter the result. * * @since 2.9.0 * * @param string|false $return The returned oEmbed HTML, or false on failure. * @param object $data A data object result from an oEmbed provider. * @param string $url The URL of the content to be embedded. */ return apply_filters( 'oembed_dataparse', $return, $data, $url ); } /** * Strips any new lines from the HTML. * * @since 2.9.0 as strip_scribd_newlines() * @since 3.0.0 * * @param string|false $html Existing HTML. * @param object $data Data object from WP_oEmbed::data2html() * @param string $url The original URL passed to oEmbed. * @return string|false Possibly modified $html. */ public function _strip_newlines( $html, $data, $url ) { if ( ! str_contains( $html, "\n" ) ) { return $html; } $count = 1; $found = array(); $token = '__PRE__'; $search = array( "\t", "\n", "\r", ' ' ); $replace = array( '__TAB__', '__NL__', '__CR__', '__SPACE__' ); $tokenized = str_replace( $search, $replace, $html ); preg_match_all( '#(<pre[^>]*>.+?</pre>)#i', $tokenized, $matches, PREG_SET_ORDER ); foreach ( $matches as $i => $match ) { $tag_html = str_replace( $replace, $search, $match[0] ); $tag_token = $token . $i; $found[ $tag_token ] = $tag_html; $html = str_replace( $tag_html, $tag_token, $html, $count ); } $replaced = str_replace( $replace, $search, $html ); $stripped = str_replace( array( "\r\n", "\n" ), '', $replaced ); $pre = array_values( $found ); $tokens = array_keys( $found ); return str_replace( $tokens, $pre, $stripped ); } } HTTP/https-detection-20260606103613.php 0000666 00000013341 15226703613 0012546 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606002819-20260607123647.php 0000666 00000013341 15226703613 0014147 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605172228-20260606092006.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605171850-20260609014653.php 0000666 00000011205 15226703613 0014156 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/block-editor-20260605074802.php 0000666 00000071142 15226703613 0012017 0 ustar 00 <?php /** * Block Editor API. * * @package WordPress * @subpackage Editor * @since 5.8.0 */ /** * Returns the list of default categories for block types. * * @since 5.8.0 * @since 6.3.0 Reusable Blocks renamed to Patterns. * * @return array[] Array of categories for block types. */ function get_default_block_categories() { return array( array( 'slug' => 'text', 'title' => _x( 'Text', 'block category' ), 'icon' => null, ), array( 'slug' => 'media', 'title' => _x( 'Media', 'block category' ), 'icon' => null, ), array( 'slug' => 'design', 'title' => _x( 'Design', 'block category' ), 'icon' => null, ), array( 'slug' => 'widgets', 'title' => _x( 'Widgets', 'block category' ), 'icon' => null, ), array( 'slug' => 'theme', 'title' => _x( 'Theme', 'block category' ), 'icon' => null, ), array( 'slug' => 'embed', 'title' => _x( 'Embeds', 'block category' ), 'icon' => null, ), array( 'slug' => 'reusable', 'title' => _x( 'Patterns', 'block category' ), 'icon' => null, ), ); } /** * Returns all the categories for block types that will be shown in the block editor. * * @since 5.0.0 * @since 5.8.0 It is possible to pass the block editor context as param. * * @param WP_Post|WP_Block_Editor_Context $post_or_block_editor_context The current post object or * the block editor context. * * @return array[] Array of categories for block types. */ function get_block_categories( $post_or_block_editor_context ) { $block_categories = get_default_block_categories(); $block_editor_context = $post_or_block_editor_context instanceof WP_Post ? new WP_Block_Editor_Context( array( 'post' => $post_or_block_editor_context, ) ) : $post_or_block_editor_context; /** * Filters the default array of categories for block types. * * @since 5.8.0 * * @param array[] $block_categories Array of categories for block types. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $block_categories = apply_filters( 'block_categories_all', $block_categories, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the default array of categories for block types. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_categories_all'} filter instead. * * @param array[] $block_categories Array of categories for block types. * @param WP_Post $post Post being loaded. */ $block_categories = apply_filters_deprecated( 'block_categories', array( $block_categories, $post ), '5.8.0', 'block_categories_all' ); } return $block_categories; } /** * Gets the list of allowed block types to use in the block editor. * * @since 5.8.0 * * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return bool|string[] Array of block type slugs, or boolean to enable/disable all. */ function get_allowed_block_types( $block_editor_context ) { $allowed_block_types = true; /** * Filters the allowed block types for all editor types. * * @since 5.8.0 * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported). * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $allowed_block_types = apply_filters( 'allowed_block_types_all', $allowed_block_types, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the allowed block types for the editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'allowed_block_types_all'} filter instead. * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported) * @param WP_Post $post The post resource data. */ $allowed_block_types = apply_filters_deprecated( 'allowed_block_types', array( $allowed_block_types, $post ), '5.8.0', 'allowed_block_types_all' ); } return $allowed_block_types; } /** * Returns the default block editor settings. * * @since 5.8.0 * * @return array The default block editor settings. */ function get_default_block_editor_settings() { // Media settings. // wp_max_upload_size() can be expensive, so only call it when relevant for the current user. $max_upload_size = 0; if ( current_user_can( 'upload_files' ) ) { $max_upload_size = wp_max_upload_size(); if ( ! $max_upload_size ) { $max_upload_size = 0; } } /** This filter is documented in wp-admin/includes/media.php */ $image_size_names = apply_filters( 'image_size_names_choose', array( 'thumbnail' => __( 'Thumbnail' ), 'medium' => __( 'Medium' ), 'large' => __( 'Large' ), 'full' => __( 'Full Size' ), ) ); $available_image_sizes = array(); foreach ( $image_size_names as $image_size_slug => $image_size_name ) { $available_image_sizes[] = array( 'slug' => $image_size_slug, 'name' => $image_size_name, ); } $default_size = get_option( 'image_default_size', 'large' ); $image_default_size = in_array( $default_size, array_keys( $image_size_names ), true ) ? $default_size : 'large'; $image_dimensions = array(); $all_sizes = wp_get_registered_image_subsizes(); foreach ( $available_image_sizes as $size ) { $key = $size['slug']; if ( isset( $all_sizes[ $key ] ) ) { $image_dimensions[ $key ] = $all_sizes[ $key ]; } } // These styles are used if the "no theme styles" options is triggered or on // themes without their own editor styles. $default_editor_styles_file = ABSPATH . WPINC . '/css/dist/block-editor/default-editor-styles.css'; static $default_editor_styles_file_contents = false; if ( ! $default_editor_styles_file_contents && file_exists( $default_editor_styles_file ) ) { $default_editor_styles_file_contents = file_get_contents( $default_editor_styles_file ); } $default_editor_styles = array(); if ( $default_editor_styles_file_contents ) { $default_editor_styles = array( array( 'css' => $default_editor_styles_file_contents ), ); } $editor_settings = array( 'alignWide' => get_theme_support( 'align-wide' ), 'allowedBlockTypes' => true, 'allowedMimeTypes' => get_allowed_mime_types(), 'defaultEditorStyles' => $default_editor_styles, 'blockCategories' => get_default_block_categories(), 'isRTL' => is_rtl(), 'imageDefaultSize' => $image_default_size, 'imageDimensions' => $image_dimensions, 'imageEditing' => true, 'imageSizes' => $available_image_sizes, 'maxUploadFileSize' => $max_upload_size, '__experimentalDashboardLink' => admin_url( '/' ), // The following flag is required to enable the new Gallery block format on the mobile apps in 5.9. '__unstableGalleryWithImageBlocks' => true, ); $theme_settings = get_classic_theme_supports_block_editor_settings(); foreach ( $theme_settings as $key => $value ) { $editor_settings[ $key ] = $value; } return $editor_settings; } /** * Returns the block editor settings needed to use the Legacy Widget block which * is not registered by default. * * @since 5.8.0 * * @return array Settings to be used with get_block_editor_settings(). */ function get_legacy_widget_block_editor_settings() { $editor_settings = array(); /** * Filters the list of widget-type IDs that should **not** be offered by the * Legacy Widget block. * * Returning an empty array will make all widgets available. * * @since 5.8.0 * * @param string[] $widgets An array of excluded widget-type IDs. */ $editor_settings['widgetTypesToHideFromLegacyWidgetBlock'] = apply_filters( 'widget_types_to_hide_from_legacy_widget_block', array( 'pages', 'calendar', 'archives', 'media_audio', 'media_image', 'media_gallery', 'media_video', 'search', 'text', 'categories', 'recent-posts', 'recent-comments', 'rss', 'tag_cloud', 'custom_html', 'block', ) ); return $editor_settings; } /** * Collect the block editor assets that need to be loaded into the editor's iframe. * * @since 6.0.0 * @access private * * @global WP_Styles $wp_styles The WP_Styles current instance. * @global WP_Scripts $wp_scripts The WP_Scripts current instance. * * @return array { * The block editor assets. * * @type string|false $styles String containing the HTML for styles. * @type string|false $scripts String containing the HTML for scripts. * } */ function _wp_get_iframed_editor_assets() { global $wp_styles, $wp_scripts; // Keep track of the styles and scripts instance to restore later. $current_wp_styles = $wp_styles; $current_wp_scripts = $wp_scripts; // Create new instances to collect the assets. $wp_styles = new WP_Styles(); $wp_scripts = new WP_Scripts(); /* * Register all currently registered styles and scripts. The actions that * follow enqueue assets, but don't necessarily register them. */ $wp_styles->registered = $current_wp_styles->registered; $wp_scripts->registered = $current_wp_scripts->registered; /* * We generally do not need reset styles for the iframed editor. * However, if it's a classic theme, margins will be added to every block, * which is reset specifically for list items, so classic themes rely on * these reset styles. */ $wp_styles->done = wp_theme_has_theme_json() ? array( 'wp-reset-editor-styles' ) : array(); wp_enqueue_script( 'wp-polyfill' ); // Enqueue the `editorStyle` handles for all core block, and dependencies. wp_enqueue_style( 'wp-edit-blocks' ); if ( current_theme_supports( 'wp-block-styles' ) ) { wp_enqueue_style( 'wp-block-library-theme' ); } /* * We don't want to load EDITOR scripts in the iframe, only enqueue * front-end assets for the content. */ add_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); do_action( 'enqueue_block_assets' ); remove_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Additionally, do enqueue `editorStyle` assets for all blocks, which * contains editor-only styling for blocks (editor content). */ foreach ( $block_registry->get_all_registered() as $block_type ) { if ( isset( $block_type->editor_style_handles ) && is_array( $block_type->editor_style_handles ) ) { foreach ( $block_type->editor_style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } } } /** * Remove the deprecated `print_emoji_styles` handler. * It avoids breaking style generation with a deprecation message. */ $has_emoji_styles = has_action( 'wp_print_styles', 'print_emoji_styles' ); if ( $has_emoji_styles ) { remove_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_styles(); wp_print_font_faces(); wp_print_font_faces_from_style_variations(); $styles = ob_get_clean(); if ( $has_emoji_styles ) { add_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_head_scripts(); wp_print_footer_scripts(); $scripts = ob_get_clean(); // Restore the original instances. $wp_styles = $current_wp_styles; $wp_scripts = $current_wp_scripts; return array( 'styles' => $styles, 'scripts' => $scripts, ); } /** * Finds the first occurrence of a specific block in an array of blocks. * * @since 6.3.0 * * @param array $blocks Array of blocks. * @param string $block_name Name of the block to find. * @return array Found block, or empty array if none found. */ function wp_get_first_block( $blocks, $block_name ) { foreach ( $blocks as $block ) { if ( $block_name === $block['blockName'] ) { return $block; } if ( ! empty( $block['innerBlocks'] ) ) { $found_block = wp_get_first_block( $block['innerBlocks'], $block_name ); if ( ! empty( $found_block ) ) { return $found_block; } } } return array(); } /** * Retrieves Post Content block attributes from the current post template. * * @since 6.3.0 * @since 6.4.0 Return null if there is no post content block. * @access private * * @global int $post_ID * * @return array|null Post Content block attributes array or null if Post Content block doesn't exist. */ function wp_get_post_content_block_attributes() { global $post_ID; $is_block_theme = wp_is_block_theme(); if ( ! $is_block_theme || ! $post_ID ) { return null; } $template_slug = get_page_template_slug( $post_ID ); if ( ! $template_slug ) { $post_slug = 'singular'; $page_slug = 'singular'; $template_types = get_block_templates(); foreach ( $template_types as $template_type ) { if ( 'page' === $template_type->slug ) { $page_slug = 'page'; } if ( 'single' === $template_type->slug ) { $post_slug = 'single'; } } $what_post_type = get_post_type( $post_ID ); switch ( $what_post_type ) { case 'page': $template_slug = $page_slug; break; default: $template_slug = $post_slug; break; } } $current_template = get_block_templates( array( 'slug__in' => array( $template_slug ) ) ); if ( ! empty( $current_template ) ) { $template_blocks = parse_blocks( $current_template[0]->content ); $post_content_block = wp_get_first_block( $template_blocks, 'core/post-content' ); if ( isset( $post_content_block['attrs'] ) ) { return $post_content_block['attrs']; } } return null; } /** * Returns the contextualized block editor settings for a selected editor context. * * @since 5.8.0 * * @param array $custom_settings Custom settings to use with the given editor type. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return array The contextualized block editor settings. */ function get_block_editor_settings( array $custom_settings, $block_editor_context ) { $editor_settings = array_merge( get_default_block_editor_settings(), array( 'allowedBlockTypes' => get_allowed_block_types( $block_editor_context ), 'blockCategories' => get_block_categories( $block_editor_context ), ), $custom_settings ); $editor_settings['__experimentalBlockBindingsSupportedAttributes'] = array(); foreach ( array_keys( WP_Block_Type_Registry::get_instance()->get_all_registered() ) as $block_type ) { $supported_block_attributes = get_block_bindings_supported_attributes( $block_type ); if ( ! empty( $supported_block_attributes ) ) { $editor_settings['__experimentalBlockBindingsSupportedAttributes'][ $block_type ] = $supported_block_attributes; } } $global_styles = array(); $presets = array( array( 'css' => 'variables', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), array( 'css' => 'presets', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), ); foreach ( $presets as $preset_style ) { $actual_css = wp_get_global_stylesheet( array( $preset_style['css'] ) ); if ( '' !== $actual_css ) { $preset_style['css'] = $actual_css; $global_styles[] = $preset_style; } } if ( wp_theme_has_theme_json() ) { $block_classes = array( 'css' => 'styles', '__unstableType' => 'theme', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } /* * Add the custom CSS as a separate stylesheet so any invalid CSS * entered by users does not break other global styles. */ $global_styles[] = array( 'css' => wp_get_global_stylesheet( array( 'custom-css' ) ), '__unstableType' => 'user', 'isGlobalStyles' => true, ); } else { // If there is no `theme.json` file, ensure base layout styles are still available. $block_classes = array( 'css' => 'base-layout-styles', '__unstableType' => 'base-layout', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } } $editor_settings['styles'] = array_merge( $global_styles, get_block_editor_theme_styles() ); $editor_settings['__experimentalFeatures'] = wp_get_global_settings(); // These settings may need to be updated based on data coming from theme.json sources. if ( isset( $editor_settings['__experimentalFeatures']['color']['palette'] ) ) { $colors_by_origin = $editor_settings['__experimentalFeatures']['color']['palette']; $editor_settings['colors'] = isset( $colors_by_origin['custom'] ) ? $colors_by_origin['custom'] : ( isset( $colors_by_origin['theme'] ) ? $colors_by_origin['theme'] : $colors_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['gradients'] ) ) { $gradients_by_origin = $editor_settings['__experimentalFeatures']['color']['gradients']; $editor_settings['gradients'] = isset( $gradients_by_origin['custom'] ) ? $gradients_by_origin['custom'] : ( isset( $gradients_by_origin['theme'] ) ? $gradients_by_origin['theme'] : $gradients_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['fontSizes'] ) ) { $font_sizes_by_origin = $editor_settings['__experimentalFeatures']['typography']['fontSizes']; $editor_settings['fontSizes'] = isset( $font_sizes_by_origin['custom'] ) ? $font_sizes_by_origin['custom'] : ( isset( $font_sizes_by_origin['theme'] ) ? $font_sizes_by_origin['theme'] : $font_sizes_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['custom'] ) ) { $editor_settings['disableCustomColors'] = ! $editor_settings['__experimentalFeatures']['color']['custom']; unset( $editor_settings['__experimentalFeatures']['color']['custom'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ) ) { $editor_settings['disableCustomGradients'] = ! $editor_settings['__experimentalFeatures']['color']['customGradient']; unset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ) ) { $editor_settings['disableCustomFontSizes'] = ! $editor_settings['__experimentalFeatures']['typography']['customFontSize']; unset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ) ) { $editor_settings['enableCustomLineHeight'] = $editor_settings['__experimentalFeatures']['typography']['lineHeight']; unset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['units'] ) ) { $editor_settings['enableCustomUnits'] = $editor_settings['__experimentalFeatures']['spacing']['units']; unset( $editor_settings['__experimentalFeatures']['spacing']['units'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ) ) { $editor_settings['enableCustomSpacing'] = $editor_settings['__experimentalFeatures']['spacing']['padding']; unset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ) ) { $editor_settings['disableCustomSpacingSizes'] = ! $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize']; unset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['spacingSizes'] ) ) { $spacing_sizes_by_origin = $editor_settings['__experimentalFeatures']['spacing']['spacingSizes']; $editor_settings['spacingSizes'] = isset( $spacing_sizes_by_origin['custom'] ) ? $spacing_sizes_by_origin['custom'] : ( isset( $spacing_sizes_by_origin['theme'] ) ? $spacing_sizes_by_origin['theme'] : $spacing_sizes_by_origin['default'] ); } $editor_settings['__unstableResolvedAssets'] = _wp_get_iframed_editor_assets(); $editor_settings['__unstableIsBlockBasedTheme'] = wp_is_block_theme(); $editor_settings['localAutosaveInterval'] = 15; $editor_settings['disableLayoutStyles'] = current_theme_supports( 'disable-layout-styles' ); $editor_settings['__experimentalDiscussionSettings'] = array( 'commentOrder' => get_option( 'comment_order' ), 'commentsPerPage' => get_option( 'comments_per_page' ), 'defaultCommentsPage' => get_option( 'default_comments_page' ), 'pageComments' => get_option( 'page_comments' ), 'threadComments' => get_option( 'thread_comments' ), 'threadCommentsDepth' => get_option( 'thread_comments_depth' ), 'defaultCommentStatus' => get_option( 'default_comment_status' ), 'avatarURL' => get_avatar_url( '', array( 'size' => 96, 'force_default' => true, 'default' => get_option( 'avatar_default' ), ) ), ); $post_content_block_attributes = wp_get_post_content_block_attributes(); if ( isset( $post_content_block_attributes ) ) { $editor_settings['postContentAttributes'] = $post_content_block_attributes; } $editor_settings['canUpdateBlockBindings'] = current_user_can( 'edit_block_binding', $block_editor_context ); /** * Filters the settings to pass to the block editor for all editor type. * * @since 5.8.0 * * @param array $editor_settings Default editor settings. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $editor_settings = apply_filters( 'block_editor_settings_all', $editor_settings, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the settings to pass to the block editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_settings_all'} filter instead. * * @param array $editor_settings Default editor settings. * @param WP_Post $post Post being edited. */ $editor_settings = apply_filters_deprecated( 'block_editor_settings', array( $editor_settings, $post ), '5.8.0', 'block_editor_settings_all' ); } return $editor_settings; } /** * Preloads common data used with the block editor by specifying an array of * REST API paths that will be preloaded for a given block editor context. * * @since 5.8.0 * * @global WP_Post $post Global post object. * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * @global WP_Styles $wp_styles The WP_Styles object for printing styles. * * @param (string|string[])[] $preload_paths List of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ function block_editor_rest_api_preload( array $preload_paths, $block_editor_context ) { global $post, $wp_scripts, $wp_styles; /** * Filters the array of REST API paths that will be used to preloaded common data for the block editor. * * @since 5.8.0 * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $preload_paths = apply_filters( 'block_editor_rest_api_preload_paths', $preload_paths, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $selected_post = $block_editor_context->post; /** * Filters the array of paths that will be preloaded. * * Preload common data by specifying an array of REST API paths that will be preloaded. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_rest_api_preload_paths'} filter instead. * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Post $selected_post Post being edited. */ $preload_paths = apply_filters_deprecated( 'block_editor_preload_paths', array( $preload_paths, $selected_post ), '5.8.0', 'block_editor_rest_api_preload_paths' ); } if ( empty( $preload_paths ) ) { return; } /* * Ensure the global $post, $wp_scripts, and $wp_styles remain the same after * API data is preloaded. * Because API preloading can call the_content and other filters, plugins * can unexpectedly modify the global $post or enqueue assets which are not * intended for the block editor. */ $backup_global_post = ! empty( $post ) ? clone $post : $post; $backup_wp_scripts = ! empty( $wp_scripts ) ? clone $wp_scripts : $wp_scripts; $backup_wp_styles = ! empty( $wp_styles ) ? clone $wp_styles : $wp_styles; foreach ( $preload_paths as &$path ) { if ( is_string( $path ) && ! str_starts_with( $path, '/' ) ) { $path = '/' . $path; continue; } if ( is_array( $path ) && is_string( $path[0] ) && ! str_starts_with( $path[0], '/' ) ) { $path[0] = '/' . $path[0]; } } unset( $path ); $preload_data = array_reduce( $preload_paths, 'rest_preload_api_request', array() ); // Restore the global $post, $wp_scripts, and $wp_styles as they were before API preloading. $post = $backup_global_post; $wp_scripts = $backup_wp_scripts; $wp_styles = $backup_wp_styles; wp_add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createPreloadingMiddleware( %s ) );', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Creates an array of theme styles to load into the block editor. * * @since 5.8.0 * * @global array $editor_styles * * @return array An array of theme styles for the block editor. */ function get_block_editor_theme_styles() { global $editor_styles; $styles = array(); if ( $editor_styles && current_theme_supports( 'editor-styles' ) ) { foreach ( $editor_styles as $style ) { if ( preg_match( '~^(https?:)?//~', $style ) ) { $response = wp_remote_get( $style ); if ( ! is_wp_error( $response ) ) { $styles[] = array( 'css' => wp_remote_retrieve_body( $response ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } else { $file = get_theme_file_path( $style ); if ( is_file( $file ) ) { $styles[] = array( 'css' => file_get_contents( $file ), 'baseURL' => get_theme_file_uri( $style ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } } } return $styles; } /** * Returns the classic theme supports settings for block editor. * * @since 6.2.0 * @since 6.6.0 Add support for 'editor-spacing-sizes' theme support. * * @return array The classic theme supports settings. */ function get_classic_theme_supports_block_editor_settings() { $theme_settings = array( 'disableCustomColors' => get_theme_support( 'disable-custom-colors' ), 'disableCustomFontSizes' => get_theme_support( 'disable-custom-font-sizes' ), 'disableCustomGradients' => get_theme_support( 'disable-custom-gradients' ), 'disableLayoutStyles' => get_theme_support( 'disable-layout-styles' ), 'enableCustomLineHeight' => get_theme_support( 'custom-line-height' ), 'enableCustomSpacing' => get_theme_support( 'custom-spacing' ), 'enableCustomUnits' => get_theme_support( 'custom-units' ), ); // Theme settings. $color_palette = current( (array) get_theme_support( 'editor-color-palette' ) ); if ( false !== $color_palette ) { $theme_settings['colors'] = $color_palette; } $font_sizes = current( (array) get_theme_support( 'editor-font-sizes' ) ); if ( false !== $font_sizes ) { $theme_settings['fontSizes'] = $font_sizes; } $gradient_presets = current( (array) get_theme_support( 'editor-gradient-presets' ) ); if ( false !== $gradient_presets ) { $theme_settings['gradients'] = $gradient_presets; } $spacing_sizes = current( (array) get_theme_support( 'editor-spacing-sizes' ) ); if ( false !== $spacing_sizes ) { $theme_settings['spacingSizes'] = $spacing_sizes; } return $theme_settings; } /** * Initialize site preview. * * This function sets IFRAME_REQUEST to true if the site preview parameter is set. * * @since 6.8.0 */ function wp_initialize_site_preview_hooks() { if ( ! defined( 'IFRAME_REQUEST' ) && isset( $_GET['wp_site_preview'] ) && 1 === (int) $_GET['wp_site_preview'] && current_user_can( 'edit_theme_options' ) ) { define( 'IFRAME_REQUEST', true ); } } HTTP/https-migration-20260606074205-20260607034415.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/ClientException-20260605053026.php 0000666 00000000515 15226703613 0012525 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use SimplePie\Exception as SimplePieException; /** * Client exception class * * @internal */ final class ClientException extends SimplePieException { } HTTP/https-migration-20260605183304.php 0000666 00000011205 15226703613 0012562 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606032217-20260606143530.php 0000666 00000011205 15226703613 0014142 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605183217-20260606221155.php 0000666 00000011205 15226703613 0014150 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606072117-20260606185544.php 0000666 00000011205 15226703613 0014160 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605170228.php 0000666 00000011205 15226703613 0012563 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605100915-20260608035143.php 0000666 00000011205 15226703613 0014144 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-block-processor-20260605084253.php 0000666 00000210507 15226703613 0014300 0 ustar 00 <?php /** * Efficiently scan through block structure in document without parsing * the entire block tree and all of its JSON attributes into memory. * * @package WordPress * @subpackage Blocks * @since 6.9.0 */ /** * Class for efficiently scanning through block structure in a document * without parsing the entire block tree and JSON attributes into memory. * * ## Overview * * This class is designed to help analyze and modify block structure in a * streaming fashion and to bridge the gap between parsed block trees and * the text representing them. * * Use-cases for this class include but are not limited to: * * - Counting block types in a document. * - Queuing stylesheets based on the presence of various block types. * - Modifying blocks of a given type, i.e. migrations, updates, and styling. * - Searching for content of specific kinds, e.g. checking for blocks * with certain theme support attributes, or block bindings. * - Adding CSS class names to the element wrapping a block’s inner blocks. * * > *Note!* If a fully-parsed block tree of a document is necessary, including * > all the parsed JSON attributes, nested blocks, and HTML, consider * > using {@see \parse_blocks()} instead which will parse the document * > in one swift pass. * * For typical usage, jump first to the methods {@see self::next_block()}, * {@see self::next_delimiter()}, or {@see self::next_token()}. * * ### Values * * As a lower-level interface than {@see parse_blocks()} this class follows * different performance-focused values: * * - Minimize allocations so that documents of any size may be processed * on a fixed or marginal amount of memory. * - Make hidden costs explicit so that calling code only has to pay the * performance penalty for features it needs. * - Operate with a streaming and re-entrant design to make it possible * to operate on chunks of a document and to resume after pausing. * * This means that some operations might appear more cumbersome than one * might expect. This design tradeoff opens up opportunity to wrap this in * a convenience class to add higher-level functionality. * * ## Concepts * * All text documents can be considered a block document containing a combination * of “freeform HTML” and explicit block structure. Block structure forms through * special HTML comments called _delimiters_ which include a block type and, * optionally, block attributes encoded as a JSON object payload. * * This processor is designed to scan through a block document from delimiter to * delimiter, tracking how the delimiters impact the structure of the document. * Spans of HTML appear between delimiters. If these spans exist at the top level * of the document, meaning there is no containing block around them, they are * considered freeform HTML content. If, however, they appear _inside_ block * structure they are interpreted as `innerHTML` for the containing block. * * ### Tokens and scanning * * As the processor scans through a document is reports information about the token * on which is pauses. Tokens represent spans of text in the input comprising block * delimiters and spans of HTML. * * - {@see self::next_token()} visits every contiguous subspan of text in the * input document. This includes all explicit block comment delimiters and spans * of HTML content (whether freeform or inner HTML). * - {@see self::next_delimiter()} visits every explicit block comment delimiter * unless passed a block type which covers freeform HTML content. In these cases * it will stop at top-level spans of HTML and report a `null` block type. * - {@see self::next_block()} visits every block delimiter which _opens_ a block. * This includes opening block delimiters as well as void block delimiters. With * the same exception as above for freeform HTML block types, this will visit * top-level spans of HTML content. * * When matched on a particular token, the following methods provide structural * and textual information about it: * * - {@see self::get_delimiter_type()} reports whether the delimiter is an opener, * a closer, or if it represents a whole void block. * - {@see self::get_block_type()} reports the fully-qualified block type which * the delimiter represents. * - {@see self::get_printable_block_type()} reports the fully-qualified block type, * but returns `core/freeform` instead of `null` for top-level freeform HTML content. * - {@see self::is_block_type()} indicates if the delimiter represents a block of * the given block type, or wildcard or pseudo-block type described below. * - {@see self::opens_block()} indicates if the delimiter opens a block of one * of the provided block types. Opening, void, and top-level freeform HTML content * all open blocks. * - {@see static::get_attributes()} is currently reserved for a future streaming * JSON parser class. * - {@see self::allocate_and_return_parsed_attributes()} extracts the JSON attributes * for delimiters which open blocks and return the fully-parsed attributes as an * associative array. {@see static::get_last_json_error()} for when this fails. * - {@see self::is_html()} indicates if the token is a span of HTML which might * be top-level freeform content or a block’s inner HTML. * - {@see self::get_html_content()} returns the span of HTML. * - {@see self::get_span()} for the byte offset and length into the input document * representing the token. * * It’s possible for the processor to fail to scan forward if the input document ends * in a proper prefix of an explicit block comment delimiter. For example, if the input * ends in `<!-- wp:` then it _might_ be the start of another delimiter. The parser * cannot know, however, and therefore refuses to proceed. {@see static::get_last_error()} * to distinguish between a failure to find the next token and an incomplete input. * * ### Block types * * A block’s “type” comprises an optional _namespace_ and _name_. If the namespace * isn’t provided it will be interpreted as the implicit `core` namespace. For example, * the type `gallery` is the name of the block in the `core` namespace, but the type * `abc/gallery` is the _fully-qualified_ block type for the block whose name is still * `gallery`, but in the `abc` namespace. * * Methods on this class are aware of this block naming semantic and anywhere a block * type is an argument to a method it will be normalized to account for implicit namespaces. * Passing `paragraph` is the same as passing `core/paragraph`. On the contrary, anywhere * this class returns a block type, it will return the fully-qualified and normalized form. * For example, for the `<!-- wp:group -->` delimiter it will return `core/group` as the * block type. * * There are two special block types that change the behavior of the processor: * * - The wildcard `*` represents _any block_. In addition to matching all block types, * it also represents top-level freeform HTML whose block type is reported as `null`. * * - The `core/freeform` block type is a pseudo-block type which explicitly matches * top-level freeform HTML. * * These special block types can be passed into any method which searches for blocks. * * There is one additional special block type which may be returned from * {@see self::get_printable_block_type()}. This is the `#innerHTML` type, which * indicates that the HTML span on which the processor is paused is inner HTML for * a containing block. * * ### Spans of HTML * * Non-block content plays a complicated role in processing block documents. This * processor exposes tools to help work with these spans of HTML. * * - {@see self::is_html()} indicates if the processor is paused at a span of * HTML but does not differentiate between top-level freeform content and inner HTML. * - {@see self::is_non_whitespace_html()} indicates not only if the processor * is paused at a span of HTML, but also whether that span incorporates more than * whitespace characters. Because block serialization often inserts newlines between * block comment delimiters, this is useful for distinguishing “real” freeform * content from purely aesthetic syntax. * - {@see self::is_block_type()} matches top-level freeform HTML content when * provided one of the special block types described above. * * ### Block structure * * As the processor traverses block delimiters it maintains a stack of which blocks are * open at the given place in the document where it’s paused. This stack represents the * block structure of a document and is used to determine where blocks end, which blocks * represent inner blocks, whether a span of HTML is top-level freeform content, and * more. Investigate the stack with {@see self::get_breadcrumbs()}, which returns an * array of block types starting at the outermost-open block and descending to the * currently-visited block. * * Unlike {@parse_blocks()}, spans of HTML appear in this structure as the special * reported block type `#html`. Such a span represents inner HTML for a block if the * depth reported by {@see self::get_depth()} is greater than one. * * It will generally not be necessary to inspect the stack of open blocks, though * depth may be important for finding where blocks end. When visiting a block opener, * the depth will have been increased before pausing; in contrast the depth is * decremented before visiting a closer. This makes the following an easy way to * determine if a block is still open. * * Example: * * $depth = $processor->get_depth(); * while ( $processor->next_token() && $processor->get_depth() > $depth ) { * continue * } * // Processor is now paused at the token immediately following the closed block. * * #### Extracting blocks * * A unique feature of this processor is the ability to return the same output as * {@see \parse_blocks()} would produce, but for a subset of the input document. * For example, it’s possible to extract an image block, manipulate that parsed * block, and re-serialize it into the original document. It’s possible to do so * while skipping over the parse of the rest of the document. * * {@see self::extract_full_block_and_advance()} will scan forward from the current block opener * and build the parsed block structure until the current block is closed. It will * include all inner HTML and inner blocks, and parse all of the inner blocks. It * can be used to extract a block at any depth in the document, helpful for operating * on blocks within nested structure. * * Example: * * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery_block = $processor->extract_full_block_and_advance(); * $after_gallery = $processor->get_span()->start; * return ( * substr( $post_content, 0, $gallery_at ) . * serialize_block( modify_gallery( $gallery_block ) . * substr( $post_content, $after_gallery ) * ); * * #### Handling of malformed structure * * There are situations where closing block delimiters appear for which no open block * exists, or where a document ends before a block is closed, or where a closing block * delimiter appears but references a different block type than the most-recently * opened block does. In all of these cases, the stack of open blocks should mirror * the behavior in {@see \parse_blocks()}. * * Unlike {@see \parse_blocks()}, however, this processor can still operate on the * invalid block delimiters. It provides a few functions which can be used for building * custom and non-spec-compliant error handling. * * - {@see self::has_closing_flag()} indicates if the block delimiter contains the * closing flag at the end. Some invalid block delimiters might contain both the * void and closing flag, in which case {@see self::get_delimiter_type()} will * report that it’s a void block. * - {@see static::get_last_error()} indicates if the processor reached an invalid * block closing. Depending on the context, {@see \parse_blocks()} might instead * ignore the token or treat it as freeform HTML content. * * ## Static helpers * * This class provides helpers for performing semantic block-related operations. * * - {@see self::normalize_block_type()} takes a block type with or without the * implicit `core` namespace and returns a fully-qualified block type. * - {@see self::are_equal_block_types()} indicates if two spans across one or * more input texts represent the same fully-qualified block type. * * ## Subclassing * * This processor is designed to accurately parse a block document. Therefore, many * of its methods are not meant for subclassing. However, overall this class supports * building higher-level convenience classes which may choose to subclass it. For those * classes, avoid re-implementing methods except for the list below. Instead, create * new names representing the higher-level concepts being introduced. For example, instead * of creating a new method named `next_block()` which only advances to blocks of a given * kind, consider creating a new method named something like `next_layout_block()` which * won’t interfere with the base class method. * * - {@see static::get_last_error()} may be reimplemented to report new errors in the subclass * which aren’t intrinsic to block parsing. * - {@see static::get_attributes()} may be reimplemented to provide a streaming interface * to reading and modifying a block’s JSON attributes. It should be fast and memory efficient. * - {@see static::get_last_json_error()} may be reimplemented to report new errors introduced * with a reimplementation of {@see static::get_attributes()}. * * @since 6.9.0 */ class WP_Block_Processor { /** * Indicates if the last operation failed, otherwise * will be `null` for success. * * @since 6.9.0 * * @var string|null */ private $last_error = null; /** * Indicates failures from decoding JSON attributes. * * @since 6.9.0 * * @see \json_last_error() * * @var int */ private $last_json_error = JSON_ERROR_NONE; /** * Source text provided to processor. * * @since 6.9.0 * * @var string */ protected $source_text; /** * Byte offset into source text where a matched delimiter starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰─ Starts at byte offset 17. * * @since 6.9.0 * * @var int */ private $matched_delimiter_at = 0; /** * Byte length of full span of a matched delimiter. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $matched_delimiter_length = 0; /** * First byte offset into source text following any previously-matched delimiter. * Used to indicate where an HTML span starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 55 * <!-- wp:paragraph --><p>Content</p><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨ * │ ╰─ This delimiter was matched, and after matching, * │ revealed the preceding HTML span. * │ * ╰─ The first byte offset after the previous matched delimiter * is 21. Because the matched delimiter starts at 55, which is after * this, a span of HTML must exist between these boundaries. * * @since 6.9.0 * * @var int */ private $after_previous_delimiter = 0; /** * Byte offset where namespace span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block name. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $namespace_at = 0; /** * Byte offset where block name span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block namespace. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $name_at = 0; /** * Byte length of block name span. * * Example: * * 5 10 15 20 25 * <!-- wp:core/gallery --> * ╰─────╯ * 7 bytes long. * * @since 6.9.0 * * @var int */ private $name_length = 0; /** * Whether the delimiter contains the block-closing flag. * * This may be erroneous if present within a void block, * therefore the {@see self::has_closing_flag()} can be used by * calling code to perform custom error-handling. * * @since 6.9.0 * * @var bool */ private $has_closing_flag = false; /** * Byte offset where JSON attributes span begins. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰─ Starts at byte offset 18. * * @since 6.9.0 * * @var int */ private $json_at; /** * Byte length of JSON attributes span, or 0 if none are present. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $json_length = 0; /** * Internal parser state, differentiating whether the instance is currently matched, * on an implicit freeform node, in error, or ready to begin parsing. * * @see self::READY * @see self::MATCHED * @see self::HTML_SPAN * @see self::INCOMPLETE_INPUT * @see self::COMPLETE * * @since 6.9.0 * * @var string */ protected $state = self::READY; /** * Indicates what kind of block comment delimiter was matched. * * One of: * * - {@see self::OPENER} If the delimiter is opening a block. * - {@see self::CLOSER} If the delimiter is closing an open block. * - {@see self::VOID} If the delimiter represents a void block with no inner content. * * If a parsed comment delimiter contains both the closing and the void * flags then it will be interpreted as a void block to match the behavior * of the official block parser, however, this is a syntax error and probably * the block ought to close an open block of the same name, if one is open. * * @since 6.9.0 * * @var string */ private $type; /** * Whether the last-matched delimiter acts like a void block and should be * popped from the stack of open blocks as soon as the parser advances. * * This applies to void block delimiters and to HTML spans. * * @since 6.9.0 * * @var bool */ private $was_void = false; /** * For every open block, in hierarchical order, this stores the byte offset * into the source text where the block type starts, including for HTML spans. * * To avoid allocating and normalizing block names when they aren’t requested, * the stack of open blocks is stored as the byte offsets and byte lengths of * each open block’s block type. This allows for minimal tracking and quick * reading or comparison of block types when requested. * * @since 6.9.0 * * @see self::$open_blocks_length * * @var int[] */ private $open_blocks_at = array(); /** * For every open block, in hierarchical order, this stores the byte length * of the block’s block type in the source text. For HTML spans this is 0. * * @since 6.9.0 * * @see self::$open_blocks_at * * @var int[] */ private $open_blocks_length = array(); /** * Indicates which operation should apply to the stack of open blocks after * processing any pending spans of HTML. * * Since HTML spans are discovered after matching block delimiters, those * delimiters need to defer modifying the stack of open blocks. This value, * if set, indicates what operation should be applied. The properties * associated with token boundaries still point to the delimiters even * when processing HTML spans, so there’s no need to track them independently. * * @var 'push'|'void'|'pop'|null */ private $next_stack_op = null; /** * Creates a new block processor. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( $processor->next_block( 'core/image' ) ) { * echo "Found an image!\n"; * } * * @see self::next_block() to advance to the start of the next block (skips closers). * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @since 6.9.0 * * @param string $source_text Input document potentially containing block content. */ public function __construct( string $source_text ) { $this->source_text = $source_text; } /** * Advance to the next block delimiter which opens a block, indicating if one was found. * * Delimiters which open blocks include opening and void block delimiters. To visit * freeform HTML content, pass the wildcard “*” as the block type. * * Use this function to walk through the blocks in a document, pausing where they open. * * Example blocks: * * // The first delimiter opens the paragraph block. * <⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨<p>Content</p><!-- /wp:paragraph--> * * // The void block is the first opener in this sequence of closers. * <!-- /wp:group --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨s⃨p⃨a⃨c⃨e⃨r⃨ ⃨{⃨"⃨h⃨e⃨i⃨g⃨h⃨t⃨"⃨:⃨"⃨2⃨0⃨0⃨p⃨x⃨"⃨}⃨ ⃨/⃨-⃨-⃨>⃨<!-- /wp:group --> * * // If, however, `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * <!-- /wp:list-item --></ul><!-- /wp:list --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨>⃨<p> * * Example: * * // Find all textual ranges of image block opening delimiters. * $images = array(); * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( 'core/image' ) ) { * $images[] = $processor->get_span(); * } * * In some cases it may be useful to conditionally visit the implicit freeform * blocks, such as when determining if a post contains freeform content that * isn’t purely whitespace. * * Example: * * $seen_block_types = []; * $block_type = '*'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( $block_type ) { * // Stop wasting time visiting freeform blocks after one has been found. * if ( * '*' === $block_type && * null === $processor->get_block_type() && * $processor->is_non_whitespace_html() * ) { * $block_type = null; * $seen_block_types['core/freeform'] = true; * continue; * } * * $seen_block_types[ $processor->get_block_type() ] = true; * } * * @since 6.9.0 * * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @param string|null $block_type Optional. If provided, advance until a block of this type is found. * Default is to stop at any block regardless of its type. * @return bool Whether an opening delimiter for a block was found. */ public function next_block( ?string $block_type = null ): bool { while ( $this->next_delimiter( $block_type ) ) { if ( self::CLOSER !== $this->get_delimiter_type() ) { return true; } } return false; } /** * Advance to the next block delimiter in a document, indicating if one was found. * * Delimiters may include invalid JSON. This parser does not attempt to parse the * JSON attributes until requested; when invalid, the attributes will be null. This * matches the behavior of {@see \parse_blocks()}. To visit freeform HTML content, * pass the wildcard “*” as the block type. * * Use this function to walk through the block delimiters in a document. * * Example delimiters: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * * // If the wildcard `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * ...</ul><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨l⃨i⃨s⃨t⃨ ⃨-⃨-⃨>⃨<!-- wp:paragraph --><p> * * Example: * * $html = '<!-- wp:void /-->\n<!-- wp:void /-->'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() { * // Runs twice, seeing both void blocks of type “core/void.” * } * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter( '*' ) ) { * // Runs thrice, seeing the void block, the newline span, and the void block. * } * * @since 6.9.0 * * @param string|null $block_name Optional. Keep searching until a block of this name is found. * Defaults to visit every block regardless of type. * @return bool Whether a block delimiter was matched. */ public function next_delimiter( ?string $block_name = null ): bool { if ( ! isset( $block_name ) ) { while ( $this->next_token() ) { if ( ! $this->is_html() ) { return true; } } return false; } while ( $this->next_token() ) { if ( $this->is_block_type( $block_name ) ) { return true; } } return false; } /** * Advance to the next block delimiter or HTML span in a document, indicating if one was found. * * This function steps through every syntactic chunk in a document. This includes explicit * block comment delimiters, freeform non-block content, and inner HTML segments. * * Example tokens: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * <p>Normal HTML content</p> * Plaintext content too! * * Example: * * // Find span containing wrapping HTML element surrounding inner blocks. * $processor = new WP_Block_Processor( $html ); * if ( ! $processor->next_block( 'gallery' ) ) { * return null; * } * * $containing_span = null; * while ( $processor->next_token() && $processor->is_html() ) { * $containing_span = $processor->get_span(); * } * * This method will visit all HTML spans including those forming freeform non-block * content as well as those which are part of a block’s inner HTML. * * @since 6.9.0 * * @return bool Whether a token was matched or the end of the document was reached without finding any. */ public function next_token(): bool { if ( $this->last_error || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return false; } // Void tokens automatically pop off the stack of open blocks. if ( $this->was_void ) { array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); $this->was_void = false; } $text = $this->source_text; $end = strlen( $text ); /* * Because HTML spans are inferred after finding the next delimiter, it means that * the parser must transition out of that HTML state and reuse the token boundaries * it found after the HTML span. If those boundaries are before the end of the * document it implies that a real delimiter was found; otherwise this must be the * terminating HTML span and the parsing is complete. */ if ( self::HTML_SPAN === $this->state ) { if ( $this->matched_delimiter_at >= $end ) { $this->state = self::COMPLETE; return false; } switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'push': $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; $this->state = self::MATCHED; return true; } $this->state = self::READY; $after_prev_delimiter = $this->matched_delimiter_at + $this->matched_delimiter_length; $at = $after_prev_delimiter; while ( $at < $end ) { /* * Find the next possible start of a delimiter. * * This follows the behavior in the official block parser, which segments a post * by the block comment delimiters. It is possible for an HTML attribute to contain * what looks like a block comment delimiter but which is actually an HTML attribute * value. In such a case, the parser here will break apart the HTML and create the * block boundary inside the HTML attribute. In other words, the block parser * isolates sections of HTML from each other, even if that leads to malformed markup. * * For a more robust parse, scan through the document with the HTML API and parse * comments once they are matched to see if they are also block delimiters. In * practice, this nuance has not caused any known problems since developing blocks. * * <⃨!⃨-⃨-⃨ /wp:core/paragraph {"dropCap":true} /--> */ $comment_opening_at = strpos( $text, '<!--', $at ); /* * Even if the start of a potential block delimiter is not found, the document * might end in a prefix of such, and in that case there is incomplete input. */ if ( false === $comment_opening_at ) { if ( str_ends_with( $text, '<!-' ) ) { $backup = 3; } elseif ( str_ends_with( $text, '<!' ) ) { $backup = 2; } elseif ( str_ends_with( $text, '<' ) ) { $backup = 1; } else { $backup = 0; } // Whether or not there is a potential delimiter, there might be an HTML span. if ( $after_prev_delimiter < ( $end - $backup ) ) { $this->state = self::HTML_SPAN; $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $end - $backup; $this->matched_delimiter_length = $backup; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } /* * In the case that there is the start of an HTML comment, it means that there * might be a block delimiter, but it’s not possible know, therefore it’s incomplete. */ if ( $backup > 0 ) { goto incomplete; } // Otherwise this is the end. $this->state = self::COMPLETE; return false; } // <!-- ⃨/wp:core/paragraph {"dropCap":true} /--> $opening_whitespace_at = $comment_opening_at + 4; if ( $opening_whitespace_at >= $end ) { goto incomplete; } $opening_whitespace_length = strspn( $text, " \t\f\r\n", $opening_whitespace_at ); /* * The `wp` prefix cannot come before this point, but it may come after it * depending on the presence of the closer. This is detected next. */ $wp_prefix_at = $opening_whitespace_at + $opening_whitespace_length; if ( $wp_prefix_at >= $end ) { goto incomplete; } if ( 0 === $opening_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /⃨wp:core/paragraph {"dropCap":true} /--> $has_closer = false; if ( '/' === $text[ $wp_prefix_at ] ) { $has_closer = true; ++$wp_prefix_at; } // <!-- /w⃨p⃨:⃨core/paragraph {"dropCap":true} /--> if ( $wp_prefix_at < $end && 0 !== substr_compare( $text, 'wp:', $wp_prefix_at, 3 ) ) { if ( ( $wp_prefix_at + 2 >= $end && str_ends_with( $text, 'wp' ) ) || ( $wp_prefix_at + 1 >= $end && str_ends_with( $text, 'w' ) ) ) { goto incomplete; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * If the block contains no namespace, this will end up masquerading with * the block name. It’s easier to first detect the span and then determine * if it’s a namespace of a name. * * <!-- /wp:c⃨o⃨r⃨e⃨/paragraph {"dropCap":true} /--> */ $namespace_at = $wp_prefix_at + 3; if ( $namespace_at >= $end ) { goto incomplete; } $start_of_namespace = $text[ $namespace_at ]; // The namespace must start with a-z. if ( 'a' > $start_of_namespace || 'z' < $start_of_namespace ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $namespace_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $namespace_at + 1 ); $separator_at = $namespace_at + $namespace_length; if ( $separator_at >= $end ) { goto incomplete; } // <!-- /wp:core/⃨paragraph {"dropCap":true} /--> $has_separator = '/' === $text[ $separator_at ]; if ( $has_separator ) { $name_at = $separator_at + 1; if ( $name_at >= $end ) { goto incomplete; } // <!-- /wp:core/p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ {"dropCap":true} /--> $start_of_name = $text[ $name_at ]; if ( 'a' > $start_of_name || 'z' < $start_of_name ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $name_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $name_at + 1 ); } else { $name_at = $namespace_at; $name_length = $namespace_length; } if ( $name_at + $name_length >= $end ) { goto incomplete; } /* * For this next section of the delimiter, it could be the JSON attributes * or it could be the end of the comment. Assume that the JSON is there and * update if it’s not. */ // <!-- /wp:core/paragraph ⃨{"dropCap":true} /--> $after_name_whitespace_at = $name_at + $name_length; $after_name_whitespace_length = strspn( $text, " \t\f\r\n", $after_name_whitespace_at ); $json_at = $after_name_whitespace_at + $after_name_whitespace_length; if ( $json_at >= $end ) { goto incomplete; } if ( 0 === $after_name_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /wp:core/paragraph {⃨"dropCap":true} /--> $has_json = '{' === $text[ $json_at ]; $json_length = 0; /* * For the final span of the delimiter it's most efficient to find the end of the * HTML comment and work backwards. This prevents complicated parsing inside the * JSON span, which is not allowed to contain the HTML comment terminator. * * This also matches the behavior in the official block parser, * even though it allows for matching invalid JSON content. * * <!-- /wp:core/paragraph {"dropCap":true} /-⃨-⃨>⃨ */ $comment_closing_at = strpos( $text, '-->', $json_at ); if ( false === $comment_closing_at ) { goto incomplete; } // <!-- /wp:core/paragraph {"dropCap":true} /⃨--> if ( '/' === $text[ $comment_closing_at - 1 ] ) { $has_void_flag = true; $void_flag_length = 1; } else { $has_void_flag = false; $void_flag_length = 0; } /* * If there's no JSON, then the span of text after the name * until the comment closing must be completely whitespace. * Otherwise it’s a normal HTML comment. */ if ( ! $has_json ) { if ( $after_name_whitespace_at + $after_name_whitespace_length === $comment_closing_at - $void_flag_length ) { // This must be a block delimiter! $this->state = self::MATCHED; break; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * There's JSON, so attempt to find its boundary. * * @todo It’s likely faster to scan forward instead of in reverse. * * <!-- /wp:core/paragraph {"dropCap":true}⃨ ⃨/--> */ $after_json_whitespace_length = 0; for ( $char_at = $comment_closing_at - $void_flag_length - 1; $char_at > $json_at; $char_at-- ) { $char = $text[ $char_at ]; switch ( $char ) { case ' ': case "\t": case "\f": case "\r": case "\n": ++$after_json_whitespace_length; continue 2; case '}': $json_length = $char_at - $json_at + 1; break 2; default: ++$at; continue 3; } } /* * This covers cases where there is no terminating “}” or where * mandatory whitespace is missing. */ if ( 0 === $json_length || 0 === $after_json_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // This must be a block delimiter! $this->state = self::MATCHED; break; } // The end of the document was reached without a match. if ( self::MATCHED !== $this->state ) { $this->state = self::COMPLETE; return false; } /* * From this point forward, a delimiter has been matched. There * might also be an HTML span that appears before the delimiter. */ $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $comment_opening_at; $this->matched_delimiter_length = $comment_closing_at + 3 - $comment_opening_at; $this->namespace_at = $namespace_at; $this->name_at = $name_at; $this->name_length = $name_length; $this->json_at = $json_at; $this->json_length = $json_length; /* * When delimiters contain both the void flag and the closing flag * they shall be interpreted as void blocks, per the spec parser. */ if ( $has_void_flag ) { $this->type = self::VOID; $this->next_stack_op = 'void'; } elseif ( $has_closer ) { $this->type = self::CLOSER; $this->next_stack_op = 'pop'; /* * @todo Check if the name matches and bail according to the spec parser. * The default parser doesn’t examine the names. */ } else { $this->type = self::OPENER; $this->next_stack_op = 'push'; } $this->has_closing_flag = $has_closer; // HTML spans are visited before the delimiter that follows them. if ( $comment_opening_at > $after_prev_delimiter ) { $this->state = self::HTML_SPAN; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } // If there were no HTML spans then flush the enqueued stack operations immediately. switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'push': $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; return true; incomplete: $this->state = self::COMPLETE; $this->last_error = self::INCOMPLETE_INPUT; return false; } /** * Returns an array containing the names of the currently-open blocks, in order * from outermost to innermost, with HTML spans indicated as “#html”. * * Example: * * // Freeform HTML content is an HTML span. * $processor = new WP_Block_Processor( 'Just text' ); * $processor->next_token(); * array( '#text' ) === $processor->get_breadcrumbs(); * * $processor = new WP_Block_Processor( '<!-- wp:a --><!-- wp:b --><!-- wp:c /--><!-- /wp:b --><!-- /wp:a -->' ); * $processor->next_token(); * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array( 'core/a', 'core/b' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Void blocks are only open while visiting them. * array( 'core/a', 'core/b', 'core/c' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Blocks are closed before visiting their closing delimiter. * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array() === $processor->get_breadcrumbs(); * * // Inner HTML is also an HTML span. * $processor = new WP_Block_Processor( '<!-- wp:a -->Inner HTML<!-- /wp:a -->' ); * $processor->next_token(); * $processor->next_token(); * array( 'core/a', '#html' ) === $processor->get_breadcrumbs(); * * @since 6.9.0 * * @return string[] */ public function get_breadcrumbs(): array { $breadcrumbs = array_fill( 0, count( $this->open_blocks_at ), null ); /* * Since HTML spans can only be at the very end, set the normalized block name for * each open element and then work backwards after creating the array. This allows * for the elimination of a conditional on each iteration of the loop. */ foreach ( $this->open_blocks_at as $i => $at ) { $block_type = substr( $this->source_text, $at, $this->open_blocks_length[ $i ] ); $breadcrumbs[ $i ] = self::normalize_block_type( $block_type ); } if ( isset( $i ) && 0 === $this->open_blocks_length[ $i ] ) { $breadcrumbs[ $i ] = '#html'; } return $breadcrumbs; } /** * Returns the depth of the open blocks where the processor is currently matched. * * Depth increases before visiting openers and void blocks and decreases before * visiting closers. HTML spans behave like void blocks. * * @since 6.9.0 * * @return int */ public function get_depth(): int { return count( $this->open_blocks_at ); } /** * Extracts a block object, and all inner content, starting at a matched opening * block delimiter, or at a matched top-level HTML span as freeform HTML content. * * Use this function to extract some blocks within a document, but not all. For example, * one might want to find image galleries, parse them, modify them, and then reserialize * them in place. * * Once this function returns, the parser will be matched on token following the close * of the given block. * * The return type of this method is compatible with the return of {@see \parse_blocks()}. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery = $processor->extract_full_block_and_advance(); * $ends_before = $processor->get_span(); * $ends_before = $ends_before->start ?? strlen( $post_content ); * * $new_gallery = update_gallery( $gallery ); * $new_gallery = serialize_block( $new_gallery ); * * return ( * substr( $post_content, 0, $gallery_at ) . * $new_gallery . * substr( $post_content, $ends_before ) * ); * * @since 6.9.0 * * @return array[]|null { * Array of block structures. * * @type array ...$0 { * An associative array of a single parsed block object. See WP_Block_Parser_Block. * * @type string|null $blockName Name of block. * @type array $attrs Attributes from block comment delimiters. * @type array[] $innerBlocks List of inner blocks. An array of arrays that * have the same structure as this one. * @type string $innerHTML HTML from inside block comment delimiters. * @type array $innerContent List of string fragments and null markers where * inner blocks were found. * } * } */ public function extract_full_block_and_advance(): ?array { if ( $this->is_html() ) { $chunk = $this->get_html_content(); return array( 'blockName' => null, 'attrs' => array(), 'innerBlocks' => array(), 'innerHTML' => $chunk, 'innerContent' => array( $chunk ), ); } $block = array( 'blockName' => $this->get_block_type(), 'attrs' => $this->allocate_and_return_parsed_attributes() ?? array(), 'innerBlocks' => array(), 'innerHTML' => '', 'innerContent' => array(), ); $depth = $this->get_depth(); while ( $this->next_token() && $this->get_depth() > $depth ) { if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; continue; } /** * Inner blocks. * * @todo This is a decent place to call {@link \render_block()} * @todo Use iteration instead of recursion, or at least refactor to tail-call form. */ if ( $this->opens_block() ) { $inner_block = $this->extract_full_block_and_advance(); $block['innerBlocks'][] = $inner_block; $block['innerContent'][] = null; } /* * Because the parser has advanced past the closing block token, it * may be matched on an HTML span. This needs to be processed before * moving on to the next token at the start of the next loop iteration. */ if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; } } return $block; } /** * Returns the byte-offset after the ending character of an HTML comment, * assuming the proper starting byte offset. * * @since 6.9.0 * * @param int $comment_starting_at Where the HTML comment started, the leading `<`. * @param int $search_end Last offset in which to search, for limiting search span. * @return int Offset after the current HTML comment ends, or `$search_end` if no end was found. */ private function find_html_comment_end( int $comment_starting_at, int $search_end ): int { $text = $this->source_text; // Find span-of-dashes comments which look like `<!----->`. $span_of_dashes = strspn( $text, '-', $comment_starting_at + 2 ); if ( $comment_starting_at + 2 + $span_of_dashes < $search_end && '>' === $text[ $comment_starting_at + 2 + $span_of_dashes ] ) { return $comment_starting_at + $span_of_dashes + 1; } // Otherwise, there are other characters inside the comment, find the first `-->` or `--!>`. $now_at = $comment_starting_at + 4; while ( $now_at < $search_end ) { $dashes_at = strpos( $text, '--', $now_at ); if ( false === $dashes_at ) { return $search_end; } $closer_must_be_at = $dashes_at + 2 + strspn( $text, '-', $dashes_at + 2 ); if ( $closer_must_be_at < $search_end && '!' === $text[ $closer_must_be_at ] ) { ++$closer_must_be_at; } if ( $closer_must_be_at < $search_end && '>' === $text[ $closer_must_be_at ] ) { return $closer_must_be_at + 1; } ++$now_at; } return $search_end; } /** * Indicates if the last attempt to parse a block comment delimiter * failed, if set, otherwise `null` if the last attempt succeeded. * * @since 6.9.0 * * @return string|null Error from last attempt at parsing next block delimiter, * or `null` if last attempt succeeded. */ public function get_last_error(): ?string { return $this->last_error; } /** * Indicates if the last attempt to parse a block’s JSON attributes failed. * * @see \json_last_error() * * @since 6.9.0 * * @return int JSON_ERROR_ code from last attempt to parse block JSON attributes. */ public function get_last_json_error(): int { return $this->last_json_error; } /** * Returns the type of the block comment delimiter. * * One of: * * - {@see self::OPENER} * - {@see self::CLOSER} * - {@see self::VOID} * - `null` * * @since 6.9.0 * * @return string|null type of the block comment delimiter, if currently matched. */ public function get_delimiter_type(): ?string { switch ( $this->state ) { case self::HTML_SPAN: return self::VOID; case self::MATCHED: return $this->type; default: return null; } } /** * Returns whether the delimiter contains the closing flag. * * This should be avoided except in cases of custom error-handling * with block closers containing the void flag. For normative use, * {@see self::get_delimiter_type()}. * * @since 6.9.0 * * @return bool Whether the currently-matched block delimiter contains the closing flag. */ public function has_closing_flag(): bool { return $this->has_closing_flag; } /** * Indicates if the block delimiter represents a block of the given type. * * Since the “core” namespace may be implicit, it’s allowable to pass * either the fully-qualified block type with namespace and block name * as well as the shorthand version only containing the block name, if * the desired block is in the “core” namespace. * * Since freeform HTML content is non-block content, it has no block type. * Passing the wildcard “*” will, however, return true for all block types, * even the implicit freeform content, though not for spans of inner HTML. * * Example: * * $is_core_paragraph = $processor->is_block_type( 'paragraph' ); * $is_core_paragraph = $processor->is_block_type( 'core/paragraph' ); * $is_formula = $processor->is_block_type( 'math-block/formula' ); * * @param string $block_type Block type name for the desired block. * E.g. "paragraph", "core/paragraph", "math-blocks/formula". * @return bool Whether this delimiter represents a block of the given type. */ public function is_block_type( string $block_type ): bool { if ( '*' === $block_type ) { return true; } if ( $this->is_html() ) { // This is a core/freeform text block, it’s special. if ( 0 === ( $this->open_blocks_length[0] ?? null ) ) { return ( 'core/freeform' === $block_type || 'freeform' === $block_type ); } // Otherwise this is innerHTML and not a block. return false; } return $this->are_equal_block_types( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length, $block_type, 0, strlen( $block_type ) ); } /** * Given two spans of text, indicate if they represent identical block types. * * This function normalizes block types to account for implicit core namespacing. * * Note! This function only returns valid results when the complete block types are * represented in the span offsets and lengths. This means that the full optional * namespace and block name must be represented in the input arguments. * * Example: * * 0 5 10 15 20 25 30 35 40 * $text = '<!-- wp:block --><!-- /wp:core/block -->'; * * true === WP_Block_Processor::are_equal_block_types( $text, 9, 5, $text, 27, 10 ); * false === WP_Block_Processor::are_equal_block_types( $text, 9, 5, 'my/block', 0, 8 ); * * @since 6.9.0 * * @param string $a_text Text in which first block type appears. * @param int $a_at Byte offset into text in which first block type starts. * @param int $a_length Byte length of first block type. * @param string $b_text Text in which second block type appears (may be the same as the first text). * @param int $b_at Byte offset into text in which second block type starts. * @param int $b_length Byte length of second block type. * @return bool Whether the spans of text represent identical block types, normalized for namespacing. */ public static function are_equal_block_types( string $a_text, int $a_at, int $a_length, string $b_text, int $b_at, int $b_length ): bool { $a_ns_length = strcspn( $a_text, '/', $a_at, $a_length ); $b_ns_length = strcspn( $b_text, '/', $b_at, $b_length ); $a_has_ns = $a_ns_length !== $a_length; $b_has_ns = $b_ns_length !== $b_length; // Both contain namespaces. if ( $a_has_ns && $b_has_ns ) { if ( $a_length !== $b_length ) { return false; } $a_block_type = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ); } if ( $a_has_ns ) { $b_block_type = 'core/' . substr( $b_text, $b_at, $b_length ); return ( strlen( $b_block_type ) === $a_length && 0 === substr_compare( $a_text, $b_block_type, $a_at, $a_length ) ); } if ( $b_has_ns ) { $a_block_type = 'core/' . substr( $a_text, $a_at, $a_length ); return ( strlen( $a_block_type ) === $b_length && 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ) ); } // Neither contains a namespace. if ( $a_length !== $b_length ) { return false; } $a_name = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_name, $b_at, $b_length ); } /** * Indicates if the matched delimiter is an opening or void delimiter of the given type, * if a type is provided, otherwise if it opens any block or implicit freeform HTML content. * * This is a helper method to ease handling of code inspecting where blocks start, and for * checking if the blocks are of a given type. The function is variadic to allow for * checking if the delimiter opens one of many possible block types. * * To advance to the start of a block {@see self::next_block()}. * * Example: * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() ) { * if ( $processor->opens_block( 'core/code', 'syntaxhighlighter/code' ) ) { * echo "Found code!"; * continue; * } * * if ( $processor->opens_block( 'core/image' ) ) { * echo "Found an image!"; * continue; * } * * if ( $processor->opens_block() ) { * echo "Found a new block!"; * } * } * * @since 6.9.0 * * @see self::is_block_type() * * @param string[] $block_type Optional. Is the matched block type one of these? * If none are provided, will not test block type. * @return bool Whether the matched block delimiter opens a block, and whether it * opens a block of one of the given block types, if provided. */ public function opens_block( string ...$block_type ): bool { // HTML spans only open implicit freeform content at the top level. if ( self::HTML_SPAN === $this->state && 1 !== count( $this->open_blocks_at ) ) { return false; } /* * Because HTML spans are discovered after the next delimiter is found, * the delimiter type when visiting HTML spans refers to the type of the * following delimiter. Therefore the HTML case is handled by checking * the state and depth of the stack of open block. */ if ( self::CLOSER === $this->type && ! $this->is_html() ) { return false; } if ( count( $block_type ) === 0 ) { return true; } foreach ( $block_type as $block ) { if ( $this->is_block_type( $block ) ) { return true; } } return false; } /** * Indicates if the matched delimiter is an HTML span. * * @since 6.9.0 * * @see self::is_non_whitespace_html() * * @return bool Whether the processor is matched on an HTML span. */ public function is_html(): bool { return self::HTML_SPAN === $this->state; } /** * Indicates if the matched delimiter is an HTML span and comprises more * than whitespace characters, i.e. contains real content. * * Many block serializers introduce newlines between block delimiters, * so the presence of top-level non-block content does not imply that * there are “real” freeform HTML blocks. Checking if there is content * beyond whitespace is a more certain check, such as for determining * whether to load CSS for the freeform or fallback block type. * * @since 6.9.0 * * @see self::is_html() * * @return bool Whether the currently-matched delimiter is an HTML * span containing non-whitespace text. */ public function is_non_whitespace_html(): bool { if ( ! $this->is_html() ) { return false; } $length = $this->matched_delimiter_at - $this->after_previous_delimiter; $whitespace_length = strspn( $this->source_text, " \t\f\r\n", $this->after_previous_delimiter, $length ); return $whitespace_length !== $length; } /** * Returns the string content of a matched HTML span, or `null` otherwise. * * @since 6.9.0 * * @return string|null Raw HTML content, or `null` if not currently matched on HTML. */ public function get_html_content(): ?string { if ( ! $this->is_html() ) { return null; } return substr( $this->source_text, $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); } /** * Allocates a substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter, otherwise `null`. * * This function is like {@see self::get_printable_block_type()} but when * paused on a freeform HTML block, will return `null` instead of “core/freeform”. * The `null` behavior matches what {@see \parse_blocks()} returns but may not * be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content has no block type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * null === $processor->get_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter, otherwise `null`. */ public function get_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return null; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Allocates a printable substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter or freeform block, otherwise `null`. * * This function is like {@see self::get_block_type()} but when paused on a freeform * HTML block, will return “core/freeform” instead of `null`. The `null` behavior matches * what {@see \parse_blocks()} returns but may not be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_printable_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content is given an implicit type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * 'core/freeform' === $processor->get_printable_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter or freeform block, otherwise `null`. */ public function get_printable_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return 1 === count( $this->open_blocks_at ) ? 'core/freeform' : '#innerHTML'; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Normalizes a block name to ensure that missing implicit “core” namespaces are present. * * Example: * * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'paragraph' ); * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'core/paragraph' ); * 'my/paragraph' === WP_Block_Processor::normalize_block_byte( 'my/paragraph' ); * * @since 6.9.0 * * @param string $block_type Valid block name, potentially without a namespace. * @return string Fully-qualified block type including namespace. */ public static function normalize_block_type( string $block_type ): string { return false === strpos( $block_type, '/' ) ? "core/{$block_type}" : $block_type; } /** * Returns a lazy wrapper around the block attributes, which can be used * for efficiently interacting with the JSON attributes. * * This stub hints that there should be a lazy interface for parsing * block attributes but doesn’t define it. It serves both as a placeholder * for one to come as well as a guard against implementing an eager * function in its place. * * @throws Exception This function is a stub for subclasses to implement * when providing streaming attribute parsing. * * @since 6.9.0 * * @see self::allocate_and_return_parsed_attributes() * * @return never */ public function get_attributes() { throw new Exception( 'Lazy attribute parsing not yet supported' ); } /** * Attempts to parse and return the entire JSON attributes from the delimiter, * allocating memory and processing the JSON span in the process. * * This does not return any parsed attributes for a closing block delimiter * even if there is a span of JSON content; this JSON is a parsing error. * * Consider calling {@see static::get_attributes()} instead if it's not * necessary to read all the attributes at the same time, as that provides * a more efficient mechanism for typical use cases. * * Since the JSON span inside the comment delimiter may not be valid JSON, * this function will return `null` if it cannot parse the span and set the * {@see static::get_last_json_error()} to the appropriate JSON_ERROR_ constant. * * If the delimiter contains no JSON span, it will also return `null`, * but the last error will be set to {@see \JSON_ERROR_NONE}. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * $memory_hungry_and_slow_attributes = $processor->allocate_and_return_parsed_attributes(); * $memory_hungry_and_slow_attributes === array( 'url' => 'https://wordpress.org/favicon.ico' ); * * $processor = new WP_Block_Processor( '<!-- /wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_NONE = $processor->get_last_json_error(); * * $processor = new WP_Block_Processor( '<!-- wp:separator {} /-->' ); * $processor->next_delimiter(); * array() === $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:separator /-->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:image {"url} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_CTRL_CHAR = $processor->get_last_json_error(); * * @since 6.9.0 * * @return array|null Parsed JSON attributes, if present and valid, otherwise `null`. */ public function allocate_and_return_parsed_attributes(): ?array { $this->last_json_error = JSON_ERROR_NONE; if ( self::CLOSER === $this->type || $this->is_html() || 0 === $this->json_length ) { return null; } $json_span = substr( $this->source_text, $this->json_at, $this->json_length ); $parsed = json_decode( $json_span, null, 512, JSON_OBJECT_AS_ARRAY | JSON_INVALID_UTF8_SUBSTITUTE ); $last_error = json_last_error(); $this->last_json_error = $last_error; return ( JSON_ERROR_NONE === $last_error && is_array( $parsed ) ) ? $parsed : null; } /** * Returns the span representing the currently-matched delimiter, if matched, otherwise `null`. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:void /-->' ); * null === $processor->get_span(); * * $processor->next_delimiter(); * WP_HTML_Span( 0, 17 ) === $processor->get_span(); * * @since 6.9.0 * * @return WP_HTML_Span|null Span of text in source text spanning matched delimiter. */ public function get_span(): ?WP_HTML_Span { switch ( $this->state ) { case self::HTML_SPAN: return new WP_HTML_Span( $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); case self::MATCHED: return new WP_HTML_Span( $this->matched_delimiter_at, $this->matched_delimiter_length ); default: return null; } } // // Constant declarations that would otherwise pollute the top of the class. // /** * Indicates that the block comment delimiter closes an open block. * * @see self::$type * * @since 6.9.0 */ const CLOSER = 'closer'; /** * Indicates that the block comment delimiter opens a block. * * @see self::$type * * @since 6.9.0 */ const OPENER = 'opener'; /** * Indicates that the block comment delimiter represents a void block * with no inner content of any kind. * * @see self::$type * * @since 6.9.0 */ const VOID = 'void'; /** * Indicates that the processor is ready to start parsing but hasn’t yet begun. * * @see self::$state * * @since 6.9.0 */ const READY = 'processor-ready'; /** * Indicates that the processor is matched on an explicit block delimiter. * * @see self::$state * * @since 6.9.0 */ const MATCHED = 'processor-matched'; /** * Indicates that the processor is matched on the opening of an implicit freeform delimiter. * * @see self::$state * * @since 6.9.0 */ const HTML_SPAN = 'processor-html-span'; /** * Indicates that the parser started parsing a block comment delimiter, but * the input document ended before it could finish. The document was likely truncated. * * @see self::$state * * @since 6.9.0 */ const INCOMPLETE_INPUT = 'incomplete-input'; /** * Indicates that the processor has finished parsing and has nothing left to scan. * * @see self::$state * * @since 6.9.0 */ const COMPLETE = 'processor-complete'; } HTTP/https-migration-20260605111908-20260607123103.php 0000666 00000011205 15226703613 0014141 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/ClientException-20260605022817.php 0000666 00000000515 15226703613 0012531 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use SimplePie\Exception as SimplePieException; /** * Client exception class * * @internal */ final class ClientException extends SimplePieException { } HTTP/https-migration-20260605170806.php 0000666 00000011205 15226703613 0012565 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Psr18Client-20260605063845.php 0000666 00000010537 15226703613 0011523 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use Psr\Http\Client\ClientExceptionInterface; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use Psr\Http\Message\UriFactoryInterface; use Throwable; /** * HTTP Client based on PSR-18 and PSR-17 implementations * * @internal */ final class Psr18Client implements Client { /** * @var ClientInterface */ private $httpClient; /** * @var RequestFactoryInterface */ private $requestFactory; /** * @var UriFactoryInterface */ private $uriFactory; /** * @var int */ private $allowedRedirects = 5; public function __construct(ClientInterface $httpClient, RequestFactoryInterface $requestFactory, UriFactoryInterface $uriFactory) { $this->httpClient = $httpClient; $this->requestFactory = $requestFactory; $this->uriFactory = $uriFactory; } public function getHttpClient(): ClientInterface { return $this->httpClient; } public function getRequestFactory(): RequestFactoryInterface { return $this->requestFactory; } public function getUriFactory(): UriFactoryInterface { return $this->uriFactory; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param string $url * @param array<string,string|string[]> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } if (preg_match('/^http(s)?:\/\//i', $url)) { return $this->requestUrl($method, $url, $headers); } return $this->requestLocalFile($url); } /** * @param array<string,string|string[]> $headers */ private function requestUrl(string $method, string $url, array $headers): Response { $permanentUrl = $url; $requestedUrl = $url; $remainingRedirects = $this->allowedRedirects; $request = $this->requestFactory->createRequest( $method, $this->uriFactory->createUri($requestedUrl) ); foreach ($headers as $name => $value) { $request = $request->withHeader($name, $value); } do { $followRedirect = false; try { $response = $this->httpClient->sendRequest($request); } catch (ClientExceptionInterface $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } $statusCode = $response->getStatusCode(); // If we have a redirect if (in_array($statusCode, [300, 301, 302, 303, 307]) && $response->hasHeader('Location')) { // Prevent infinity redirect loops if ($remainingRedirects <= 0) { break; } $remainingRedirects--; $followRedirect = true; $requestedUrl = $response->getHeaderLine('Location'); if ($statusCode === 301) { $permanentUrl = $requestedUrl; } $request = $request->withUri($this->uriFactory->createUri($requestedUrl)); } } while ($followRedirect); return new Psr7Response($response, $permanentUrl, $requestedUrl); } private function requestLocalFile(string $path): Response { if (!is_readable($path)) { throw new ClientException(sprintf('file "%s" is not readable', $path)); } try { $raw = file_get_contents($path); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($raw === false) { throw new ClientException('file_get_contents() could not read the file', 1); } return new RawTextResponse($raw, $path); } } HTTP/https-detection-20260606100547.php 0000666 00000013341 15226703613 0012551 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605172101-20260609144306.php 0000666 00000011205 15226703613 0014143 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/script-loader-20260605082951.php 0000666 00000465210 15226703613 0012220 0 ustar 00 <?php /** * WordPress scripts and styles default loader. * * Several constants are used to manage the loading, concatenating and compression of scripts and CSS: * define('SCRIPT_DEBUG', true); loads the development (non-minified) versions of all scripts and CSS, and disables compression and concatenation, * define('CONCATENATE_SCRIPTS', false); disables compression and concatenation of scripts and CSS, * define('COMPRESS_SCRIPTS', false); disables compression of scripts, * define('COMPRESS_CSS', false); disables compression of CSS, * define('ENFORCE_GZIP', true); forces gzip for compression (default is deflate). * * The globals $concatenate_scripts, $compress_scripts and $compress_css can be set by plugins * to temporarily override the above settings. Also a compression test is run once and the result is saved * as option 'can_compress_scripts' (0/1). The test will run again if that option is deleted. * * @package WordPress */ /** WordPress Dependency Class */ require ABSPATH . WPINC . '/class-wp-dependency.php'; /** WordPress Dependencies Class */ require ABSPATH . WPINC . '/class-wp-dependencies.php'; /** WordPress Scripts Class */ require ABSPATH . WPINC . '/class-wp-scripts.php'; /** WordPress Scripts Functions */ require ABSPATH . WPINC . '/functions.wp-scripts.php'; /** WordPress Styles Class */ require ABSPATH . WPINC . '/class-wp-styles.php'; /** WordPress Styles Functions */ require ABSPATH . WPINC . '/functions.wp-styles.php'; /** * Registers TinyMCE scripts. * * @since 5.0.0 * * @global string $tinymce_version * @global bool $concatenate_scripts * @global bool $compress_scripts * * @param WP_Scripts $scripts WP_Scripts object. * @param bool $force_uncompressed Whether to forcibly prevent gzip compression. Default false. */ function wp_register_tinymce_scripts( $scripts, $force_uncompressed = false ) { global $tinymce_version, $concatenate_scripts, $compress_scripts; $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); script_concat_settings(); $compressed = $compress_scripts && $concatenate_scripts && ! $force_uncompressed; /* * Load tinymce.js when running from /src, otherwise load wp-tinymce.js (in production) * or tinymce.min.js (when SCRIPT_DEBUG is true). */ if ( $compressed ) { $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . 'wp-tinymce.js', array(), $tinymce_version ); } else { $scripts->add( 'wp-tinymce-root', includes_url( 'js/tinymce/' ) . "tinymce$dev_suffix.js", array(), $tinymce_version ); $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . "plugins/compat3x/plugin$dev_suffix.js", array( 'wp-tinymce-root' ), $tinymce_version ); } $scripts->add( 'wp-tinymce-lists', includes_url( "js/tinymce/plugins/lists/plugin$suffix.js" ), array( 'wp-tinymce' ), $tinymce_version ); } /** * Registers all the WordPress vendor scripts that are in the standardized * `js/dist/vendor/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @global WP_Locale $wp_locale WordPress date and time locale object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_vendor( $scripts ) { global $wp_locale; $suffix = wp_scripts_get_suffix(); $vendor_scripts = array( 'react', 'react-dom' => array( 'react' ), 'react-jsx-runtime' => array( 'react' ), 'regenerator-runtime', 'moment', 'lodash', 'wp-polyfill-fetch', 'wp-polyfill-formdata', 'wp-polyfill-node-contains', 'wp-polyfill-url', 'wp-polyfill-dom-rect', 'wp-polyfill-element-closest', 'wp-polyfill-object-fit', 'wp-polyfill-inert', 'wp-polyfill', ); $vendor_scripts_versions = array( 'react' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-dom' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-jsx-runtime' => '18.3.1', 'regenerator-runtime' => '0.14.1', 'moment' => '2.30.1', 'lodash' => '4.17.21', 'wp-polyfill-fetch' => '3.6.20', 'wp-polyfill-formdata' => '4.0.10', 'wp-polyfill-node-contains' => '4.8.0', 'wp-polyfill-url' => '3.6.4', 'wp-polyfill-dom-rect' => '4.8.0', 'wp-polyfill-element-closest' => '3.0.2', 'wp-polyfill-object-fit' => '2.3.5', 'wp-polyfill-inert' => '3.1.3', 'wp-polyfill' => '3.15.0', ); foreach ( $vendor_scripts as $handle => $dependencies ) { if ( is_string( $dependencies ) ) { $handle = $dependencies; $dependencies = array(); } $path = "/wp-includes/js/dist/vendor/$handle$suffix.js"; $version = $vendor_scripts_versions[ $handle ]; $scripts->add( $handle, $path, $dependencies, $version, 1 ); } did_action( 'init' ) && $scripts->add_inline_script( 'lodash', 'window.lodash = _.noConflict();' ); did_action( 'init' ) && $scripts->add_inline_script( 'moment', sprintf( "moment.updateLocale( '%s', %s );", esc_js( get_user_locale() ), wp_json_encode( array( 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'week' => array( 'dow' => (int) get_option( 'start_of_week', 0 ), ), 'longDateFormat' => array( 'LT' => get_option( 'time_format', __( 'g:i a' ) ), 'LTS' => null, 'L' => null, 'LL' => get_option( 'date_format', __( 'F j, Y' ) ), 'LLL' => __( 'F j, Y g:i a' ), 'LLLL' => null, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Returns contents of an inline script used in appending polyfill scripts for * browsers which fail the provided tests. The provided array is a mapping from * a condition to verify feature support to its polyfill script handle. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. * @param string[] $tests Features to detect. * @return string Conditional polyfill inline script. */ function wp_get_script_polyfill( $scripts, $tests ) { $polyfill = ''; foreach ( $tests as $test => $handle ) { if ( ! array_key_exists( $handle, $scripts->registered ) ) { continue; } $src = $scripts->registered[ $handle ]->src; $ver = $scripts->registered[ $handle ]->ver; if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $scripts->content_url && str_starts_with( $src, $scripts->content_url ) ) ) { $src = $scripts->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** This filter is documented in wp-includes/class-wp-scripts.php */ $src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) ); if ( ! $src ) { continue; } $polyfill .= ( // Test presence of feature... '( ' . $test . ' ) || ' . /* * ...appending polyfill on any failures. Cautious viewers may balk * at the `document.write`. Its caveat of synchronous mid-stream * blocking write is exactly the behavior we need though. */ 'document.write( \'<script src="' . $src . '"></scr\' + \'ipt>\' );' ); } return $polyfill; } /** * Registers development scripts that integrate with `@wordpress/scripts`. * * @see https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#start * * @since 6.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_register_development_scripts( $scripts ) { if ( ! defined( 'SCRIPT_DEBUG' ) || ! SCRIPT_DEBUG || empty( $scripts->registered['react'] ) || defined( 'WP_RUN_CORE_TESTS' ) ) { return; } $development_scripts = array( 'react-refresh-entry', 'react-refresh-runtime', ); foreach ( $development_scripts as $script_name ) { $assets = include ABSPATH . WPINC . '/assets/script-loader-' . $script_name . '.php'; if ( ! is_array( $assets ) ) { return; } $scripts->add( 'wp-' . $script_name, '/wp-includes/js/dist/development/' . $script_name . '.js', $assets['dependencies'], $assets['version'] ); } // See https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#externalising-react. $scripts->registered['react']->deps[] = 'wp-react-refresh-entry'; } /** * Registers all the WordPress packages scripts that are in the standardized * `js/dist/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_scripts( $scripts ) { $suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix(); /* * Expects multidimensional array like: * * 'a11y.js' => array('dependencies' => array(...), 'version' => '...'), * 'annotations.js' => array('dependencies' => array(...), 'version' => '...'), * 'api-fetch.js' => array(... */ $assets = include ABSPATH . WPINC . "/assets/script-loader-packages{$suffix}.php"; foreach ( $assets as $file_name => $package_data ) { $basename = str_replace( $suffix . '.js', '', basename( $file_name ) ); $handle = 'wp-' . $basename; $path = "/wp-includes/js/dist/{$basename}{$suffix}.js"; if ( ! empty( $package_data['dependencies'] ) ) { $dependencies = $package_data['dependencies']; } else { $dependencies = array(); } // Add dependencies that cannot be detected and generated by build tools. switch ( $handle ) { case 'wp-block-library': array_push( $dependencies, 'editor' ); break; case 'wp-edit-post': array_push( $dependencies, 'media-models', 'media-views', 'postbox', 'wp-dom-ready' ); break; case 'wp-preferences': array_push( $dependencies, 'wp-preferences-persistence' ); break; } $scripts->add( $handle, $path, $dependencies, $package_data['version'], 1 ); if ( in_array( 'wp-i18n', $dependencies, true ) ) { $scripts->set_translations( $handle ); } /* * Manually set the text direction localization after wp-i18n is printed. * This ensures that wp.i18n.isRTL() returns true in RTL languages. * We cannot use $scripts->set_translations( 'wp-i18n' ) to do this * because WordPress prints a script's translations *before* the script, * which means, in the case of wp-i18n, that wp.i18n.setLocaleData() * is called before wp.i18n is defined. */ if ( 'wp-i18n' === $handle ) { $ltr = _x( 'ltr', 'text direction' ); $script = sprintf( "wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ '%s' ] } );", $ltr ); $scripts->add_inline_script( $handle, $script, 'after' ); } } } /** * Adds inline scripts required for the WordPress JavaScript packages. * * @since 5.0.0 * @since 6.4.0 Added relative time strings for the `wp-date` inline script output. * * @global WP_Locale $wp_locale WordPress date and time locale object. * @global wpdb $wpdb WordPress database abstraction object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_inline_scripts( $scripts ) { global $wp_locale, $wpdb; if ( isset( $scripts->registered['wp-api-fetch'] ) ) { $scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks'; } $scripts->add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );', sanitize_url( get_rest_url() ) ), 'after' ); $scripts->add_inline_script( 'wp-api-fetch', implode( "\n", array( sprintf( 'wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );', wp_installing() ? '' : wp_create_nonce( 'wp_rest' ) ), 'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );', 'wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );', sprintf( 'wp.apiFetch.nonceEndpoint = "%s";', admin_url( 'admin-ajax.php?action=rest-nonce' ) ), ) ), 'after' ); $meta_key = $wpdb->get_blog_prefix() . 'persisted_preferences'; $user_id = get_current_user_id(); $preload_data = get_user_meta( $user_id, $meta_key, true ); $scripts->add_inline_script( 'wp-preferences', sprintf( '( function() { var serverData = %s; var userId = "%d"; var persistenceLayer = wp.preferencesPersistence.__unstableCreatePersistenceLayer( serverData, userId ); var preferencesStore = wp.preferences.store; wp.data.dispatch( preferencesStore ).setPersistenceLayer( persistenceLayer ); } ) ();', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), $user_id ) ); // Backwards compatibility - configure the old wp-data persistence system. $scripts->add_inline_script( 'wp-data', implode( "\n", array( '( function() {', ' var userId = ' . get_current_user_id() . ';', ' var storageKey = "WP_DATA_USER_" + userId;', ' wp.data', ' .use( wp.data.plugins.persistence, { storageKey: storageKey } );', '} )();', ) ) ); // Calculate the timezone abbr (EDT, PST) if possible. $timezone_string = get_option( 'timezone_string', 'UTC' ); $timezone_abbr = ''; if ( ! empty( $timezone_string ) ) { $timezone_date = new DateTime( 'now', new DateTimeZone( $timezone_string ) ); $timezone_abbr = $timezone_date->format( 'T' ); } $gmt_offset = get_option( 'gmt_offset', 0 ); $scripts->add_inline_script( 'wp-date', sprintf( 'wp.date.setSettings( %s );', wp_json_encode( array( 'l10n' => array( 'locale' => get_user_locale(), 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'meridiem' => (object) $wp_locale->meridiem, 'relative' => array( /* translators: %s: Duration. */ 'future' => __( '%s from now' ), /* translators: %s: Duration. */ 'past' => __( '%s ago' ), /* translators: One second from or to a particular datetime, e.g., "a second ago" or "a second from now". */ 's' => __( 'a second' ), /* translators: %d: Duration in seconds from or to a particular datetime, e.g., "4 seconds ago" or "4 seconds from now". */ 'ss' => __( '%d seconds' ), /* translators: One minute from or to a particular datetime, e.g., "a minute ago" or "a minute from now". */ 'm' => __( 'a minute' ), /* translators: %d: Duration in minutes from or to a particular datetime, e.g., "4 minutes ago" or "4 minutes from now". */ 'mm' => __( '%d minutes' ), /* translators: One hour from or to a particular datetime, e.g., "an hour ago" or "an hour from now". */ 'h' => __( 'an hour' ), /* translators: %d: Duration in hours from or to a particular datetime, e.g., "4 hours ago" or "4 hours from now". */ 'hh' => __( '%d hours' ), /* translators: One day from or to a particular datetime, e.g., "a day ago" or "a day from now". */ 'd' => __( 'a day' ), /* translators: %d: Duration in days from or to a particular datetime, e.g., "4 days ago" or "4 days from now". */ 'dd' => __( '%d days' ), /* translators: One month from or to a particular datetime, e.g., "a month ago" or "a month from now". */ 'M' => __( 'a month' ), /* translators: %d: Duration in months from or to a particular datetime, e.g., "4 months ago" or "4 months from now". */ 'MM' => __( '%d months' ), /* translators: One year from or to a particular datetime, e.g., "a year ago" or "a year from now". */ 'y' => __( 'a year' ), /* translators: %d: Duration in years from or to a particular datetime, e.g., "4 years ago" or "4 years from now". */ 'yy' => __( '%d years' ), ), 'startOfWeek' => (int) get_option( 'start_of_week', 0 ), ), 'formats' => array( /* translators: Time format, see https://www.php.net/manual/datetime.format.php */ 'time' => get_option( 'time_format', __( 'g:i a' ) ), /* translators: Date format, see https://www.php.net/manual/datetime.format.php */ 'date' => get_option( 'date_format', __( 'F j, Y' ) ), /* translators: Date/Time format, see https://www.php.net/manual/datetime.format.php */ 'datetime' => __( 'F j, Y g:i a' ), /* translators: Abbreviated date/time format, see https://www.php.net/manual/datetime.format.php */ 'datetimeAbbreviated' => __( 'M j, Y g:i a' ), ), 'timezone' => array( 'offset' => (float) $gmt_offset, 'offsetFormatted' => str_replace( array( '.25', '.5', '.75' ), array( ':15', ':30', ':45' ), (string) $gmt_offset ), 'string' => $timezone_string, 'abbr' => $timezone_abbr, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); // Loading the old editor and its config to ensure the classic block works as expected. $scripts->add_inline_script( 'editor', 'window.wp.oldEditor = window.wp.editor;', 'after' ); /* * wp-editor module is exposed as window.wp.editor. * Problem: there is quite some code expecting window.wp.oldEditor object available under window.wp.editor. * Solution: fuse the two objects together to maintain backward compatibility. * For more context, see https://github.com/WordPress/gutenberg/issues/33203. */ $scripts->add_inline_script( 'wp-editor', 'Object.assign( window.wp.editor, window.wp.oldEditor );', 'after' ); } /** * Adds inline scripts required for the TinyMCE in the block editor. * * These TinyMCE init settings are used to extend and override the default settings * from `_WP_Editors::default_settings()` for the Classic block. * * @since 5.0.0 * * @global WP_Scripts $wp_scripts */ function wp_tinymce_inline_scripts() { global $wp_scripts; /** This filter is documented in wp-includes/class-wp-editor.php */ $editor_settings = apply_filters( 'wp_editor_settings', array( 'tinymce' => true ), 'classic-block' ); $tinymce_plugins = array( 'charmap', 'colorpicker', 'hr', 'lists', 'media', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wpdialogs', 'wptextpattern', 'wpview', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_plugins = apply_filters( 'tiny_mce_plugins', $tinymce_plugins, 'classic-block' ); $tinymce_plugins = array_unique( $tinymce_plugins ); $disable_captions = false; // Runs after `tiny_mce_plugins` but before `mce_buttons`. /** This filter is documented in wp-admin/includes/media.php */ if ( apply_filters( 'disable_captions', '' ) ) { $disable_captions = true; } $toolbar1 = array( 'formatselect', 'bold', 'italic', 'bullist', 'numlist', 'blockquote', 'alignleft', 'aligncenter', 'alignright', 'link', 'unlink', 'wp_more', 'spellchecker', 'wp_add_media', 'wp_adv', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar1 = apply_filters( 'mce_buttons', $toolbar1, 'classic-block' ); $toolbar2 = array( 'strikethrough', 'hr', 'forecolor', 'pastetext', 'removeformat', 'charmap', 'outdent', 'indent', 'undo', 'redo', 'wp_help', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar2 = apply_filters( 'mce_buttons_2', $toolbar2, 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar3 = apply_filters( 'mce_buttons_3', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar4 = apply_filters( 'mce_buttons_4', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $external_plugins = apply_filters( 'mce_external_plugins', array(), 'classic-block' ); $tinymce_settings = array( 'plugins' => implode( ',', $tinymce_plugins ), 'toolbar1' => implode( ',', $toolbar1 ), 'toolbar2' => implode( ',', $toolbar2 ), 'toolbar3' => implode( ',', $toolbar3 ), 'toolbar4' => implode( ',', $toolbar4 ), 'external_plugins' => wp_json_encode( $external_plugins ), 'classic_block_editor' => true, ); if ( $disable_captions ) { $tinymce_settings['wpeditimage_disable_captions'] = true; } if ( ! empty( $editor_settings['tinymce'] ) && is_array( $editor_settings['tinymce'] ) ) { $tinymce_settings = array_merge( $tinymce_settings, $editor_settings['tinymce'] ); } /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_settings = apply_filters( 'tiny_mce_before_init', $tinymce_settings, 'classic-block' ); /* * Do "by hand" translation from PHP array to js object. * Prevents breakage in some custom settings. */ $init_obj = ''; foreach ( $tinymce_settings as $key => $value ) { if ( is_bool( $value ) ) { $val = $value ? 'true' : 'false'; $init_obj .= $key . ':' . $val . ','; continue; } elseif ( ! empty( $value ) && is_string( $value ) && ( ( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) || ( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) || preg_match( '/^\(?function ?\(/', $value ) ) ) { $init_obj .= $key . ':' . $value . ','; continue; } $init_obj .= $key . ':"' . $value . '",'; } $init_obj = '{' . trim( $init_obj, ' ,' ) . '}'; $script = 'window.wpEditorL10n = { tinymce: { baseURL: ' . wp_json_encode( includes_url( 'js/tinymce' ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ', suffix: ' . ( SCRIPT_DEBUG ? '""' : '".min"' ) . ', settings: ' . $init_obj . ', } }'; $wp_scripts->add_inline_script( 'wp-block-library', $script, 'before' ); } /** * Registers all the WordPress packages scripts. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages( $scripts ) { wp_default_packages_vendor( $scripts ); wp_register_development_scripts( $scripts ); wp_register_tinymce_scripts( $scripts ); wp_default_packages_scripts( $scripts ); if ( did_action( 'init' ) ) { wp_default_packages_inline_scripts( $scripts ); } } /** * Returns the suffix that can be used for the scripts. * * There are two suffix types, the normal one and the dev suffix. * * @since 5.0.0 * * @param string $type The type of suffix to retrieve. * @return string The script suffix. */ function wp_scripts_get_suffix( $type = '' ) { static $suffixes; if ( null === $suffixes ) { /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ $develop_src = false !== strpos( $wp_version, '-src' ); if ( ! defined( 'SCRIPT_DEBUG' ) ) { define( 'SCRIPT_DEBUG', $develop_src ); } $suffix = SCRIPT_DEBUG ? '' : '.min'; $dev_suffix = $develop_src ? '' : '.min'; $suffixes = array( 'suffix' => $suffix, 'dev_suffix' => $dev_suffix, ); } if ( 'dev' === $type ) { return $suffixes['dev_suffix']; } return $suffixes['suffix']; } /** * Registers all WordPress scripts. * * Localizes some of them. * args order: `$scripts->add( 'handle', 'url', 'dependencies', 'query-string', 1 );` * when last arg === 1 queues the script for the footer * * @since 2.6.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_scripts( $scripts ) { $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); $guessurl = site_url(); if ( ! $guessurl ) { $guessed_url = true; $guessurl = wp_guess_url(); } $scripts->base_url = $guessurl; $scripts->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $scripts->default_version = get_bloginfo( 'version' ); $scripts->default_dirs = array( '/wp-admin/js/', '/wp-includes/js/' ); $scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" ); did_action( 'init' ) && $scripts->localize( 'utils', 'userSettings', array( 'url' => (string) SITECOOKIEPATH, 'uid' => (string) get_current_user_id(), 'time' => (string) time(), 'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ), ) ); $scripts->add( 'common', "/wp-admin/js/common$suffix.js", array( 'jquery', 'hoverIntent', 'utils', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'common' ); $bulk_action_observer_ids = array( 'bulk_action' => 'action', 'changeit' => 'new_role', ); did_action( 'init' ) && $scripts->localize( 'common', 'bulkActionObserverIds', /** * Filters the array of field name attributes for bulk actions. * * @since 6.8.1 * * @param array $bulk_action_observer_ids { * An array of field name attributes for bulk actions. * * @type string $bulk_action The bulk action field name. Default 'action'. * @type string $changeit The new role field name. Default 'new_role'. * } */ apply_filters( 'bulk_action_observer_ids', $bulk_action_observer_ids ) ); $scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array(), false, 1 ); $scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 ); $scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->localize( 'quicktags', 'quicktagsL10n', array( 'closeAllOpenTags' => __( 'Close all open tags' ), 'closeTags' => __( 'close tags' ), 'enterURL' => __( 'Enter the URL' ), 'enterImageURL' => __( 'Enter the URL of the image' ), 'enterImageDescription' => __( 'Enter a description of the image' ), 'textdirection' => __( 'text direction' ), 'toggleTextdirection' => __( 'Toggle Editor Text Direction' ), 'dfw' => __( 'Distraction-free writing mode' ), 'strong' => __( 'Bold' ), 'strongClose' => __( 'Close bold tag' ), 'em' => __( 'Italic' ), 'emClose' => __( 'Close italic tag' ), 'link' => __( 'Insert link' ), 'blockquote' => __( 'Blockquote' ), 'blockquoteClose' => __( 'Close blockquote tag' ), 'del' => __( 'Deleted text (strikethrough)' ), 'delClose' => __( 'Close deleted text tag' ), 'ins' => __( 'Inserted text' ), 'insClose' => __( 'Close inserted text tag' ), 'image' => __( 'Insert image' ), 'ul' => __( 'Bulleted list' ), 'ulClose' => __( 'Close bulleted list tag' ), 'ol' => __( 'Numbered list' ), 'olClose' => __( 'Close numbered list tag' ), 'li' => __( 'List item' ), 'liClose' => __( 'Close list item tag' ), 'code' => __( 'Code' ), 'codeClose' => __( 'Close code tag' ), 'more' => __( 'Insert Read More tag' ), ) ); $scripts->add( 'colorpicker', "/wp-includes/js/colorpicker$suffix.js", array( 'prototype' ), '3517m' ); $scripts->add( 'editor', "/wp-admin/js/editor$suffix.js", array( 'utils', 'jquery' ), false, 1 ); $scripts->add( 'clipboard', "/wp-includes/js/clipboard$suffix.js", array(), '2.0.11', 1 ); $scripts->add( 'wp-ajax-response', "/wp-includes/js/wp-ajax-response$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-ajax-response', 'wpAjax', array( 'noPerm' => __( 'Sorry, you are not allowed to do that.' ), 'broken' => __( 'An error occurred while processing your request. Please try again later.' ), ) ); $scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 ); // `wpApiSettings` is also used by `wp-api`, which depends on this script. did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array( 'root' => sanitize_url( get_rest_url() ), 'nonce' => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ), 'versionString' => 'wp/v2/', ) ); $scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-core' ), false, 1 ); $scripts->set_translations( 'wp-pointer' ); $scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'heartbeat', 'heartbeatSettings', /** * Filters the Heartbeat settings. * * @since 3.6.0 * * @param array $settings Heartbeat settings array. */ apply_filters( 'heartbeat_settings', array() ) ); $scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->set_translations( 'wp-auth-check' ); $scripts->add( 'wp-lists', "/wp-includes/js/wp-lists$suffix.js", array( 'wp-ajax-response', 'jquery-color' ), false, 1 ); $scripts->add( 'site-icon', '/wp-admin/js/site-icon.js', array( 'jquery' ), false, 1 ); $scripts->set_translations( 'site-icon' ); // WordPress no longer uses or bundles Prototype or script.aculo.us. These are now pulled from an external source. $scripts->add( 'prototype', 'https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js', array(), '1.7.1' ); $scripts->add( 'scriptaculous-root', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js', array( 'prototype' ), '1.9.0' ); $scripts->add( 'scriptaculous-builder', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/builder.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-dragdrop', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/dragdrop.js', array( 'scriptaculous-builder', 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-effects', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/effects.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-slider', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/slider.js', array( 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-sound', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/sound.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-controls', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/controls.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous', false, array( 'scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls' ) ); // Not used in core, replaced by Jcrop.js. $scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array( 'scriptaculous-dragdrop' ) ); /* * jQuery. * The unminified jquery.js and jquery-migrate.js are included to facilitate debugging. */ $scripts->add( 'jquery', false, array( 'jquery-core', 'jquery-migrate' ), '3.7.1' ); $scripts->add( 'jquery-core', "/wp-includes/js/jquery/jquery$suffix.js", array(), '3.7.1' ); $scripts->add( 'jquery-migrate', "/wp-includes/js/jquery/jquery-migrate$suffix.js", array(), '3.4.1' ); /* * Full jQuery UI. * The build process in 1.12.1 has changed significantly. * In order to keep backwards compatibility, and to keep the optimized loading, * the source files were flattened and included with some modifications for AMD loading. * A notable change is that 'jquery-ui-core' now contains 'jquery-ui-position' and 'jquery-ui-widget'. */ $scripts->add( 'jquery-ui-core', "/wp-includes/js/jquery/ui/core$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-core', "/wp-includes/js/jquery/ui/effect$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-blind', "/wp-includes/js/jquery/ui/effect-blind$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-bounce', "/wp-includes/js/jquery/ui/effect-bounce$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-clip', "/wp-includes/js/jquery/ui/effect-clip$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-drop', "/wp-includes/js/jquery/ui/effect-drop$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-explode', "/wp-includes/js/jquery/ui/effect-explode$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fade', "/wp-includes/js/jquery/ui/effect-fade$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fold', "/wp-includes/js/jquery/ui/effect-fold$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-highlight', "/wp-includes/js/jquery/ui/effect-highlight$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$suffix.js", array( 'jquery-effects-core', 'jquery-effects-scale' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-pulsate', "/wp-includes/js/jquery/ui/effect-pulsate$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$suffix.js", array( 'jquery-effects-core', 'jquery-effects-size' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-shake', "/wp-includes/js/jquery/ui/effect-shake$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-size', "/wp-includes/js/jquery/ui/effect-size$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-slide', "/wp-includes/js/jquery/ui/effect-slide$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-transfer', "/wp-includes/js/jquery/ui/effect-transfer$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); // Widgets $scripts->add( 'jquery-ui-accordion', "/wp-includes/js/jquery/ui/accordion$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-autocomplete', "/wp-includes/js/jquery/ui/autocomplete$suffix.js", array( 'jquery-ui-menu', 'wp-a11y' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-button', "/wp-includes/js/jquery/ui/button$suffix.js", array( 'jquery-ui-core', 'jquery-ui-controlgroup', 'jquery-ui-checkboxradio' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-datepicker', "/wp-includes/js/jquery/ui/datepicker$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-dialog', "/wp-includes/js/jquery/ui/dialog$suffix.js", array( 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-menu', "/wp-includes/js/jquery/ui/menu$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-mouse', "/wp-includes/js/jquery/ui/mouse$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-progressbar', "/wp-includes/js/jquery/ui/progressbar$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectmenu', "/wp-includes/js/jquery/ui/selectmenu$suffix.js", array( 'jquery-ui-menu' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-slider', "/wp-includes/js/jquery/ui/slider$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-spinner', "/wp-includes/js/jquery/ui/spinner$suffix.js", array( 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tabs', "/wp-includes/js/jquery/ui/tabs$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tooltip', "/wp-includes/js/jquery/ui/tooltip$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // New in 1.12.1 $scripts->add( 'jquery-ui-checkboxradio', "/wp-includes/js/jquery/ui/checkboxradio$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-controlgroup', "/wp-includes/js/jquery/ui/controlgroup$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // Interactions $scripts->add( 'jquery-ui-draggable', "/wp-includes/js/jquery/ui/draggable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-droppable', "/wp-includes/js/jquery/ui/droppable$suffix.js", array( 'jquery-ui-draggable' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-resizable', "/wp-includes/js/jquery/ui/resizable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectable', "/wp-includes/js/jquery/ui/selectable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-sortable', "/wp-includes/js/jquery/ui/sortable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); /* * As of 1.12.1 `jquery-ui-position` and `jquery-ui-widget` are part of `jquery-ui-core`. * Listed here for back-compat. */ $scripts->add( 'jquery-ui-position', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-widget', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); // Deprecated, not used in core, most functionality is included in jQuery 1.3. $scripts->add( 'jquery-form', "/wp-includes/js/jquery/jquery.form$suffix.js", array( 'jquery' ), '4.3.0', 1 ); // jQuery plugins. $scripts->add( 'jquery-color', '/wp-includes/js/jquery/jquery.color.min.js', array( 'jquery' ), '3.0.0', 1 ); $scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array( 'jquery' ), '20m', 1 ); $scripts->add( 'jquery-query', '/wp-includes/js/jquery/jquery.query.js', array( 'jquery' ), '2.2.3', 1 ); $scripts->add( 'jquery-serialize-object', '/wp-includes/js/jquery/jquery.serialize-object.js', array( 'jquery' ), '0.2-wp', 1 ); $scripts->add( 'jquery-hotkeys', "/wp-includes/js/jquery/jquery.hotkeys$suffix.js", array( 'jquery' ), '0.0.2m', 1 ); $scripts->add( 'jquery-table-hotkeys', "/wp-includes/js/jquery/jquery.table-hotkeys$suffix.js", array( 'jquery', 'jquery-hotkeys' ), false, 1 ); $scripts->add( 'jquery-touch-punch', '/wp-includes/js/jquery/jquery.ui.touch-punch.js', array( 'jquery-ui-core', 'jquery-ui-mouse' ), '0.2.2', 1 ); // Not used any more, registered for backward compatibility. $scripts->add( 'suggest', "/wp-includes/js/jquery/suggest$suffix.js", array( 'jquery' ), '1.1-20110113', 1 ); /* * Masonry v2 depended on jQuery. v3 does not. The older jquery-masonry handle is a shiv. * It sets jQuery as a dependency, as the theme may have been implicitly loading it this way. */ $scripts->add( 'imagesloaded', '/wp-includes/js/imagesloaded.min.js', array(), '5.0.0', 1 ); $scripts->add( 'masonry', '/wp-includes/js/masonry.min.js', array( 'imagesloaded' ), '4.2.2', 1 ); $scripts->add( 'jquery-masonry', '/wp-includes/js/jquery/jquery.masonry.min.js', array( 'jquery', 'masonry' ), '3.1.2b', 1 ); $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array( 'jquery' ), '3.1-20121105', 1 ); did_action( 'init' ) && $scripts->localize( 'thickbox', 'thickboxL10n', array( 'next' => __( 'Next >' ), 'prev' => __( '< Prev' ), 'image' => __( 'Image' ), 'of' => __( 'of' ), 'close' => __( 'Close' ), 'noiframes' => __( 'This feature requires inline frames. You have iframes disabled or your browser does not support them.' ), 'loadingAnimation' => includes_url( 'js/thickbox/loadingAnimation.gif' ), ) ); // Not used in core, replaced by imgAreaSelect. $scripts->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.js', array( 'jquery' ), '0.9.15' ); // Error messages for Plupload. $uploader_l10n = array( 'queue_limit_exceeded' => __( 'You have attempted to queue too many files.' ), /* translators: %s: File name. */ 'file_exceeds_size_limit' => __( '%s exceeds the maximum upload size for this site.' ), 'zero_byte_file' => __( 'This file is empty. Please try another.' ), 'invalid_filetype' => __( 'This file cannot be processed by the web server.' ), 'not_an_image' => __( 'This file is not an image. Please try another.' ), 'image_memory_exceeded' => __( 'Memory exceeded. Please try another smaller file.' ), 'image_dimensions_exceeded' => __( 'This is larger than the maximum size. Please try another.' ), 'default_error' => __( 'An error occurred in the upload. Please try again later.' ), 'missing_upload_url' => __( 'There was a configuration error. Please contact the server administrator.' ), 'upload_limit_exceeded' => __( 'You may only upload 1 file.' ), 'http_error' => __( 'Unexpected response from the server. The file may have been uploaded successfully. Check in the Media Library or reload the page.' ), 'http_error_image' => __( 'The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2560 pixels.' ), 'upload_failed' => __( 'Upload failed.' ), /* translators: 1: Opening link tag, 2: Closing link tag. */ 'big_upload_failed' => __( 'Please try uploading this file with the %1$sbrowser uploader%2$s.' ), /* translators: %s: File name. */ 'big_upload_queued' => __( '%s exceeds the maximum upload size for the multi-file uploader when used in your browser.' ), 'io_error' => __( 'IO error.' ), 'security_error' => __( 'Security error.' ), 'file_cancelled' => __( 'File canceled.' ), 'upload_stopped' => __( 'Upload stopped.' ), 'dismiss' => __( 'Dismiss' ), 'crunching' => __( 'Crunching…' ), 'deleted' => __( 'moved to the Trash.' ), /* translators: %s: File name. */ 'error_uploading' => __( '“%s” has failed to upload.' ), 'unsupported_image' => __( 'This image cannot be displayed in a web browser. For best results convert it to JPEG before uploading.' ), 'noneditable_image' => __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ), 'file_url_copied' => __( 'The file URL has been copied to your clipboard' ), ); $scripts->add( 'moxiejs', "/wp-includes/js/plupload/moxie$suffix.js", array(), '1.3.5.1' ); $scripts->add( 'plupload', "/wp-includes/js/plupload/plupload$suffix.js", array( 'moxiejs' ), '2.1.9' ); // Back compat handles: foreach ( array( 'all', 'html5', 'flash', 'silverlight', 'html4' ) as $handle ) { $scripts->add( "plupload-$handle", false, array( 'plupload' ), '2.1.1' ); } $scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array( 'clipboard', 'jquery', 'plupload', 'underscore', 'wp-a11y', 'wp-i18n' ) ); did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'media-models' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 ); if ( did_action( 'init' ) ) { $scripts->add_data( 'comment-reply', 'strategy', 'async' ); $scripts->add_data( 'comment-reply', 'fetchpriority', 'low' ); // In Chrome this is automatically low due to the async strategy, but in Firefox and Safari the priority is normal/medium. } // Not used in core, obsolete. Registered for backward compatibility. $scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' ); did_action( 'init' ) && $scripts->add_data( 'json2', 'conditional', '_required-conditional-dependency_' ); $scripts->add( 'underscore', "/wp-includes/js/underscore$dev_suffix.js", array(), '1.13.7', 1 ); $scripts->add( 'backbone', "/wp-includes/js/backbone$dev_suffix.js", array( 'underscore', 'jquery' ), '1.6.0', 1 ); $scripts->add( 'wp-util', "/wp-includes/js/wp-util$suffix.js", array( 'underscore', 'jquery' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-util', '_wpUtilSettings', array( 'ajax' => array( 'url' => admin_url( 'admin-ajax.php', 'relative' ), ), ) ); $scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array( 'backbone', 'wp-util' ), false, 1 ); $scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 ); $scripts->add( 'imgareaselect', "/wp-includes/js/imgareaselect/jquery.imgareaselect$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'mediaelement', false, array( 'jquery', 'mediaelement-core', 'mediaelement-migrate' ), '4.2.17', 1 ); $scripts->add( 'mediaelement-core', "/wp-includes/js/mediaelement/mediaelement-and-player$suffix.js", array(), '4.2.17', 1 ); $scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->add_inline_script( 'mediaelement-core', sprintf( 'var mejsL10n = %s;', wp_json_encode( array( 'language' => strtolower( strtok( determine_locale(), '_-' ) ), 'strings' => array( 'mejs.download-file' => __( 'Download File' ), 'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ), 'mejs.fullscreen' => __( 'Fullscreen' ), 'mejs.play' => __( 'Play' ), 'mejs.pause' => __( 'Pause' ), 'mejs.time-slider' => __( 'Time Slider' ), 'mejs.time-help-text' => __( 'Use Left/Right Arrow keys to advance one second, Up/Down arrows to advance ten seconds.' ), 'mejs.live-broadcast' => __( 'Live Broadcast' ), 'mejs.volume-help-text' => __( 'Use Up/Down Arrow keys to increase or decrease volume.' ), 'mejs.unmute' => __( 'Unmute' ), 'mejs.mute' => __( 'Mute' ), 'mejs.volume-slider' => __( 'Volume Slider' ), 'mejs.video-player' => __( 'Video Player' ), 'mejs.audio-player' => __( 'Audio Player' ), 'mejs.captions-subtitles' => __( 'Captions/Subtitles' ), 'mejs.captions-chapters' => __( 'Chapters' ), 'mejs.none' => __( 'None' ), 'mejs.afrikaans' => __( 'Afrikaans' ), 'mejs.albanian' => __( 'Albanian' ), 'mejs.arabic' => __( 'Arabic' ), 'mejs.belarusian' => __( 'Belarusian' ), 'mejs.bulgarian' => __( 'Bulgarian' ), 'mejs.catalan' => __( 'Catalan' ), 'mejs.chinese' => __( 'Chinese' ), 'mejs.chinese-simplified' => __( 'Chinese (Simplified)' ), 'mejs.chinese-traditional' => __( 'Chinese (Traditional)' ), 'mejs.croatian' => __( 'Croatian' ), 'mejs.czech' => __( 'Czech' ), 'mejs.danish' => __( 'Danish' ), 'mejs.dutch' => __( 'Dutch' ), 'mejs.english' => __( 'English' ), 'mejs.estonian' => __( 'Estonian' ), 'mejs.filipino' => __( 'Filipino' ), 'mejs.finnish' => __( 'Finnish' ), 'mejs.french' => __( 'French' ), 'mejs.galician' => __( 'Galician' ), 'mejs.german' => __( 'German' ), 'mejs.greek' => __( 'Greek' ), 'mejs.haitian-creole' => __( 'Haitian Creole' ), 'mejs.hebrew' => __( 'Hebrew' ), 'mejs.hindi' => __( 'Hindi' ), 'mejs.hungarian' => __( 'Hungarian' ), 'mejs.icelandic' => __( 'Icelandic' ), 'mejs.indonesian' => __( 'Indonesian' ), 'mejs.irish' => __( 'Irish' ), 'mejs.italian' => __( 'Italian' ), 'mejs.japanese' => __( 'Japanese' ), 'mejs.korean' => __( 'Korean' ), 'mejs.latvian' => __( 'Latvian' ), 'mejs.lithuanian' => __( 'Lithuanian' ), 'mejs.macedonian' => __( 'Macedonian' ), 'mejs.malay' => __( 'Malay' ), 'mejs.maltese' => __( 'Maltese' ), 'mejs.norwegian' => __( 'Norwegian' ), 'mejs.persian' => __( 'Persian' ), 'mejs.polish' => __( 'Polish' ), 'mejs.portuguese' => __( 'Portuguese' ), 'mejs.romanian' => __( 'Romanian' ), 'mejs.russian' => __( 'Russian' ), 'mejs.serbian' => __( 'Serbian' ), 'mejs.slovak' => __( 'Slovak' ), 'mejs.slovenian' => __( 'Slovenian' ), 'mejs.spanish' => __( 'Spanish' ), 'mejs.swahili' => __( 'Swahili' ), 'mejs.swedish' => __( 'Swedish' ), 'mejs.tagalog' => __( 'Tagalog' ), 'mejs.thai' => __( 'Thai' ), 'mejs.turkish' => __( 'Turkish' ), 'mejs.ukrainian' => __( 'Ukrainian' ), 'mejs.vietnamese' => __( 'Vietnamese' ), 'mejs.welsh' => __( 'Welsh' ), 'mejs.yiddish' => __( 'Yiddish' ), ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'before' ); $scripts->add( 'mediaelement-vimeo', '/wp-includes/js/mediaelement/renderers/vimeo.min.js', array( 'mediaelement' ), '4.2.17', 1 ); $scripts->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.js", array( 'mediaelement' ), false, 1 ); $mejs_settings = array( 'pluginPath' => includes_url( 'js/mediaelement/', 'relative' ), 'classPrefix' => 'mejs-', 'stretching' => 'responsive', /** This filter is documented in wp-includes/media.php */ 'audioShortcodeLibrary' => apply_filters( 'wp_audio_shortcode_library', 'mediaelement' ), /** This filter is documented in wp-includes/media.php */ 'videoShortcodeLibrary' => apply_filters( 'wp_video_shortcode_library', 'mediaelement' ), ); did_action( 'init' ) && $scripts->localize( 'mediaelement', '_wpmejsSettings', /** * Filters the MediaElement configuration settings. * * @since 4.4.0 * * @param array $mejs_settings MediaElement settings array. */ apply_filters( 'mejs_settings', $mejs_settings ) ); $scripts->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.js', array(), '5.29.1-alpha-ee20357' ); $scripts->add( 'csslint', '/wp-includes/js/codemirror/csslint.js', array(), '1.0.5' ); $scripts->add( 'esprima', '/wp-includes/js/codemirror/esprima.js', array(), '4.0.0' ); $scripts->add( 'jshint', '/wp-includes/js/codemirror/fakejshint.js', array( 'esprima' ), '2.9.5' ); $scripts->add( 'jsonlint', '/wp-includes/js/codemirror/jsonlint.js', array(), '1.6.2' ); $scripts->add( 'htmlhint', '/wp-includes/js/codemirror/htmlhint.js', array(), '0.9.14-xwp' ); $scripts->add( 'htmlhint-kses', '/wp-includes/js/codemirror/htmlhint-kses.js', array( 'htmlhint' ) ); $scripts->add( 'code-editor', "/wp-admin/js/code-editor$suffix.js", array( 'jquery', 'wp-codemirror', 'underscore' ) ); $scripts->add( 'wp-theme-plugin-editor', "/wp-admin/js/theme-plugin-editor$suffix.js", array( 'common', 'wp-util', 'wp-sanitize', 'jquery', 'jquery-ui-core', 'wp-a11y', 'underscore' ), false, 1 ); $scripts->set_translations( 'wp-theme-plugin-editor' ); $scripts->add( 'wp-playlist', "/wp-includes/js/mediaelement/wp-playlist$suffix.js", array( 'wp-util', 'backbone', 'mediaelement' ), false, 1 ); $scripts->add( 'zxcvbn-async', "/wp-includes/js/zxcvbn-async$suffix.js", array(), '1.0' ); did_action( 'init' ) && $scripts->localize( 'zxcvbn-async', '_zxcvbnSettings', array( 'src' => empty( $guessed_url ) ? includes_url( '/js/zxcvbn.min.js' ) : $scripts->base_url . '/wp-includes/js/zxcvbn.min.js', ) ); $scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'password-strength-meter', 'pwsL10n', array( 'unknown' => _x( 'Password strength unknown', 'password strength' ), 'short' => _x( 'Very weak', 'password strength' ), 'bad' => _x( 'Weak', 'password strength' ), 'good' => _x( 'Medium', 'password strength' ), 'strong' => _x( 'Strong', 'password strength' ), 'mismatch' => _x( 'Mismatch', 'password mismatch' ), ) ); $scripts->set_translations( 'password-strength-meter' ); $scripts->add( 'password-toggle', "/wp-admin/js/password-toggle$suffix.js", array(), false, 1 ); $scripts->set_translations( 'password-toggle' ); $scripts->add( 'application-passwords', "/wp-admin/js/application-passwords$suffix.js", array( 'jquery', 'wp-util', 'wp-api-request', 'wp-date', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'application-passwords' ); $scripts->add( 'auth-app', "/wp-admin/js/auth-app$suffix.js", array( 'jquery', 'wp-api-request', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'auth-app' ); $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'clipboard', 'jquery', 'password-strength-meter', 'wp-util', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'user-profile' ); $user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0; did_action( 'init' ) && $scripts->localize( 'user-profile', 'userProfileL10n', array( 'user_id' => $user_id, 'nonce' => wp_installing() ? '' : wp_create_nonce( 'reset-password-for-' . $user_id ), ) ); $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'user-suggest', "/wp-admin/js/user-suggest$suffix.js", array( 'jquery-ui-autocomplete' ), false, 1 ); $scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", array( 'hoverintent-js' ), false, 1 ); $scripts->add( 'wplink', "/wp-includes/js/wplink$suffix.js", array( 'common', 'jquery', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'wplink' ); did_action( 'init' ) && $scripts->localize( 'wplink', 'wpLinkL10n', array( 'title' => __( 'Insert/edit link' ), 'update' => __( 'Update' ), 'save' => __( 'Add Link' ), 'noTitle' => __( '(no title)' ), 'noMatchesFound' => __( 'No results found.' ), 'linkSelected' => __( 'Link selected.' ), 'linkInserted' => __( 'Link inserted.' ), /* translators: Minimum input length in characters to start searching posts in the "Insert/edit link" modal. */ 'minInputLength' => (int) _x( '3', 'minimum input length for searching post links' ), ) ); $scripts->add( 'wpdialogs', "/wp-includes/js/wpdialog$suffix.js", array( 'jquery-ui-dialog' ), false, 1 ); $scripts->add( 'word-count', "/wp-admin/js/word-count$suffix.js", array(), false, 1 ); $scripts->add( 'media-upload', "/wp-admin/js/media-upload$suffix.js", array( 'thickbox', 'shortcode' ), false, 1 ); $scripts->add( 'hoverIntent', "/wp-includes/js/hoverIntent$suffix.js", array( 'jquery' ), '1.10.2', 1 ); // JS-only version of hoverintent (no dependencies). $scripts->add( 'hoverintent-js', '/wp-includes/js/hoverintent-js.min.js', array(), '2.2.1', 1 ); $scripts->add( 'customize-base', "/wp-includes/js/customize-base$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'customize-loader', "/wp-includes/js/customize-loader$suffix.js", array( 'customize-base' ), false, 1 ); $scripts->add( 'customize-preview', "/wp-includes/js/customize-preview$suffix.js", array( 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'customize-models', '/wp-includes/js/customize-models.js', array( 'underscore', 'backbone' ), false, 1 ); $scripts->add( 'customize-views', '/wp-includes/js/customize-views.js', array( 'jquery', 'underscore', 'imgareaselect', 'customize-models', 'media-editor', 'media-views' ), false, 1 ); $scripts->add( 'customize-controls', "/wp-admin/js/customize-controls$suffix.js", array( 'customize-base', 'wp-a11y', 'wp-util', 'jquery-ui-core' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'customize-controls', '_wpCustomizeControlsL10n', array( 'activate' => __( 'Activate & Publish' ), 'save' => __( 'Save & Publish' ), // @todo Remove as not required. 'publish' => __( 'Publish' ), 'published' => __( 'Published' ), 'saveDraft' => __( 'Save Draft' ), 'draftSaved' => __( 'Draft Saved' ), 'updating' => __( 'Updating' ), 'schedule' => _x( 'Schedule', 'customizer changeset action/button label' ), 'scheduled' => _x( 'Scheduled', 'customizer changeset status' ), 'invalid' => __( 'Invalid' ), 'saveBeforeShare' => __( 'Please save your changes in order to share the preview.' ), 'futureDateError' => __( 'You must supply a future date to schedule.' ), 'saveAlert' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'saved' => __( 'Saved' ), 'cancel' => __( 'Cancel' ), 'close' => __( 'Close' ), 'action' => __( 'Action' ), 'discardChanges' => __( 'Discard changes' ), 'cheatin' => __( 'An error occurred. Please try again later.' ), 'notAllowedHeading' => __( 'You need a higher level of permission.' ), 'notAllowed' => __( 'Sorry, you are not allowed to customize this site.' ), 'previewIframeTitle' => __( 'Site Preview' ), 'loginIframeTitle' => __( 'Session expired' ), 'collapseSidebar' => _x( 'Hide Controls', 'label for hide controls button without length constraints' ), 'expandSidebar' => _x( 'Show Controls', 'label for hide controls button without length constraints' ), 'untitledBlogName' => __( '(Untitled)' ), 'unknownRequestFail' => __( 'Looks like something’s gone wrong. Wait a couple seconds, and then try again.' ), 'themeDownloading' => __( 'Downloading your new theme…' ), 'themePreviewWait' => __( 'Setting up your live preview. This may take a bit.' ), 'revertingChanges' => __( 'Reverting unpublished changes…' ), 'trashConfirm' => __( 'Are you sure you want to discard your unpublished changes?' ), /* translators: %s: Display name of the user who has taken over the changeset in customizer. */ 'takenOverMessage' => __( '%s has taken over and is currently customizing.' ), /* translators: %s: URL to the Customizer to load the autosaved version. */ 'autosaveNotice' => __( 'There is a more recent autosave of your changes than the one you are previewing. <a href="%s">Restore the autosave</a>' ), 'videoHeaderNotice' => __( 'This theme does not support video headers on this page. Navigate to the front page or another page that supports video headers.' ), // Used for overriding the file types allowed in Plupload. 'allowedFiles' => __( 'Allowed Files' ), 'customCssError' => array( /* translators: %d: Error count. */ 'singular' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 1 ), /* translators: %d: Error count. */ 'plural' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'pageOnFrontError' => __( 'Homepage and posts page must be different.' ), 'saveBlockedError' => array( /* translators: %s: Number of invalid settings. */ 'singular' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 1 ), /* translators: %s: Number of invalid settings. */ 'plural' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'scheduleDescription' => __( 'Schedule your customization changes to publish ("go live") at a future date.' ), 'themePreviewUnavailable' => __( 'Sorry, you cannot preview new themes when you have changes scheduled or saved as a draft. Please publish your changes, or wait until they publish to preview new themes.' ), 'themeInstallUnavailable' => sprintf( /* translators: %s: URL to Add Themes admin screen. */ __( 'You will not be able to install new themes from here yet since your install requires SFTP credentials. For now, please <a href="%s">add themes in the admin</a>.' ), esc_url( admin_url( 'theme-install.php' ) ) ), 'publishSettings' => __( 'Publish Settings' ), 'invalidDate' => __( 'Invalid date.' ), 'invalidValue' => __( 'Invalid value.' ), 'blockThemeNotification' => sprintf( /* translators: 1: Link to Site Editor documentation on HelpHub, 2: HTML button. */ __( 'Hurray! Your theme supports site editing with blocks. <a href="%1$s">Tell me more</a>. %2$s' ), __( 'https://wordpress.org/documentation/article/site-editor/' ), sprintf( '<button type="button" data-action="%1$s" class="button switch-to-editor">%2$s</button>', esc_url( admin_url( 'site-editor.php' ) ), __( 'Use Site Editor' ) ) ), ) ); $scripts->add( 'customize-selective-refresh', "/wp-includes/js/customize-selective-refresh$suffix.js", array( 'jquery', 'wp-util', 'customize-preview' ), false, 1 ); $scripts->add( 'customize-widgets', "/wp-admin/js/customize-widgets$suffix.js", array( 'jquery', 'jquery-ui-sortable', 'jquery-ui-droppable', 'wp-backbone', 'customize-controls' ), false, 1 ); $scripts->add( 'customize-preview-widgets', "/wp-includes/js/customize-preview-widgets$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu', 'wp-sanitize' ), false, 1 ); $scripts->add( 'customize-preview-nav-menus', "/wp-includes/js/customize-preview-nav-menus$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'wp-custom-header', "/wp-includes/js/wp-custom-header$suffix.js", array( 'wp-a11y' ), false, 1 ); $scripts->add( 'accordion', "/wp-admin/js/accordion$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'shortcode', "/wp-includes/js/shortcode$suffix.js", array( 'underscore' ), false, 1 ); $scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'wp-backbone' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array( 'settings' => array( 'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ), 'post' => array( 'id' => 0 ), ), ) ); $scripts->add( 'wp-embed', "/wp-includes/js/wp-embed$suffix.js" ); did_action( 'init' ) && $scripts->add_data( 'wp-embed', 'strategy', 'defer' ); /* * To enqueue media-views or media-editor, call wp_enqueue_media(). * Both rely on numerous settings, styles, and templates to operate correctly. */ $scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request', 'wp-a11y', 'clipboard' ), false, 1 ); $scripts->set_translations( 'media-views' ); $scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 ); $scripts->set_translations( 'media-editor' ); $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 ); $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 ); if ( is_admin() ) { $scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 ); $scripts->set_translations( 'admin-tags' ); $scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array( 'wp-lists', 'quicktags', 'jquery-query', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-comments' ); did_action( 'init' ) && $scripts->localize( 'admin-comments', 'adminCommentsSettings', array( 'hotkeys_highlight_first' => isset( $_GET['hotkeys_highlight_first'] ), 'hotkeys_highlight_last' => isset( $_GET['hotkeys_highlight_last'] ), ) ); $scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array( 'jquery-ui-sortable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'postbox' ); $scripts->add( 'tags-box', "/wp-admin/js/tags-box$suffix.js", array( 'jquery', 'tags-suggest' ), false, 1 ); $scripts->set_translations( 'tags-box' ); $scripts->add( 'tags-suggest', "/wp-admin/js/tags-suggest$suffix.js", array( 'common', 'jquery-ui-autocomplete', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'tags-suggest' ); $scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y', 'wp-sanitize', 'clipboard' ), false, 1 ); $scripts->set_translations( 'post' ); $scripts->add( 'editor-expand', "/wp-admin/js/editor-expand$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'link', "/wp-admin/js/link$suffix.js", array( 'wp-lists', 'postbox' ), false, 1 ); $scripts->add( 'comment', "/wp-admin/js/comment$suffix.js", array( 'jquery', 'postbox' ), false, 1 ); $scripts->set_translations( 'comment' ); $scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) ); $scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-widgets' ); $scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) ); $scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' ); $scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) ); $scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-gallery-widget', "/wp-admin/js/widgets/media-gallery-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) ); $scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) ); $scripts->add( 'custom-html-widgets', "/wp-admin/js/widgets/custom-html-widgets$suffix.js", array( 'jquery', 'backbone', 'wp-util', 'jquery-ui-core', 'wp-a11y' ) ); $scripts->add( 'theme', "/wp-admin/js/theme$suffix.js", array( 'wp-backbone', 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'inline-edit-post', "/wp-admin/js/inline-edit-post$suffix.js", array( 'jquery', 'tags-suggest', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-post' ); $scripts->add( 'inline-edit-tax', "/wp-admin/js/inline-edit-tax$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-tax' ); $scripts->add( 'plugin-install', "/wp-admin/js/plugin-install$suffix.js", array( 'jquery', 'jquery-ui-core', 'thickbox' ), false, 1 ); $scripts->set_translations( 'plugin-install' ); $scripts->add( 'site-health', "/wp-admin/js/site-health$suffix.js", array( 'clipboard', 'jquery', 'wp-util', 'wp-a11y', 'wp-api-request', 'wp-url', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'site-health' ); $scripts->add( 'privacy-tools', "/wp-admin/js/privacy-tools$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'privacy-tools' ); $scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'common', 'jquery', 'wp-util', 'wp-a11y', 'wp-sanitize', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'updates' ); did_action( 'init' ) && $scripts->localize( 'updates', '_wpUpdatesSettings', array( 'ajax_nonce' => wp_installing() ? '' : wp_create_nonce( 'updates' ), ) ); $scripts->add( 'farbtastic', '/wp-admin/js/farbtastic.js', array( 'jquery' ), '1.2' ); $scripts->add( 'iris', '/wp-admin/js/iris.min.js', array( 'jquery-ui-draggable', 'jquery-ui-slider', 'jquery-touch-punch' ), '1.1.1', 1 ); $scripts->add( 'wp-color-picker', "/wp-admin/js/color-picker$suffix.js", array( 'iris' ), false, 1 ); $scripts->set_translations( 'wp-color-picker' ); $scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'common', 'jquery', 'admin-comments', 'postbox', 'wp-util', 'wp-a11y', 'wp-date' ), false, 1 ); $scripts->set_translations( 'dashboard' ); $scripts->add( 'list-revisions', "/wp-includes/js/wp-list-revisions$suffix.js" ); $scripts->add( 'media-grid', "/wp-includes/js/media-grid$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'media', "/wp-admin/js/media$suffix.js", array( 'jquery', 'clipboard', 'wp-i18n', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'media' ); $scripts->add( 'image-edit', "/wp-admin/js/image-edit$suffix.js", array( 'jquery', 'jquery-ui-core', 'imgareaselect', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'image-edit' ); $scripts->add( 'set-post-thumbnail', "/wp-admin/js/set-post-thumbnail$suffix.js", array( 'jquery' ), false, 1 ); $scripts->set_translations( 'set-post-thumbnail' ); /* * Navigation Menus: Adding underscore as a dependency to utilize _.debounce * see https://core.trac.wordpress.org/ticket/42321 */ $scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-lists', 'postbox', 'underscore' ) ); $scripts->set_translations( 'nav-menu' ); $scripts->add( 'custom-header', '/wp-admin/js/custom-header.js', array( 'jquery-masonry' ), false, 1 ); $scripts->add( 'custom-background', "/wp-admin/js/custom-background$suffix.js", array( 'wp-color-picker', 'media-views' ), false, 1 ); $scripts->add( 'media-gallery', "/wp-admin/js/media-gallery$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'svg-painter', '/wp-admin/js/svg-painter.js', array( 'jquery' ), false, 1 ); } } /** * Assigns default styles to $styles object. * * Nothing is returned, because the $styles parameter is passed by reference. * Meaning that whatever object is passed will be updated without having to * reassign the variable that was passed back to the same value. This saves * memory. * * Adding default styles is not the only task, it also assigns the base_url * property, the default version, and text direction for the object. * * @since 2.6.0 * * @global array $editor_styles * * @param WP_Styles $styles */ function wp_default_styles( $styles ) { global $editor_styles; /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; if ( ! defined( 'SCRIPT_DEBUG' ) ) { /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ define( 'SCRIPT_DEBUG', false !== strpos( $wp_version, '-src' ) ); } $guessurl = site_url(); if ( ! $guessurl ) { $guessurl = wp_guess_url(); } $styles->base_url = $guessurl; $styles->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $styles->default_version = get_bloginfo( 'version' ); $styles->text_direction = function_exists( 'is_rtl' ) && is_rtl() ? 'rtl' : 'ltr'; $styles->default_dirs = array( '/wp-admin/', '/wp-includes/css/' ); // Open Sans is no longer used by core, but may be relied upon by themes and plugins. $open_sans_font_url = ''; /* * translators: If there are characters in your language that are not supported * by Open Sans, translate this to 'off'. Do not translate into your own language. */ if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) { $subsets = 'latin,latin-ext'; /* * translators: To add an additional Open Sans character subset specific to your language, * translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language. */ $subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' ); if ( 'cyrillic' === $subset ) { $subsets .= ',cyrillic,cyrillic-ext'; } elseif ( 'greek' === $subset ) { $subsets .= ',greek,greek-ext'; } elseif ( 'vietnamese' === $subset ) { $subsets .= ',vietnamese'; } // Hotlink Open Sans, for now. $open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets&display=fallback"; } // Register a stylesheet for the selected admin color scheme. $styles->add( 'colors', true, array( 'wp-admin', 'buttons' ) ); $suffix = SCRIPT_DEBUG ? '' : '.min'; // Admin CSS. $styles->add( 'common', "/wp-admin/css/common$suffix.css" ); $styles->add( 'forms', "/wp-admin/css/forms$suffix.css" ); $styles->add( 'admin-menu', "/wp-admin/css/admin-menu$suffix.css" ); $styles->add( 'dashboard', "/wp-admin/css/dashboard$suffix.css" ); $styles->add( 'list-tables', "/wp-admin/css/list-tables$suffix.css" ); $styles->add( 'edit', "/wp-admin/css/edit$suffix.css" ); $styles->add( 'revisions', "/wp-admin/css/revisions$suffix.css" ); $styles->add( 'media', "/wp-admin/css/media$suffix.css" ); $styles->add( 'themes', "/wp-admin/css/themes$suffix.css" ); $styles->add( 'about', "/wp-admin/css/about$suffix.css" ); $styles->add( 'nav-menus', "/wp-admin/css/nav-menus$suffix.css" ); $styles->add( 'widgets', "/wp-admin/css/widgets$suffix.css", array( 'wp-pointer' ) ); $styles->add( 'site-icon', "/wp-admin/css/site-icon$suffix.css" ); $styles->add( 'l10n', "/wp-admin/css/l10n$suffix.css" ); $styles->add( 'code-editor', "/wp-admin/css/code-editor$suffix.css", array( 'wp-codemirror' ) ); $styles->add( 'site-health', "/wp-admin/css/site-health$suffix.css" ); $styles->add( 'wp-admin', false, array( 'dashicons', 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n' ) ); $styles->add( 'login', "/wp-admin/css/login$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'install', "/wp-admin/css/install$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'wp-color-picker', "/wp-admin/css/color-picker$suffix.css" ); $styles->add( 'customize-controls', "/wp-admin/css/customize-controls$suffix.css", array( 'wp-admin', 'colors', 'imgareaselect' ) ); $styles->add( 'customize-widgets', "/wp-admin/css/customize-widgets$suffix.css", array( 'wp-admin', 'colors' ) ); $styles->add( 'customize-nav-menus', "/wp-admin/css/customize-nav-menus$suffix.css", array( 'wp-admin', 'colors' ) ); // Common dependencies. $styles->add( 'buttons', "/wp-includes/css/buttons$suffix.css" ); $styles->add( 'dashicons', "/wp-includes/css/dashicons$suffix.css" ); // Includes CSS. $styles->add( 'admin-bar', "/wp-includes/css/admin-bar$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-auth-check', "/wp-includes/css/wp-auth-check$suffix.css", array( 'dashicons' ) ); $styles->add( 'editor-buttons', "/wp-includes/css/editor$suffix.css", array( 'dashicons' ) ); $styles->add( 'media-views', "/wp-includes/css/media-views$suffix.css", array( 'buttons', 'dashicons', 'wp-mediaelement' ) ); $styles->add( 'wp-pointer', "/wp-includes/css/wp-pointer$suffix.css", array( 'dashicons' ) ); $styles->add( 'customize-preview', "/wp-includes/css/customize-preview$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-empty-template-alert', "/wp-includes/css/wp-empty-template-alert$suffix.css" ); // External libraries and friends. $styles->add( 'imgareaselect', '/wp-includes/js/imgareaselect/imgareaselect.css', array(), '0.9.8' ); $styles->add( 'wp-jquery-ui-dialog', "/wp-includes/css/jquery-ui-dialog$suffix.css", array( 'dashicons' ) ); $styles->add( 'mediaelement', '/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css', array(), '4.2.17' ); $styles->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.css", array( 'mediaelement' ) ); $styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ) ); $styles->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.css', array(), '5.29.1-alpha-ee20357' ); // Deprecated CSS. $styles->add( 'deprecated-media', "/wp-admin/css/deprecated-media$suffix.css" ); $styles->add( 'farbtastic', "/wp-admin/css/farbtastic$suffix.css", array(), '1.3u1' ); $styles->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.css', array(), '0.9.15' ); $styles->add( 'colors-fresh', false, array( 'wp-admin', 'buttons' ) ); // Old handle. $styles->add( 'open-sans', $open_sans_font_url ); // No longer used in core as of 4.6. $styles->add( 'wp-embed-template-ie', false ); $styles->add_data( 'wp-embed-template-ie', 'conditional', '_required-conditional-dependency_' ); // Noto Serif is no longer used by core, but may be relied upon by themes and plugins. $fonts_url = ''; /* * translators: Use this to specify the proper Google Font name and variants * to load that is supported by your language. Do not translate. * Set to 'off' to disable loading. */ $font_family = _x( 'Noto Serif:400,400i,700,700i', 'Google Font Name and Variants' ); if ( 'off' !== $font_family ) { $fonts_url = 'https://fonts.googleapis.com/css?family=' . urlencode( $font_family ); } $styles->add( 'wp-editor-font', $fonts_url ); // No longer used in core as of 5.7. $block_library_theme_path = WPINC . "/css/dist/block-library/theme$suffix.css"; $styles->add( 'wp-block-library-theme', "/$block_library_theme_path" ); $styles->add_data( 'wp-block-library-theme', 'path', ABSPATH . $block_library_theme_path ); $classic_theme_styles_path = WPINC . "/css/classic-themes$suffix.css"; $styles->add( 'classic-theme-styles', "/$classic_theme_styles_path" ); $styles->add_data( 'classic-theme-styles', 'path', ABSPATH . $classic_theme_styles_path ); $styles->add( 'wp-reset-editor-styles', "/wp-includes/css/dist/block-library/reset$suffix.css", array( 'common', 'forms' ) // Make sure the reset is loaded after the default WP Admin styles. ); $styles->add( 'wp-editor-classic-layout-styles', "/wp-includes/css/dist/edit-post/classic$suffix.css", array() ); $styles->add( 'wp-block-editor-content', "/wp-includes/css/dist/block-editor/content$suffix.css", array( 'wp-components' ) ); // Only add CONTENT styles here that should be enqueued in the iframe! $wp_edit_blocks_dependencies = array( 'wp-components', /* * This needs to be added before the block library styles, * The block library styles override the "reset" styles. */ 'wp-reset-editor-styles', 'wp-block-library', 'wp-block-editor-content', ); // Only load the default layout and margin styles for themes without theme.json file. if ( ! wp_theme_has_theme_json() ) { $wp_edit_blocks_dependencies[] = 'wp-editor-classic-layout-styles'; } if ( current_theme_supports( 'wp-block-styles' ) && ( ! is_array( $editor_styles ) || count( $editor_styles ) === 0 ) ) { /* * Include opinionated block styles if the theme supports block styles and * no $editor_styles are declared, so the editor never appears broken. */ $wp_edit_blocks_dependencies[] = 'wp-block-library-theme'; } $styles->add( 'wp-edit-blocks', "/wp-includes/css/dist/block-library/editor$suffix.css", $wp_edit_blocks_dependencies ); $package_styles = array( 'block-editor' => array( 'wp-components', 'wp-preferences' ), 'block-library' => array(), 'block-directory' => array(), 'components' => array(), 'commands' => array( 'wp-components' ), 'edit-post' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-commands', 'wp-preferences', ), 'editor' => array( 'wp-components', 'wp-block-editor', 'wp-reusable-blocks', 'wp-patterns', 'wp-preferences', ), 'format-library' => array(), 'list-reusable-blocks' => array( 'wp-components' ), 'reusable-blocks' => array( 'wp-components' ), 'patterns' => array( 'wp-components' ), 'preferences' => array( 'wp-components' ), 'nux' => array( 'wp-components' ), 'widgets' => array( 'wp-components', ), 'edit-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'customize-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'edit-site' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-commands', 'wp-preferences', ), ); foreach ( $package_styles as $package => $dependencies ) { $handle = 'wp-' . $package; $path = "/wp-includes/css/dist/$package/style$suffix.css"; if ( 'block-library' === $package && wp_should_load_separate_core_block_assets() ) { $path = "/wp-includes/css/dist/$package/common$suffix.css"; } $styles->add( $handle, $path, $dependencies ); $styles->add_data( $handle, 'path', ABSPATH . $path ); } // RTL CSS. $rtl_styles = array( // Admin CSS. 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n', 'install', 'wp-color-picker', 'customize-controls', 'customize-widgets', 'customize-nav-menus', 'customize-preview', 'login', 'site-health', 'wp-empty-template-alert', // Includes CSS. 'buttons', 'admin-bar', 'wp-auth-check', 'editor-buttons', 'media-views', 'wp-pointer', 'wp-jquery-ui-dialog', // Package styles. 'wp-reset-editor-styles', 'wp-editor-classic-layout-styles', 'wp-block-library-theme', 'wp-edit-blocks', 'wp-block-editor', 'wp-block-library', 'wp-block-directory', 'wp-commands', 'wp-components', 'wp-customize-widgets', 'wp-edit-post', 'wp-edit-site', 'wp-edit-widgets', 'wp-editor', 'wp-format-library', 'wp-list-reusable-blocks', 'wp-reusable-blocks', 'wp-patterns', 'wp-nux', 'wp-widgets', // Deprecated CSS. 'deprecated-media', 'farbtastic', ); foreach ( $rtl_styles as $rtl_style ) { $styles->add_data( $rtl_style, 'rtl', 'replace' ); if ( $suffix ) { $styles->add_data( $rtl_style, 'suffix', $suffix ); } } } /** * Reorders JavaScript scripts array to place prototype before jQuery. * * @since 2.3.1 * * @param string[] $js_array JavaScript scripts array * @return string[] Reordered array, if needed. */ function wp_prototype_before_jquery( $js_array ) { $prototype = array_search( 'prototype', $js_array, true ); if ( false === $prototype ) { return $js_array; } $jquery = array_search( 'jquery', $js_array, true ); if ( false === $jquery ) { return $js_array; } if ( $prototype < $jquery ) { return $js_array; } unset( $js_array[ $prototype ] ); array_splice( $js_array, $jquery, 0, 'prototype' ); return $js_array; } /** * Loads localized data on print rather than initialization. * * These localizations require information that may not be loaded even by init. * * @since 2.5.0 * * @global array $shortcode_tags */ function wp_just_in_time_script_localization() { wp_localize_script( 'autosave', 'autosaveL10n', array( 'autosaveInterval' => AUTOSAVE_INTERVAL, 'blog_id' => get_current_blog_id(), ) ); wp_localize_script( 'mce-view', 'mceViewL10n', array( 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); wp_localize_script( 'word-count', 'wordCountL10n', array( 'type' => wp_get_word_count_type(), 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); } /** * Localizes the jQuery UI datepicker. * * @since 4.6.0 * * @link https://api.jqueryui.com/datepicker/#options * * @global WP_Locale $wp_locale WordPress date and time locale object. */ function wp_localize_jquery_ui_datepicker() { global $wp_locale; if ( ! wp_script_is( 'jquery-ui-datepicker', 'enqueued' ) ) { return; } // Convert the PHP date format into jQuery UI's format. $datepicker_date_format = str_replace( array( 'd', 'j', 'l', 'z', // Day. 'F', 'M', 'n', 'm', // Month. 'Y', 'y', // Year. ), array( 'dd', 'd', 'DD', 'o', 'MM', 'M', 'm', 'mm', 'yy', 'y', ), get_option( 'date_format' ) ); $datepicker_defaults = wp_json_encode( array( 'closeText' => __( 'Close' ), 'currentText' => __( 'Today' ), 'monthNames' => array_values( $wp_locale->month ), 'monthNamesShort' => array_values( $wp_locale->month_abbrev ), 'nextText' => __( 'Next' ), 'prevText' => __( 'Previous' ), 'dayNames' => array_values( $wp_locale->weekday ), 'dayNamesShort' => array_values( $wp_locale->weekday_abbrev ), 'dayNamesMin' => array_values( $wp_locale->weekday_initial ), 'dateFormat' => $datepicker_date_format, 'firstDay' => absint( get_option( 'start_of_week' ) ), 'isRTL' => $wp_locale->is_rtl(), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); wp_add_inline_script( 'jquery-ui-datepicker', "jQuery(function(jQuery){jQuery.datepicker.setDefaults({$datepicker_defaults});});" ); } /** * Localizes community events data that needs to be passed to dashboard.js. * * @since 4.8.0 */ function wp_localize_community_events() { if ( ! wp_script_is( 'dashboard' ) ) { return; } require_once ABSPATH . 'wp-admin/includes/class-wp-community-events.php'; $user_id = get_current_user_id(); $saved_location = get_user_option( 'community-events-location', $user_id ); $saved_ip_address = isset( $saved_location['ip'] ) ? $saved_location['ip'] : false; $current_ip_address = WP_Community_Events::get_unsafe_client_ip(); /* * If the user's location is based on their IP address, then update their * location when their IP address changes. This allows them to see events * in their current city when travelling. Otherwise, they would always be * shown events in the city where they were when they first loaded the * Dashboard, which could have been months or years ago. */ if ( $saved_ip_address && $current_ip_address && $current_ip_address !== $saved_ip_address ) { $saved_location['ip'] = $current_ip_address; update_user_meta( $user_id, 'community-events-location', $saved_location ); } $events_client = new WP_Community_Events( $user_id, $saved_location ); wp_localize_script( 'dashboard', 'communityEventsData', array( 'nonce' => wp_create_nonce( 'community_events' ), 'cache' => $events_client->get_cached_events(), 'time_format' => get_option( 'time_format' ), ) ); } /** * Administration Screen CSS for changing the styles. * * If installing the 'wp-admin/' directory will be replaced with './'. * * The $_wp_admin_css_colors global manages the Administration Screens CSS * stylesheet that is loaded. The option that is set is 'admin_color' and is the * color and key for the array. The value for the color key is an object with * a 'url' parameter that has the URL path to the CSS file. * * The query from $src parameter will be appended to the URL that is given from * the $_wp_admin_css_colors array value URL. * * @since 2.6.0 * * @global array $_wp_admin_css_colors * * @param string $src Source URL. * @param string $handle Either 'colors' or 'colors-rtl'. * @return string|false URL path to CSS stylesheet for Administration Screens. */ function wp_style_loader_src( $src, $handle ) { global $_wp_admin_css_colors; if ( wp_installing() ) { return preg_replace( '#^wp-admin/#', './', $src ); } if ( 'colors' === $handle ) { $color = get_user_option( 'admin_color' ); if ( empty( $color ) || ! isset( $_wp_admin_css_colors[ $color ] ) ) { $color = 'fresh'; } $color = $_wp_admin_css_colors[ $color ]; $url = $color->url; if ( ! $url ) { return false; } $parsed = parse_url( $src ); if ( isset( $parsed['query'] ) && $parsed['query'] ) { wp_parse_str( $parsed['query'], $qv ); $url = add_query_arg( $qv, $url ); } return $url; } return $src; } /** * Prints the script queue in the HTML head on admin pages. * * Postpones the scripts that were queued for the footer. * print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @see wp_print_scripts() * * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_head_scripts() { global $concatenate_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } $wp_scripts = wp_scripts(); script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_head_items(); /** * Filters whether to print the head scripts. * * @since 2.8.0 * * @param bool $print Whether to print the head scripts. Default true. */ if ( apply_filters( 'print_head_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints the scripts that were queued for the footer or too late for the HTML head. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_footer_scripts() { global $wp_scripts, $concatenate_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if not instantiated. } script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_footer_items(); /** * Filters whether to print the footer scripts. * * @since 2.8.0 * * @param bool $print Whether to print the footer scripts. Default true. */ if ( apply_filters( 'print_footer_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints scripts (internal use only) * * @since 2.8.0 * * @ignore * * @global WP_Scripts $wp_scripts * @global bool $compress_scripts */ function _print_scripts() { global $wp_scripts, $compress_scripts; $zip = $compress_scripts ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_scripts->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'script' ) ? '' : " type='text/javascript'"; if ( $concat ) { if ( ! empty( $wp_scripts->print_code ) ) { echo "\n<script{$type_attr}>\n"; echo "/* <![CDATA[ */\n"; // Not needed in HTML 5. echo $wp_scripts->print_code; echo sprintf( "\n//# sourceURL=%s\n", rawurlencode( 'js-inline-concat-' . $concat ) ); echo "/* ]]> */\n"; echo "</script>\n"; } $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version; echo "<script{$type_attr} src='" . esc_attr( $src ) . "'></script>\n"; } if ( ! empty( $wp_scripts->print_html ) ) { echo $wp_scripts->print_html; } } /** * Prints the script queue in the HTML head on the front end. * * Postpones the scripts that were queued for the footer. * wp_print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * * @return string[] Handles of the scripts that were printed. */ function wp_print_head_scripts() { global $wp_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if nothing is queued. } return print_head_scripts(); } /** * Private, for use in *_footer_scripts hooks * * In classic themes, when block styles are loaded on demand via wp_load_classic_theme_block_styles_on_demand(), * this function is replaced by a closure in wp_hoist_late_printed_styles() which will capture the printing of * two sets of "late" styles to be hoisted to the HEAD by means of the template enhancement output buffer: * * 1. Styles related to blocks are inserted right after the wp-block-library stylesheet. * 2. All other styles are appended to the end of the HEAD. * * The closure calls print_footer_scripts() to print scripts in the footer as usual. * * @since 3.3.0 */ function _wp_footer_scripts() { print_late_styles(); print_footer_scripts(); } /** * Hooks to print the scripts and styles in the footer. * * @since 2.8.0 */ function wp_print_footer_scripts() { /** * Fires when footer scripts are printed. * * @since 2.8.0 */ do_action( 'wp_print_footer_scripts' ); } /** * Wrapper for do_action( 'wp_enqueue_scripts' ). * * Allows plugins to queue scripts for the front end using wp_enqueue_script(). * Runs first in wp_head() where all is_home(), is_page(), etc. functions are available. * * @since 2.8.0 */ function wp_enqueue_scripts() { /** * Fires when scripts and styles are enqueued. * * @since 2.8.0 */ do_action( 'wp_enqueue_scripts' ); } /** * Prints the styles queue in the HTML head on admin pages. * * @since 2.8.0 * * @global bool $concatenate_scripts * * @return string[] Handles of the styles that were printed. */ function print_admin_styles() { global $concatenate_scripts; $wp_styles = wp_styles(); script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_items( false ); /** * Filters whether to print the admin styles. * * @since 2.8.0 * * @param bool $print Whether to print the admin styles. Default true. */ if ( apply_filters( 'print_admin_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints the styles that were queued too late for the HTML head. * * @since 3.3.0 * * @global WP_Styles $wp_styles * @global bool $concatenate_scripts * * @return array|void */ function print_late_styles() { global $wp_styles, $concatenate_scripts; if ( ! ( $wp_styles instanceof WP_Styles ) ) { return; } script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_footer_items(); /** * Filters whether to print the styles queued too late for the HTML head. * * @since 3.3.0 * * @param bool $print Whether to print the 'late' styles. Default true. */ if ( apply_filters( 'print_late_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints styles (internal use only). * * @ignore * @since 3.3.0 * * @global bool $compress_css */ function _print_styles() { global $compress_css; $wp_styles = wp_styles(); $zip = $compress_css ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_styles->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; if ( $concat ) { $dir = $wp_styles->text_direction; $ver = $wp_styles->default_version; $concat_source_url = 'css-inline-concat-' . $concat; $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver; echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "'{$type_attr} media='all' />\n"; if ( ! empty( $wp_styles->print_code ) ) { echo "<style{$type_attr}>\n"; echo $wp_styles->print_code; echo sprintf( "\n/*# sourceURL=%s */", rawurlencode( $concat_source_url ) ); echo "\n</style>\n"; } } if ( ! empty( $wp_styles->print_html ) ) { echo $wp_styles->print_html; } } /** * Determines the concatenation and compression settings for scripts and styles. * * @since 2.8.0 * * @global bool $concatenate_scripts * @global bool $compress_scripts * @global bool $compress_css */ function script_concat_settings() { global $concatenate_scripts, $compress_scripts, $compress_css; $compressed_output = ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' === ini_get( 'output_handler' ) ); $can_compress_scripts = ! wp_installing() && get_site_option( 'can_compress_scripts' ); if ( ! isset( $concatenate_scripts ) ) { $concatenate_scripts = defined( 'CONCATENATE_SCRIPTS' ) ? CONCATENATE_SCRIPTS : true; if ( ( ! is_admin() && ! did_action( 'login_init' ) ) || ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ) { $concatenate_scripts = false; } } if ( ! isset( $compress_scripts ) ) { $compress_scripts = defined( 'COMPRESS_SCRIPTS' ) ? COMPRESS_SCRIPTS : true; if ( $compress_scripts && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_scripts = false; } } if ( ! isset( $compress_css ) ) { $compress_css = defined( 'COMPRESS_CSS' ) ? COMPRESS_CSS : true; if ( $compress_css && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_css = false; } } } /** * Handles the enqueueing of block scripts and styles that are common to both * the editor and the front-end. * * @since 5.0.0 */ function wp_common_block_scripts_and_styles() { if ( is_admin() && ! wp_should_load_block_editor_scripts_and_styles() ) { return; } wp_enqueue_style( 'wp-block-library' ); if ( current_theme_supports( 'wp-block-styles' ) && ! wp_should_load_separate_core_block_assets() ) { wp_enqueue_style( 'wp-block-library-theme' ); } /** * Fires after enqueuing block assets for both editor and front-end. * * Call `add_action` on any hook before 'wp_enqueue_scripts'. * * In the function call you supply, simply use `wp_enqueue_script` and * `wp_enqueue_style` to add your functionality to the Gutenberg editor. * * @since 5.0.0 */ do_action( 'enqueue_block_assets' ); } /** * Applies a filter to the list of style nodes that comes from WP_Theme_JSON::get_style_nodes(). * * This particular filter removes all of the blocks from the array. * * We want WP_Theme_JSON to be ignorant of the implementation details of how the CSS is being used. * This filter allows us to modify the output of WP_Theme_JSON depending on whether or not we are * loading separate assets, without making the class aware of that detail. * * @since 6.1.0 * * @param array $nodes The nodes to filter. * @return array A filtered array of style nodes. */ function wp_filter_out_block_nodes( $nodes ) { return array_filter( $nodes, static function ( $node ) { return ! in_array( 'blocks', $node['path'], true ); }, ARRAY_FILTER_USE_BOTH ); } /** * Enqueues the global styles defined via theme.json. * * @since 5.8.0 */ function wp_enqueue_global_styles() { $assets_on_demand = wp_should_load_block_assets_on_demand(); $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * Global styles should be printed in the head for block themes, or for classic themes when loading assets on * demand is disabled, which is the default. * The footer should only be used for classic themes when loading assets on demand is enabled. * * See https://core.trac.wordpress.org/ticket/53494 and https://core.trac.wordpress.org/ticket/61965. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_footer' ) && ! $assets_on_demand ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) && $assets_on_demand ) ) { return; } /* * If loading the CSS for each block separately, then load the theme.json CSS conditionally. * This removes the CSS from the global-styles stylesheet and adds it to the inline CSS for each block. * This filter must be registered before calling wp_get_global_stylesheet(); */ add_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' ); $stylesheet = wp_get_global_stylesheet(); if ( $is_block_theme ) { /* * Dequeue the Customizer's custom CSS * and add it before the global styles custom CSS. */ remove_action( 'wp_head', 'wp_custom_css_cb', 101 ); /* * Get the custom CSS from the Customizer and add it to the global stylesheet. * Always do this in Customizer preview for the sake of live preview since it be empty. */ $custom_css = trim( wp_get_custom_css() ); if ( $custom_css || is_customize_preview() ) { if ( is_customize_preview() ) { /* * When in the Customizer preview, wrap the Custom CSS in milestone comments to allow customize-preview.js * to locate the CSS to replace for live previewing. Make sure that the milestone comments are omitted from * the stored Custom CSS if by chance someone tried to add them, which would be highly unlikely, but it * would break live previewing. */ $before_milestone = '/*BEGIN_CUSTOMIZER_CUSTOM_CSS*/'; $after_milestone = '/*END_CUSTOMIZER_CUSTOM_CSS*/'; $custom_css = str_replace( array( $before_milestone, $after_milestone ), '', $custom_css ); $custom_css = $before_milestone . "\n" . $custom_css . "\n" . $after_milestone; } $custom_css = "\n" . $custom_css; } $stylesheet .= $custom_css; // Add the global styles custom CSS at the end. $stylesheet .= wp_get_global_stylesheet( array( 'custom-css' ) ); } if ( empty( $stylesheet ) ) { return; } wp_register_style( 'global-styles', false ); wp_add_inline_style( 'global-styles', $stylesheet ); wp_enqueue_style( 'global-styles' ); // Add each block as an inline css. wp_add_global_styles_for_blocks(); } /** * Checks if the editor scripts and styles for all registered block types * should be enqueued on the current screen. * * @since 5.6.0 * * @global WP_Screen $current_screen WordPress current screen object. * * @return bool Whether scripts and styles should be enqueued. */ function wp_should_load_block_editor_scripts_and_styles() { global $current_screen; $is_block_editor_screen = ( $current_screen instanceof WP_Screen ) && $current_screen->is_block_editor(); /** * Filters the flag that decides whether or not block editor scripts and styles * are going to be enqueued on the current screen. * * @since 5.6.0 * * @param bool $is_block_editor_screen Current value of the flag. */ return apply_filters( 'should_load_block_editor_scripts_and_styles', $is_block_editor_screen ); } /** * Checks whether separate styles should be loaded for core blocks. * * When this function returns true, other functions ensure that core blocks use their own separate stylesheets. * When this function returns false, all core blocks will use the single combined 'wp-block-library' stylesheet. * * As a side effect, the return value will by default result in block assets to be loaded on demand, via the * {@see wp_should_load_block_assets_on_demand()} function. This behavior can be separately altered via that function. * * This only affects front end and not the block editor screens. * * @since 5.8.0 * @see @see wp_should_load_block_assets_on_demand() * @see wp_enqueue_registered_block_scripts_and_styles() * @see register_block_style_handle() * * @return bool Whether separate core block assets will be loaded. */ function wp_should_load_separate_core_block_assets() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /** * Filters whether block styles should be loaded separately. * * Returning false loads all core block assets, regardless of whether they are rendered * in a page or not. Returning true loads core block assets only when they are rendered. * * @since 5.8.0 * * @param bool $load_separate_assets Whether separate assets will be loaded. * Default false (all block assets are loaded, even when not used). */ return apply_filters( 'should_load_separate_core_block_assets', false ); } /** * Checks whether block styles should be loaded only on-render. * * When this function returns true, other functions ensure that blocks only load their assets on-render. * When this function returns false, all block assets are loaded regardless of whether they are rendered in a page. * * The default return value depends on the result of {@see wp_should_load_separate_core_block_assets()}, which controls * whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' stylesheet. * * This only affects front end and not the block editor screens. * * @since 6.8.0 * @see wp_should_load_separate_core_block_assets() * * @return bool Whether to load block assets only when they are rendered. */ function wp_should_load_block_assets_on_demand() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /* * For backward compatibility, the default return value for this function is based on the return value of * `wp_should_load_separate_core_block_assets()`. Initially, this function used to control both of these concerns. */ $load_assets_on_demand = wp_should_load_separate_core_block_assets(); /** * Filters whether block styles should be loaded on demand. * * Returning false loads all block assets, regardless of whether they are rendered in a page or not. * Returning true loads block assets only when they are rendered. * * The default value of the filter depends on the result of {@see wp_should_load_separate_core_block_assets()}, * which controls whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' * stylesheet. * * @since 6.8.0 * * @param bool $load_assets_on_demand Whether to load block assets only when they are rendered. */ return apply_filters( 'should_load_block_assets_on_demand', $load_assets_on_demand ); } /** * Enqueues registered block scripts and styles, depending on current rendered * context (only enqueuing editor scripts while in context of the editor). * * @since 5.0.0 */ function wp_enqueue_registered_block_scripts_and_styles() { if ( wp_should_load_block_assets_on_demand() ) { return; } $load_editor_scripts_and_styles = is_admin() && wp_should_load_block_editor_scripts_and_styles(); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Block styles are only enqueued if they're registered. For core blocks, this is only the case if * `wp_should_load_separate_core_block_assets()` returns true. Otherwise they use the single combined * 'wp-block-library` stylesheet. See also `register_core_block_style_handles()`. * Since `wp_enqueue_style()` does not trigger warnings if the style is not registered, it is okay to not cater for * this behavior here and simply call `wp_enqueue_style()` unconditionally. */ foreach ( $block_registry->get_all_registered() as $block_name => $block_type ) { // Front-end and editor styles. foreach ( $block_type->style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } // Front-end and editor scripts. foreach ( $block_type->script_handles as $script_handle ) { wp_enqueue_script( $script_handle ); } if ( $load_editor_scripts_and_styles ) { // Editor styles. foreach ( $block_type->editor_style_handles as $editor_style_handle ) { wp_enqueue_style( $editor_style_handle ); } // Editor scripts. foreach ( $block_type->editor_script_handles as $editor_script_handle ) { wp_enqueue_script( $editor_script_handle ); } } } } /** * Function responsible for enqueuing the styles required for block styles functionality on the editor and on the frontend. * * @since 5.3.0 * * @global WP_Styles $wp_styles */ function enqueue_block_styles_assets() { global $wp_styles; $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { if ( isset( $style_properties['style_handle'] ) ) { // If the site loads block styles on demand, enqueue the stylesheet on render. if ( wp_should_load_block_assets_on_demand() ) { add_filter( 'render_block', static function ( $html, $block ) use ( $block_name, $style_properties ) { if ( $block['blockName'] === $block_name ) { wp_enqueue_style( $style_properties['style_handle'] ); } return $html; }, 10, 2 ); } else { wp_enqueue_style( $style_properties['style_handle'] ); } } if ( isset( $style_properties['inline_style'] ) ) { // Default to "wp-block-library". $handle = 'wp-block-library'; // If the site loads block styles on demand, check if the block has a stylesheet registered. if ( wp_should_load_block_assets_on_demand() ) { $block_stylesheet_handle = generate_block_asset_handle( $block_name, 'style' ); if ( isset( $wp_styles->registered[ $block_stylesheet_handle ] ) ) { $handle = $block_stylesheet_handle; } } // Add inline styles to the calculated handle. wp_add_inline_style( $handle, $style_properties['inline_style'] ); } } } } /** * Function responsible for enqueuing the assets required for block styles functionality on the editor. * * @since 5.3.0 */ function enqueue_editor_block_styles_assets() { $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); $register_script_lines = array( '( function() {' ); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { $block_style = array( 'name' => $style_properties['name'], 'label' => $style_properties['label'], ); if ( isset( $style_properties['is_default'] ) ) { $block_style['isDefault'] = $style_properties['is_default']; } $register_script_lines[] = sprintf( ' wp.blocks.registerBlockStyle( \'%s\', %s );', $block_name, wp_json_encode( $block_style, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); } } $register_script_lines[] = '} )();'; $inline_script = implode( "\n", $register_script_lines ); wp_register_script( 'wp-block-styles', false, array( 'wp-blocks' ), true, array( 'in_footer' => true ) ); wp_add_inline_script( 'wp-block-styles', $inline_script ); wp_enqueue_script( 'wp-block-styles' ); } /** * Enqueues the assets required for the block directory within the block editor. * * @since 5.5.0 */ function wp_enqueue_editor_block_directory_assets() { wp_enqueue_script( 'wp-block-directory' ); wp_enqueue_style( 'wp-block-directory' ); } /** * Enqueues the assets required for the format library within the block editor. * * @since 5.8.0 */ function wp_enqueue_editor_format_library_assets() { wp_enqueue_script( 'wp-format-library' ); wp_enqueue_style( 'wp-format-library' ); } /** * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag. * * Automatically injects type attribute if needed. * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String made of sanitized `<script>` tag attributes. */ function wp_sanitize_script_attributes( $attributes ) { $html5_script_support = is_admin() || current_theme_supports( 'html5', 'script' ); $attributes_string = ''; /* * If HTML5 script tag is supported, only the attribute name is added * to $attributes_string for entries with a boolean value, and that are true. */ foreach ( $attributes as $attribute_name => $attribute_value ) { if ( is_bool( $attribute_value ) ) { if ( $attribute_value ) { $attributes_string .= $html5_script_support ? ' ' . esc_attr( $attribute_name ) : sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ); } } else { $attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) ); } } return $attributes_string; } /** * Formats `<script>` loader tags. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String containing `<script>` opening and closing tags. */ function wp_get_script_tag( $attributes ) { if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. */ $attributes = apply_filters( 'wp_script_attributes', $attributes ); return sprintf( "<script%s></script>\n", wp_sanitize_script_attributes( $attributes ) ); } /** * Prints formatted `<script>` loader tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. */ function wp_print_script_tag( $attributes ) { echo wp_get_script_tag( $attributes ); } /** * Constructs an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. * @return string String containing inline JavaScript code wrapped around `<script>` tag. */ function wp_get_inline_script_tag( $data, $attributes = array() ) { $is_html5 = current_theme_supports( 'html5', 'script' ) || is_admin(); if ( ! isset( $attributes['type'] ) && ! $is_html5 ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /* * XHTML extracts the contents of the SCRIPT element and then the XML parser * decodes character references and other syntax elements. This can lead to * misinterpretation of the script contents or invalid XHTML documents. * * Wrapping the contents in a CDATA section instructs the XML parser not to * transform the contents of the SCRIPT element before passing them to the * JavaScript engine. * * Example: * * <script>console.log('…');</script> * * In an HTML document this would print "…" to the console, * but in an XHTML document it would print "…" to the console. * * <script>console.log('An image is <img> in HTML');</script> * * In an HTML document this would print "An image is <img> in HTML", * but it's an invalid XHTML document because it interprets the `<img>` * as an empty tag missing its closing `/`. * * @see https://www.w3.org/TR/xhtml1/#h-4.8 */ if ( ! $is_html5 && ( ! isset( $attributes['type'] ) || 'module' === $attributes['type'] || str_contains( $attributes['type'], 'javascript' ) || str_contains( $attributes['type'], 'ecmascript' ) || str_contains( $attributes['type'], 'jscript' ) || str_contains( $attributes['type'], 'livescript' ) ) ) { /* * If the string `]]>` exists within the JavaScript it would break * out of any wrapping CDATA section added here, so to start, it's * necessary to escape that sequence which requires splitting the * content into two CDATA sections wherever it's found. * * Note: it's only necessary to escape the closing `]]>` because * an additional `<![CDATA[` leaves the contents unchanged. */ $data = str_replace( ']]>', ']]]]><![CDATA[>', $data ); // Wrap the entire escaped script inside a CDATA section. $data = sprintf( "/* <![CDATA[ */\n%s\n/* ]]> */", $data ); } $data = "\n" . trim( $data, "\n\r " ) . "\n"; /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. * @param string $data Inline data. */ $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $data ); } /** * Prints an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. */ function wp_print_inline_script_tag( $data, $attributes = array() ) { echo wp_get_inline_script_tag( $data, $attributes ); } /** * Allows small styles to be inlined. * * This improves performance and sustainability, and is opt-in. Stylesheets can opt in * by adding `path` data using `wp_style_add_data`, and defining the file's absolute path: * * wp_style_add_data( $style_handle, 'path', $file_path ); * * @since 5.8.0 * * @global WP_Styles $wp_styles */ function wp_maybe_inline_styles() { global $wp_styles; $total_inline_limit = 40000; /** * The maximum size of inlined styles in bytes. * * @since 5.8.0 * @since 6.9.0 The default limit increased from 20K to 40K. * * @param int $total_inline_limit The file-size threshold, in bytes. Default 40000. */ $total_inline_limit = apply_filters( 'styles_inline_size_limit', $total_inline_limit ); $styles = array(); // Build an array of styles that have a path defined. foreach ( $wp_styles->queue as $handle ) { if ( ! isset( $wp_styles->registered[ $handle ] ) ) { continue; } $src = $wp_styles->registered[ $handle ]->src; $path = $wp_styles->get_data( $handle, 'path' ); if ( $path && $src ) { $size = wp_filesize( $path ); if ( ! $size ) { continue; } $styles[] = array( 'handle' => $handle, 'src' => $src, 'path' => $path, 'size' => $size, ); } } if ( ! empty( $styles ) ) { // Reorder styles array based on size. usort( $styles, static function ( $a, $b ) { return ( $a['size'] <= $b['size'] ) ? -1 : 1; } ); /* * The total inlined size. * * On each iteration of the loop, if a style gets added inline the value of this var increases * to reflect the total size of inlined styles. */ $total_inline_size = 0; // Loop styles. foreach ( $styles as $style ) { // Size check. Since styles are ordered by size, we can break the loop. if ( $total_inline_size + $style['size'] > $total_inline_limit ) { break; } // Get the styles if we don't already have them. $style['css'] = file_get_contents( $style['path'] ); /* * Check if the style contains relative URLs that need to be modified. * URLs relative to the stylesheet's path should be converted to relative to the site's root. */ $style['css'] = _wp_normalize_relative_css_links( $style['css'], $style['src'] ); // Keep track of the original `src` for the style that was inlined so that the `sourceURL` comment can be added. $wp_styles->add_data( $style['handle'], 'inlined_src', $style['src'] ); // Set `src` to `false` and add styles inline. $wp_styles->registered[ $style['handle'] ]->src = false; if ( empty( $wp_styles->registered[ $style['handle'] ]->extra['after'] ) ) { $wp_styles->registered[ $style['handle'] ]->extra['after'] = array(); } array_unshift( $wp_styles->registered[ $style['handle'] ]->extra['after'], $style['css'] ); // Add the styles size to the $total_inline_size var. $total_inline_size += (int) $style['size']; } } } /** * Makes URLs relative to the WordPress installation. * * @since 5.9.0 * @access private * * @param string $css The CSS to make URLs relative to the WordPress installation. * @param string $stylesheet_url The URL to the stylesheet. * * @return string The CSS with URLs made relative to the WordPress installation. */ function _wp_normalize_relative_css_links( $css, $stylesheet_url ) { return preg_replace_callback( '#(url\s*\(\s*[\'"]?\s*)([^\'"\)]+)#', static function ( $matches ) use ( $stylesheet_url ) { list( , $prefix, $url ) = $matches; // Short-circuit if the URL does not require normalization. if ( str_starts_with( $url, 'http:' ) || str_starts_with( $url, 'https:' ) || str_starts_with( $url, '/' ) || str_starts_with( $url, '#' ) || str_starts_with( $url, 'data:' ) ) { return $matches[0]; } // Build the absolute URL. $absolute_url = dirname( $stylesheet_url ) . '/' . $url; $absolute_url = str_replace( '/./', '/', $absolute_url ); // Convert to URL related to the site root. $url = wp_make_link_relative( $absolute_url ); return $prefix . $url; }, $css ); } /** * Function that enqueues the CSS Custom Properties coming from theme.json. * * @since 5.9.0 */ function wp_enqueue_global_styles_css_custom_properties() { wp_register_style( 'global-styles-css-custom-properties', false ); wp_add_inline_style( 'global-styles-css-custom-properties', wp_get_global_stylesheet( array( 'variables' ) ) ); wp_enqueue_style( 'global-styles-css-custom-properties' ); } /** * Hooks inline styles in the proper place, depending on the active theme. * * @since 5.9.1 * @since 6.1.0 Added the `$priority` parameter. * * For block themes, styles are loaded in the head. * For classic ones, styles are loaded in the body because the wp_head action happens before render_block. * * @link https://core.trac.wordpress.org/ticket/53494. * * @param string $style String containing the CSS styles to be added. * @param int $priority To set the priority for the add_action. */ function wp_enqueue_block_support_styles( $style, $priority = 10 ) { $action_hook_name = 'wp_footer'; if ( wp_is_block_theme() ) { $action_hook_name = 'wp_head'; } add_action( $action_hook_name, static function () use ( $style ) { echo "<style>$style</style>\n"; }, $priority ); } /** * Fetches, processes and compiles stored core styles, then combines and renders them to the page. * Styles are stored via the style engine API. * * @link https://developer.wordpress.org/block-editor/reference-guides/packages/packages-style-engine/ * * @since 6.1.0 * * @param array $options { * Optional. An array of options to pass to wp_style_engine_get_stylesheet_from_context(). * Default empty array. * * @type bool $optimize Whether to optimize the CSS output, e.g., combine rules. * Default false. * @type bool $prettify Whether to add new lines and indents to output. * Default to whether the `SCRIPT_DEBUG` constant is defined. * } */ function wp_enqueue_stored_styles( $options = array() ) { // Note: Styles printed at wp_footer for classic themes may still end up in the head due to wp_load_classic_theme_block_styles_on_demand(). $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * For block themes, this function prints stored styles in the header. * For classic themes, in the footer. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) ) ) { return; } $core_styles_keys = array( 'block-supports' ); $compiled_core_stylesheet = ''; $style_tag_id = 'core'; // Adds comment if code is prettified to identify core styles sections in debugging. $should_prettify = isset( $options['prettify'] ) ? true === $options['prettify'] : defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG; foreach ( $core_styles_keys as $style_key ) { if ( $should_prettify ) { $compiled_core_stylesheet .= "/**\n * Core styles: $style_key\n */\n"; } // Chains core store ids to signify what the styles contain. $style_tag_id .= '-' . $style_key; $compiled_core_stylesheet .= wp_style_engine_get_stylesheet_from_context( $style_key, $options ); } // Combines Core styles. if ( ! empty( $compiled_core_stylesheet ) ) { wp_register_style( $style_tag_id, false ); wp_add_inline_style( $style_tag_id, $compiled_core_stylesheet ); wp_enqueue_style( $style_tag_id ); } // Prints out any other stores registered by themes or otherwise. $additional_stores = WP_Style_Engine_CSS_Rules_Store::get_stores(); foreach ( array_keys( $additional_stores ) as $store_name ) { if ( in_array( $store_name, $core_styles_keys, true ) ) { continue; } $styles = wp_style_engine_get_stylesheet_from_context( $store_name, $options ); if ( ! empty( $styles ) ) { $key = "wp-style-engine-$store_name"; wp_register_style( $key, false ); wp_add_inline_style( $key, $styles ); wp_enqueue_style( $key ); } } } /** * Enqueues a stylesheet for a specific block. * * If the theme has opted-in to load block styles on demand, * then the stylesheet will be enqueued on-render, * otherwise when the block inits. * * @since 5.9.0 * * @param string $block_name The block-name, including namespace. * @param array $args { * An array of arguments. See wp_register_style() for full information about each argument. * * @type string $handle The handle for the stylesheet. * @type string|false $src The source URL of the stylesheet. * @type string[] $deps Array of registered stylesheet handles this stylesheet depends on. * @type string|bool|null $ver Stylesheet version number. * @type string $media The media for which this stylesheet has been defined. * @type string|null $path Absolute path to the stylesheet, so that it can potentially be inlined. * } */ function wp_enqueue_block_style( $block_name, $args ) { $args = wp_parse_args( $args, array( 'handle' => '', 'src' => '', 'deps' => array(), 'ver' => false, 'media' => 'all', ) ); /** * Callback function to register and enqueue styles. * * @param string $content When the callback is used for the render_block filter, * the content needs to be returned so the function parameter * is to ensure the content exists. * @return string Block content. */ $callback = static function ( $content ) use ( $args ) { // Register the stylesheet. if ( ! empty( $args['src'] ) ) { wp_register_style( $args['handle'], $args['src'], $args['deps'], $args['ver'], $args['media'] ); } // Add `path` data if provided. if ( isset( $args['path'] ) ) { wp_style_add_data( $args['handle'], 'path', $args['path'] ); // Get the RTL file path. $rtl_file_path = str_replace( '.css', '-rtl.css', $args['path'] ); // Add RTL stylesheet. if ( file_exists( $rtl_file_path ) ) { wp_style_add_data( $args['handle'], 'rtl', 'replace' ); if ( is_rtl() ) { wp_style_add_data( $args['handle'], 'path', $rtl_file_path ); } } } // Enqueue the stylesheet. wp_enqueue_style( $args['handle'] ); return $content; }; $hook = did_action( 'wp_enqueue_scripts' ) ? 'wp_footer' : 'wp_enqueue_scripts'; if ( wp_should_load_block_assets_on_demand() ) { /** * Callback function to register and enqueue styles. * * @param string $content The block content. * @param array $block The full block, including name and attributes. * @return string Block content. */ $callback_separate = static function ( $content, $block ) use ( $block_name, $callback ) { if ( ! empty( $block['blockName'] ) && $block_name === $block['blockName'] ) { return $callback( $content ); } return $content; }; /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( 'render_block', $callback_separate, 10, 2 ); return; } /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( $hook, $callback ); // Enqueue assets in the editor. add_action( 'enqueue_block_assets', $callback ); } /** * Loads classic theme styles on classic themes in the frontend. * * This is used for backwards compatibility for Button and File blocks specifically. * * @since 6.1.0 * @since 6.2.0 Added File block styles. * @since 6.8.0 Moved stylesheet registration outside of this function. */ function wp_enqueue_classic_theme_styles() { if ( ! wp_theme_has_theme_json() ) { wp_enqueue_style( 'classic-theme-styles' ); } } /** * Enqueues the assets required for the Command Palette. * * @since 6.9.0 * * @global array $menu * @global array $submenu */ function wp_enqueue_command_palette_assets() { global $menu, $submenu; $command_palette_settings = array( 'is_network_admin' => is_network_admin(), ); if ( $menu ) { $menu_commands = array(); foreach ( $menu as $menu_item ) { if ( empty( $menu_item[0] ) || ! empty( $menu_item[1] ) && ! current_user_can( $menu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $menu_label = $menu_item[0]; while ( preg_match( '/<[^>]*>/', $menu_label ) ) { $menu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $menu_label ); } $menu_label = trim( $menu_label ); $menu_url = ''; $menu_slug = $menu_item[2]; if ( preg_match( '/\.php($|\?)/', $menu_slug ) || wp_http_validate_url( $menu_slug ) ) { $menu_url = $menu_slug; } elseif ( ! empty( menu_page_url( $menu_slug, false ) ) ) { $menu_url = html_entity_decode( menu_page_url( $menu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $menu_url ) { $menu_commands[] = array( 'label' => $menu_label, 'url' => $menu_url, 'name' => $menu_slug, ); } if ( array_key_exists( $menu_slug, $submenu ) ) { foreach ( $submenu[ $menu_slug ] as $submenu_item ) { if ( empty( $submenu_item[0] ) || ! empty( $submenu_item[1] ) && ! current_user_can( $submenu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $submenu_label = $submenu_item[0]; while ( preg_match( '/<[^>]*>/', $submenu_label ) ) { $submenu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $submenu_label ); } $submenu_label = trim( $submenu_label ); $submenu_url = ''; $submenu_slug = $submenu_item[2]; if ( preg_match( '/\.php($|\?)/', $submenu_slug ) || wp_http_validate_url( $submenu_slug ) ) { $submenu_url = $submenu_slug; } elseif ( ! empty( menu_page_url( $submenu_slug, false ) ) ) { $submenu_url = html_entity_decode( menu_page_url( $submenu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $submenu_url ) { $menu_commands[] = array( 'label' => sprintf( /* translators: 1: Menu label, 2: Submenu label. */ __( '%1$s > %2$s' ), $menu_label, $submenu_label ), 'url' => $submenu_url, 'name' => $menu_slug . '-' . $submenu_item[2], ); } } } } $command_palette_settings['menu_commands'] = $menu_commands; } wp_enqueue_script( 'wp-commands' ); wp_enqueue_style( 'wp-commands' ); wp_enqueue_script( 'wp-core-commands' ); wp_add_inline_script( 'wp-core-commands', sprintf( 'wp.coreCommands.initializeCommandPalette( %s );', wp_json_encode( $command_palette_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); } /** * Removes leading and trailing _empty_ script tags. * * This is a helper meant to be used for literal script tag construction * within `wp_get_inline_script_tag()` or `wp_print_inline_script_tag()`. * It removes the literal values of "<script>" and "</script>" from * around an inline script after trimming whitespace. Typically this * is used in conjunction with output buffering, where `ob_get_clean()` * is passed as the `$contents` argument. * * Example: * * // Strips exact literal empty SCRIPT tags. * $js = '<script>sayHello();</script>; * 'sayHello();' === wp_remove_surrounding_empty_script_tags( $js ); * * // Otherwise if anything is different it warns in the JS console. * $js = '<script type="text/javascript">console.log( "hi" );</script>'; * 'console.error( ... )' === wp_remove_surrounding_empty_script_tags( $js ); * * @since 6.4.0 * @access private * * @see wp_print_inline_script_tag() * @see wp_get_inline_script_tag() * * @param string $contents Script body with manually created SCRIPT tag literals. * @return string Script body without surrounding script tag literals, or * original contents if both exact literals aren't present. */ function wp_remove_surrounding_empty_script_tags( $contents ) { $contents = trim( $contents ); $opener = '<SCRIPT>'; $closer = '</SCRIPT>'; if ( strlen( $contents ) > strlen( $opener ) + strlen( $closer ) && strtoupper( substr( $contents, 0, strlen( $opener ) ) ) === $opener && strtoupper( substr( $contents, -strlen( $closer ) ) ) === $closer ) { return substr( $contents, strlen( $opener ), -strlen( $closer ) ); } else { $error_message = __( 'Expected string to start with script tag (without attributes) and end with script tag, with optional whitespace.' ); _doing_it_wrong( __FUNCTION__, $error_message, '6.4' ); return sprintf( 'console.error(%s)', wp_json_encode( sprintf( /* translators: %s: wp_remove_surrounding_empty_script_tags() */ __( 'Function %s used incorrectly in PHP.' ), 'wp_remove_surrounding_empty_script_tags()' ) . ' ' . $error_message ) ); } } /** * Adds hooks to load block styles on demand in classic themes. * * @since 6.9.0 * * @see _add_default_theme_supports() */ function wp_load_classic_theme_block_styles_on_demand() { // This is not relevant to block themes, as they are opted in to loading separate styles on demand via _add_default_theme_supports(). if ( wp_is_block_theme() ) { return; } /* * Make sure that wp_should_output_buffer_template_for_enhancement() returns true even if there aren't any * `wp_template_enhancement_output_buffer` filters added, but do so at priority zero so that applications which * wish to stream responses can more easily turn this off. */ add_filter( 'wp_should_output_buffer_template_for_enhancement', '__return_true', 0 ); // If a site has opted out of the template enhancement output buffer, then bail. if ( ! wp_should_output_buffer_template_for_enhancement() ) { return; } // The following two filters are added by default for block themes in _add_default_theme_supports(). /* * Load separate block styles so that the large block-library stylesheet is not enqueued unconditionally, and so * that block-specific styles will only be enqueued when they are used on the page. A priority of zero allows for * this to be easily overridden by themes which wish to opt out. If a site has explicitly opted out of loading * separate block styles, then abort. */ add_filter( 'should_load_separate_core_block_assets', '__return_true', 0 ); if ( ! wp_should_load_separate_core_block_assets() ) { return; } /* * Also ensure that block assets are loaded on demand (although the default value is from should_load_separate_core_block_assets). * As above, a priority of zero allows for this to be easily overridden by themes which wish to opt out. If a site * has explicitly opted out of loading block styles on demand, then abort. */ add_filter( 'should_load_block_assets_on_demand', '__return_true', 0 ); if ( ! wp_should_load_block_assets_on_demand() ) { return; } // Add hooks which require the presence of the output buffer. Ideally the above two filters could be added here, but they run too early. add_action( 'wp_template_enhancement_output_buffer_started', 'wp_hoist_late_printed_styles' ); } /** * Adds the hooks needed for CSS output to be delayed until after the content of the page has been established. * * @since 6.9.0 * * @see wp_load_classic_theme_block_styles_on_demand() * @see _wp_footer_scripts() */ function wp_hoist_late_printed_styles() { // Skip the embed template on-demand styles aren't relevant, and there is no wp_head action. if ( is_embed() ) { return; } // Capture the styles enqueued at the enqueue_block_assets action, so that non-core block styles and global styles can be inserted afterwards during hoisting. $style_handles_at_enqueue_block_assets = array(); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = wp_styles()->queue; }, PHP_INT_MIN ); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = array_values( array_diff( wp_styles()->queue, $style_handles_at_enqueue_block_assets ) ); }, PHP_INT_MAX ); /* * Add a placeholder comment into the inline styles for wp-block-library, after which the late block styles * can be hoisted from the footer to be printed in the header by means of a filter below on the template enhancement * output buffer. The `wp_print_styles` action is used to ensure that if the inline style gets replaced at * `enqueue_block_assets` or `wp_enqueue_scripts` that the placeholder will be sure to be present. */ $placeholder = sprintf( '/*%s*/', uniqid( 'wp_block_styles_on_demand_placeholder:' ) ); add_action( 'wp_print_styles', static function () use ( $placeholder ) { wp_add_inline_style( 'wp-block-library', $placeholder ); } ); /* * Create a substitute for `print_late_styles()` which is aware of block styles. This substitute does not print * the styles, but it captures what would be printed for block styles and non-block styles so that they can be * later hoisted to the HEAD in the template enhancement output buffer. This will run at `wp_print_footer_scripts` * before `print_footer_scripts()` is called. */ $printed_core_block_styles = ''; $printed_other_block_styles = ''; $printed_global_styles = ''; $printed_late_styles = ''; $capture_late_styles = static function () use ( &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Gather the styles related to on-demand block enqueues. $all_core_block_style_handles = array(); $all_other_block_style_handles = array(); foreach ( WP_Block_Type_Registry::get_instance()->get_all_registered() as $block_type ) { if ( str_starts_with( $block_type->name, 'core/' ) ) { foreach ( $block_type->style_handles as $style_handle ) { $all_core_block_style_handles[] = $style_handle; } } else { foreach ( $block_type->style_handles as $style_handle ) { $all_other_block_style_handles[] = $style_handle; } } } /* * First print all styles related to blocks which should be inserted right after the wp-block-library stylesheet * to preserve the CSS cascade. The logic in this `if` statement is derived from `wp_print_styles()`. */ $enqueued_core_block_styles = array_values( array_intersect( $all_core_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_core_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_core_block_styles ); $printed_core_block_styles = ob_get_clean(); } // Non-core block styles get printed after the classic-theme-styles stylesheet. $enqueued_other_block_styles = array_values( array_intersect( $all_other_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_other_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_other_block_styles ); $printed_other_block_styles = ob_get_clean(); } // Capture the global-styles so that it can be printed separately after classic-theme-styles and other styles enqueued at enqueue_block_assets. if ( wp_style_is( 'global-styles' ) ) { ob_start(); wp_styles()->do_items( array( 'global-styles' ) ); $printed_global_styles = ob_get_clean(); } /* * Print all remaining styles not related to blocks. This contains a subset of the logic from * `print_late_styles()`, without admin-specific logic and the `print_late_styles` filter to control whether * late styles are printed (since they are being hoisted anyway). */ ob_start(); wp_styles()->do_footer_items(); $printed_late_styles = ob_get_clean(); }; /* * If `_wp_footer_scripts()` was unhooked from the `wp_print_footer_scripts` action, or if `wp_print_footer_scripts()` * was unhooked from running at the `wp_footer` action, then only add a callback to `wp_footer` which will capture the * late-printed styles. * * Otherwise, in the normal case where `_wp_footer_scripts()` will run at the `wp_print_footer_scripts` action, then * swap out `_wp_footer_scripts()` with an alternative which captures the printed styles (for hoisting to HEAD) before * proceeding with printing the footer scripts. */ $wp_print_footer_scripts_priority = has_action( 'wp_print_footer_scripts', '_wp_footer_scripts' ); if ( false === $wp_print_footer_scripts_priority || false === has_action( 'wp_footer', 'wp_print_footer_scripts' ) ) { // The normal priority for wp_print_footer_scripts() is to run at 20. add_action( 'wp_footer', $capture_late_styles, 20 ); } else { remove_action( 'wp_print_footer_scripts', '_wp_footer_scripts', $wp_print_footer_scripts_priority ); add_action( 'wp_print_footer_scripts', static function () use ( $capture_late_styles ) { $capture_late_styles(); print_footer_scripts(); }, $wp_print_footer_scripts_priority ); } // Replace placeholder with the captured late styles. add_filter( 'wp_template_enhancement_output_buffer', static function ( $buffer ) use ( $placeholder, &$style_handles_at_enqueue_block_assets, &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Anonymous subclass of WP_HTML_Tag_Processor which exposes underlying bookmark spans. $processor = new class( $buffer ) extends WP_HTML_Tag_Processor { /** * Gets the span for the current token. * * @return WP_HTML_Span Current token span. */ private function get_span(): WP_HTML_Span { // Note: This call will never fail according to the usage of this class, given it is always called after ::next_tag() is true. $this->set_bookmark( 'here' ); return $this->bookmarks['here']; } /** * Inserts text before the current token. * * @param string $text Text to insert. */ public function insert_before( string $text ) { $this->lexical_updates[] = new WP_HTML_Text_Replacement( $this->get_span()->start, 0, $text ); } /** * Inserts text after the current token. * * @param string $text Text to insert. */ public function insert_after( string $text ) { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start + $span->length, 0, $text ); } /** * Removes the current token. */ public function remove() { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start, $span->length, '' ); } }; // Locate the insertion points in the HEAD. while ( $processor->next_tag( array( 'tag_closers' => 'visit' ) ) ) { if ( 'STYLE' === $processor->get_tag() && 'wp-block-library-inline-css' === $processor->get_attribute( 'id' ) ) { $processor->set_bookmark( 'wp_block_library' ); } elseif ( 'HEAD' === $processor->get_tag() && $processor->is_tag_closer() ) { $processor->set_bookmark( 'head_end' ); break; } elseif ( ( 'STYLE' === $processor->get_tag() || 'LINK' === $processor->get_tag() ) && $processor->get_attribute( 'id' ) ) { $id = $processor->get_attribute( 'id' ); $handle = null; if ( 'STYLE' === $processor->get_tag() ) { if ( preg_match( '/^(.+)-inline-css$/', $id, $matches ) ) { $handle = $matches[1]; } } elseif ( preg_match( '/^(.+)-css$/', $id, $matches ) ) { $handle = $matches[1]; } if ( 'classic-theme-styles' === $handle ) { $processor->set_bookmark( 'classic_theme_styles' ); } if ( $handle && in_array( $handle, $style_handles_at_enqueue_block_assets, true ) ) { if ( ! $processor->has_bookmark( 'first_style_at_enqueue_block_assets' ) ) { $processor->set_bookmark( 'first_style_at_enqueue_block_assets' ); } $processor->set_bookmark( 'last_style_at_enqueue_block_assets' ); } } } /* * Insert block styles right after wp-block-library (if it is present). The placeholder CSS comment will * always be added to the wp-block-library inline style since it gets printed at `wp_head` before the blocks * are rendered. This means that there may not actually be any block styles to hoist from the footer to * insert after this inline style. The placeholder CSS comment needs to be added so that the inline style * gets printed, but if the resulting inline style is empty after the placeholder is removed, then the * inline style is removed. */ if ( $processor->has_bookmark( 'wp_block_library' ) ) { $processor->seek( 'wp_block_library' ); $css_text = $processor->get_modifiable_text(); /* * A placeholder CSS comment is added to the inline style in order to force an inline STYLE tag to * be printed. Now that we've located the inline style, the placeholder comment can be removed. If * there is no CSS left in the STYLE tag after removing the placeholder (aside from the sourceURL * comment), then remove the STYLE entirely. */ $css_text = str_replace( $placeholder, '', $css_text ); if ( preg_match( ':^/\*# sourceURL=\S+? \*/$:', trim( $css_text ) ) ) { $processor->remove(); } else { $processor->set_modifiable_text( $css_text ); } $inserted_after = $printed_core_block_styles; $printed_core_block_styles = ''; // If the classic-theme-styles is absent, then the third-party block styles cannot be inserted after it, so they get inserted here. if ( ! $processor->has_bookmark( 'classic_theme_styles' ) ) { if ( '' !== $printed_other_block_styles ) { $inserted_after .= $printed_other_block_styles; } $printed_other_block_styles = ''; // If there aren't any other styles printed at enqueue_block_assets either, then the global styles need to also be printed here. if ( ! $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { if ( '' !== $printed_global_styles ) { $inserted_after .= $printed_global_styles; } $printed_global_styles = ''; } } if ( '' !== $inserted_after ) { $processor->insert_after( "\n" . $inserted_after ); } } // Insert global-styles after the styles enqueued at enqueue_block_assets. if ( '' !== $printed_global_styles && $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { $processor->seek( 'last_style_at_enqueue_block_assets' ); $processor->insert_after( "\n" . $printed_global_styles ); $printed_global_styles = ''; if ( ! $processor->has_bookmark( 'classic_theme_styles' ) && '' !== $printed_other_block_styles ) { $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } } // Insert third-party block styles right after the classic-theme-styles. if ( '' !== $printed_other_block_styles && $processor->has_bookmark( 'classic_theme_styles' ) ) { $processor->seek( 'classic_theme_styles' ); $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } // Print all remaining styles. $remaining_styles = $printed_core_block_styles . $printed_other_block_styles . $printed_global_styles . $printed_late_styles; if ( $remaining_styles && $processor->has_bookmark( 'head_end' ) ) { $processor->seek( 'head_end' ); $processor->insert_before( $remaining_styles . "\n" ); } return $processor->get_updated_html(); } ); } /** * Return the corresponding JavaScript `dataset` name for an attribute * if it represents a custom data attribute, or `null` if not. * * Custom data attributes appear in an element's `dataset` property in a * browser, but there's a specific way the names are translated from HTML * into JavaScript. This function indicates how the name would appear in * JavaScript if a browser would recognize it as a custom data attribute. * * Example: * * // Dash-letter pairs turn into capital letters. * 'postId' === wp_js_dataset_name( 'data-post-id' ); * 'Before' === wp_js_dataset_name( 'data--before' ); * '-One--Two---' === wp_js_dataset_name( 'data---one---two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_js_dataset_name( 'post-id' ); * null === wp_js_dataset_name( 'data' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * '' === wp_js_dataset_name( 'data-' ); * 0 === strlen( wp_js_dataset_name( 'data-' ) ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_html_custom_data_attribute_name() * * @param string $html_attribute_name Raw attribute name as found in the source HTML. * @return string|null Transformed `dataset` name, if interpretable as a custom data attribute, else `null`. */ function wp_js_dataset_name( string $html_attribute_name ): ?string { if ( 0 !== substr_compare( $html_attribute_name, 'data-', 0, 5, true ) ) { return null; } $end = strlen( $html_attribute_name ); /* * If it contains characters which would end the attribute name parsing then * something else is wrong and this contains more than just an attribute name. */ if ( ( $end - 5 ) !== strcspn( $html_attribute_name, "=/> \t\f\r\n", 5 ) ) { return null; } /** * > For each name in list, for each U+002D HYPHEN-MINUS character (-) * > in the name that is followed by an ASCII lower alpha, remove the * > U+002D HYPHEN-MINUS character (-) and replace the character that * > followed it by the same character converted to ASCII uppercase. * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs */ $custom_name = ''; $at = 5; $was_at = $at; while ( $at < $end ) { $next_dash_at = strpos( $html_attribute_name, '-', $at ); if ( false === $next_dash_at || $next_dash_at === $end - 1 ) { break; } // Transform `-a` to `A`, for example. $c = $html_attribute_name[ $next_dash_at + 1 ]; if ( ( $c >= 'A' && $c <= 'Z' ) || ( $c >= 'a' && $c <= 'z' ) ) { $prefix = substr( $html_attribute_name, $was_at, $next_dash_at - $was_at ); $custom_name .= strtolower( $prefix ); $custom_name .= strtoupper( $c ); $at = $next_dash_at + 2; $was_at = $at; continue; } $at = $next_dash_at + 1; } // If nothing has been added it means there are no dash-letter pairs; return the name as-is. return '' === $custom_name ? strtolower( substr( $html_attribute_name, 5 ) ) : ( $custom_name . strtolower( substr( $html_attribute_name, $was_at ) ) ); } /** * Returns a corresponding HTML attribute name for the given name, * if that name were found in a JS element’s `dataset` property. * * Example: * * 'data-post-id' === wp_html_custom_data_attribute_name( 'postId' ); * 'data--before' === wp_html_custom_data_attribute_name( 'Before' ); * 'data---one---two---' === wp_html_custom_data_attribute_name( '-One--Two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_html_custom_data_attribute_name( '/not-an-attribute/' ); * null === wp_html_custom_data_attribute_name( 'no spaces' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * 'data-' === wp_html_custom_data_attribute_name( '' ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_js_dataset_name() * * @param string $js_dataset_name Name of JS `dataset` property to transform. * @return string|null Corresponding name of an HTML custom data attribute for the given dataset name, * if possible to represent in HTML, otherwise `null`. */ function wp_html_custom_data_attribute_name( string $js_dataset_name ): ?string { $end = strlen( $js_dataset_name ); if ( 0 === $end ) { return 'data-'; } /* * If it contains characters which would end the attribute name parsing then * something it’s not possible to represent this in HTML. */ if ( strcspn( $js_dataset_name, "=/> \t\f\r\n" ) !== $end ) { return null; } $html_name = 'data-'; $at = 0; $was_at = $at; while ( $at < $end ) { $next_upper_after = strcspn( $js_dataset_name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', $at ); $next_upper_at = $at + $next_upper_after; if ( $next_upper_at >= $end ) { break; } $prefix = substr( $js_dataset_name, $was_at, $next_upper_at - $was_at ); $html_name .= strtolower( $prefix ); $html_name .= '-' . strtolower( $js_dataset_name[ $next_upper_at ] ); $at = $next_upper_at + 1; $was_at = $at; } if ( $was_at < $end ) { $html_name .= strtolower( substr( $js_dataset_name, $was_at ) ); } return $html_name; } HTTP/https-detection-20260605034026-20260605204727.php 0000666 00000013341 15226703613 0014136 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605091018-20260607002704.php 0000666 00000013341 15226703613 0014133 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605195118-20260610201810.php 0000666 00000013341 15226703613 0014132 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606072111-20260608162711.php 0000666 00000013341 15226703613 0014133 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/widgets-20260605074801.php 0000666 00000212731 15226703613 0011107 0 ustar 00 <?php /** * Core Widgets API * * This API is used for creating dynamic sidebar without hardcoding functionality into * themes. * * Includes both internal WordPress routines and theme-use routines. * * This functionality was found in a plugin before the WordPress 2.2 release, which * included it in the core from that point on. * * @link https://wordpress.org/documentation/article/manage-wordpress-widgets/ * @link https://developer.wordpress.org/themes/functionality/widgets/ * * @package WordPress * @subpackage Widgets * @since 2.2.0 */ // // Global Variables. // /** @ignore */ global $wp_registered_sidebars, $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates; /** * Stores the sidebars, since many themes can have more than one. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. */ $wp_registered_sidebars = array(); /** * Stores the registered widgets. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. */ $wp_registered_widgets = array(); /** * Stores the registered widget controls (options). * * @since 2.2.0 * * @global array $wp_registered_widget_controls The registered widget controls. */ $wp_registered_widget_controls = array(); /** * Stores the registered widget updates. * * @since 2.8.0 * * @global array $wp_registered_widget_updates The registered widget updates. */ $wp_registered_widget_updates = array(); /** * Private * * @global array $_wp_sidebars_widgets */ $_wp_sidebars_widgets = array(); /** * Private * * @global array $_wp_deprecated_widgets_callbacks */ $GLOBALS['_wp_deprecated_widgets_callbacks'] = array( 'wp_widget_pages', 'wp_widget_pages_control', 'wp_widget_calendar', 'wp_widget_calendar_control', 'wp_widget_archives', 'wp_widget_archives_control', 'wp_widget_links', 'wp_widget_meta', 'wp_widget_meta_control', 'wp_widget_search', 'wp_widget_recent_entries', 'wp_widget_recent_entries_control', 'wp_widget_tag_cloud', 'wp_widget_tag_cloud_control', 'wp_widget_categories', 'wp_widget_categories_control', 'wp_widget_text', 'wp_widget_text_control', 'wp_widget_rss', 'wp_widget_rss_control', 'wp_widget_recent_comments', 'wp_widget_recent_comments_control', ); // // Template tags & API functions. // /** * Registers a widget. * * Registers a WP_Widget widget * * @since 2.8.0 * @since 4.6.0 Updated the `$widget` parameter to also accept a WP_Widget instance object * instead of simply a `WP_Widget` subclass name. * * @see WP_Widget * * @global WP_Widget_Factory $wp_widget_factory * * @param string|WP_Widget $widget Either the name of a `WP_Widget` subclass or an instance of a `WP_Widget` subclass. */ function register_widget( $widget ) { global $wp_widget_factory; $wp_widget_factory->register( $widget ); } /** * Unregisters a widget. * * Unregisters a WP_Widget widget. Useful for un-registering default widgets. * Run within a function hooked to the {@see 'widgets_init'} action. * * @since 2.8.0 * @since 4.6.0 Updated the `$widget` parameter to also accept a WP_Widget instance object * instead of simply a `WP_Widget` subclass name. * * @see WP_Widget * * @global WP_Widget_Factory $wp_widget_factory * * @param string|WP_Widget $widget Either the name of a `WP_Widget` subclass or an instance of a `WP_Widget` subclass. */ function unregister_widget( $widget ) { global $wp_widget_factory; $wp_widget_factory->unregister( $widget ); } /** * Creates multiple sidebars. * * If you wanted to quickly create multiple sidebars for a theme or internally. * This function will allow you to do so. If you don't pass the 'name' and/or * 'id' in `$args`, then they will be built for you. * * @since 2.2.0 * * @see register_sidebar() The second parameter is documented by register_sidebar() and is the same here. * * @global array $wp_registered_sidebars The new sidebars are stored in this array by sidebar ID. * * @param int $number Optional. Number of sidebars to create. Default 1. * @param array|string $args { * Optional. Array or string of arguments for building a sidebar. * * @type string $id The base string of the unique identifier for each sidebar. If provided, and multiple * sidebars are being defined, the ID will have "-2" appended, and so on. * Default 'sidebar-' followed by the number the sidebar creation is currently at. * @type string $name The name or title for the sidebars displayed in the admin dashboard. If registering * more than one sidebar, include '%d' in the string as a placeholder for the uniquely * assigned number for each sidebar. * Default 'Sidebar' for the first sidebar, otherwise 'Sidebar %d'. * } */ function register_sidebars( $number = 1, $args = array() ) { global $wp_registered_sidebars; $number = (int) $number; if ( is_string( $args ) ) { parse_str( $args, $args ); } for ( $i = 1; $i <= $number; $i++ ) { $_args = $args; if ( $number > 1 ) { if ( isset( $args['name'] ) ) { $_args['name'] = sprintf( $args['name'], $i ); } else { /* translators: %d: Sidebar number. */ $_args['name'] = sprintf( __( 'Sidebar %d' ), $i ); } } else { $_args['name'] = isset( $args['name'] ) ? $args['name'] : __( 'Sidebar' ); } /* * Custom specified ID's are suffixed if they exist already. * Automatically generated sidebar names need to be suffixed regardless starting at -0. */ if ( isset( $args['id'] ) ) { $_args['id'] = $args['id']; $n = 2; // Start at -2 for conflicting custom IDs. while ( is_registered_sidebar( $_args['id'] ) ) { $_args['id'] = $args['id'] . '-' . $n++; } } else { $n = count( $wp_registered_sidebars ); do { $_args['id'] = 'sidebar-' . ++$n; } while ( is_registered_sidebar( $_args['id'] ) ); } register_sidebar( $_args ); } } /** * Builds the definition for a single sidebar and returns the ID. * * Accepts either a string or an array and then parses that against a set * of default arguments for the new sidebar. WordPress will automatically * generate a sidebar ID and name based on the current number of registered * sidebars if those arguments are not included. * * When allowing for automatic generation of the name and ID parameters, keep * in mind that the incrementor for your sidebar can change over time depending * on what other plugins and themes are installed. * * If theme support for 'widgets' has not yet been added when this function is * called, it will be automatically enabled through the use of add_theme_support(). * * @since 2.2.0 * @since 5.6.0 Added the `before_sidebar` and `after_sidebar` arguments. * @since 5.9.0 Added the `show_in_rest` argument. * * @global array $wp_registered_sidebars The registered sidebars. * * @param array|string $args { * Optional. Array or string of arguments for the sidebar being registered. * * @type string $name The name or title of the sidebar displayed in the Widgets * interface. Default 'Sidebar $instance'. * @type string $id The unique identifier by which the sidebar will be called. * Default 'sidebar-$instance'. * @type string $description Description of the sidebar, displayed in the Widgets interface. * Default empty string. * @type string $class Extra CSS class to assign to the sidebar in the Widgets interface. * Default empty. * @type string $before_widget HTML content to prepend to each widget's HTML output when assigned * to this sidebar. Receives the widget's ID attribute as `%1$s` * and class name as `%2$s`. Default is an opening list item element. * @type string $after_widget HTML content to append to each widget's HTML output when assigned * to this sidebar. Default is a closing list item element. * @type string $before_title HTML content to prepend to the sidebar title when displayed. * Default is an opening h2 element. * @type string $after_title HTML content to append to the sidebar title when displayed. * Default is a closing h2 element. * @type string $before_sidebar HTML content to prepend to the sidebar when displayed. * Receives the `$id` argument as `%1$s` and `$class` as `%2$s`. * Outputs after the {@see 'dynamic_sidebar_before'} action. * Default empty string. * @type string $after_sidebar HTML content to append to the sidebar when displayed. * Outputs before the {@see 'dynamic_sidebar_after'} action. * Default empty string. * @type bool $show_in_rest Whether to show this sidebar publicly in the REST API. * Defaults to only showing the sidebar to administrator users. * } * @return string Sidebar ID added to $wp_registered_sidebars global. */ function register_sidebar( $args = array() ) { global $wp_registered_sidebars; $i = count( $wp_registered_sidebars ) + 1; $id_is_empty = empty( $args['id'] ); $defaults = array( /* translators: %d: Sidebar number. */ 'name' => sprintf( __( 'Sidebar %d' ), $i ), 'id' => "sidebar-$i", 'description' => '', 'class' => '', 'before_widget' => '<li id="%1$s" class="widget %2$s">', 'after_widget' => "</li>\n", 'before_title' => '<h2 class="widgettitle">', 'after_title' => "</h2>\n", 'before_sidebar' => '', 'after_sidebar' => '', 'show_in_rest' => false, ); /** * Filters the sidebar default arguments. * * @since 5.3.0 * * @see register_sidebar() * * @param array $defaults The default sidebar arguments. */ $sidebar = wp_parse_args( $args, apply_filters( 'register_sidebar_defaults', $defaults ) ); if ( $id_is_empty ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: The 'id' argument, 2: Sidebar name, 3: Recommended 'id' value. */ __( 'No %1$s was set in the arguments array for the "%2$s" sidebar. Defaulting to "%3$s". Manually set the %1$s to "%3$s" to silence this notice and keep existing sidebar content.' ), '<code>id</code>', $sidebar['name'], $sidebar['id'] ), '4.2.0' ); } $wp_registered_sidebars[ $sidebar['id'] ] = $sidebar; add_theme_support( 'widgets' ); /** * Fires once a sidebar has been registered. * * @since 3.0.0 * * @param array $sidebar Parsed arguments for the registered sidebar. */ do_action( 'register_sidebar', $sidebar ); return $sidebar['id']; } /** * Removes a sidebar from the list. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string|int $sidebar_id The ID of the sidebar when it was registered. */ function unregister_sidebar( $sidebar_id ) { global $wp_registered_sidebars; unset( $wp_registered_sidebars[ $sidebar_id ] ); } /** * Checks if a sidebar is registered. * * @since 4.4.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string|int $sidebar_id The ID of the sidebar when it was registered. * @return bool True if the sidebar is registered, false otherwise. */ function is_registered_sidebar( $sidebar_id ) { global $wp_registered_sidebars; return isset( $wp_registered_sidebars[ $sidebar_id ] ); } /** * Registers an instance of a widget. * * The default widget option is 'classname' that can be overridden. * * The function can also be used to un-register widgets when `$output_callback` * parameter is an empty string. * * @since 2.2.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * @since 5.8.0 Added show_instance_in_rest option. * * @global array $wp_registered_widgets Uses stored registered widgets. * @global array $wp_registered_widget_controls Stores the registered widget controls (options). * @global array $wp_registered_widget_updates The registered widget updates. * @global array $_wp_deprecated_widgets_callbacks * * @param int|string $id Widget ID. * @param string $name Widget display title. * @param callable $output_callback Run when widget is called. * @param array $options { * Optional. An array of supplementary widget options for the instance. * * @type string $classname Class name for the widget's HTML container. Default is a shortened * version of the output callback name. * @type string $description Widget description for display in the widget administration * panel and/or theme. * @type bool $show_instance_in_rest Whether to show the widget's instance settings in the REST API. * Only available for WP_Widget based widgets. * } * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function wp_register_sidebar_widget( $id, $name, $output_callback, $options = array(), ...$params ) { global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates, $_wp_deprecated_widgets_callbacks; $id = strtolower( $id ); if ( empty( $output_callback ) ) { unset( $wp_registered_widgets[ $id ] ); return; } $id_base = _get_widget_id_base( $id ); if ( in_array( $output_callback, $_wp_deprecated_widgets_callbacks, true ) && ! is_callable( $output_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); unset( $wp_registered_widget_updates[ $id_base ] ); return; } $defaults = array( 'classname' => $output_callback ); $options = wp_parse_args( $options, $defaults ); $widget = array( 'name' => $name, 'id' => $id, 'callback' => $output_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); if ( is_callable( $output_callback ) && ( ! isset( $wp_registered_widgets[ $id ] ) || did_action( 'widgets_init' ) ) ) { /** * Fires once for each registered widget. * * @since 3.0.0 * * @param array $widget An array of default widget arguments. */ do_action( 'wp_register_sidebar_widget', $widget ); $wp_registered_widgets[ $id ] = $widget; } } /** * Retrieves description for widget. * * When registering widgets, the options can also include 'description' that * describes the widget for display on the widget administration panel or * in the theme. * * @since 2.5.0 * * @global array $wp_registered_widgets The registered widgets. * * @param int|string $id Widget ID. * @return string|void Widget description, if available. */ function wp_widget_description( $id ) { if ( ! is_scalar( $id ) ) { return; } global $wp_registered_widgets; if ( isset( $wp_registered_widgets[ $id ]['description'] ) ) { return esc_html( $wp_registered_widgets[ $id ]['description'] ); } } /** * Retrieves description for a sidebar. * * When registering sidebars a 'description' parameter can be included that * describes the sidebar for display on the widget administration panel. * * @since 2.9.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string $id sidebar ID. * @return string|void Sidebar description, if available. */ function wp_sidebar_description( $id ) { if ( ! is_scalar( $id ) ) { return; } global $wp_registered_sidebars; if ( isset( $wp_registered_sidebars[ $id ]['description'] ) ) { return wp_kses( $wp_registered_sidebars[ $id ]['description'], 'sidebar_description' ); } } /** * Remove widget from sidebar. * * @since 2.2.0 * * @param int|string $id Widget ID. */ function wp_unregister_sidebar_widget( $id ) { /** * Fires just before a widget is removed from a sidebar. * * @since 3.0.0 * * @param int|string $id The widget ID. */ do_action( 'wp_unregister_sidebar_widget', $id ); wp_register_sidebar_widget( $id, '', '' ); wp_unregister_widget_control( $id ); } /** * Registers widget control callback for customizing options. * * @since 2.2.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_controls The registered widget controls. * @global array $wp_registered_widget_updates The registered widget updates. * @global array $wp_registered_widgets The registered widgets. * @global array $_wp_deprecated_widgets_callbacks * * @param int|string $id Sidebar ID. * @param string $name Sidebar display name. * @param callable $control_callback Run when sidebar is displayed. * @param array $options { * Optional. Array or string of control options. Default empty array. * * @type int $height Never used. Default 200. * @type int $width Width of the fully expanded control form (but try hard to use the default width). * Default 250. * @type int|string $id_base Required for multi-widgets, i.e widgets that allow multiple instances such as the * text widget. The widget ID will end up looking like `{$id_base}-{$unique_number}`. * } * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function wp_register_widget_control( $id, $name, $control_callback, $options = array(), ...$params ) { global $wp_registered_widget_controls, $wp_registered_widget_updates, $wp_registered_widgets, $_wp_deprecated_widgets_callbacks; $id = strtolower( $id ); $id_base = _get_widget_id_base( $id ); if ( empty( $control_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); unset( $wp_registered_widget_updates[ $id_base ] ); return; } if ( in_array( $control_callback, $_wp_deprecated_widgets_callbacks, true ) && ! is_callable( $control_callback ) ) { unset( $wp_registered_widgets[ $id ] ); return; } if ( isset( $wp_registered_widget_controls[ $id ] ) && ! did_action( 'widgets_init' ) ) { return; } $defaults = array( 'width' => 250, 'height' => 200, ); // Height is never used. $options = wp_parse_args( $options, $defaults ); $options['width'] = (int) $options['width']; $options['height'] = (int) $options['height']; $widget = array( 'name' => $name, 'id' => $id, 'callback' => $control_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_controls[ $id ] = $widget; if ( isset( $wp_registered_widget_updates[ $id_base ] ) ) { return; } if ( isset( $widget['params'][0]['number'] ) ) { $widget['params'][0]['number'] = -1; } unset( $widget['width'], $widget['height'], $widget['name'], $widget['id'] ); $wp_registered_widget_updates[ $id_base ] = $widget; } /** * Registers the update callback for a widget. * * @since 2.8.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_updates The registered widget updates. * * @param string $id_base The base ID of a widget created by extending WP_Widget. * @param callable $update_callback Update callback method for the widget. * @param array $options Optional. Widget control options. See wp_register_widget_control(). * Default empty array. * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function _register_widget_update_callback( $id_base, $update_callback, $options = array(), ...$params ) { global $wp_registered_widget_updates; if ( isset( $wp_registered_widget_updates[ $id_base ] ) ) { if ( empty( $update_callback ) ) { unset( $wp_registered_widget_updates[ $id_base ] ); } return; } $widget = array( 'callback' => $update_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_updates[ $id_base ] = $widget; } /** * Registers the form callback for a widget. * * @since 2.8.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_controls The registered widget controls. * * @param int|string $id Widget ID. * @param string $name Name attribute for the widget. * @param callable $form_callback Form callback. * @param array $options Optional. Widget control options. See wp_register_widget_control(). * Default empty array. * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function _register_widget_form_callback( $id, $name, $form_callback, $options = array(), ...$params ) { global $wp_registered_widget_controls; $id = strtolower( $id ); if ( empty( $form_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); return; } if ( isset( $wp_registered_widget_controls[ $id ] ) && ! did_action( 'widgets_init' ) ) { return; } $defaults = array( 'width' => 250, 'height' => 200, ); $options = wp_parse_args( $options, $defaults ); $options['width'] = (int) $options['width']; $options['height'] = (int) $options['height']; $widget = array( 'name' => $name, 'id' => $id, 'callback' => $form_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_controls[ $id ] = $widget; } /** * Removes control callback for widget. * * @since 2.2.0 * * @param int|string $id Widget ID. */ function wp_unregister_widget_control( $id ) { wp_register_widget_control( $id, '', '' ); } /** * Displays dynamic sidebar. * * By default this displays the default sidebar or 'sidebar-1'. If your theme specifies the 'id' or * 'name' parameter for its registered sidebars you can pass an ID or name as the $index parameter. * Otherwise, you can pass in a numerical index to display the sidebar at that index. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. * @global array $wp_registered_widgets The registered widgets. * * @param int|string $index Optional. Index, name or ID of dynamic sidebar. Default 1. * @return bool True, if widget sidebar was found and called. False if not found or not called. */ function dynamic_sidebar( $index = 1 ) { global $wp_registered_sidebars, $wp_registered_widgets; if ( is_int( $index ) ) { $index = "sidebar-$index"; } else { $index = sanitize_title( $index ); foreach ( (array) $wp_registered_sidebars as $key => $value ) { if ( sanitize_title( $value['name'] ) === $index ) { $index = $key; break; } } } $sidebars_widgets = wp_get_sidebars_widgets(); if ( empty( $wp_registered_sidebars[ $index ] ) || empty( $sidebars_widgets[ $index ] ) || ! is_array( $sidebars_widgets[ $index ] ) ) { /** This action is documented in wp-includes/widget.php */ do_action( 'dynamic_sidebar_before', $index, false ); /** This action is documented in wp-includes/widget.php */ do_action( 'dynamic_sidebar_after', $index, false ); /** This filter is documented in wp-includes/widget.php */ return apply_filters( 'dynamic_sidebar_has_widgets', false, $index ); } $sidebar = $wp_registered_sidebars[ $index ]; $sidebar['before_sidebar'] = sprintf( $sidebar['before_sidebar'], $sidebar['id'], $sidebar['class'] ); /** * Fires before widgets are rendered in a dynamic sidebar. * * Note: The action also fires for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. * @param bool $has_widgets Whether the sidebar is populated with widgets. * Default true. */ do_action( 'dynamic_sidebar_before', $index, true ); if ( ! is_admin() && ! empty( $sidebar['before_sidebar'] ) ) { echo $sidebar['before_sidebar']; } $did_one = false; foreach ( (array) $sidebars_widgets[ $index ] as $id ) { if ( ! isset( $wp_registered_widgets[ $id ] ) ) { continue; } $params = array_merge( array( array_merge( $sidebar, array( 'widget_id' => $id, 'widget_name' => $wp_registered_widgets[ $id ]['name'], ) ), ), (array) $wp_registered_widgets[ $id ]['params'] ); // Substitute HTML `id` and `class` attributes into `before_widget`. $classname_ = ''; foreach ( (array) $wp_registered_widgets[ $id ]['classname'] as $cn ) { if ( is_string( $cn ) ) { $classname_ .= '_' . $cn; } elseif ( is_object( $cn ) ) { $classname_ .= '_' . get_class( $cn ); } } $classname_ = ltrim( $classname_, '_' ); $params[0]['before_widget'] = sprintf( $params[0]['before_widget'], str_replace( '\\', '_', $id ), $classname_ ); /** * Filters the parameters passed to a widget's display callback. * * Note: The filter is evaluated on both the front end and back end, * including for the Inactive Widgets sidebar on the Widgets screen. * * @since 2.5.0 * * @see register_sidebar() * * @param array $params { * @type array $args { * An array of widget display arguments. * * @type string $name Name of the sidebar the widget is assigned to. * @type string $id ID of the sidebar the widget is assigned to. * @type string $description The sidebar description. * @type string $class CSS class applied to the sidebar container. * @type string $before_widget HTML markup to prepend to each widget in the sidebar. * @type string $after_widget HTML markup to append to each widget in the sidebar. * @type string $before_title HTML markup to prepend to the widget title when displayed. * @type string $after_title HTML markup to append to the widget title when displayed. * @type string $widget_id ID of the widget. * @type string $widget_name Name of the widget. * } * @type array $widget_args { * An array of multi-widget arguments. * * @type int $number Number increment used for multiples of the same widget. * } * } */ $params = apply_filters( 'dynamic_sidebar_params', $params ); $callback = $wp_registered_widgets[ $id ]['callback']; /** * Fires before a widget's display callback is called. * * Note: The action fires on both the front end and back end, including * for widgets in the Inactive Widgets sidebar on the Widgets screen. * * The action is not fired for empty sidebars. * * @since 3.0.0 * * @param array $widget { * An associative array of widget arguments. * * @type string $name Name of the widget. * @type string $id Widget ID. * @type callable $callback When the hook is fired on the front end, `$callback` is an array * containing the widget object. Fired on the back end, `$callback` * is 'wp_widget_control', see `$_callback`. * @type array $params An associative array of multi-widget arguments. * @type string $classname CSS class applied to the widget container. * @type string $description The widget description. * @type array $_callback When the hook is fired on the back end, `$_callback` is populated * with an array containing the widget object, see `$callback`. * } */ do_action( 'dynamic_sidebar', $wp_registered_widgets[ $id ] ); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); $did_one = true; } } if ( ! is_admin() && ! empty( $sidebar['after_sidebar'] ) ) { echo $sidebar['after_sidebar']; } /** * Fires after widgets are rendered in a dynamic sidebar. * * Note: The action also fires for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. * @param bool $has_widgets Whether the sidebar is populated with widgets. * Default true. */ do_action( 'dynamic_sidebar_after', $index, true ); /** * Filters whether a sidebar has widgets. * * Note: The filter is also evaluated for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param bool $did_one Whether at least one widget was rendered in the sidebar. * Default false. * @param int|string $index Index, name, or ID of the dynamic sidebar. */ return apply_filters( 'dynamic_sidebar_has_widgets', $did_one, $index ); } /** * Determines whether a given widget is displayed on the front end. * * Either $callback or $id_base can be used. * $id_base is the first argument when extending WP_Widget class. * Without the optional $widget_id parameter, returns the ID of the first sidebar * in which the first instance of the widget with the given callback or $id_base is found. * With the $widget_id parameter, returns the ID of the sidebar where * the widget with that callback/$id_base AND that ID is found. * * NOTE: $widget_id and $id_base are the same for single widgets. To be effective * this function has to run after widgets have initialized, at action {@see 'init'} or later. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. * * @param callable|false $callback Optional. Widget callback to check. Default false. * @param string|false $widget_id Optional. Widget ID. Optional, but needed for checking. * Default false. * @param string|false $id_base Optional. The base ID of a widget created by extending WP_Widget. * Default false. * @param bool $skip_inactive Optional. Whether to check in 'wp_inactive_widgets'. * Default true. * @return string|false ID of the sidebar in which the widget is active, * false if the widget is not active. */ function is_active_widget( $callback = false, $widget_id = false, $id_base = false, $skip_inactive = true ) { global $wp_registered_widgets; $sidebars_widgets = wp_get_sidebars_widgets(); if ( is_array( $sidebars_widgets ) ) { foreach ( $sidebars_widgets as $sidebar => $widgets ) { if ( $skip_inactive && ( 'wp_inactive_widgets' === $sidebar || str_starts_with( $sidebar, 'orphaned_widgets' ) ) ) { continue; } if ( is_array( $widgets ) ) { foreach ( $widgets as $widget ) { if ( ( $callback && isset( $wp_registered_widgets[ $widget ]['callback'] ) && $wp_registered_widgets[ $widget ]['callback'] === $callback ) || ( $id_base && _get_widget_id_base( $widget ) === $id_base ) ) { if ( ! $widget_id || $widget_id === $wp_registered_widgets[ $widget ]['id'] ) { return $sidebar; } } } } } } return false; } /** * Determines whether the dynamic sidebar is enabled and used by the theme. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. * @global array $wp_registered_sidebars The registered sidebars. * * @return bool True if using widgets, false otherwise. */ function is_dynamic_sidebar() { global $wp_registered_widgets, $wp_registered_sidebars; $sidebars_widgets = get_option( 'sidebars_widgets' ); foreach ( (array) $wp_registered_sidebars as $index => $sidebar ) { if ( ! empty( $sidebars_widgets[ $index ] ) ) { foreach ( (array) $sidebars_widgets[ $index ] as $widget ) { if ( array_key_exists( $widget, $wp_registered_widgets ) ) { return true; } } } } return false; } /** * Determines whether a sidebar contains widgets. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.8.0 * * @param string|int $index Sidebar name, id or number to check. * @return bool True if the sidebar has widgets, false otherwise. */ function is_active_sidebar( $index ) { $index = ( is_int( $index ) ) ? "sidebar-$index" : sanitize_title( $index ); $sidebars_widgets = wp_get_sidebars_widgets(); $is_active_sidebar = ! empty( $sidebars_widgets[ $index ] ); /** * Filters whether a dynamic sidebar is considered "active". * * @since 3.9.0 * * @param bool $is_active_sidebar Whether or not the sidebar should be considered "active". * In other words, whether the sidebar contains any widgets. * @param int|string $index Index, name, or ID of the dynamic sidebar. */ return apply_filters( 'is_active_sidebar', $is_active_sidebar, $index ); } // // Internal Functions. // /** * Retrieves the full list of sidebars and their widget instance IDs. * * Will upgrade sidebar widget list, if needed. Will also save updated list, if * needed. * * @since 2.2.0 * @access private * * @global array $_wp_sidebars_widgets * @global array $sidebars_widgets * * @param bool $deprecated Not used (argument deprecated). * @return array Upgraded list of widgets to version 3 array format when called from the admin. */ function wp_get_sidebars_widgets( $deprecated = true ) { if ( true !== $deprecated ) { _deprecated_argument( __FUNCTION__, '2.8.1' ); } global $_wp_sidebars_widgets, $sidebars_widgets; /* * If loading from front page, consult $_wp_sidebars_widgets rather than options * to see if wp_convert_widget_settings() has made manipulations in memory. */ if ( ! is_admin() ) { if ( empty( $_wp_sidebars_widgets ) ) { $_wp_sidebars_widgets = get_option( 'sidebars_widgets', array() ); } $sidebars_widgets = $_wp_sidebars_widgets; } else { $sidebars_widgets = get_option( 'sidebars_widgets', array() ); } if ( is_array( $sidebars_widgets ) && isset( $sidebars_widgets['array_version'] ) ) { unset( $sidebars_widgets['array_version'] ); } /** * Filters the list of sidebars and their widgets. * * @since 2.7.0 * * @param array $sidebars_widgets An associative array of sidebars and their widgets. */ return apply_filters( 'sidebars_widgets', $sidebars_widgets ); } /** * Retrieves the registered sidebar with the given ID. * * @since 5.9.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string $id The sidebar ID. * @return array|null The discovered sidebar, or null if it is not registered. */ function wp_get_sidebar( $id ) { global $wp_registered_sidebars; foreach ( (array) $wp_registered_sidebars as $sidebar ) { if ( $sidebar['id'] === $id ) { return $sidebar; } } if ( 'wp_inactive_widgets' === $id ) { return array( 'id' => 'wp_inactive_widgets', 'name' => __( 'Inactive widgets' ), ); } return null; } /** * Sets the sidebar widget option to update sidebars. * * @since 2.2.0 * @access private * * @global array $_wp_sidebars_widgets * @param array $sidebars_widgets Sidebar widgets and their settings. */ function wp_set_sidebars_widgets( $sidebars_widgets ) { global $_wp_sidebars_widgets; // Clear cached value used in wp_get_sidebars_widgets(). $_wp_sidebars_widgets = null; if ( ! isset( $sidebars_widgets['array_version'] ) ) { $sidebars_widgets['array_version'] = 3; } update_option( 'sidebars_widgets', $sidebars_widgets ); } /** * Retrieves default registered sidebars list. * * @since 2.2.0 * @access private * * @global array $wp_registered_sidebars The registered sidebars. * * @return array */ function wp_get_widget_defaults() { global $wp_registered_sidebars; $defaults = array(); foreach ( (array) $wp_registered_sidebars as $index => $sidebar ) { $defaults[ $index ] = array(); } return $defaults; } /** * Converts the widget settings from single to multi-widget format. * * @since 2.8.0 * * @global array $_wp_sidebars_widgets * * @param string $base_name Root ID for all widgets of this type. * @param string $option_name Option name for this widget type. * @param array $settings The array of widget instance settings. * @return array The array of widget settings converted to multi-widget format. */ function wp_convert_widget_settings( $base_name, $option_name, $settings ) { // This test may need expanding. $single = false; $changed = false; if ( empty( $settings ) ) { $single = true; } else { foreach ( array_keys( $settings ) as $number ) { if ( 'number' === $number ) { continue; } if ( ! is_numeric( $number ) ) { $single = true; break; } } } if ( $single ) { $settings = array( 2 => $settings ); // If loading from the front page, update sidebar in memory but don't save to options. if ( is_admin() ) { $sidebars_widgets = get_option( 'sidebars_widgets' ); } else { if ( empty( $GLOBALS['_wp_sidebars_widgets'] ) ) { $GLOBALS['_wp_sidebars_widgets'] = get_option( 'sidebars_widgets', array() ); } $sidebars_widgets = &$GLOBALS['_wp_sidebars_widgets']; } foreach ( (array) $sidebars_widgets as $index => $sidebar ) { if ( is_array( $sidebar ) ) { foreach ( $sidebar as $i => $name ) { if ( $base_name === $name ) { $sidebars_widgets[ $index ][ $i ] = "$name-2"; $changed = true; break 2; } } } } if ( is_admin() && $changed ) { update_option( 'sidebars_widgets', $sidebars_widgets ); } } $settings['_multiwidget'] = 1; if ( is_admin() ) { update_option( $option_name, $settings ); } return $settings; } /** * Outputs an arbitrary widget as a template tag. * * @since 2.8.0 * * @global WP_Widget_Factory $wp_widget_factory * * @param string $widget The widget's PHP class name (see class-wp-widget.php). * @param array $instance Optional. The widget's instance settings. Default empty array. * @param array $args { * Optional. Array of arguments to configure the display of the widget. * * @type string $before_widget HTML content that will be prepended to the widget's HTML output. * Default `<div class="widget %s">`, where `%s` is the widget's class name. * @type string $after_widget HTML content that will be appended to the widget's HTML output. * Default `</div>`. * @type string $before_title HTML content that will be prepended to the widget's title when displayed. * Default `<h2 class="widgettitle">`. * @type string $after_title HTML content that will be appended to the widget's title when displayed. * Default `</h2>`. * } */ function the_widget( $widget, $instance = array(), $args = array() ) { global $wp_widget_factory; if ( ! isset( $wp_widget_factory->widgets[ $widget ] ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: register_widget() */ __( 'Widgets need to be registered using %s, before they can be displayed.' ), '<code>register_widget()</code>' ), '4.9.0' ); return; } $widget_obj = $wp_widget_factory->widgets[ $widget ]; if ( ! ( $widget_obj instanceof WP_Widget ) ) { return; } $default_args = array( 'before_widget' => '<div class="widget %s">', 'after_widget' => '</div>', 'before_title' => '<h2 class="widgettitle">', 'after_title' => '</h2>', ); $args = wp_parse_args( $args, $default_args ); $args['before_widget'] = sprintf( $args['before_widget'], $widget_obj->widget_options['classname'] ); $instance = wp_parse_args( $instance ); /** This filter is documented in wp-includes/class-wp-widget.php */ $instance = apply_filters( 'widget_display_callback', $instance, $widget_obj, $args ); if ( false === $instance ) { return; } /** * Fires before rendering the requested widget. * * @since 3.0.0 * * @param string $widget The widget's class name. * @param array $instance The current widget instance's settings. * @param array $args An array of the widget's sidebar arguments. */ do_action( 'the_widget', $widget, $instance, $args ); $widget_obj->_set( -1 ); $widget_obj->widget( $args, $instance ); } /** * Retrieves the widget ID base value. * * @since 2.8.0 * * @param string $id Widget ID. * @return string Widget ID base. */ function _get_widget_id_base( $id ) { return preg_replace( '/-[0-9]+$/', '', $id ); } /** * Handles sidebars config after theme change. * * @access private * @since 3.3.0 * * @global array $sidebars_widgets */ function _wp_sidebars_changed() { global $sidebars_widgets; if ( ! is_array( $sidebars_widgets ) ) { $sidebars_widgets = wp_get_sidebars_widgets(); } retrieve_widgets( true ); } /** * Validates and remaps any "orphaned" widgets to wp_inactive_widgets sidebar, * and saves the widget settings. This has to run at least on each theme change. * * For example, let's say theme A has a "footer" sidebar, and theme B doesn't have one. * After switching from theme A to theme B, all the widgets previously assigned * to the footer would be inaccessible. This function detects this scenario, and * moves all the widgets previously assigned to the footer under wp_inactive_widgets. * * Despite the word "retrieve" in the name, this function actually updates the database * and the global `$sidebars_widgets`. For that reason it should not be run on front end, * unless the `$theme_changed` value is 'customize' (to bypass the database write). * * @since 2.8.0 * * @global array $wp_registered_sidebars The registered sidebars. * @global array $sidebars_widgets * @global array $wp_registered_widgets The registered widgets. * * @param string|bool $theme_changed Whether the theme was changed as a boolean. A value * of 'customize' defers updates for the Customizer. * @return array Updated sidebars widgets. */ function retrieve_widgets( $theme_changed = false ) { global $wp_registered_sidebars, $sidebars_widgets, $wp_registered_widgets; $registered_sidebars_keys = array_keys( $wp_registered_sidebars ); $registered_widgets_ids = array_keys( $wp_registered_widgets ); if ( ! is_array( get_theme_mod( 'sidebars_widgets' ) ) ) { if ( empty( $sidebars_widgets ) ) { return array(); } unset( $sidebars_widgets['array_version'] ); $sidebars_widgets_keys = array_keys( $sidebars_widgets ); sort( $sidebars_widgets_keys ); sort( $registered_sidebars_keys ); if ( $sidebars_widgets_keys === $registered_sidebars_keys ) { $sidebars_widgets = _wp_remove_unregistered_widgets( $sidebars_widgets, $registered_widgets_ids ); return $sidebars_widgets; } } // Discard invalid, theme-specific widgets from sidebars. $sidebars_widgets = _wp_remove_unregistered_widgets( $sidebars_widgets, $registered_widgets_ids ); $sidebars_widgets = wp_map_sidebars_widgets( $sidebars_widgets ); // Replace non-array values inside the array with an empty array. foreach ( $sidebars_widgets as $key => $value ) { if ( ! is_array( $value ) ) { $sidebars_widgets[ $key ] = array(); } } // Find hidden/lost multi-widget instances. $shown_widgets = array_merge( ...array_values( $sidebars_widgets ) ); $lost_widgets = array_diff( $registered_widgets_ids, $shown_widgets ); foreach ( $lost_widgets as $key => $widget_id ) { $number = preg_replace( '/.+?-([0-9]+)$/', '$1', $widget_id ); // Only keep active and default widgets. if ( is_numeric( $number ) && (int) $number < 2 ) { unset( $lost_widgets[ $key ] ); } } $sidebars_widgets['wp_inactive_widgets'] = array_merge( $lost_widgets, (array) $sidebars_widgets['wp_inactive_widgets'] ); if ( 'customize' !== $theme_changed ) { // Update the widgets settings in the database. wp_set_sidebars_widgets( $sidebars_widgets ); } return $sidebars_widgets; } /** * Compares a list of sidebars with their widgets against an allowed list. * * @since 4.9.0 * @since 4.9.2 Always tries to restore widget assignments from previous data, not just if sidebars needed mapping. * * @global array $wp_registered_sidebars The registered sidebars. * * @param array $existing_sidebars_widgets List of sidebars and their widget instance IDs. * @return array Mapped sidebars widgets. */ function wp_map_sidebars_widgets( $existing_sidebars_widgets ) { global $wp_registered_sidebars; $new_sidebars_widgets = array( 'wp_inactive_widgets' => array(), ); // Short-circuit if there are no sidebars to map. if ( ! is_array( $existing_sidebars_widgets ) || empty( $existing_sidebars_widgets ) ) { return $new_sidebars_widgets; } foreach ( $existing_sidebars_widgets as $sidebar => $widgets ) { if ( 'wp_inactive_widgets' === $sidebar || str_starts_with( $sidebar, 'orphaned_widgets' ) ) { $new_sidebars_widgets['wp_inactive_widgets'] = array_merge( $new_sidebars_widgets['wp_inactive_widgets'], (array) $widgets ); unset( $existing_sidebars_widgets[ $sidebar ] ); } } // If old and new theme have just one sidebar, map it and we're done. if ( 1 === count( $existing_sidebars_widgets ) && 1 === count( $wp_registered_sidebars ) ) { $new_sidebars_widgets[ key( $wp_registered_sidebars ) ] = array_pop( $existing_sidebars_widgets ); return $new_sidebars_widgets; } // Map locations with the same slug. $existing_sidebars = array_keys( $existing_sidebars_widgets ); foreach ( $wp_registered_sidebars as $sidebar => $name ) { if ( in_array( $sidebar, $existing_sidebars, true ) ) { $new_sidebars_widgets[ $sidebar ] = $existing_sidebars_widgets[ $sidebar ]; unset( $existing_sidebars_widgets[ $sidebar ] ); } elseif ( ! array_key_exists( $sidebar, $new_sidebars_widgets ) ) { $new_sidebars_widgets[ $sidebar ] = array(); } } // If there are more sidebars, try to map them. if ( ! empty( $existing_sidebars_widgets ) ) { /* * If old and new theme both have sidebars that contain phrases * from within the same group, make an educated guess and map it. */ $common_slug_groups = array( array( 'sidebar', 'primary', 'main', 'right' ), array( 'second', 'left' ), array( 'sidebar-2', 'footer', 'bottom' ), array( 'header', 'top' ), ); // Go through each group... foreach ( $common_slug_groups as $slug_group ) { // ...and see if any of these slugs... foreach ( $slug_group as $slug ) { // ...and any of the new sidebars... foreach ( $wp_registered_sidebars as $new_sidebar => $args ) { // ...actually match! if ( false === stripos( $new_sidebar, $slug ) && false === stripos( $slug, $new_sidebar ) ) { continue; } // Then see if any of the existing sidebars... foreach ( $existing_sidebars_widgets as $sidebar => $widgets ) { // ...and any slug in the same group... foreach ( $slug_group as $slug ) { // ... have a match as well. if ( false === stripos( $sidebar, $slug ) && false === stripos( $slug, $sidebar ) ) { continue; } // Make sure this sidebar wasn't mapped and removed previously. if ( ! empty( $existing_sidebars_widgets[ $sidebar ] ) ) { // We have a match that can be mapped! $new_sidebars_widgets[ $new_sidebar ] = array_merge( $new_sidebars_widgets[ $new_sidebar ], $existing_sidebars_widgets[ $sidebar ] ); // Remove the mapped sidebar so it can't be mapped again. unset( $existing_sidebars_widgets[ $sidebar ] ); // Go back and check the next new sidebar. continue 3; } } // End foreach ( $slug_group as $slug ). } // End foreach ( $existing_sidebars_widgets as $sidebar => $widgets ). } // End foreach ( $wp_registered_sidebars as $new_sidebar => $args ). } // End foreach ( $slug_group as $slug ). } // End foreach ( $common_slug_groups as $slug_group ). } // Move any left over widgets to inactive sidebar. foreach ( $existing_sidebars_widgets as $widgets ) { if ( is_array( $widgets ) && ! empty( $widgets ) ) { $new_sidebars_widgets['wp_inactive_widgets'] = array_merge( $new_sidebars_widgets['wp_inactive_widgets'], $widgets ); } } // Sidebars_widgets settings from when this theme was previously active. $old_sidebars_widgets = get_theme_mod( 'sidebars_widgets' ); $old_sidebars_widgets = isset( $old_sidebars_widgets['data'] ) ? $old_sidebars_widgets['data'] : false; if ( is_array( $old_sidebars_widgets ) ) { // Remove empty sidebars, no need to map those. $old_sidebars_widgets = array_filter( $old_sidebars_widgets ); // Only check sidebars that are empty or have not been mapped to yet. foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ) { if ( array_key_exists( $new_sidebar, $old_sidebars_widgets ) && ! empty( $new_widgets ) ) { unset( $old_sidebars_widgets[ $new_sidebar ] ); } } // Remove orphaned widgets, we're only interested in previously active sidebars. foreach ( $old_sidebars_widgets as $sidebar => $widgets ) { if ( str_starts_with( $sidebar, 'orphaned_widgets' ) ) { unset( $old_sidebars_widgets[ $sidebar ] ); } } $old_sidebars_widgets = _wp_remove_unregistered_widgets( $old_sidebars_widgets ); // Replace non-array values inside the array with an empty array. foreach ( $new_sidebars_widgets as $key => $value ) { if ( ! is_array( $value ) ) { $new_sidebars_widgets[ $key ] = array(); } } if ( ! empty( $old_sidebars_widgets ) ) { // Go through each remaining sidebar... foreach ( $old_sidebars_widgets as $old_sidebar => $old_widgets ) { // ...and check every new sidebar... foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ) { // ...for every widget we're trying to revive. foreach ( $old_widgets as $key => $widget_id ) { $active_key = array_search( $widget_id, $new_widgets, true ); // If the widget is used elsewhere... if ( false !== $active_key ) { // ...and that elsewhere is inactive widgets... if ( 'wp_inactive_widgets' === $new_sidebar ) { // ...remove it from there and keep the active version... unset( $new_sidebars_widgets['wp_inactive_widgets'][ $active_key ] ); } else { // ...otherwise remove it from the old sidebar and keep it in the new one. unset( $old_sidebars_widgets[ $old_sidebar ][ $key ] ); } } // End if ( $active_key ). } // End foreach ( $old_widgets as $key => $widget_id ). } // End foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ). } // End foreach ( $old_sidebars_widgets as $old_sidebar => $old_widgets ). } // End if ( ! empty( $old_sidebars_widgets ) ). // Restore widget settings from when theme was previously active. $new_sidebars_widgets = array_merge( $new_sidebars_widgets, $old_sidebars_widgets ); } return $new_sidebars_widgets; } /** * Compares a list of sidebars with their widgets against an allowed list. * * @since 4.9.0 * * @global array $wp_registered_widgets The registered widgets. * * @param array $sidebars_widgets List of sidebars and their widget instance IDs. * @param array $allowed_widget_ids Optional. List of widget IDs to compare against. Default: Registered widgets. * @return array Sidebars with allowed widgets. */ function _wp_remove_unregistered_widgets( $sidebars_widgets, $allowed_widget_ids = array() ) { if ( empty( $allowed_widget_ids ) ) { $allowed_widget_ids = array_keys( $GLOBALS['wp_registered_widgets'] ); } foreach ( $sidebars_widgets as $sidebar => $widgets ) { if ( is_array( $widgets ) ) { $sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $allowed_widget_ids ); } } return $sidebars_widgets; } /** * Displays the RSS entries in a list. * * @since 2.5.0 * * @param string|array|object $rss RSS url. * @param array $args Widget arguments. */ function wp_widget_rss_output( $rss, $args = array() ) { if ( is_string( $rss ) ) { $rss = fetch_feed( $rss ); } elseif ( is_array( $rss ) && isset( $rss['url'] ) ) { $args = $rss; $rss = fetch_feed( $rss['url'] ); } elseif ( ! is_object( $rss ) ) { return; } if ( is_wp_error( $rss ) ) { if ( is_admin() || current_user_can( 'manage_options' ) ) { echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $rss->get_error_message() ) . '</p>'; } return; } $default_args = array( 'show_author' => 0, 'show_date' => 0, 'show_summary' => 0, 'items' => 0, ); $args = wp_parse_args( $args, $default_args ); $items = (int) $args['items']; if ( $items < 1 || 20 < $items ) { $items = 10; } $show_summary = (int) $args['show_summary']; $show_author = (int) $args['show_author']; $show_date = (int) $args['show_date']; if ( ! $rss->get_item_quantity() ) { echo '<ul><li>' . __( 'An error has occurred, which probably means the feed is down. Try again later.' ) . '</li></ul>'; $rss->__destruct(); unset( $rss ); return; } echo '<ul>'; foreach ( $rss->get_items( 0, $items ) as $item ) { $link = $item->get_link(); while ( ! empty( $link ) && stristr( $link, 'http' ) !== $link ) { $link = substr( $link, 1 ); } $link = esc_url( strip_tags( $link ) ); $title = esc_html( trim( strip_tags( $item->get_title() ) ) ); if ( empty( $title ) ) { $title = __( 'Untitled' ); } $desc = html_entity_decode( $item->get_description(), ENT_QUOTES, get_option( 'blog_charset' ) ); $desc = esc_attr( wp_trim_words( $desc, 55, ' […]' ) ); $summary = ''; if ( $show_summary ) { $summary = $desc; // Change existing [...] to […]. if ( str_ends_with( $summary, '[...]' ) ) { $summary = substr( $summary, 0, -5 ) . '[…]'; } $summary = '<div class="rssSummary">' . esc_html( $summary ) . '</div>'; } $date = ''; if ( $show_date ) { $date = $item->get_date( 'U' ); if ( $date ) { $date = ' <span class="rss-date">' . date_i18n( get_option( 'date_format' ), $date ) . '</span>'; } } $author = ''; if ( $show_author ) { $author = $item->get_author(); if ( is_object( $author ) ) { $author = $author->get_name(); $author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>'; } } if ( '' === $link ) { echo "<li>$title{$date}{$summary}{$author}</li>"; } elseif ( $show_summary ) { echo "<li><a class='rsswidget' href='$link'>$title</a>{$date}{$summary}{$author}</li>"; } else { echo "<li><a class='rsswidget' href='$link'>$title</a>{$date}{$author}</li>"; } } echo '</ul>'; $rss->__destruct(); unset( $rss ); } /** * Displays RSS widget options form. * * The options for what fields are displayed for the RSS form are all booleans * and are as follows: 'url', 'title', 'items', 'show_summary', 'show_author', * 'show_date'. * * @since 2.5.0 * * @param array|string $args Values for input fields. * @param array $inputs Override default display options. */ function wp_widget_rss_form( $args, $inputs = null ) { $default_inputs = array( 'url' => true, 'title' => true, 'items' => true, 'show_summary' => true, 'show_author' => true, 'show_date' => true, ); $inputs = wp_parse_args( $inputs, $default_inputs ); $args['title'] = isset( $args['title'] ) ? $args['title'] : ''; $args['url'] = isset( $args['url'] ) ? $args['url'] : ''; $args['items'] = isset( $args['items'] ) ? (int) $args['items'] : 0; if ( $args['items'] < 1 || 20 < $args['items'] ) { $args['items'] = 10; } $args['show_summary'] = isset( $args['show_summary'] ) ? (int) $args['show_summary'] : (int) $inputs['show_summary']; $args['show_author'] = isset( $args['show_author'] ) ? (int) $args['show_author'] : (int) $inputs['show_author']; $args['show_date'] = isset( $args['show_date'] ) ? (int) $args['show_date'] : (int) $inputs['show_date']; if ( ! empty( $args['error'] ) ) { echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $args['error'] ) . '</p>'; } $esc_number = esc_attr( $args['number'] ); if ( $inputs['url'] ) : ?> <p><label for="rss-url-<?php echo $esc_number; ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label> <input class="widefat" id="rss-url-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][url]" type="text" value="<?php echo esc_url( $args['url'] ); ?>" /></p> <?php endif; if ( $inputs['title'] ) : ?> <p><label for="rss-title-<?php echo $esc_number; ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label> <input class="widefat" id="rss-title-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][title]" type="text" value="<?php echo esc_attr( $args['title'] ); ?>" /></p> <?php endif; if ( $inputs['items'] ) : ?> <p><label for="rss-items-<?php echo $esc_number; ?>"><?php _e( 'How many items would you like to display?' ); ?></label> <select id="rss-items-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][items]"> <?php for ( $i = 1; $i <= 20; ++$i ) { echo "<option value='$i' " . selected( $args['items'], $i, false ) . ">$i</option>"; } ?> </select></p> <?php endif; if ( $inputs['show_summary'] || $inputs['show_author'] || $inputs['show_date'] ) : ?> <p> <?php if ( $inputs['show_summary'] ) : ?> <input id="rss-show-summary-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> /> <label for="rss-show-summary-<?php echo $esc_number; ?>"><?php _e( 'Display item content?' ); ?></label><br /> <?php endif; if ( $inputs['show_author'] ) : ?> <input id="rss-show-author-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> /> <label for="rss-show-author-<?php echo $esc_number; ?>"><?php _e( 'Display item author if available?' ); ?></label><br /> <?php endif; if ( $inputs['show_date'] ) : ?> <input id="rss-show-date-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?> /> <label for="rss-show-date-<?php echo $esc_number; ?>"><?php _e( 'Display item date?' ); ?></label><br /> <?php endif; ?> </p> <?php endif; // End of display options. foreach ( array_keys( $default_inputs ) as $input ) : if ( 'hidden' === $inputs[ $input ] ) : $id = str_replace( '_', '-', $input ); ?> <input type="hidden" id="rss-<?php echo esc_attr( $id ); ?>-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][<?php echo esc_attr( $input ); ?>]" value="<?php echo esc_attr( $args[ $input ] ); ?>" /> <?php endif; endforeach; } /** * Processes RSS feed widget data and optionally retrieve feed items. * * The feed widget can not have more than 20 items or it will reset back to the * default, which is 10. * * The resulting array has the feed title, feed url, feed link (from channel), * feed items, error (if any), and whether to show summary, author, and date. * All respectively in the order of the array elements. * * @since 2.5.0 * * @param array $widget_rss RSS widget feed data. Expects unescaped data. * @param bool $check_feed Optional. Whether to check feed for errors. Default true. * @return array */ function wp_widget_rss_process( $widget_rss, $check_feed = true ) { $items = (int) $widget_rss['items']; if ( $items < 1 || 20 < $items ) { $items = 10; } $url = sanitize_url( strip_tags( $widget_rss['url'] ) ); $title = isset( $widget_rss['title'] ) ? trim( strip_tags( $widget_rss['title'] ) ) : ''; $show_summary = isset( $widget_rss['show_summary'] ) ? (int) $widget_rss['show_summary'] : 0; $show_author = isset( $widget_rss['show_author'] ) ? (int) $widget_rss['show_author'] : 0; $show_date = isset( $widget_rss['show_date'] ) ? (int) $widget_rss['show_date'] : 0; $error = false; $link = ''; if ( $check_feed ) { $rss = fetch_feed( $url ); if ( is_wp_error( $rss ) ) { $error = $rss->get_error_message(); } else { $link = esc_url( strip_tags( $rss->get_permalink() ) ); while ( stristr( $link, 'http' ) !== $link ) { $link = substr( $link, 1 ); } $rss->__destruct(); unset( $rss ); } } return compact( 'title', 'url', 'link', 'items', 'error', 'show_summary', 'show_author', 'show_date' ); } /** * Registers all of the default WordPress widgets on startup. * * Calls {@see 'widgets_init'} action after all of the WordPress widgets have been registered. * * @since 2.2.0 */ function wp_widgets_init() { if ( ! is_blog_installed() ) { return; } register_widget( 'WP_Widget_Pages' ); register_widget( 'WP_Widget_Calendar' ); register_widget( 'WP_Widget_Archives' ); if ( get_option( 'link_manager_enabled' ) ) { register_widget( 'WP_Widget_Links' ); } register_widget( 'WP_Widget_Media_Audio' ); register_widget( 'WP_Widget_Media_Image' ); register_widget( 'WP_Widget_Media_Gallery' ); register_widget( 'WP_Widget_Media_Video' ); register_widget( 'WP_Widget_Meta' ); register_widget( 'WP_Widget_Search' ); register_widget( 'WP_Widget_Text' ); register_widget( 'WP_Widget_Categories' ); register_widget( 'WP_Widget_Recent_Posts' ); register_widget( 'WP_Widget_Recent_Comments' ); register_widget( 'WP_Widget_RSS' ); register_widget( 'WP_Widget_Tag_Cloud' ); register_widget( 'WP_Nav_Menu_Widget' ); register_widget( 'WP_Widget_Custom_HTML' ); register_widget( 'WP_Widget_Block' ); /** * Fires after all default WordPress widgets have been registered. * * @since 2.2.0 */ do_action( 'widgets_init' ); } /** * Enables the widgets block editor. This is hooked into 'after_setup_theme' so * that the block editor is enabled by default but can be disabled by themes. * * @since 5.8.0 * * @access private */ function wp_setup_widgets_block_editor() { add_theme_support( 'widgets-block-editor' ); } /** * Determines whether or not to use the block editor to manage widgets. * Defaults to true unless a theme has removed support for widgets-block-editor * or a plugin has filtered the return value of this function. * * @since 5.8.0 * * @return bool Whether to use the block editor to manage widgets. */ function wp_use_widgets_block_editor() { /** * Filters whether to use the block editor to manage widgets. * * @since 5.8.0 * * @param bool $use_widgets_block_editor Whether to use the block editor to manage widgets. */ return apply_filters( 'use_widgets_block_editor', get_theme_support( 'widgets-block-editor' ) ); } /** * Converts a widget ID into its id_base and number components. * * @since 5.8.0 * * @param string $id Widget ID. * @return array Array containing a widget's id_base and number components. */ function wp_parse_widget_id( $id ) { $parsed = array(); if ( preg_match( '/^(.+)-(\d+)$/', $id, $matches ) ) { $parsed['id_base'] = $matches[1]; $parsed['number'] = (int) $matches[2]; } else { // Likely an old single widget. $parsed['id_base'] = $id; } return $parsed; } /** * Finds the sidebar that a given widget belongs to. * * @since 5.8.0 * * @param string $widget_id The widget ID to look for. * @return string|null The found sidebar's ID, or null if it was not found. */ function wp_find_widgets_sidebar( $widget_id ) { foreach ( wp_get_sidebars_widgets() as $sidebar_id => $widget_ids ) { foreach ( $widget_ids as $maybe_widget_id ) { if ( $maybe_widget_id === $widget_id ) { return (string) $sidebar_id; } } } return null; } /** * Assigns a widget to the given sidebar. * * @since 5.8.0 * * @param string $widget_id The widget ID to assign. * @param string $sidebar_id The sidebar ID to assign to. If empty, the widget won't be added to any sidebar. */ function wp_assign_widget_to_sidebar( $widget_id, $sidebar_id ) { $sidebars = wp_get_sidebars_widgets(); foreach ( $sidebars as $maybe_sidebar_id => $widgets ) { foreach ( $widgets as $i => $maybe_widget_id ) { if ( $widget_id === $maybe_widget_id && $sidebar_id !== $maybe_sidebar_id ) { unset( $sidebars[ $maybe_sidebar_id ][ $i ] ); // We could technically break 2 here, but continue looping in case the ID is duplicated. continue 2; } } } if ( $sidebar_id ) { $sidebars[ $sidebar_id ][] = $widget_id; } wp_set_sidebars_widgets( $sidebars ); } /** * Calls the render callback of a widget and returns the output. * * @since 5.8.0 * * @global array $wp_registered_widgets The registered widgets. * @global array $wp_registered_sidebars The registered sidebars. * * @param string $widget_id Widget ID. * @param string $sidebar_id Sidebar ID. * @return string */ function wp_render_widget( $widget_id, $sidebar_id ) { global $wp_registered_widgets, $wp_registered_sidebars; if ( ! isset( $wp_registered_widgets[ $widget_id ] ) ) { return ''; } if ( isset( $wp_registered_sidebars[ $sidebar_id ] ) ) { $sidebar = $wp_registered_sidebars[ $sidebar_id ]; } elseif ( 'wp_inactive_widgets' === $sidebar_id ) { $sidebar = array(); } else { return ''; } $params = array_merge( array( array_merge( $sidebar, array( 'widget_id' => $widget_id, 'widget_name' => $wp_registered_widgets[ $widget_id ]['name'], ) ), ), (array) $wp_registered_widgets[ $widget_id ]['params'] ); // Substitute HTML `id` and `class` attributes into `before_widget`. $classname_ = ''; foreach ( (array) $wp_registered_widgets[ $widget_id ]['classname'] as $cn ) { if ( is_string( $cn ) ) { $classname_ .= '_' . $cn; } elseif ( is_object( $cn ) ) { $classname_ .= '_' . get_class( $cn ); } } $classname_ = ltrim( $classname_, '_' ); $params[0]['before_widget'] = sprintf( $params[0]['before_widget'], $widget_id, $classname_ ); /** This filter is documented in wp-includes/widgets.php */ $params = apply_filters( 'dynamic_sidebar_params', $params ); $callback = $wp_registered_widgets[ $widget_id ]['callback']; ob_start(); /** This filter is documented in wp-includes/widgets.php */ do_action( 'dynamic_sidebar', $wp_registered_widgets[ $widget_id ] ); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); } return ob_get_clean(); } /** * Calls the control callback of a widget and returns the output. * * @since 5.8.0 * * @global array $wp_registered_widget_controls The registered widget controls. * * @param string $id Widget ID. * @return string|null */ function wp_render_widget_control( $id ) { global $wp_registered_widget_controls; if ( ! isset( $wp_registered_widget_controls[ $id ]['callback'] ) ) { return null; } $callback = $wp_registered_widget_controls[ $id ]['callback']; $params = $wp_registered_widget_controls[ $id ]['params']; ob_start(); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); } return ob_get_clean(); } /** * Displays a _doing_it_wrong() message for conflicting widget editor scripts. * * The 'wp-editor' script module is exposed as window.wp.editor. This overrides * the legacy TinyMCE editor module which is required by the widgets editor. * Because of that conflict, these two shouldn't be enqueued together. * See https://core.trac.wordpress.org/ticket/53569. * * There is also another conflict related to styles where the block widgets * editor is hidden if a block enqueues 'wp-edit-post' stylesheet. * See https://core.trac.wordpress.org/ticket/53569. * * @since 5.8.0 * @access private * * @global WP_Scripts $wp_scripts * @global WP_Styles $wp_styles */ function wp_check_widget_editor_deps() { global $wp_scripts, $wp_styles; if ( $wp_scripts->query( 'wp-edit-widgets', 'enqueued' ) || $wp_scripts->query( 'wp-customize-widgets', 'enqueued' ) ) { if ( $wp_scripts->query( 'wp-editor', 'enqueued' ) ) { _doing_it_wrong( 'wp_enqueue_script()', sprintf( /* translators: 1: 'wp-editor', 2: 'wp-edit-widgets', 3: 'wp-customize-widgets'. */ __( '"%1$s" script should not be enqueued together with the new widgets editor (%2$s or %3$s).' ), 'wp-editor', 'wp-edit-widgets', 'wp-customize-widgets' ), '5.8.0' ); } if ( $wp_styles->query( 'wp-edit-post', 'enqueued' ) ) { _doing_it_wrong( 'wp_enqueue_style()', sprintf( /* translators: 1: 'wp-edit-post', 2: 'wp-edit-widgets', 3: 'wp-customize-widgets'. */ __( '"%1$s" style should not be enqueued together with the new widgets editor (%2$s or %3$s).' ), 'wp-edit-post', 'wp-edit-widgets', 'wp-customize-widgets' ), '5.8.0' ); } } } /** * Registers the previous theme's sidebars for the block themes. * * @since 6.2.0 * @access private * * @global array $wp_registered_sidebars The registered sidebars. */ function _wp_block_theme_register_classic_sidebars() { global $wp_registered_sidebars; if ( ! wp_is_block_theme() ) { return; } $classic_sidebars = get_theme_mod( 'wp_classic_sidebars' ); if ( empty( $classic_sidebars ) ) { return; } // Don't use `register_sidebar` since it will enable the `widgets` support for a theme. foreach ( $classic_sidebars as $sidebar ) { $wp_registered_sidebars[ $sidebar['id'] ] = $sidebar; } } HTTP/Psr18Client-20260605010059.php 0000666 00000010537 15226703613 0011510 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use Psr\Http\Client\ClientExceptionInterface; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use Psr\Http\Message\UriFactoryInterface; use Throwable; /** * HTTP Client based on PSR-18 and PSR-17 implementations * * @internal */ final class Psr18Client implements Client { /** * @var ClientInterface */ private $httpClient; /** * @var RequestFactoryInterface */ private $requestFactory; /** * @var UriFactoryInterface */ private $uriFactory; /** * @var int */ private $allowedRedirects = 5; public function __construct(ClientInterface $httpClient, RequestFactoryInterface $requestFactory, UriFactoryInterface $uriFactory) { $this->httpClient = $httpClient; $this->requestFactory = $requestFactory; $this->uriFactory = $uriFactory; } public function getHttpClient(): ClientInterface { return $this->httpClient; } public function getRequestFactory(): RequestFactoryInterface { return $this->requestFactory; } public function getUriFactory(): UriFactoryInterface { return $this->uriFactory; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param string $url * @param array<string,string|string[]> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } if (preg_match('/^http(s)?:\/\//i', $url)) { return $this->requestUrl($method, $url, $headers); } return $this->requestLocalFile($url); } /** * @param array<string,string|string[]> $headers */ private function requestUrl(string $method, string $url, array $headers): Response { $permanentUrl = $url; $requestedUrl = $url; $remainingRedirects = $this->allowedRedirects; $request = $this->requestFactory->createRequest( $method, $this->uriFactory->createUri($requestedUrl) ); foreach ($headers as $name => $value) { $request = $request->withHeader($name, $value); } do { $followRedirect = false; try { $response = $this->httpClient->sendRequest($request); } catch (ClientExceptionInterface $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } $statusCode = $response->getStatusCode(); // If we have a redirect if (in_array($statusCode, [300, 301, 302, 303, 307]) && $response->hasHeader('Location')) { // Prevent infinity redirect loops if ($remainingRedirects <= 0) { break; } $remainingRedirects--; $followRedirect = true; $requestedUrl = $response->getHeaderLine('Location'); if ($statusCode === 301) { $permanentUrl = $requestedUrl; } $request = $request->withUri($this->uriFactory->createUri($requestedUrl)); } } while ($followRedirect); return new Psr7Response($response, $permanentUrl, $requestedUrl); } private function requestLocalFile(string $path): Response { if (!is_readable($path)) { throw new ClientException(sprintf('file "%s" is not readable', $path)); } try { $raw = file_get_contents($path); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($raw === false) { throw new ClientException('file_get_contents() could not read the file', 1); } return new RawTextResponse($raw, $path); } } HTTP/https-migration-20260605090903.php 0000666 00000011205 15226703613 0012564 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605121529.php 0000666 00000011205 15226703613 0012563 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606042318-20260607195654.php 0000666 00000011205 15226703613 0014164 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/script-loader-20260605075722.php 0000666 00000465210 15226703613 0012216 0 ustar 00 <?php /** * WordPress scripts and styles default loader. * * Several constants are used to manage the loading, concatenating and compression of scripts and CSS: * define('SCRIPT_DEBUG', true); loads the development (non-minified) versions of all scripts and CSS, and disables compression and concatenation, * define('CONCATENATE_SCRIPTS', false); disables compression and concatenation of scripts and CSS, * define('COMPRESS_SCRIPTS', false); disables compression of scripts, * define('COMPRESS_CSS', false); disables compression of CSS, * define('ENFORCE_GZIP', true); forces gzip for compression (default is deflate). * * The globals $concatenate_scripts, $compress_scripts and $compress_css can be set by plugins * to temporarily override the above settings. Also a compression test is run once and the result is saved * as option 'can_compress_scripts' (0/1). The test will run again if that option is deleted. * * @package WordPress */ /** WordPress Dependency Class */ require ABSPATH . WPINC . '/class-wp-dependency.php'; /** WordPress Dependencies Class */ require ABSPATH . WPINC . '/class-wp-dependencies.php'; /** WordPress Scripts Class */ require ABSPATH . WPINC . '/class-wp-scripts.php'; /** WordPress Scripts Functions */ require ABSPATH . WPINC . '/functions.wp-scripts.php'; /** WordPress Styles Class */ require ABSPATH . WPINC . '/class-wp-styles.php'; /** WordPress Styles Functions */ require ABSPATH . WPINC . '/functions.wp-styles.php'; /** * Registers TinyMCE scripts. * * @since 5.0.0 * * @global string $tinymce_version * @global bool $concatenate_scripts * @global bool $compress_scripts * * @param WP_Scripts $scripts WP_Scripts object. * @param bool $force_uncompressed Whether to forcibly prevent gzip compression. Default false. */ function wp_register_tinymce_scripts( $scripts, $force_uncompressed = false ) { global $tinymce_version, $concatenate_scripts, $compress_scripts; $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); script_concat_settings(); $compressed = $compress_scripts && $concatenate_scripts && ! $force_uncompressed; /* * Load tinymce.js when running from /src, otherwise load wp-tinymce.js (in production) * or tinymce.min.js (when SCRIPT_DEBUG is true). */ if ( $compressed ) { $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . 'wp-tinymce.js', array(), $tinymce_version ); } else { $scripts->add( 'wp-tinymce-root', includes_url( 'js/tinymce/' ) . "tinymce$dev_suffix.js", array(), $tinymce_version ); $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . "plugins/compat3x/plugin$dev_suffix.js", array( 'wp-tinymce-root' ), $tinymce_version ); } $scripts->add( 'wp-tinymce-lists', includes_url( "js/tinymce/plugins/lists/plugin$suffix.js" ), array( 'wp-tinymce' ), $tinymce_version ); } /** * Registers all the WordPress vendor scripts that are in the standardized * `js/dist/vendor/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @global WP_Locale $wp_locale WordPress date and time locale object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_vendor( $scripts ) { global $wp_locale; $suffix = wp_scripts_get_suffix(); $vendor_scripts = array( 'react', 'react-dom' => array( 'react' ), 'react-jsx-runtime' => array( 'react' ), 'regenerator-runtime', 'moment', 'lodash', 'wp-polyfill-fetch', 'wp-polyfill-formdata', 'wp-polyfill-node-contains', 'wp-polyfill-url', 'wp-polyfill-dom-rect', 'wp-polyfill-element-closest', 'wp-polyfill-object-fit', 'wp-polyfill-inert', 'wp-polyfill', ); $vendor_scripts_versions = array( 'react' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-dom' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-jsx-runtime' => '18.3.1', 'regenerator-runtime' => '0.14.1', 'moment' => '2.30.1', 'lodash' => '4.17.21', 'wp-polyfill-fetch' => '3.6.20', 'wp-polyfill-formdata' => '4.0.10', 'wp-polyfill-node-contains' => '4.8.0', 'wp-polyfill-url' => '3.6.4', 'wp-polyfill-dom-rect' => '4.8.0', 'wp-polyfill-element-closest' => '3.0.2', 'wp-polyfill-object-fit' => '2.3.5', 'wp-polyfill-inert' => '3.1.3', 'wp-polyfill' => '3.15.0', ); foreach ( $vendor_scripts as $handle => $dependencies ) { if ( is_string( $dependencies ) ) { $handle = $dependencies; $dependencies = array(); } $path = "/wp-includes/js/dist/vendor/$handle$suffix.js"; $version = $vendor_scripts_versions[ $handle ]; $scripts->add( $handle, $path, $dependencies, $version, 1 ); } did_action( 'init' ) && $scripts->add_inline_script( 'lodash', 'window.lodash = _.noConflict();' ); did_action( 'init' ) && $scripts->add_inline_script( 'moment', sprintf( "moment.updateLocale( '%s', %s );", esc_js( get_user_locale() ), wp_json_encode( array( 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'week' => array( 'dow' => (int) get_option( 'start_of_week', 0 ), ), 'longDateFormat' => array( 'LT' => get_option( 'time_format', __( 'g:i a' ) ), 'LTS' => null, 'L' => null, 'LL' => get_option( 'date_format', __( 'F j, Y' ) ), 'LLL' => __( 'F j, Y g:i a' ), 'LLLL' => null, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Returns contents of an inline script used in appending polyfill scripts for * browsers which fail the provided tests. The provided array is a mapping from * a condition to verify feature support to its polyfill script handle. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. * @param string[] $tests Features to detect. * @return string Conditional polyfill inline script. */ function wp_get_script_polyfill( $scripts, $tests ) { $polyfill = ''; foreach ( $tests as $test => $handle ) { if ( ! array_key_exists( $handle, $scripts->registered ) ) { continue; } $src = $scripts->registered[ $handle ]->src; $ver = $scripts->registered[ $handle ]->ver; if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $scripts->content_url && str_starts_with( $src, $scripts->content_url ) ) ) { $src = $scripts->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** This filter is documented in wp-includes/class-wp-scripts.php */ $src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) ); if ( ! $src ) { continue; } $polyfill .= ( // Test presence of feature... '( ' . $test . ' ) || ' . /* * ...appending polyfill on any failures. Cautious viewers may balk * at the `document.write`. Its caveat of synchronous mid-stream * blocking write is exactly the behavior we need though. */ 'document.write( \'<script src="' . $src . '"></scr\' + \'ipt>\' );' ); } return $polyfill; } /** * Registers development scripts that integrate with `@wordpress/scripts`. * * @see https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#start * * @since 6.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_register_development_scripts( $scripts ) { if ( ! defined( 'SCRIPT_DEBUG' ) || ! SCRIPT_DEBUG || empty( $scripts->registered['react'] ) || defined( 'WP_RUN_CORE_TESTS' ) ) { return; } $development_scripts = array( 'react-refresh-entry', 'react-refresh-runtime', ); foreach ( $development_scripts as $script_name ) { $assets = include ABSPATH . WPINC . '/assets/script-loader-' . $script_name . '.php'; if ( ! is_array( $assets ) ) { return; } $scripts->add( 'wp-' . $script_name, '/wp-includes/js/dist/development/' . $script_name . '.js', $assets['dependencies'], $assets['version'] ); } // See https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#externalising-react. $scripts->registered['react']->deps[] = 'wp-react-refresh-entry'; } /** * Registers all the WordPress packages scripts that are in the standardized * `js/dist/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_scripts( $scripts ) { $suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix(); /* * Expects multidimensional array like: * * 'a11y.js' => array('dependencies' => array(...), 'version' => '...'), * 'annotations.js' => array('dependencies' => array(...), 'version' => '...'), * 'api-fetch.js' => array(... */ $assets = include ABSPATH . WPINC . "/assets/script-loader-packages{$suffix}.php"; foreach ( $assets as $file_name => $package_data ) { $basename = str_replace( $suffix . '.js', '', basename( $file_name ) ); $handle = 'wp-' . $basename; $path = "/wp-includes/js/dist/{$basename}{$suffix}.js"; if ( ! empty( $package_data['dependencies'] ) ) { $dependencies = $package_data['dependencies']; } else { $dependencies = array(); } // Add dependencies that cannot be detected and generated by build tools. switch ( $handle ) { case 'wp-block-library': array_push( $dependencies, 'editor' ); break; case 'wp-edit-post': array_push( $dependencies, 'media-models', 'media-views', 'postbox', 'wp-dom-ready' ); break; case 'wp-preferences': array_push( $dependencies, 'wp-preferences-persistence' ); break; } $scripts->add( $handle, $path, $dependencies, $package_data['version'], 1 ); if ( in_array( 'wp-i18n', $dependencies, true ) ) { $scripts->set_translations( $handle ); } /* * Manually set the text direction localization after wp-i18n is printed. * This ensures that wp.i18n.isRTL() returns true in RTL languages. * We cannot use $scripts->set_translations( 'wp-i18n' ) to do this * because WordPress prints a script's translations *before* the script, * which means, in the case of wp-i18n, that wp.i18n.setLocaleData() * is called before wp.i18n is defined. */ if ( 'wp-i18n' === $handle ) { $ltr = _x( 'ltr', 'text direction' ); $script = sprintf( "wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ '%s' ] } );", $ltr ); $scripts->add_inline_script( $handle, $script, 'after' ); } } } /** * Adds inline scripts required for the WordPress JavaScript packages. * * @since 5.0.0 * @since 6.4.0 Added relative time strings for the `wp-date` inline script output. * * @global WP_Locale $wp_locale WordPress date and time locale object. * @global wpdb $wpdb WordPress database abstraction object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_inline_scripts( $scripts ) { global $wp_locale, $wpdb; if ( isset( $scripts->registered['wp-api-fetch'] ) ) { $scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks'; } $scripts->add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );', sanitize_url( get_rest_url() ) ), 'after' ); $scripts->add_inline_script( 'wp-api-fetch', implode( "\n", array( sprintf( 'wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );', wp_installing() ? '' : wp_create_nonce( 'wp_rest' ) ), 'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );', 'wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );', sprintf( 'wp.apiFetch.nonceEndpoint = "%s";', admin_url( 'admin-ajax.php?action=rest-nonce' ) ), ) ), 'after' ); $meta_key = $wpdb->get_blog_prefix() . 'persisted_preferences'; $user_id = get_current_user_id(); $preload_data = get_user_meta( $user_id, $meta_key, true ); $scripts->add_inline_script( 'wp-preferences', sprintf( '( function() { var serverData = %s; var userId = "%d"; var persistenceLayer = wp.preferencesPersistence.__unstableCreatePersistenceLayer( serverData, userId ); var preferencesStore = wp.preferences.store; wp.data.dispatch( preferencesStore ).setPersistenceLayer( persistenceLayer ); } ) ();', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), $user_id ) ); // Backwards compatibility - configure the old wp-data persistence system. $scripts->add_inline_script( 'wp-data', implode( "\n", array( '( function() {', ' var userId = ' . get_current_user_id() . ';', ' var storageKey = "WP_DATA_USER_" + userId;', ' wp.data', ' .use( wp.data.plugins.persistence, { storageKey: storageKey } );', '} )();', ) ) ); // Calculate the timezone abbr (EDT, PST) if possible. $timezone_string = get_option( 'timezone_string', 'UTC' ); $timezone_abbr = ''; if ( ! empty( $timezone_string ) ) { $timezone_date = new DateTime( 'now', new DateTimeZone( $timezone_string ) ); $timezone_abbr = $timezone_date->format( 'T' ); } $gmt_offset = get_option( 'gmt_offset', 0 ); $scripts->add_inline_script( 'wp-date', sprintf( 'wp.date.setSettings( %s );', wp_json_encode( array( 'l10n' => array( 'locale' => get_user_locale(), 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'meridiem' => (object) $wp_locale->meridiem, 'relative' => array( /* translators: %s: Duration. */ 'future' => __( '%s from now' ), /* translators: %s: Duration. */ 'past' => __( '%s ago' ), /* translators: One second from or to a particular datetime, e.g., "a second ago" or "a second from now". */ 's' => __( 'a second' ), /* translators: %d: Duration in seconds from or to a particular datetime, e.g., "4 seconds ago" or "4 seconds from now". */ 'ss' => __( '%d seconds' ), /* translators: One minute from or to a particular datetime, e.g., "a minute ago" or "a minute from now". */ 'm' => __( 'a minute' ), /* translators: %d: Duration in minutes from or to a particular datetime, e.g., "4 minutes ago" or "4 minutes from now". */ 'mm' => __( '%d minutes' ), /* translators: One hour from or to a particular datetime, e.g., "an hour ago" or "an hour from now". */ 'h' => __( 'an hour' ), /* translators: %d: Duration in hours from or to a particular datetime, e.g., "4 hours ago" or "4 hours from now". */ 'hh' => __( '%d hours' ), /* translators: One day from or to a particular datetime, e.g., "a day ago" or "a day from now". */ 'd' => __( 'a day' ), /* translators: %d: Duration in days from or to a particular datetime, e.g., "4 days ago" or "4 days from now". */ 'dd' => __( '%d days' ), /* translators: One month from or to a particular datetime, e.g., "a month ago" or "a month from now". */ 'M' => __( 'a month' ), /* translators: %d: Duration in months from or to a particular datetime, e.g., "4 months ago" or "4 months from now". */ 'MM' => __( '%d months' ), /* translators: One year from or to a particular datetime, e.g., "a year ago" or "a year from now". */ 'y' => __( 'a year' ), /* translators: %d: Duration in years from or to a particular datetime, e.g., "4 years ago" or "4 years from now". */ 'yy' => __( '%d years' ), ), 'startOfWeek' => (int) get_option( 'start_of_week', 0 ), ), 'formats' => array( /* translators: Time format, see https://www.php.net/manual/datetime.format.php */ 'time' => get_option( 'time_format', __( 'g:i a' ) ), /* translators: Date format, see https://www.php.net/manual/datetime.format.php */ 'date' => get_option( 'date_format', __( 'F j, Y' ) ), /* translators: Date/Time format, see https://www.php.net/manual/datetime.format.php */ 'datetime' => __( 'F j, Y g:i a' ), /* translators: Abbreviated date/time format, see https://www.php.net/manual/datetime.format.php */ 'datetimeAbbreviated' => __( 'M j, Y g:i a' ), ), 'timezone' => array( 'offset' => (float) $gmt_offset, 'offsetFormatted' => str_replace( array( '.25', '.5', '.75' ), array( ':15', ':30', ':45' ), (string) $gmt_offset ), 'string' => $timezone_string, 'abbr' => $timezone_abbr, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); // Loading the old editor and its config to ensure the classic block works as expected. $scripts->add_inline_script( 'editor', 'window.wp.oldEditor = window.wp.editor;', 'after' ); /* * wp-editor module is exposed as window.wp.editor. * Problem: there is quite some code expecting window.wp.oldEditor object available under window.wp.editor. * Solution: fuse the two objects together to maintain backward compatibility. * For more context, see https://github.com/WordPress/gutenberg/issues/33203. */ $scripts->add_inline_script( 'wp-editor', 'Object.assign( window.wp.editor, window.wp.oldEditor );', 'after' ); } /** * Adds inline scripts required for the TinyMCE in the block editor. * * These TinyMCE init settings are used to extend and override the default settings * from `_WP_Editors::default_settings()` for the Classic block. * * @since 5.0.0 * * @global WP_Scripts $wp_scripts */ function wp_tinymce_inline_scripts() { global $wp_scripts; /** This filter is documented in wp-includes/class-wp-editor.php */ $editor_settings = apply_filters( 'wp_editor_settings', array( 'tinymce' => true ), 'classic-block' ); $tinymce_plugins = array( 'charmap', 'colorpicker', 'hr', 'lists', 'media', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wpdialogs', 'wptextpattern', 'wpview', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_plugins = apply_filters( 'tiny_mce_plugins', $tinymce_plugins, 'classic-block' ); $tinymce_plugins = array_unique( $tinymce_plugins ); $disable_captions = false; // Runs after `tiny_mce_plugins` but before `mce_buttons`. /** This filter is documented in wp-admin/includes/media.php */ if ( apply_filters( 'disable_captions', '' ) ) { $disable_captions = true; } $toolbar1 = array( 'formatselect', 'bold', 'italic', 'bullist', 'numlist', 'blockquote', 'alignleft', 'aligncenter', 'alignright', 'link', 'unlink', 'wp_more', 'spellchecker', 'wp_add_media', 'wp_adv', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar1 = apply_filters( 'mce_buttons', $toolbar1, 'classic-block' ); $toolbar2 = array( 'strikethrough', 'hr', 'forecolor', 'pastetext', 'removeformat', 'charmap', 'outdent', 'indent', 'undo', 'redo', 'wp_help', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar2 = apply_filters( 'mce_buttons_2', $toolbar2, 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar3 = apply_filters( 'mce_buttons_3', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar4 = apply_filters( 'mce_buttons_4', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $external_plugins = apply_filters( 'mce_external_plugins', array(), 'classic-block' ); $tinymce_settings = array( 'plugins' => implode( ',', $tinymce_plugins ), 'toolbar1' => implode( ',', $toolbar1 ), 'toolbar2' => implode( ',', $toolbar2 ), 'toolbar3' => implode( ',', $toolbar3 ), 'toolbar4' => implode( ',', $toolbar4 ), 'external_plugins' => wp_json_encode( $external_plugins ), 'classic_block_editor' => true, ); if ( $disable_captions ) { $tinymce_settings['wpeditimage_disable_captions'] = true; } if ( ! empty( $editor_settings['tinymce'] ) && is_array( $editor_settings['tinymce'] ) ) { $tinymce_settings = array_merge( $tinymce_settings, $editor_settings['tinymce'] ); } /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_settings = apply_filters( 'tiny_mce_before_init', $tinymce_settings, 'classic-block' ); /* * Do "by hand" translation from PHP array to js object. * Prevents breakage in some custom settings. */ $init_obj = ''; foreach ( $tinymce_settings as $key => $value ) { if ( is_bool( $value ) ) { $val = $value ? 'true' : 'false'; $init_obj .= $key . ':' . $val . ','; continue; } elseif ( ! empty( $value ) && is_string( $value ) && ( ( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) || ( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) || preg_match( '/^\(?function ?\(/', $value ) ) ) { $init_obj .= $key . ':' . $value . ','; continue; } $init_obj .= $key . ':"' . $value . '",'; } $init_obj = '{' . trim( $init_obj, ' ,' ) . '}'; $script = 'window.wpEditorL10n = { tinymce: { baseURL: ' . wp_json_encode( includes_url( 'js/tinymce' ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ', suffix: ' . ( SCRIPT_DEBUG ? '""' : '".min"' ) . ', settings: ' . $init_obj . ', } }'; $wp_scripts->add_inline_script( 'wp-block-library', $script, 'before' ); } /** * Registers all the WordPress packages scripts. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages( $scripts ) { wp_default_packages_vendor( $scripts ); wp_register_development_scripts( $scripts ); wp_register_tinymce_scripts( $scripts ); wp_default_packages_scripts( $scripts ); if ( did_action( 'init' ) ) { wp_default_packages_inline_scripts( $scripts ); } } /** * Returns the suffix that can be used for the scripts. * * There are two suffix types, the normal one and the dev suffix. * * @since 5.0.0 * * @param string $type The type of suffix to retrieve. * @return string The script suffix. */ function wp_scripts_get_suffix( $type = '' ) { static $suffixes; if ( null === $suffixes ) { /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ $develop_src = false !== strpos( $wp_version, '-src' ); if ( ! defined( 'SCRIPT_DEBUG' ) ) { define( 'SCRIPT_DEBUG', $develop_src ); } $suffix = SCRIPT_DEBUG ? '' : '.min'; $dev_suffix = $develop_src ? '' : '.min'; $suffixes = array( 'suffix' => $suffix, 'dev_suffix' => $dev_suffix, ); } if ( 'dev' === $type ) { return $suffixes['dev_suffix']; } return $suffixes['suffix']; } /** * Registers all WordPress scripts. * * Localizes some of them. * args order: `$scripts->add( 'handle', 'url', 'dependencies', 'query-string', 1 );` * when last arg === 1 queues the script for the footer * * @since 2.6.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_scripts( $scripts ) { $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); $guessurl = site_url(); if ( ! $guessurl ) { $guessed_url = true; $guessurl = wp_guess_url(); } $scripts->base_url = $guessurl; $scripts->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $scripts->default_version = get_bloginfo( 'version' ); $scripts->default_dirs = array( '/wp-admin/js/', '/wp-includes/js/' ); $scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" ); did_action( 'init' ) && $scripts->localize( 'utils', 'userSettings', array( 'url' => (string) SITECOOKIEPATH, 'uid' => (string) get_current_user_id(), 'time' => (string) time(), 'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ), ) ); $scripts->add( 'common', "/wp-admin/js/common$suffix.js", array( 'jquery', 'hoverIntent', 'utils', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'common' ); $bulk_action_observer_ids = array( 'bulk_action' => 'action', 'changeit' => 'new_role', ); did_action( 'init' ) && $scripts->localize( 'common', 'bulkActionObserverIds', /** * Filters the array of field name attributes for bulk actions. * * @since 6.8.1 * * @param array $bulk_action_observer_ids { * An array of field name attributes for bulk actions. * * @type string $bulk_action The bulk action field name. Default 'action'. * @type string $changeit The new role field name. Default 'new_role'. * } */ apply_filters( 'bulk_action_observer_ids', $bulk_action_observer_ids ) ); $scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array(), false, 1 ); $scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 ); $scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->localize( 'quicktags', 'quicktagsL10n', array( 'closeAllOpenTags' => __( 'Close all open tags' ), 'closeTags' => __( 'close tags' ), 'enterURL' => __( 'Enter the URL' ), 'enterImageURL' => __( 'Enter the URL of the image' ), 'enterImageDescription' => __( 'Enter a description of the image' ), 'textdirection' => __( 'text direction' ), 'toggleTextdirection' => __( 'Toggle Editor Text Direction' ), 'dfw' => __( 'Distraction-free writing mode' ), 'strong' => __( 'Bold' ), 'strongClose' => __( 'Close bold tag' ), 'em' => __( 'Italic' ), 'emClose' => __( 'Close italic tag' ), 'link' => __( 'Insert link' ), 'blockquote' => __( 'Blockquote' ), 'blockquoteClose' => __( 'Close blockquote tag' ), 'del' => __( 'Deleted text (strikethrough)' ), 'delClose' => __( 'Close deleted text tag' ), 'ins' => __( 'Inserted text' ), 'insClose' => __( 'Close inserted text tag' ), 'image' => __( 'Insert image' ), 'ul' => __( 'Bulleted list' ), 'ulClose' => __( 'Close bulleted list tag' ), 'ol' => __( 'Numbered list' ), 'olClose' => __( 'Close numbered list tag' ), 'li' => __( 'List item' ), 'liClose' => __( 'Close list item tag' ), 'code' => __( 'Code' ), 'codeClose' => __( 'Close code tag' ), 'more' => __( 'Insert Read More tag' ), ) ); $scripts->add( 'colorpicker', "/wp-includes/js/colorpicker$suffix.js", array( 'prototype' ), '3517m' ); $scripts->add( 'editor', "/wp-admin/js/editor$suffix.js", array( 'utils', 'jquery' ), false, 1 ); $scripts->add( 'clipboard', "/wp-includes/js/clipboard$suffix.js", array(), '2.0.11', 1 ); $scripts->add( 'wp-ajax-response', "/wp-includes/js/wp-ajax-response$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-ajax-response', 'wpAjax', array( 'noPerm' => __( 'Sorry, you are not allowed to do that.' ), 'broken' => __( 'An error occurred while processing your request. Please try again later.' ), ) ); $scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 ); // `wpApiSettings` is also used by `wp-api`, which depends on this script. did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array( 'root' => sanitize_url( get_rest_url() ), 'nonce' => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ), 'versionString' => 'wp/v2/', ) ); $scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-core' ), false, 1 ); $scripts->set_translations( 'wp-pointer' ); $scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'heartbeat', 'heartbeatSettings', /** * Filters the Heartbeat settings. * * @since 3.6.0 * * @param array $settings Heartbeat settings array. */ apply_filters( 'heartbeat_settings', array() ) ); $scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->set_translations( 'wp-auth-check' ); $scripts->add( 'wp-lists', "/wp-includes/js/wp-lists$suffix.js", array( 'wp-ajax-response', 'jquery-color' ), false, 1 ); $scripts->add( 'site-icon', '/wp-admin/js/site-icon.js', array( 'jquery' ), false, 1 ); $scripts->set_translations( 'site-icon' ); // WordPress no longer uses or bundles Prototype or script.aculo.us. These are now pulled from an external source. $scripts->add( 'prototype', 'https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js', array(), '1.7.1' ); $scripts->add( 'scriptaculous-root', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js', array( 'prototype' ), '1.9.0' ); $scripts->add( 'scriptaculous-builder', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/builder.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-dragdrop', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/dragdrop.js', array( 'scriptaculous-builder', 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-effects', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/effects.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-slider', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/slider.js', array( 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-sound', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/sound.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-controls', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/controls.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous', false, array( 'scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls' ) ); // Not used in core, replaced by Jcrop.js. $scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array( 'scriptaculous-dragdrop' ) ); /* * jQuery. * The unminified jquery.js and jquery-migrate.js are included to facilitate debugging. */ $scripts->add( 'jquery', false, array( 'jquery-core', 'jquery-migrate' ), '3.7.1' ); $scripts->add( 'jquery-core', "/wp-includes/js/jquery/jquery$suffix.js", array(), '3.7.1' ); $scripts->add( 'jquery-migrate', "/wp-includes/js/jquery/jquery-migrate$suffix.js", array(), '3.4.1' ); /* * Full jQuery UI. * The build process in 1.12.1 has changed significantly. * In order to keep backwards compatibility, and to keep the optimized loading, * the source files were flattened and included with some modifications for AMD loading. * A notable change is that 'jquery-ui-core' now contains 'jquery-ui-position' and 'jquery-ui-widget'. */ $scripts->add( 'jquery-ui-core', "/wp-includes/js/jquery/ui/core$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-core', "/wp-includes/js/jquery/ui/effect$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-blind', "/wp-includes/js/jquery/ui/effect-blind$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-bounce', "/wp-includes/js/jquery/ui/effect-bounce$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-clip', "/wp-includes/js/jquery/ui/effect-clip$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-drop', "/wp-includes/js/jquery/ui/effect-drop$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-explode', "/wp-includes/js/jquery/ui/effect-explode$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fade', "/wp-includes/js/jquery/ui/effect-fade$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fold', "/wp-includes/js/jquery/ui/effect-fold$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-highlight', "/wp-includes/js/jquery/ui/effect-highlight$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$suffix.js", array( 'jquery-effects-core', 'jquery-effects-scale' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-pulsate', "/wp-includes/js/jquery/ui/effect-pulsate$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$suffix.js", array( 'jquery-effects-core', 'jquery-effects-size' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-shake', "/wp-includes/js/jquery/ui/effect-shake$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-size', "/wp-includes/js/jquery/ui/effect-size$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-slide', "/wp-includes/js/jquery/ui/effect-slide$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-transfer', "/wp-includes/js/jquery/ui/effect-transfer$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); // Widgets $scripts->add( 'jquery-ui-accordion', "/wp-includes/js/jquery/ui/accordion$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-autocomplete', "/wp-includes/js/jquery/ui/autocomplete$suffix.js", array( 'jquery-ui-menu', 'wp-a11y' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-button', "/wp-includes/js/jquery/ui/button$suffix.js", array( 'jquery-ui-core', 'jquery-ui-controlgroup', 'jquery-ui-checkboxradio' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-datepicker', "/wp-includes/js/jquery/ui/datepicker$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-dialog', "/wp-includes/js/jquery/ui/dialog$suffix.js", array( 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-menu', "/wp-includes/js/jquery/ui/menu$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-mouse', "/wp-includes/js/jquery/ui/mouse$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-progressbar', "/wp-includes/js/jquery/ui/progressbar$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectmenu', "/wp-includes/js/jquery/ui/selectmenu$suffix.js", array( 'jquery-ui-menu' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-slider', "/wp-includes/js/jquery/ui/slider$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-spinner', "/wp-includes/js/jquery/ui/spinner$suffix.js", array( 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tabs', "/wp-includes/js/jquery/ui/tabs$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tooltip', "/wp-includes/js/jquery/ui/tooltip$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // New in 1.12.1 $scripts->add( 'jquery-ui-checkboxradio', "/wp-includes/js/jquery/ui/checkboxradio$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-controlgroup', "/wp-includes/js/jquery/ui/controlgroup$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // Interactions $scripts->add( 'jquery-ui-draggable', "/wp-includes/js/jquery/ui/draggable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-droppable', "/wp-includes/js/jquery/ui/droppable$suffix.js", array( 'jquery-ui-draggable' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-resizable', "/wp-includes/js/jquery/ui/resizable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectable', "/wp-includes/js/jquery/ui/selectable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-sortable', "/wp-includes/js/jquery/ui/sortable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); /* * As of 1.12.1 `jquery-ui-position` and `jquery-ui-widget` are part of `jquery-ui-core`. * Listed here for back-compat. */ $scripts->add( 'jquery-ui-position', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-widget', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); // Deprecated, not used in core, most functionality is included in jQuery 1.3. $scripts->add( 'jquery-form', "/wp-includes/js/jquery/jquery.form$suffix.js", array( 'jquery' ), '4.3.0', 1 ); // jQuery plugins. $scripts->add( 'jquery-color', '/wp-includes/js/jquery/jquery.color.min.js', array( 'jquery' ), '3.0.0', 1 ); $scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array( 'jquery' ), '20m', 1 ); $scripts->add( 'jquery-query', '/wp-includes/js/jquery/jquery.query.js', array( 'jquery' ), '2.2.3', 1 ); $scripts->add( 'jquery-serialize-object', '/wp-includes/js/jquery/jquery.serialize-object.js', array( 'jquery' ), '0.2-wp', 1 ); $scripts->add( 'jquery-hotkeys', "/wp-includes/js/jquery/jquery.hotkeys$suffix.js", array( 'jquery' ), '0.0.2m', 1 ); $scripts->add( 'jquery-table-hotkeys', "/wp-includes/js/jquery/jquery.table-hotkeys$suffix.js", array( 'jquery', 'jquery-hotkeys' ), false, 1 ); $scripts->add( 'jquery-touch-punch', '/wp-includes/js/jquery/jquery.ui.touch-punch.js', array( 'jquery-ui-core', 'jquery-ui-mouse' ), '0.2.2', 1 ); // Not used any more, registered for backward compatibility. $scripts->add( 'suggest', "/wp-includes/js/jquery/suggest$suffix.js", array( 'jquery' ), '1.1-20110113', 1 ); /* * Masonry v2 depended on jQuery. v3 does not. The older jquery-masonry handle is a shiv. * It sets jQuery as a dependency, as the theme may have been implicitly loading it this way. */ $scripts->add( 'imagesloaded', '/wp-includes/js/imagesloaded.min.js', array(), '5.0.0', 1 ); $scripts->add( 'masonry', '/wp-includes/js/masonry.min.js', array( 'imagesloaded' ), '4.2.2', 1 ); $scripts->add( 'jquery-masonry', '/wp-includes/js/jquery/jquery.masonry.min.js', array( 'jquery', 'masonry' ), '3.1.2b', 1 ); $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array( 'jquery' ), '3.1-20121105', 1 ); did_action( 'init' ) && $scripts->localize( 'thickbox', 'thickboxL10n', array( 'next' => __( 'Next >' ), 'prev' => __( '< Prev' ), 'image' => __( 'Image' ), 'of' => __( 'of' ), 'close' => __( 'Close' ), 'noiframes' => __( 'This feature requires inline frames. You have iframes disabled or your browser does not support them.' ), 'loadingAnimation' => includes_url( 'js/thickbox/loadingAnimation.gif' ), ) ); // Not used in core, replaced by imgAreaSelect. $scripts->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.js', array( 'jquery' ), '0.9.15' ); // Error messages for Plupload. $uploader_l10n = array( 'queue_limit_exceeded' => __( 'You have attempted to queue too many files.' ), /* translators: %s: File name. */ 'file_exceeds_size_limit' => __( '%s exceeds the maximum upload size for this site.' ), 'zero_byte_file' => __( 'This file is empty. Please try another.' ), 'invalid_filetype' => __( 'This file cannot be processed by the web server.' ), 'not_an_image' => __( 'This file is not an image. Please try another.' ), 'image_memory_exceeded' => __( 'Memory exceeded. Please try another smaller file.' ), 'image_dimensions_exceeded' => __( 'This is larger than the maximum size. Please try another.' ), 'default_error' => __( 'An error occurred in the upload. Please try again later.' ), 'missing_upload_url' => __( 'There was a configuration error. Please contact the server administrator.' ), 'upload_limit_exceeded' => __( 'You may only upload 1 file.' ), 'http_error' => __( 'Unexpected response from the server. The file may have been uploaded successfully. Check in the Media Library or reload the page.' ), 'http_error_image' => __( 'The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2560 pixels.' ), 'upload_failed' => __( 'Upload failed.' ), /* translators: 1: Opening link tag, 2: Closing link tag. */ 'big_upload_failed' => __( 'Please try uploading this file with the %1$sbrowser uploader%2$s.' ), /* translators: %s: File name. */ 'big_upload_queued' => __( '%s exceeds the maximum upload size for the multi-file uploader when used in your browser.' ), 'io_error' => __( 'IO error.' ), 'security_error' => __( 'Security error.' ), 'file_cancelled' => __( 'File canceled.' ), 'upload_stopped' => __( 'Upload stopped.' ), 'dismiss' => __( 'Dismiss' ), 'crunching' => __( 'Crunching…' ), 'deleted' => __( 'moved to the Trash.' ), /* translators: %s: File name. */ 'error_uploading' => __( '“%s” has failed to upload.' ), 'unsupported_image' => __( 'This image cannot be displayed in a web browser. For best results convert it to JPEG before uploading.' ), 'noneditable_image' => __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ), 'file_url_copied' => __( 'The file URL has been copied to your clipboard' ), ); $scripts->add( 'moxiejs', "/wp-includes/js/plupload/moxie$suffix.js", array(), '1.3.5.1' ); $scripts->add( 'plupload', "/wp-includes/js/plupload/plupload$suffix.js", array( 'moxiejs' ), '2.1.9' ); // Back compat handles: foreach ( array( 'all', 'html5', 'flash', 'silverlight', 'html4' ) as $handle ) { $scripts->add( "plupload-$handle", false, array( 'plupload' ), '2.1.1' ); } $scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array( 'clipboard', 'jquery', 'plupload', 'underscore', 'wp-a11y', 'wp-i18n' ) ); did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'media-models' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 ); if ( did_action( 'init' ) ) { $scripts->add_data( 'comment-reply', 'strategy', 'async' ); $scripts->add_data( 'comment-reply', 'fetchpriority', 'low' ); // In Chrome this is automatically low due to the async strategy, but in Firefox and Safari the priority is normal/medium. } // Not used in core, obsolete. Registered for backward compatibility. $scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' ); did_action( 'init' ) && $scripts->add_data( 'json2', 'conditional', '_required-conditional-dependency_' ); $scripts->add( 'underscore', "/wp-includes/js/underscore$dev_suffix.js", array(), '1.13.7', 1 ); $scripts->add( 'backbone', "/wp-includes/js/backbone$dev_suffix.js", array( 'underscore', 'jquery' ), '1.6.0', 1 ); $scripts->add( 'wp-util', "/wp-includes/js/wp-util$suffix.js", array( 'underscore', 'jquery' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-util', '_wpUtilSettings', array( 'ajax' => array( 'url' => admin_url( 'admin-ajax.php', 'relative' ), ), ) ); $scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array( 'backbone', 'wp-util' ), false, 1 ); $scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 ); $scripts->add( 'imgareaselect', "/wp-includes/js/imgareaselect/jquery.imgareaselect$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'mediaelement', false, array( 'jquery', 'mediaelement-core', 'mediaelement-migrate' ), '4.2.17', 1 ); $scripts->add( 'mediaelement-core', "/wp-includes/js/mediaelement/mediaelement-and-player$suffix.js", array(), '4.2.17', 1 ); $scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->add_inline_script( 'mediaelement-core', sprintf( 'var mejsL10n = %s;', wp_json_encode( array( 'language' => strtolower( strtok( determine_locale(), '_-' ) ), 'strings' => array( 'mejs.download-file' => __( 'Download File' ), 'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ), 'mejs.fullscreen' => __( 'Fullscreen' ), 'mejs.play' => __( 'Play' ), 'mejs.pause' => __( 'Pause' ), 'mejs.time-slider' => __( 'Time Slider' ), 'mejs.time-help-text' => __( 'Use Left/Right Arrow keys to advance one second, Up/Down arrows to advance ten seconds.' ), 'mejs.live-broadcast' => __( 'Live Broadcast' ), 'mejs.volume-help-text' => __( 'Use Up/Down Arrow keys to increase or decrease volume.' ), 'mejs.unmute' => __( 'Unmute' ), 'mejs.mute' => __( 'Mute' ), 'mejs.volume-slider' => __( 'Volume Slider' ), 'mejs.video-player' => __( 'Video Player' ), 'mejs.audio-player' => __( 'Audio Player' ), 'mejs.captions-subtitles' => __( 'Captions/Subtitles' ), 'mejs.captions-chapters' => __( 'Chapters' ), 'mejs.none' => __( 'None' ), 'mejs.afrikaans' => __( 'Afrikaans' ), 'mejs.albanian' => __( 'Albanian' ), 'mejs.arabic' => __( 'Arabic' ), 'mejs.belarusian' => __( 'Belarusian' ), 'mejs.bulgarian' => __( 'Bulgarian' ), 'mejs.catalan' => __( 'Catalan' ), 'mejs.chinese' => __( 'Chinese' ), 'mejs.chinese-simplified' => __( 'Chinese (Simplified)' ), 'mejs.chinese-traditional' => __( 'Chinese (Traditional)' ), 'mejs.croatian' => __( 'Croatian' ), 'mejs.czech' => __( 'Czech' ), 'mejs.danish' => __( 'Danish' ), 'mejs.dutch' => __( 'Dutch' ), 'mejs.english' => __( 'English' ), 'mejs.estonian' => __( 'Estonian' ), 'mejs.filipino' => __( 'Filipino' ), 'mejs.finnish' => __( 'Finnish' ), 'mejs.french' => __( 'French' ), 'mejs.galician' => __( 'Galician' ), 'mejs.german' => __( 'German' ), 'mejs.greek' => __( 'Greek' ), 'mejs.haitian-creole' => __( 'Haitian Creole' ), 'mejs.hebrew' => __( 'Hebrew' ), 'mejs.hindi' => __( 'Hindi' ), 'mejs.hungarian' => __( 'Hungarian' ), 'mejs.icelandic' => __( 'Icelandic' ), 'mejs.indonesian' => __( 'Indonesian' ), 'mejs.irish' => __( 'Irish' ), 'mejs.italian' => __( 'Italian' ), 'mejs.japanese' => __( 'Japanese' ), 'mejs.korean' => __( 'Korean' ), 'mejs.latvian' => __( 'Latvian' ), 'mejs.lithuanian' => __( 'Lithuanian' ), 'mejs.macedonian' => __( 'Macedonian' ), 'mejs.malay' => __( 'Malay' ), 'mejs.maltese' => __( 'Maltese' ), 'mejs.norwegian' => __( 'Norwegian' ), 'mejs.persian' => __( 'Persian' ), 'mejs.polish' => __( 'Polish' ), 'mejs.portuguese' => __( 'Portuguese' ), 'mejs.romanian' => __( 'Romanian' ), 'mejs.russian' => __( 'Russian' ), 'mejs.serbian' => __( 'Serbian' ), 'mejs.slovak' => __( 'Slovak' ), 'mejs.slovenian' => __( 'Slovenian' ), 'mejs.spanish' => __( 'Spanish' ), 'mejs.swahili' => __( 'Swahili' ), 'mejs.swedish' => __( 'Swedish' ), 'mejs.tagalog' => __( 'Tagalog' ), 'mejs.thai' => __( 'Thai' ), 'mejs.turkish' => __( 'Turkish' ), 'mejs.ukrainian' => __( 'Ukrainian' ), 'mejs.vietnamese' => __( 'Vietnamese' ), 'mejs.welsh' => __( 'Welsh' ), 'mejs.yiddish' => __( 'Yiddish' ), ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'before' ); $scripts->add( 'mediaelement-vimeo', '/wp-includes/js/mediaelement/renderers/vimeo.min.js', array( 'mediaelement' ), '4.2.17', 1 ); $scripts->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.js", array( 'mediaelement' ), false, 1 ); $mejs_settings = array( 'pluginPath' => includes_url( 'js/mediaelement/', 'relative' ), 'classPrefix' => 'mejs-', 'stretching' => 'responsive', /** This filter is documented in wp-includes/media.php */ 'audioShortcodeLibrary' => apply_filters( 'wp_audio_shortcode_library', 'mediaelement' ), /** This filter is documented in wp-includes/media.php */ 'videoShortcodeLibrary' => apply_filters( 'wp_video_shortcode_library', 'mediaelement' ), ); did_action( 'init' ) && $scripts->localize( 'mediaelement', '_wpmejsSettings', /** * Filters the MediaElement configuration settings. * * @since 4.4.0 * * @param array $mejs_settings MediaElement settings array. */ apply_filters( 'mejs_settings', $mejs_settings ) ); $scripts->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.js', array(), '5.29.1-alpha-ee20357' ); $scripts->add( 'csslint', '/wp-includes/js/codemirror/csslint.js', array(), '1.0.5' ); $scripts->add( 'esprima', '/wp-includes/js/codemirror/esprima.js', array(), '4.0.0' ); $scripts->add( 'jshint', '/wp-includes/js/codemirror/fakejshint.js', array( 'esprima' ), '2.9.5' ); $scripts->add( 'jsonlint', '/wp-includes/js/codemirror/jsonlint.js', array(), '1.6.2' ); $scripts->add( 'htmlhint', '/wp-includes/js/codemirror/htmlhint.js', array(), '0.9.14-xwp' ); $scripts->add( 'htmlhint-kses', '/wp-includes/js/codemirror/htmlhint-kses.js', array( 'htmlhint' ) ); $scripts->add( 'code-editor', "/wp-admin/js/code-editor$suffix.js", array( 'jquery', 'wp-codemirror', 'underscore' ) ); $scripts->add( 'wp-theme-plugin-editor', "/wp-admin/js/theme-plugin-editor$suffix.js", array( 'common', 'wp-util', 'wp-sanitize', 'jquery', 'jquery-ui-core', 'wp-a11y', 'underscore' ), false, 1 ); $scripts->set_translations( 'wp-theme-plugin-editor' ); $scripts->add( 'wp-playlist', "/wp-includes/js/mediaelement/wp-playlist$suffix.js", array( 'wp-util', 'backbone', 'mediaelement' ), false, 1 ); $scripts->add( 'zxcvbn-async', "/wp-includes/js/zxcvbn-async$suffix.js", array(), '1.0' ); did_action( 'init' ) && $scripts->localize( 'zxcvbn-async', '_zxcvbnSettings', array( 'src' => empty( $guessed_url ) ? includes_url( '/js/zxcvbn.min.js' ) : $scripts->base_url . '/wp-includes/js/zxcvbn.min.js', ) ); $scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'password-strength-meter', 'pwsL10n', array( 'unknown' => _x( 'Password strength unknown', 'password strength' ), 'short' => _x( 'Very weak', 'password strength' ), 'bad' => _x( 'Weak', 'password strength' ), 'good' => _x( 'Medium', 'password strength' ), 'strong' => _x( 'Strong', 'password strength' ), 'mismatch' => _x( 'Mismatch', 'password mismatch' ), ) ); $scripts->set_translations( 'password-strength-meter' ); $scripts->add( 'password-toggle', "/wp-admin/js/password-toggle$suffix.js", array(), false, 1 ); $scripts->set_translations( 'password-toggle' ); $scripts->add( 'application-passwords', "/wp-admin/js/application-passwords$suffix.js", array( 'jquery', 'wp-util', 'wp-api-request', 'wp-date', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'application-passwords' ); $scripts->add( 'auth-app', "/wp-admin/js/auth-app$suffix.js", array( 'jquery', 'wp-api-request', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'auth-app' ); $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'clipboard', 'jquery', 'password-strength-meter', 'wp-util', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'user-profile' ); $user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0; did_action( 'init' ) && $scripts->localize( 'user-profile', 'userProfileL10n', array( 'user_id' => $user_id, 'nonce' => wp_installing() ? '' : wp_create_nonce( 'reset-password-for-' . $user_id ), ) ); $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'user-suggest', "/wp-admin/js/user-suggest$suffix.js", array( 'jquery-ui-autocomplete' ), false, 1 ); $scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", array( 'hoverintent-js' ), false, 1 ); $scripts->add( 'wplink', "/wp-includes/js/wplink$suffix.js", array( 'common', 'jquery', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'wplink' ); did_action( 'init' ) && $scripts->localize( 'wplink', 'wpLinkL10n', array( 'title' => __( 'Insert/edit link' ), 'update' => __( 'Update' ), 'save' => __( 'Add Link' ), 'noTitle' => __( '(no title)' ), 'noMatchesFound' => __( 'No results found.' ), 'linkSelected' => __( 'Link selected.' ), 'linkInserted' => __( 'Link inserted.' ), /* translators: Minimum input length in characters to start searching posts in the "Insert/edit link" modal. */ 'minInputLength' => (int) _x( '3', 'minimum input length for searching post links' ), ) ); $scripts->add( 'wpdialogs', "/wp-includes/js/wpdialog$suffix.js", array( 'jquery-ui-dialog' ), false, 1 ); $scripts->add( 'word-count', "/wp-admin/js/word-count$suffix.js", array(), false, 1 ); $scripts->add( 'media-upload', "/wp-admin/js/media-upload$suffix.js", array( 'thickbox', 'shortcode' ), false, 1 ); $scripts->add( 'hoverIntent', "/wp-includes/js/hoverIntent$suffix.js", array( 'jquery' ), '1.10.2', 1 ); // JS-only version of hoverintent (no dependencies). $scripts->add( 'hoverintent-js', '/wp-includes/js/hoverintent-js.min.js', array(), '2.2.1', 1 ); $scripts->add( 'customize-base', "/wp-includes/js/customize-base$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'customize-loader', "/wp-includes/js/customize-loader$suffix.js", array( 'customize-base' ), false, 1 ); $scripts->add( 'customize-preview', "/wp-includes/js/customize-preview$suffix.js", array( 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'customize-models', '/wp-includes/js/customize-models.js', array( 'underscore', 'backbone' ), false, 1 ); $scripts->add( 'customize-views', '/wp-includes/js/customize-views.js', array( 'jquery', 'underscore', 'imgareaselect', 'customize-models', 'media-editor', 'media-views' ), false, 1 ); $scripts->add( 'customize-controls', "/wp-admin/js/customize-controls$suffix.js", array( 'customize-base', 'wp-a11y', 'wp-util', 'jquery-ui-core' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'customize-controls', '_wpCustomizeControlsL10n', array( 'activate' => __( 'Activate & Publish' ), 'save' => __( 'Save & Publish' ), // @todo Remove as not required. 'publish' => __( 'Publish' ), 'published' => __( 'Published' ), 'saveDraft' => __( 'Save Draft' ), 'draftSaved' => __( 'Draft Saved' ), 'updating' => __( 'Updating' ), 'schedule' => _x( 'Schedule', 'customizer changeset action/button label' ), 'scheduled' => _x( 'Scheduled', 'customizer changeset status' ), 'invalid' => __( 'Invalid' ), 'saveBeforeShare' => __( 'Please save your changes in order to share the preview.' ), 'futureDateError' => __( 'You must supply a future date to schedule.' ), 'saveAlert' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'saved' => __( 'Saved' ), 'cancel' => __( 'Cancel' ), 'close' => __( 'Close' ), 'action' => __( 'Action' ), 'discardChanges' => __( 'Discard changes' ), 'cheatin' => __( 'An error occurred. Please try again later.' ), 'notAllowedHeading' => __( 'You need a higher level of permission.' ), 'notAllowed' => __( 'Sorry, you are not allowed to customize this site.' ), 'previewIframeTitle' => __( 'Site Preview' ), 'loginIframeTitle' => __( 'Session expired' ), 'collapseSidebar' => _x( 'Hide Controls', 'label for hide controls button without length constraints' ), 'expandSidebar' => _x( 'Show Controls', 'label for hide controls button without length constraints' ), 'untitledBlogName' => __( '(Untitled)' ), 'unknownRequestFail' => __( 'Looks like something’s gone wrong. Wait a couple seconds, and then try again.' ), 'themeDownloading' => __( 'Downloading your new theme…' ), 'themePreviewWait' => __( 'Setting up your live preview. This may take a bit.' ), 'revertingChanges' => __( 'Reverting unpublished changes…' ), 'trashConfirm' => __( 'Are you sure you want to discard your unpublished changes?' ), /* translators: %s: Display name of the user who has taken over the changeset in customizer. */ 'takenOverMessage' => __( '%s has taken over and is currently customizing.' ), /* translators: %s: URL to the Customizer to load the autosaved version. */ 'autosaveNotice' => __( 'There is a more recent autosave of your changes than the one you are previewing. <a href="%s">Restore the autosave</a>' ), 'videoHeaderNotice' => __( 'This theme does not support video headers on this page. Navigate to the front page or another page that supports video headers.' ), // Used for overriding the file types allowed in Plupload. 'allowedFiles' => __( 'Allowed Files' ), 'customCssError' => array( /* translators: %d: Error count. */ 'singular' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 1 ), /* translators: %d: Error count. */ 'plural' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'pageOnFrontError' => __( 'Homepage and posts page must be different.' ), 'saveBlockedError' => array( /* translators: %s: Number of invalid settings. */ 'singular' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 1 ), /* translators: %s: Number of invalid settings. */ 'plural' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'scheduleDescription' => __( 'Schedule your customization changes to publish ("go live") at a future date.' ), 'themePreviewUnavailable' => __( 'Sorry, you cannot preview new themes when you have changes scheduled or saved as a draft. Please publish your changes, or wait until they publish to preview new themes.' ), 'themeInstallUnavailable' => sprintf( /* translators: %s: URL to Add Themes admin screen. */ __( 'You will not be able to install new themes from here yet since your install requires SFTP credentials. For now, please <a href="%s">add themes in the admin</a>.' ), esc_url( admin_url( 'theme-install.php' ) ) ), 'publishSettings' => __( 'Publish Settings' ), 'invalidDate' => __( 'Invalid date.' ), 'invalidValue' => __( 'Invalid value.' ), 'blockThemeNotification' => sprintf( /* translators: 1: Link to Site Editor documentation on HelpHub, 2: HTML button. */ __( 'Hurray! Your theme supports site editing with blocks. <a href="%1$s">Tell me more</a>. %2$s' ), __( 'https://wordpress.org/documentation/article/site-editor/' ), sprintf( '<button type="button" data-action="%1$s" class="button switch-to-editor">%2$s</button>', esc_url( admin_url( 'site-editor.php' ) ), __( 'Use Site Editor' ) ) ), ) ); $scripts->add( 'customize-selective-refresh', "/wp-includes/js/customize-selective-refresh$suffix.js", array( 'jquery', 'wp-util', 'customize-preview' ), false, 1 ); $scripts->add( 'customize-widgets', "/wp-admin/js/customize-widgets$suffix.js", array( 'jquery', 'jquery-ui-sortable', 'jquery-ui-droppable', 'wp-backbone', 'customize-controls' ), false, 1 ); $scripts->add( 'customize-preview-widgets', "/wp-includes/js/customize-preview-widgets$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu', 'wp-sanitize' ), false, 1 ); $scripts->add( 'customize-preview-nav-menus', "/wp-includes/js/customize-preview-nav-menus$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'wp-custom-header', "/wp-includes/js/wp-custom-header$suffix.js", array( 'wp-a11y' ), false, 1 ); $scripts->add( 'accordion', "/wp-admin/js/accordion$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'shortcode', "/wp-includes/js/shortcode$suffix.js", array( 'underscore' ), false, 1 ); $scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'wp-backbone' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array( 'settings' => array( 'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ), 'post' => array( 'id' => 0 ), ), ) ); $scripts->add( 'wp-embed', "/wp-includes/js/wp-embed$suffix.js" ); did_action( 'init' ) && $scripts->add_data( 'wp-embed', 'strategy', 'defer' ); /* * To enqueue media-views or media-editor, call wp_enqueue_media(). * Both rely on numerous settings, styles, and templates to operate correctly. */ $scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request', 'wp-a11y', 'clipboard' ), false, 1 ); $scripts->set_translations( 'media-views' ); $scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 ); $scripts->set_translations( 'media-editor' ); $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 ); $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 ); if ( is_admin() ) { $scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 ); $scripts->set_translations( 'admin-tags' ); $scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array( 'wp-lists', 'quicktags', 'jquery-query', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-comments' ); did_action( 'init' ) && $scripts->localize( 'admin-comments', 'adminCommentsSettings', array( 'hotkeys_highlight_first' => isset( $_GET['hotkeys_highlight_first'] ), 'hotkeys_highlight_last' => isset( $_GET['hotkeys_highlight_last'] ), ) ); $scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array( 'jquery-ui-sortable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'postbox' ); $scripts->add( 'tags-box', "/wp-admin/js/tags-box$suffix.js", array( 'jquery', 'tags-suggest' ), false, 1 ); $scripts->set_translations( 'tags-box' ); $scripts->add( 'tags-suggest', "/wp-admin/js/tags-suggest$suffix.js", array( 'common', 'jquery-ui-autocomplete', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'tags-suggest' ); $scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y', 'wp-sanitize', 'clipboard' ), false, 1 ); $scripts->set_translations( 'post' ); $scripts->add( 'editor-expand', "/wp-admin/js/editor-expand$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'link', "/wp-admin/js/link$suffix.js", array( 'wp-lists', 'postbox' ), false, 1 ); $scripts->add( 'comment', "/wp-admin/js/comment$suffix.js", array( 'jquery', 'postbox' ), false, 1 ); $scripts->set_translations( 'comment' ); $scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) ); $scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-widgets' ); $scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) ); $scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' ); $scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) ); $scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-gallery-widget', "/wp-admin/js/widgets/media-gallery-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) ); $scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) ); $scripts->add( 'custom-html-widgets', "/wp-admin/js/widgets/custom-html-widgets$suffix.js", array( 'jquery', 'backbone', 'wp-util', 'jquery-ui-core', 'wp-a11y' ) ); $scripts->add( 'theme', "/wp-admin/js/theme$suffix.js", array( 'wp-backbone', 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'inline-edit-post', "/wp-admin/js/inline-edit-post$suffix.js", array( 'jquery', 'tags-suggest', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-post' ); $scripts->add( 'inline-edit-tax', "/wp-admin/js/inline-edit-tax$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-tax' ); $scripts->add( 'plugin-install', "/wp-admin/js/plugin-install$suffix.js", array( 'jquery', 'jquery-ui-core', 'thickbox' ), false, 1 ); $scripts->set_translations( 'plugin-install' ); $scripts->add( 'site-health', "/wp-admin/js/site-health$suffix.js", array( 'clipboard', 'jquery', 'wp-util', 'wp-a11y', 'wp-api-request', 'wp-url', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'site-health' ); $scripts->add( 'privacy-tools', "/wp-admin/js/privacy-tools$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'privacy-tools' ); $scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'common', 'jquery', 'wp-util', 'wp-a11y', 'wp-sanitize', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'updates' ); did_action( 'init' ) && $scripts->localize( 'updates', '_wpUpdatesSettings', array( 'ajax_nonce' => wp_installing() ? '' : wp_create_nonce( 'updates' ), ) ); $scripts->add( 'farbtastic', '/wp-admin/js/farbtastic.js', array( 'jquery' ), '1.2' ); $scripts->add( 'iris', '/wp-admin/js/iris.min.js', array( 'jquery-ui-draggable', 'jquery-ui-slider', 'jquery-touch-punch' ), '1.1.1', 1 ); $scripts->add( 'wp-color-picker', "/wp-admin/js/color-picker$suffix.js", array( 'iris' ), false, 1 ); $scripts->set_translations( 'wp-color-picker' ); $scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'common', 'jquery', 'admin-comments', 'postbox', 'wp-util', 'wp-a11y', 'wp-date' ), false, 1 ); $scripts->set_translations( 'dashboard' ); $scripts->add( 'list-revisions', "/wp-includes/js/wp-list-revisions$suffix.js" ); $scripts->add( 'media-grid', "/wp-includes/js/media-grid$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'media', "/wp-admin/js/media$suffix.js", array( 'jquery', 'clipboard', 'wp-i18n', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'media' ); $scripts->add( 'image-edit', "/wp-admin/js/image-edit$suffix.js", array( 'jquery', 'jquery-ui-core', 'imgareaselect', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'image-edit' ); $scripts->add( 'set-post-thumbnail', "/wp-admin/js/set-post-thumbnail$suffix.js", array( 'jquery' ), false, 1 ); $scripts->set_translations( 'set-post-thumbnail' ); /* * Navigation Menus: Adding underscore as a dependency to utilize _.debounce * see https://core.trac.wordpress.org/ticket/42321 */ $scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-lists', 'postbox', 'underscore' ) ); $scripts->set_translations( 'nav-menu' ); $scripts->add( 'custom-header', '/wp-admin/js/custom-header.js', array( 'jquery-masonry' ), false, 1 ); $scripts->add( 'custom-background', "/wp-admin/js/custom-background$suffix.js", array( 'wp-color-picker', 'media-views' ), false, 1 ); $scripts->add( 'media-gallery', "/wp-admin/js/media-gallery$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'svg-painter', '/wp-admin/js/svg-painter.js', array( 'jquery' ), false, 1 ); } } /** * Assigns default styles to $styles object. * * Nothing is returned, because the $styles parameter is passed by reference. * Meaning that whatever object is passed will be updated without having to * reassign the variable that was passed back to the same value. This saves * memory. * * Adding default styles is not the only task, it also assigns the base_url * property, the default version, and text direction for the object. * * @since 2.6.0 * * @global array $editor_styles * * @param WP_Styles $styles */ function wp_default_styles( $styles ) { global $editor_styles; /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; if ( ! defined( 'SCRIPT_DEBUG' ) ) { /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ define( 'SCRIPT_DEBUG', false !== strpos( $wp_version, '-src' ) ); } $guessurl = site_url(); if ( ! $guessurl ) { $guessurl = wp_guess_url(); } $styles->base_url = $guessurl; $styles->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $styles->default_version = get_bloginfo( 'version' ); $styles->text_direction = function_exists( 'is_rtl' ) && is_rtl() ? 'rtl' : 'ltr'; $styles->default_dirs = array( '/wp-admin/', '/wp-includes/css/' ); // Open Sans is no longer used by core, but may be relied upon by themes and plugins. $open_sans_font_url = ''; /* * translators: If there are characters in your language that are not supported * by Open Sans, translate this to 'off'. Do not translate into your own language. */ if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) { $subsets = 'latin,latin-ext'; /* * translators: To add an additional Open Sans character subset specific to your language, * translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language. */ $subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' ); if ( 'cyrillic' === $subset ) { $subsets .= ',cyrillic,cyrillic-ext'; } elseif ( 'greek' === $subset ) { $subsets .= ',greek,greek-ext'; } elseif ( 'vietnamese' === $subset ) { $subsets .= ',vietnamese'; } // Hotlink Open Sans, for now. $open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets&display=fallback"; } // Register a stylesheet for the selected admin color scheme. $styles->add( 'colors', true, array( 'wp-admin', 'buttons' ) ); $suffix = SCRIPT_DEBUG ? '' : '.min'; // Admin CSS. $styles->add( 'common', "/wp-admin/css/common$suffix.css" ); $styles->add( 'forms', "/wp-admin/css/forms$suffix.css" ); $styles->add( 'admin-menu', "/wp-admin/css/admin-menu$suffix.css" ); $styles->add( 'dashboard', "/wp-admin/css/dashboard$suffix.css" ); $styles->add( 'list-tables', "/wp-admin/css/list-tables$suffix.css" ); $styles->add( 'edit', "/wp-admin/css/edit$suffix.css" ); $styles->add( 'revisions', "/wp-admin/css/revisions$suffix.css" ); $styles->add( 'media', "/wp-admin/css/media$suffix.css" ); $styles->add( 'themes', "/wp-admin/css/themes$suffix.css" ); $styles->add( 'about', "/wp-admin/css/about$suffix.css" ); $styles->add( 'nav-menus', "/wp-admin/css/nav-menus$suffix.css" ); $styles->add( 'widgets', "/wp-admin/css/widgets$suffix.css", array( 'wp-pointer' ) ); $styles->add( 'site-icon', "/wp-admin/css/site-icon$suffix.css" ); $styles->add( 'l10n', "/wp-admin/css/l10n$suffix.css" ); $styles->add( 'code-editor', "/wp-admin/css/code-editor$suffix.css", array( 'wp-codemirror' ) ); $styles->add( 'site-health', "/wp-admin/css/site-health$suffix.css" ); $styles->add( 'wp-admin', false, array( 'dashicons', 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n' ) ); $styles->add( 'login', "/wp-admin/css/login$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'install', "/wp-admin/css/install$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'wp-color-picker', "/wp-admin/css/color-picker$suffix.css" ); $styles->add( 'customize-controls', "/wp-admin/css/customize-controls$suffix.css", array( 'wp-admin', 'colors', 'imgareaselect' ) ); $styles->add( 'customize-widgets', "/wp-admin/css/customize-widgets$suffix.css", array( 'wp-admin', 'colors' ) ); $styles->add( 'customize-nav-menus', "/wp-admin/css/customize-nav-menus$suffix.css", array( 'wp-admin', 'colors' ) ); // Common dependencies. $styles->add( 'buttons', "/wp-includes/css/buttons$suffix.css" ); $styles->add( 'dashicons', "/wp-includes/css/dashicons$suffix.css" ); // Includes CSS. $styles->add( 'admin-bar', "/wp-includes/css/admin-bar$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-auth-check', "/wp-includes/css/wp-auth-check$suffix.css", array( 'dashicons' ) ); $styles->add( 'editor-buttons', "/wp-includes/css/editor$suffix.css", array( 'dashicons' ) ); $styles->add( 'media-views', "/wp-includes/css/media-views$suffix.css", array( 'buttons', 'dashicons', 'wp-mediaelement' ) ); $styles->add( 'wp-pointer', "/wp-includes/css/wp-pointer$suffix.css", array( 'dashicons' ) ); $styles->add( 'customize-preview', "/wp-includes/css/customize-preview$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-empty-template-alert', "/wp-includes/css/wp-empty-template-alert$suffix.css" ); // External libraries and friends. $styles->add( 'imgareaselect', '/wp-includes/js/imgareaselect/imgareaselect.css', array(), '0.9.8' ); $styles->add( 'wp-jquery-ui-dialog', "/wp-includes/css/jquery-ui-dialog$suffix.css", array( 'dashicons' ) ); $styles->add( 'mediaelement', '/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css', array(), '4.2.17' ); $styles->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.css", array( 'mediaelement' ) ); $styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ) ); $styles->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.css', array(), '5.29.1-alpha-ee20357' ); // Deprecated CSS. $styles->add( 'deprecated-media', "/wp-admin/css/deprecated-media$suffix.css" ); $styles->add( 'farbtastic', "/wp-admin/css/farbtastic$suffix.css", array(), '1.3u1' ); $styles->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.css', array(), '0.9.15' ); $styles->add( 'colors-fresh', false, array( 'wp-admin', 'buttons' ) ); // Old handle. $styles->add( 'open-sans', $open_sans_font_url ); // No longer used in core as of 4.6. $styles->add( 'wp-embed-template-ie', false ); $styles->add_data( 'wp-embed-template-ie', 'conditional', '_required-conditional-dependency_' ); // Noto Serif is no longer used by core, but may be relied upon by themes and plugins. $fonts_url = ''; /* * translators: Use this to specify the proper Google Font name and variants * to load that is supported by your language. Do not translate. * Set to 'off' to disable loading. */ $font_family = _x( 'Noto Serif:400,400i,700,700i', 'Google Font Name and Variants' ); if ( 'off' !== $font_family ) { $fonts_url = 'https://fonts.googleapis.com/css?family=' . urlencode( $font_family ); } $styles->add( 'wp-editor-font', $fonts_url ); // No longer used in core as of 5.7. $block_library_theme_path = WPINC . "/css/dist/block-library/theme$suffix.css"; $styles->add( 'wp-block-library-theme', "/$block_library_theme_path" ); $styles->add_data( 'wp-block-library-theme', 'path', ABSPATH . $block_library_theme_path ); $classic_theme_styles_path = WPINC . "/css/classic-themes$suffix.css"; $styles->add( 'classic-theme-styles', "/$classic_theme_styles_path" ); $styles->add_data( 'classic-theme-styles', 'path', ABSPATH . $classic_theme_styles_path ); $styles->add( 'wp-reset-editor-styles', "/wp-includes/css/dist/block-library/reset$suffix.css", array( 'common', 'forms' ) // Make sure the reset is loaded after the default WP Admin styles. ); $styles->add( 'wp-editor-classic-layout-styles', "/wp-includes/css/dist/edit-post/classic$suffix.css", array() ); $styles->add( 'wp-block-editor-content', "/wp-includes/css/dist/block-editor/content$suffix.css", array( 'wp-components' ) ); // Only add CONTENT styles here that should be enqueued in the iframe! $wp_edit_blocks_dependencies = array( 'wp-components', /* * This needs to be added before the block library styles, * The block library styles override the "reset" styles. */ 'wp-reset-editor-styles', 'wp-block-library', 'wp-block-editor-content', ); // Only load the default layout and margin styles for themes without theme.json file. if ( ! wp_theme_has_theme_json() ) { $wp_edit_blocks_dependencies[] = 'wp-editor-classic-layout-styles'; } if ( current_theme_supports( 'wp-block-styles' ) && ( ! is_array( $editor_styles ) || count( $editor_styles ) === 0 ) ) { /* * Include opinionated block styles if the theme supports block styles and * no $editor_styles are declared, so the editor never appears broken. */ $wp_edit_blocks_dependencies[] = 'wp-block-library-theme'; } $styles->add( 'wp-edit-blocks', "/wp-includes/css/dist/block-library/editor$suffix.css", $wp_edit_blocks_dependencies ); $package_styles = array( 'block-editor' => array( 'wp-components', 'wp-preferences' ), 'block-library' => array(), 'block-directory' => array(), 'components' => array(), 'commands' => array( 'wp-components' ), 'edit-post' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-commands', 'wp-preferences', ), 'editor' => array( 'wp-components', 'wp-block-editor', 'wp-reusable-blocks', 'wp-patterns', 'wp-preferences', ), 'format-library' => array(), 'list-reusable-blocks' => array( 'wp-components' ), 'reusable-blocks' => array( 'wp-components' ), 'patterns' => array( 'wp-components' ), 'preferences' => array( 'wp-components' ), 'nux' => array( 'wp-components' ), 'widgets' => array( 'wp-components', ), 'edit-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'customize-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'edit-site' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-commands', 'wp-preferences', ), ); foreach ( $package_styles as $package => $dependencies ) { $handle = 'wp-' . $package; $path = "/wp-includes/css/dist/$package/style$suffix.css"; if ( 'block-library' === $package && wp_should_load_separate_core_block_assets() ) { $path = "/wp-includes/css/dist/$package/common$suffix.css"; } $styles->add( $handle, $path, $dependencies ); $styles->add_data( $handle, 'path', ABSPATH . $path ); } // RTL CSS. $rtl_styles = array( // Admin CSS. 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n', 'install', 'wp-color-picker', 'customize-controls', 'customize-widgets', 'customize-nav-menus', 'customize-preview', 'login', 'site-health', 'wp-empty-template-alert', // Includes CSS. 'buttons', 'admin-bar', 'wp-auth-check', 'editor-buttons', 'media-views', 'wp-pointer', 'wp-jquery-ui-dialog', // Package styles. 'wp-reset-editor-styles', 'wp-editor-classic-layout-styles', 'wp-block-library-theme', 'wp-edit-blocks', 'wp-block-editor', 'wp-block-library', 'wp-block-directory', 'wp-commands', 'wp-components', 'wp-customize-widgets', 'wp-edit-post', 'wp-edit-site', 'wp-edit-widgets', 'wp-editor', 'wp-format-library', 'wp-list-reusable-blocks', 'wp-reusable-blocks', 'wp-patterns', 'wp-nux', 'wp-widgets', // Deprecated CSS. 'deprecated-media', 'farbtastic', ); foreach ( $rtl_styles as $rtl_style ) { $styles->add_data( $rtl_style, 'rtl', 'replace' ); if ( $suffix ) { $styles->add_data( $rtl_style, 'suffix', $suffix ); } } } /** * Reorders JavaScript scripts array to place prototype before jQuery. * * @since 2.3.1 * * @param string[] $js_array JavaScript scripts array * @return string[] Reordered array, if needed. */ function wp_prototype_before_jquery( $js_array ) { $prototype = array_search( 'prototype', $js_array, true ); if ( false === $prototype ) { return $js_array; } $jquery = array_search( 'jquery', $js_array, true ); if ( false === $jquery ) { return $js_array; } if ( $prototype < $jquery ) { return $js_array; } unset( $js_array[ $prototype ] ); array_splice( $js_array, $jquery, 0, 'prototype' ); return $js_array; } /** * Loads localized data on print rather than initialization. * * These localizations require information that may not be loaded even by init. * * @since 2.5.0 * * @global array $shortcode_tags */ function wp_just_in_time_script_localization() { wp_localize_script( 'autosave', 'autosaveL10n', array( 'autosaveInterval' => AUTOSAVE_INTERVAL, 'blog_id' => get_current_blog_id(), ) ); wp_localize_script( 'mce-view', 'mceViewL10n', array( 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); wp_localize_script( 'word-count', 'wordCountL10n', array( 'type' => wp_get_word_count_type(), 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); } /** * Localizes the jQuery UI datepicker. * * @since 4.6.0 * * @link https://api.jqueryui.com/datepicker/#options * * @global WP_Locale $wp_locale WordPress date and time locale object. */ function wp_localize_jquery_ui_datepicker() { global $wp_locale; if ( ! wp_script_is( 'jquery-ui-datepicker', 'enqueued' ) ) { return; } // Convert the PHP date format into jQuery UI's format. $datepicker_date_format = str_replace( array( 'd', 'j', 'l', 'z', // Day. 'F', 'M', 'n', 'm', // Month. 'Y', 'y', // Year. ), array( 'dd', 'd', 'DD', 'o', 'MM', 'M', 'm', 'mm', 'yy', 'y', ), get_option( 'date_format' ) ); $datepicker_defaults = wp_json_encode( array( 'closeText' => __( 'Close' ), 'currentText' => __( 'Today' ), 'monthNames' => array_values( $wp_locale->month ), 'monthNamesShort' => array_values( $wp_locale->month_abbrev ), 'nextText' => __( 'Next' ), 'prevText' => __( 'Previous' ), 'dayNames' => array_values( $wp_locale->weekday ), 'dayNamesShort' => array_values( $wp_locale->weekday_abbrev ), 'dayNamesMin' => array_values( $wp_locale->weekday_initial ), 'dateFormat' => $datepicker_date_format, 'firstDay' => absint( get_option( 'start_of_week' ) ), 'isRTL' => $wp_locale->is_rtl(), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); wp_add_inline_script( 'jquery-ui-datepicker', "jQuery(function(jQuery){jQuery.datepicker.setDefaults({$datepicker_defaults});});" ); } /** * Localizes community events data that needs to be passed to dashboard.js. * * @since 4.8.0 */ function wp_localize_community_events() { if ( ! wp_script_is( 'dashboard' ) ) { return; } require_once ABSPATH . 'wp-admin/includes/class-wp-community-events.php'; $user_id = get_current_user_id(); $saved_location = get_user_option( 'community-events-location', $user_id ); $saved_ip_address = isset( $saved_location['ip'] ) ? $saved_location['ip'] : false; $current_ip_address = WP_Community_Events::get_unsafe_client_ip(); /* * If the user's location is based on their IP address, then update their * location when their IP address changes. This allows them to see events * in their current city when travelling. Otherwise, they would always be * shown events in the city where they were when they first loaded the * Dashboard, which could have been months or years ago. */ if ( $saved_ip_address && $current_ip_address && $current_ip_address !== $saved_ip_address ) { $saved_location['ip'] = $current_ip_address; update_user_meta( $user_id, 'community-events-location', $saved_location ); } $events_client = new WP_Community_Events( $user_id, $saved_location ); wp_localize_script( 'dashboard', 'communityEventsData', array( 'nonce' => wp_create_nonce( 'community_events' ), 'cache' => $events_client->get_cached_events(), 'time_format' => get_option( 'time_format' ), ) ); } /** * Administration Screen CSS for changing the styles. * * If installing the 'wp-admin/' directory will be replaced with './'. * * The $_wp_admin_css_colors global manages the Administration Screens CSS * stylesheet that is loaded. The option that is set is 'admin_color' and is the * color and key for the array. The value for the color key is an object with * a 'url' parameter that has the URL path to the CSS file. * * The query from $src parameter will be appended to the URL that is given from * the $_wp_admin_css_colors array value URL. * * @since 2.6.0 * * @global array $_wp_admin_css_colors * * @param string $src Source URL. * @param string $handle Either 'colors' or 'colors-rtl'. * @return string|false URL path to CSS stylesheet for Administration Screens. */ function wp_style_loader_src( $src, $handle ) { global $_wp_admin_css_colors; if ( wp_installing() ) { return preg_replace( '#^wp-admin/#', './', $src ); } if ( 'colors' === $handle ) { $color = get_user_option( 'admin_color' ); if ( empty( $color ) || ! isset( $_wp_admin_css_colors[ $color ] ) ) { $color = 'fresh'; } $color = $_wp_admin_css_colors[ $color ]; $url = $color->url; if ( ! $url ) { return false; } $parsed = parse_url( $src ); if ( isset( $parsed['query'] ) && $parsed['query'] ) { wp_parse_str( $parsed['query'], $qv ); $url = add_query_arg( $qv, $url ); } return $url; } return $src; } /** * Prints the script queue in the HTML head on admin pages. * * Postpones the scripts that were queued for the footer. * print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @see wp_print_scripts() * * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_head_scripts() { global $concatenate_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } $wp_scripts = wp_scripts(); script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_head_items(); /** * Filters whether to print the head scripts. * * @since 2.8.0 * * @param bool $print Whether to print the head scripts. Default true. */ if ( apply_filters( 'print_head_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints the scripts that were queued for the footer or too late for the HTML head. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_footer_scripts() { global $wp_scripts, $concatenate_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if not instantiated. } script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_footer_items(); /** * Filters whether to print the footer scripts. * * @since 2.8.0 * * @param bool $print Whether to print the footer scripts. Default true. */ if ( apply_filters( 'print_footer_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints scripts (internal use only) * * @since 2.8.0 * * @ignore * * @global WP_Scripts $wp_scripts * @global bool $compress_scripts */ function _print_scripts() { global $wp_scripts, $compress_scripts; $zip = $compress_scripts ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_scripts->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'script' ) ? '' : " type='text/javascript'"; if ( $concat ) { if ( ! empty( $wp_scripts->print_code ) ) { echo "\n<script{$type_attr}>\n"; echo "/* <![CDATA[ */\n"; // Not needed in HTML 5. echo $wp_scripts->print_code; echo sprintf( "\n//# sourceURL=%s\n", rawurlencode( 'js-inline-concat-' . $concat ) ); echo "/* ]]> */\n"; echo "</script>\n"; } $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version; echo "<script{$type_attr} src='" . esc_attr( $src ) . "'></script>\n"; } if ( ! empty( $wp_scripts->print_html ) ) { echo $wp_scripts->print_html; } } /** * Prints the script queue in the HTML head on the front end. * * Postpones the scripts that were queued for the footer. * wp_print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * * @return string[] Handles of the scripts that were printed. */ function wp_print_head_scripts() { global $wp_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if nothing is queued. } return print_head_scripts(); } /** * Private, for use in *_footer_scripts hooks * * In classic themes, when block styles are loaded on demand via wp_load_classic_theme_block_styles_on_demand(), * this function is replaced by a closure in wp_hoist_late_printed_styles() which will capture the printing of * two sets of "late" styles to be hoisted to the HEAD by means of the template enhancement output buffer: * * 1. Styles related to blocks are inserted right after the wp-block-library stylesheet. * 2. All other styles are appended to the end of the HEAD. * * The closure calls print_footer_scripts() to print scripts in the footer as usual. * * @since 3.3.0 */ function _wp_footer_scripts() { print_late_styles(); print_footer_scripts(); } /** * Hooks to print the scripts and styles in the footer. * * @since 2.8.0 */ function wp_print_footer_scripts() { /** * Fires when footer scripts are printed. * * @since 2.8.0 */ do_action( 'wp_print_footer_scripts' ); } /** * Wrapper for do_action( 'wp_enqueue_scripts' ). * * Allows plugins to queue scripts for the front end using wp_enqueue_script(). * Runs first in wp_head() where all is_home(), is_page(), etc. functions are available. * * @since 2.8.0 */ function wp_enqueue_scripts() { /** * Fires when scripts and styles are enqueued. * * @since 2.8.0 */ do_action( 'wp_enqueue_scripts' ); } /** * Prints the styles queue in the HTML head on admin pages. * * @since 2.8.0 * * @global bool $concatenate_scripts * * @return string[] Handles of the styles that were printed. */ function print_admin_styles() { global $concatenate_scripts; $wp_styles = wp_styles(); script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_items( false ); /** * Filters whether to print the admin styles. * * @since 2.8.0 * * @param bool $print Whether to print the admin styles. Default true. */ if ( apply_filters( 'print_admin_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints the styles that were queued too late for the HTML head. * * @since 3.3.0 * * @global WP_Styles $wp_styles * @global bool $concatenate_scripts * * @return array|void */ function print_late_styles() { global $wp_styles, $concatenate_scripts; if ( ! ( $wp_styles instanceof WP_Styles ) ) { return; } script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_footer_items(); /** * Filters whether to print the styles queued too late for the HTML head. * * @since 3.3.0 * * @param bool $print Whether to print the 'late' styles. Default true. */ if ( apply_filters( 'print_late_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints styles (internal use only). * * @ignore * @since 3.3.0 * * @global bool $compress_css */ function _print_styles() { global $compress_css; $wp_styles = wp_styles(); $zip = $compress_css ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_styles->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; if ( $concat ) { $dir = $wp_styles->text_direction; $ver = $wp_styles->default_version; $concat_source_url = 'css-inline-concat-' . $concat; $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver; echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "'{$type_attr} media='all' />\n"; if ( ! empty( $wp_styles->print_code ) ) { echo "<style{$type_attr}>\n"; echo $wp_styles->print_code; echo sprintf( "\n/*# sourceURL=%s */", rawurlencode( $concat_source_url ) ); echo "\n</style>\n"; } } if ( ! empty( $wp_styles->print_html ) ) { echo $wp_styles->print_html; } } /** * Determines the concatenation and compression settings for scripts and styles. * * @since 2.8.0 * * @global bool $concatenate_scripts * @global bool $compress_scripts * @global bool $compress_css */ function script_concat_settings() { global $concatenate_scripts, $compress_scripts, $compress_css; $compressed_output = ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' === ini_get( 'output_handler' ) ); $can_compress_scripts = ! wp_installing() && get_site_option( 'can_compress_scripts' ); if ( ! isset( $concatenate_scripts ) ) { $concatenate_scripts = defined( 'CONCATENATE_SCRIPTS' ) ? CONCATENATE_SCRIPTS : true; if ( ( ! is_admin() && ! did_action( 'login_init' ) ) || ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ) { $concatenate_scripts = false; } } if ( ! isset( $compress_scripts ) ) { $compress_scripts = defined( 'COMPRESS_SCRIPTS' ) ? COMPRESS_SCRIPTS : true; if ( $compress_scripts && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_scripts = false; } } if ( ! isset( $compress_css ) ) { $compress_css = defined( 'COMPRESS_CSS' ) ? COMPRESS_CSS : true; if ( $compress_css && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_css = false; } } } /** * Handles the enqueueing of block scripts and styles that are common to both * the editor and the front-end. * * @since 5.0.0 */ function wp_common_block_scripts_and_styles() { if ( is_admin() && ! wp_should_load_block_editor_scripts_and_styles() ) { return; } wp_enqueue_style( 'wp-block-library' ); if ( current_theme_supports( 'wp-block-styles' ) && ! wp_should_load_separate_core_block_assets() ) { wp_enqueue_style( 'wp-block-library-theme' ); } /** * Fires after enqueuing block assets for both editor and front-end. * * Call `add_action` on any hook before 'wp_enqueue_scripts'. * * In the function call you supply, simply use `wp_enqueue_script` and * `wp_enqueue_style` to add your functionality to the Gutenberg editor. * * @since 5.0.0 */ do_action( 'enqueue_block_assets' ); } /** * Applies a filter to the list of style nodes that comes from WP_Theme_JSON::get_style_nodes(). * * This particular filter removes all of the blocks from the array. * * We want WP_Theme_JSON to be ignorant of the implementation details of how the CSS is being used. * This filter allows us to modify the output of WP_Theme_JSON depending on whether or not we are * loading separate assets, without making the class aware of that detail. * * @since 6.1.0 * * @param array $nodes The nodes to filter. * @return array A filtered array of style nodes. */ function wp_filter_out_block_nodes( $nodes ) { return array_filter( $nodes, static function ( $node ) { return ! in_array( 'blocks', $node['path'], true ); }, ARRAY_FILTER_USE_BOTH ); } /** * Enqueues the global styles defined via theme.json. * * @since 5.8.0 */ function wp_enqueue_global_styles() { $assets_on_demand = wp_should_load_block_assets_on_demand(); $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * Global styles should be printed in the head for block themes, or for classic themes when loading assets on * demand is disabled, which is the default. * The footer should only be used for classic themes when loading assets on demand is enabled. * * See https://core.trac.wordpress.org/ticket/53494 and https://core.trac.wordpress.org/ticket/61965. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_footer' ) && ! $assets_on_demand ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) && $assets_on_demand ) ) { return; } /* * If loading the CSS for each block separately, then load the theme.json CSS conditionally. * This removes the CSS from the global-styles stylesheet and adds it to the inline CSS for each block. * This filter must be registered before calling wp_get_global_stylesheet(); */ add_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' ); $stylesheet = wp_get_global_stylesheet(); if ( $is_block_theme ) { /* * Dequeue the Customizer's custom CSS * and add it before the global styles custom CSS. */ remove_action( 'wp_head', 'wp_custom_css_cb', 101 ); /* * Get the custom CSS from the Customizer and add it to the global stylesheet. * Always do this in Customizer preview for the sake of live preview since it be empty. */ $custom_css = trim( wp_get_custom_css() ); if ( $custom_css || is_customize_preview() ) { if ( is_customize_preview() ) { /* * When in the Customizer preview, wrap the Custom CSS in milestone comments to allow customize-preview.js * to locate the CSS to replace for live previewing. Make sure that the milestone comments are omitted from * the stored Custom CSS if by chance someone tried to add them, which would be highly unlikely, but it * would break live previewing. */ $before_milestone = '/*BEGIN_CUSTOMIZER_CUSTOM_CSS*/'; $after_milestone = '/*END_CUSTOMIZER_CUSTOM_CSS*/'; $custom_css = str_replace( array( $before_milestone, $after_milestone ), '', $custom_css ); $custom_css = $before_milestone . "\n" . $custom_css . "\n" . $after_milestone; } $custom_css = "\n" . $custom_css; } $stylesheet .= $custom_css; // Add the global styles custom CSS at the end. $stylesheet .= wp_get_global_stylesheet( array( 'custom-css' ) ); } if ( empty( $stylesheet ) ) { return; } wp_register_style( 'global-styles', false ); wp_add_inline_style( 'global-styles', $stylesheet ); wp_enqueue_style( 'global-styles' ); // Add each block as an inline css. wp_add_global_styles_for_blocks(); } /** * Checks if the editor scripts and styles for all registered block types * should be enqueued on the current screen. * * @since 5.6.0 * * @global WP_Screen $current_screen WordPress current screen object. * * @return bool Whether scripts and styles should be enqueued. */ function wp_should_load_block_editor_scripts_and_styles() { global $current_screen; $is_block_editor_screen = ( $current_screen instanceof WP_Screen ) && $current_screen->is_block_editor(); /** * Filters the flag that decides whether or not block editor scripts and styles * are going to be enqueued on the current screen. * * @since 5.6.0 * * @param bool $is_block_editor_screen Current value of the flag. */ return apply_filters( 'should_load_block_editor_scripts_and_styles', $is_block_editor_screen ); } /** * Checks whether separate styles should be loaded for core blocks. * * When this function returns true, other functions ensure that core blocks use their own separate stylesheets. * When this function returns false, all core blocks will use the single combined 'wp-block-library' stylesheet. * * As a side effect, the return value will by default result in block assets to be loaded on demand, via the * {@see wp_should_load_block_assets_on_demand()} function. This behavior can be separately altered via that function. * * This only affects front end and not the block editor screens. * * @since 5.8.0 * @see @see wp_should_load_block_assets_on_demand() * @see wp_enqueue_registered_block_scripts_and_styles() * @see register_block_style_handle() * * @return bool Whether separate core block assets will be loaded. */ function wp_should_load_separate_core_block_assets() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /** * Filters whether block styles should be loaded separately. * * Returning false loads all core block assets, regardless of whether they are rendered * in a page or not. Returning true loads core block assets only when they are rendered. * * @since 5.8.0 * * @param bool $load_separate_assets Whether separate assets will be loaded. * Default false (all block assets are loaded, even when not used). */ return apply_filters( 'should_load_separate_core_block_assets', false ); } /** * Checks whether block styles should be loaded only on-render. * * When this function returns true, other functions ensure that blocks only load their assets on-render. * When this function returns false, all block assets are loaded regardless of whether they are rendered in a page. * * The default return value depends on the result of {@see wp_should_load_separate_core_block_assets()}, which controls * whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' stylesheet. * * This only affects front end and not the block editor screens. * * @since 6.8.0 * @see wp_should_load_separate_core_block_assets() * * @return bool Whether to load block assets only when they are rendered. */ function wp_should_load_block_assets_on_demand() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /* * For backward compatibility, the default return value for this function is based on the return value of * `wp_should_load_separate_core_block_assets()`. Initially, this function used to control both of these concerns. */ $load_assets_on_demand = wp_should_load_separate_core_block_assets(); /** * Filters whether block styles should be loaded on demand. * * Returning false loads all block assets, regardless of whether they are rendered in a page or not. * Returning true loads block assets only when they are rendered. * * The default value of the filter depends on the result of {@see wp_should_load_separate_core_block_assets()}, * which controls whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' * stylesheet. * * @since 6.8.0 * * @param bool $load_assets_on_demand Whether to load block assets only when they are rendered. */ return apply_filters( 'should_load_block_assets_on_demand', $load_assets_on_demand ); } /** * Enqueues registered block scripts and styles, depending on current rendered * context (only enqueuing editor scripts while in context of the editor). * * @since 5.0.0 */ function wp_enqueue_registered_block_scripts_and_styles() { if ( wp_should_load_block_assets_on_demand() ) { return; } $load_editor_scripts_and_styles = is_admin() && wp_should_load_block_editor_scripts_and_styles(); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Block styles are only enqueued if they're registered. For core blocks, this is only the case if * `wp_should_load_separate_core_block_assets()` returns true. Otherwise they use the single combined * 'wp-block-library` stylesheet. See also `register_core_block_style_handles()`. * Since `wp_enqueue_style()` does not trigger warnings if the style is not registered, it is okay to not cater for * this behavior here and simply call `wp_enqueue_style()` unconditionally. */ foreach ( $block_registry->get_all_registered() as $block_name => $block_type ) { // Front-end and editor styles. foreach ( $block_type->style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } // Front-end and editor scripts. foreach ( $block_type->script_handles as $script_handle ) { wp_enqueue_script( $script_handle ); } if ( $load_editor_scripts_and_styles ) { // Editor styles. foreach ( $block_type->editor_style_handles as $editor_style_handle ) { wp_enqueue_style( $editor_style_handle ); } // Editor scripts. foreach ( $block_type->editor_script_handles as $editor_script_handle ) { wp_enqueue_script( $editor_script_handle ); } } } } /** * Function responsible for enqueuing the styles required for block styles functionality on the editor and on the frontend. * * @since 5.3.0 * * @global WP_Styles $wp_styles */ function enqueue_block_styles_assets() { global $wp_styles; $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { if ( isset( $style_properties['style_handle'] ) ) { // If the site loads block styles on demand, enqueue the stylesheet on render. if ( wp_should_load_block_assets_on_demand() ) { add_filter( 'render_block', static function ( $html, $block ) use ( $block_name, $style_properties ) { if ( $block['blockName'] === $block_name ) { wp_enqueue_style( $style_properties['style_handle'] ); } return $html; }, 10, 2 ); } else { wp_enqueue_style( $style_properties['style_handle'] ); } } if ( isset( $style_properties['inline_style'] ) ) { // Default to "wp-block-library". $handle = 'wp-block-library'; // If the site loads block styles on demand, check if the block has a stylesheet registered. if ( wp_should_load_block_assets_on_demand() ) { $block_stylesheet_handle = generate_block_asset_handle( $block_name, 'style' ); if ( isset( $wp_styles->registered[ $block_stylesheet_handle ] ) ) { $handle = $block_stylesheet_handle; } } // Add inline styles to the calculated handle. wp_add_inline_style( $handle, $style_properties['inline_style'] ); } } } } /** * Function responsible for enqueuing the assets required for block styles functionality on the editor. * * @since 5.3.0 */ function enqueue_editor_block_styles_assets() { $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); $register_script_lines = array( '( function() {' ); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { $block_style = array( 'name' => $style_properties['name'], 'label' => $style_properties['label'], ); if ( isset( $style_properties['is_default'] ) ) { $block_style['isDefault'] = $style_properties['is_default']; } $register_script_lines[] = sprintf( ' wp.blocks.registerBlockStyle( \'%s\', %s );', $block_name, wp_json_encode( $block_style, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); } } $register_script_lines[] = '} )();'; $inline_script = implode( "\n", $register_script_lines ); wp_register_script( 'wp-block-styles', false, array( 'wp-blocks' ), true, array( 'in_footer' => true ) ); wp_add_inline_script( 'wp-block-styles', $inline_script ); wp_enqueue_script( 'wp-block-styles' ); } /** * Enqueues the assets required for the block directory within the block editor. * * @since 5.5.0 */ function wp_enqueue_editor_block_directory_assets() { wp_enqueue_script( 'wp-block-directory' ); wp_enqueue_style( 'wp-block-directory' ); } /** * Enqueues the assets required for the format library within the block editor. * * @since 5.8.0 */ function wp_enqueue_editor_format_library_assets() { wp_enqueue_script( 'wp-format-library' ); wp_enqueue_style( 'wp-format-library' ); } /** * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag. * * Automatically injects type attribute if needed. * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String made of sanitized `<script>` tag attributes. */ function wp_sanitize_script_attributes( $attributes ) { $html5_script_support = is_admin() || current_theme_supports( 'html5', 'script' ); $attributes_string = ''; /* * If HTML5 script tag is supported, only the attribute name is added * to $attributes_string for entries with a boolean value, and that are true. */ foreach ( $attributes as $attribute_name => $attribute_value ) { if ( is_bool( $attribute_value ) ) { if ( $attribute_value ) { $attributes_string .= $html5_script_support ? ' ' . esc_attr( $attribute_name ) : sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ); } } else { $attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) ); } } return $attributes_string; } /** * Formats `<script>` loader tags. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String containing `<script>` opening and closing tags. */ function wp_get_script_tag( $attributes ) { if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. */ $attributes = apply_filters( 'wp_script_attributes', $attributes ); return sprintf( "<script%s></script>\n", wp_sanitize_script_attributes( $attributes ) ); } /** * Prints formatted `<script>` loader tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. */ function wp_print_script_tag( $attributes ) { echo wp_get_script_tag( $attributes ); } /** * Constructs an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. * @return string String containing inline JavaScript code wrapped around `<script>` tag. */ function wp_get_inline_script_tag( $data, $attributes = array() ) { $is_html5 = current_theme_supports( 'html5', 'script' ) || is_admin(); if ( ! isset( $attributes['type'] ) && ! $is_html5 ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /* * XHTML extracts the contents of the SCRIPT element and then the XML parser * decodes character references and other syntax elements. This can lead to * misinterpretation of the script contents or invalid XHTML documents. * * Wrapping the contents in a CDATA section instructs the XML parser not to * transform the contents of the SCRIPT element before passing them to the * JavaScript engine. * * Example: * * <script>console.log('…');</script> * * In an HTML document this would print "…" to the console, * but in an XHTML document it would print "…" to the console. * * <script>console.log('An image is <img> in HTML');</script> * * In an HTML document this would print "An image is <img> in HTML", * but it's an invalid XHTML document because it interprets the `<img>` * as an empty tag missing its closing `/`. * * @see https://www.w3.org/TR/xhtml1/#h-4.8 */ if ( ! $is_html5 && ( ! isset( $attributes['type'] ) || 'module' === $attributes['type'] || str_contains( $attributes['type'], 'javascript' ) || str_contains( $attributes['type'], 'ecmascript' ) || str_contains( $attributes['type'], 'jscript' ) || str_contains( $attributes['type'], 'livescript' ) ) ) { /* * If the string `]]>` exists within the JavaScript it would break * out of any wrapping CDATA section added here, so to start, it's * necessary to escape that sequence which requires splitting the * content into two CDATA sections wherever it's found. * * Note: it's only necessary to escape the closing `]]>` because * an additional `<![CDATA[` leaves the contents unchanged. */ $data = str_replace( ']]>', ']]]]><![CDATA[>', $data ); // Wrap the entire escaped script inside a CDATA section. $data = sprintf( "/* <![CDATA[ */\n%s\n/* ]]> */", $data ); } $data = "\n" . trim( $data, "\n\r " ) . "\n"; /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. * @param string $data Inline data. */ $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $data ); } /** * Prints an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. */ function wp_print_inline_script_tag( $data, $attributes = array() ) { echo wp_get_inline_script_tag( $data, $attributes ); } /** * Allows small styles to be inlined. * * This improves performance and sustainability, and is opt-in. Stylesheets can opt in * by adding `path` data using `wp_style_add_data`, and defining the file's absolute path: * * wp_style_add_data( $style_handle, 'path', $file_path ); * * @since 5.8.0 * * @global WP_Styles $wp_styles */ function wp_maybe_inline_styles() { global $wp_styles; $total_inline_limit = 40000; /** * The maximum size of inlined styles in bytes. * * @since 5.8.0 * @since 6.9.0 The default limit increased from 20K to 40K. * * @param int $total_inline_limit The file-size threshold, in bytes. Default 40000. */ $total_inline_limit = apply_filters( 'styles_inline_size_limit', $total_inline_limit ); $styles = array(); // Build an array of styles that have a path defined. foreach ( $wp_styles->queue as $handle ) { if ( ! isset( $wp_styles->registered[ $handle ] ) ) { continue; } $src = $wp_styles->registered[ $handle ]->src; $path = $wp_styles->get_data( $handle, 'path' ); if ( $path && $src ) { $size = wp_filesize( $path ); if ( ! $size ) { continue; } $styles[] = array( 'handle' => $handle, 'src' => $src, 'path' => $path, 'size' => $size, ); } } if ( ! empty( $styles ) ) { // Reorder styles array based on size. usort( $styles, static function ( $a, $b ) { return ( $a['size'] <= $b['size'] ) ? -1 : 1; } ); /* * The total inlined size. * * On each iteration of the loop, if a style gets added inline the value of this var increases * to reflect the total size of inlined styles. */ $total_inline_size = 0; // Loop styles. foreach ( $styles as $style ) { // Size check. Since styles are ordered by size, we can break the loop. if ( $total_inline_size + $style['size'] > $total_inline_limit ) { break; } // Get the styles if we don't already have them. $style['css'] = file_get_contents( $style['path'] ); /* * Check if the style contains relative URLs that need to be modified. * URLs relative to the stylesheet's path should be converted to relative to the site's root. */ $style['css'] = _wp_normalize_relative_css_links( $style['css'], $style['src'] ); // Keep track of the original `src` for the style that was inlined so that the `sourceURL` comment can be added. $wp_styles->add_data( $style['handle'], 'inlined_src', $style['src'] ); // Set `src` to `false` and add styles inline. $wp_styles->registered[ $style['handle'] ]->src = false; if ( empty( $wp_styles->registered[ $style['handle'] ]->extra['after'] ) ) { $wp_styles->registered[ $style['handle'] ]->extra['after'] = array(); } array_unshift( $wp_styles->registered[ $style['handle'] ]->extra['after'], $style['css'] ); // Add the styles size to the $total_inline_size var. $total_inline_size += (int) $style['size']; } } } /** * Makes URLs relative to the WordPress installation. * * @since 5.9.0 * @access private * * @param string $css The CSS to make URLs relative to the WordPress installation. * @param string $stylesheet_url The URL to the stylesheet. * * @return string The CSS with URLs made relative to the WordPress installation. */ function _wp_normalize_relative_css_links( $css, $stylesheet_url ) { return preg_replace_callback( '#(url\s*\(\s*[\'"]?\s*)([^\'"\)]+)#', static function ( $matches ) use ( $stylesheet_url ) { list( , $prefix, $url ) = $matches; // Short-circuit if the URL does not require normalization. if ( str_starts_with( $url, 'http:' ) || str_starts_with( $url, 'https:' ) || str_starts_with( $url, '/' ) || str_starts_with( $url, '#' ) || str_starts_with( $url, 'data:' ) ) { return $matches[0]; } // Build the absolute URL. $absolute_url = dirname( $stylesheet_url ) . '/' . $url; $absolute_url = str_replace( '/./', '/', $absolute_url ); // Convert to URL related to the site root. $url = wp_make_link_relative( $absolute_url ); return $prefix . $url; }, $css ); } /** * Function that enqueues the CSS Custom Properties coming from theme.json. * * @since 5.9.0 */ function wp_enqueue_global_styles_css_custom_properties() { wp_register_style( 'global-styles-css-custom-properties', false ); wp_add_inline_style( 'global-styles-css-custom-properties', wp_get_global_stylesheet( array( 'variables' ) ) ); wp_enqueue_style( 'global-styles-css-custom-properties' ); } /** * Hooks inline styles in the proper place, depending on the active theme. * * @since 5.9.1 * @since 6.1.0 Added the `$priority` parameter. * * For block themes, styles are loaded in the head. * For classic ones, styles are loaded in the body because the wp_head action happens before render_block. * * @link https://core.trac.wordpress.org/ticket/53494. * * @param string $style String containing the CSS styles to be added. * @param int $priority To set the priority for the add_action. */ function wp_enqueue_block_support_styles( $style, $priority = 10 ) { $action_hook_name = 'wp_footer'; if ( wp_is_block_theme() ) { $action_hook_name = 'wp_head'; } add_action( $action_hook_name, static function () use ( $style ) { echo "<style>$style</style>\n"; }, $priority ); } /** * Fetches, processes and compiles stored core styles, then combines and renders them to the page. * Styles are stored via the style engine API. * * @link https://developer.wordpress.org/block-editor/reference-guides/packages/packages-style-engine/ * * @since 6.1.0 * * @param array $options { * Optional. An array of options to pass to wp_style_engine_get_stylesheet_from_context(). * Default empty array. * * @type bool $optimize Whether to optimize the CSS output, e.g., combine rules. * Default false. * @type bool $prettify Whether to add new lines and indents to output. * Default to whether the `SCRIPT_DEBUG` constant is defined. * } */ function wp_enqueue_stored_styles( $options = array() ) { // Note: Styles printed at wp_footer for classic themes may still end up in the head due to wp_load_classic_theme_block_styles_on_demand(). $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * For block themes, this function prints stored styles in the header. * For classic themes, in the footer. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) ) ) { return; } $core_styles_keys = array( 'block-supports' ); $compiled_core_stylesheet = ''; $style_tag_id = 'core'; // Adds comment if code is prettified to identify core styles sections in debugging. $should_prettify = isset( $options['prettify'] ) ? true === $options['prettify'] : defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG; foreach ( $core_styles_keys as $style_key ) { if ( $should_prettify ) { $compiled_core_stylesheet .= "/**\n * Core styles: $style_key\n */\n"; } // Chains core store ids to signify what the styles contain. $style_tag_id .= '-' . $style_key; $compiled_core_stylesheet .= wp_style_engine_get_stylesheet_from_context( $style_key, $options ); } // Combines Core styles. if ( ! empty( $compiled_core_stylesheet ) ) { wp_register_style( $style_tag_id, false ); wp_add_inline_style( $style_tag_id, $compiled_core_stylesheet ); wp_enqueue_style( $style_tag_id ); } // Prints out any other stores registered by themes or otherwise. $additional_stores = WP_Style_Engine_CSS_Rules_Store::get_stores(); foreach ( array_keys( $additional_stores ) as $store_name ) { if ( in_array( $store_name, $core_styles_keys, true ) ) { continue; } $styles = wp_style_engine_get_stylesheet_from_context( $store_name, $options ); if ( ! empty( $styles ) ) { $key = "wp-style-engine-$store_name"; wp_register_style( $key, false ); wp_add_inline_style( $key, $styles ); wp_enqueue_style( $key ); } } } /** * Enqueues a stylesheet for a specific block. * * If the theme has opted-in to load block styles on demand, * then the stylesheet will be enqueued on-render, * otherwise when the block inits. * * @since 5.9.0 * * @param string $block_name The block-name, including namespace. * @param array $args { * An array of arguments. See wp_register_style() for full information about each argument. * * @type string $handle The handle for the stylesheet. * @type string|false $src The source URL of the stylesheet. * @type string[] $deps Array of registered stylesheet handles this stylesheet depends on. * @type string|bool|null $ver Stylesheet version number. * @type string $media The media for which this stylesheet has been defined. * @type string|null $path Absolute path to the stylesheet, so that it can potentially be inlined. * } */ function wp_enqueue_block_style( $block_name, $args ) { $args = wp_parse_args( $args, array( 'handle' => '', 'src' => '', 'deps' => array(), 'ver' => false, 'media' => 'all', ) ); /** * Callback function to register and enqueue styles. * * @param string $content When the callback is used for the render_block filter, * the content needs to be returned so the function parameter * is to ensure the content exists. * @return string Block content. */ $callback = static function ( $content ) use ( $args ) { // Register the stylesheet. if ( ! empty( $args['src'] ) ) { wp_register_style( $args['handle'], $args['src'], $args['deps'], $args['ver'], $args['media'] ); } // Add `path` data if provided. if ( isset( $args['path'] ) ) { wp_style_add_data( $args['handle'], 'path', $args['path'] ); // Get the RTL file path. $rtl_file_path = str_replace( '.css', '-rtl.css', $args['path'] ); // Add RTL stylesheet. if ( file_exists( $rtl_file_path ) ) { wp_style_add_data( $args['handle'], 'rtl', 'replace' ); if ( is_rtl() ) { wp_style_add_data( $args['handle'], 'path', $rtl_file_path ); } } } // Enqueue the stylesheet. wp_enqueue_style( $args['handle'] ); return $content; }; $hook = did_action( 'wp_enqueue_scripts' ) ? 'wp_footer' : 'wp_enqueue_scripts'; if ( wp_should_load_block_assets_on_demand() ) { /** * Callback function to register and enqueue styles. * * @param string $content The block content. * @param array $block The full block, including name and attributes. * @return string Block content. */ $callback_separate = static function ( $content, $block ) use ( $block_name, $callback ) { if ( ! empty( $block['blockName'] ) && $block_name === $block['blockName'] ) { return $callback( $content ); } return $content; }; /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( 'render_block', $callback_separate, 10, 2 ); return; } /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( $hook, $callback ); // Enqueue assets in the editor. add_action( 'enqueue_block_assets', $callback ); } /** * Loads classic theme styles on classic themes in the frontend. * * This is used for backwards compatibility for Button and File blocks specifically. * * @since 6.1.0 * @since 6.2.0 Added File block styles. * @since 6.8.0 Moved stylesheet registration outside of this function. */ function wp_enqueue_classic_theme_styles() { if ( ! wp_theme_has_theme_json() ) { wp_enqueue_style( 'classic-theme-styles' ); } } /** * Enqueues the assets required for the Command Palette. * * @since 6.9.0 * * @global array $menu * @global array $submenu */ function wp_enqueue_command_palette_assets() { global $menu, $submenu; $command_palette_settings = array( 'is_network_admin' => is_network_admin(), ); if ( $menu ) { $menu_commands = array(); foreach ( $menu as $menu_item ) { if ( empty( $menu_item[0] ) || ! empty( $menu_item[1] ) && ! current_user_can( $menu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $menu_label = $menu_item[0]; while ( preg_match( '/<[^>]*>/', $menu_label ) ) { $menu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $menu_label ); } $menu_label = trim( $menu_label ); $menu_url = ''; $menu_slug = $menu_item[2]; if ( preg_match( '/\.php($|\?)/', $menu_slug ) || wp_http_validate_url( $menu_slug ) ) { $menu_url = $menu_slug; } elseif ( ! empty( menu_page_url( $menu_slug, false ) ) ) { $menu_url = html_entity_decode( menu_page_url( $menu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $menu_url ) { $menu_commands[] = array( 'label' => $menu_label, 'url' => $menu_url, 'name' => $menu_slug, ); } if ( array_key_exists( $menu_slug, $submenu ) ) { foreach ( $submenu[ $menu_slug ] as $submenu_item ) { if ( empty( $submenu_item[0] ) || ! empty( $submenu_item[1] ) && ! current_user_can( $submenu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $submenu_label = $submenu_item[0]; while ( preg_match( '/<[^>]*>/', $submenu_label ) ) { $submenu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $submenu_label ); } $submenu_label = trim( $submenu_label ); $submenu_url = ''; $submenu_slug = $submenu_item[2]; if ( preg_match( '/\.php($|\?)/', $submenu_slug ) || wp_http_validate_url( $submenu_slug ) ) { $submenu_url = $submenu_slug; } elseif ( ! empty( menu_page_url( $submenu_slug, false ) ) ) { $submenu_url = html_entity_decode( menu_page_url( $submenu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $submenu_url ) { $menu_commands[] = array( 'label' => sprintf( /* translators: 1: Menu label, 2: Submenu label. */ __( '%1$s > %2$s' ), $menu_label, $submenu_label ), 'url' => $submenu_url, 'name' => $menu_slug . '-' . $submenu_item[2], ); } } } } $command_palette_settings['menu_commands'] = $menu_commands; } wp_enqueue_script( 'wp-commands' ); wp_enqueue_style( 'wp-commands' ); wp_enqueue_script( 'wp-core-commands' ); wp_add_inline_script( 'wp-core-commands', sprintf( 'wp.coreCommands.initializeCommandPalette( %s );', wp_json_encode( $command_palette_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); } /** * Removes leading and trailing _empty_ script tags. * * This is a helper meant to be used for literal script tag construction * within `wp_get_inline_script_tag()` or `wp_print_inline_script_tag()`. * It removes the literal values of "<script>" and "</script>" from * around an inline script after trimming whitespace. Typically this * is used in conjunction with output buffering, where `ob_get_clean()` * is passed as the `$contents` argument. * * Example: * * // Strips exact literal empty SCRIPT tags. * $js = '<script>sayHello();</script>; * 'sayHello();' === wp_remove_surrounding_empty_script_tags( $js ); * * // Otherwise if anything is different it warns in the JS console. * $js = '<script type="text/javascript">console.log( "hi" );</script>'; * 'console.error( ... )' === wp_remove_surrounding_empty_script_tags( $js ); * * @since 6.4.0 * @access private * * @see wp_print_inline_script_tag() * @see wp_get_inline_script_tag() * * @param string $contents Script body with manually created SCRIPT tag literals. * @return string Script body without surrounding script tag literals, or * original contents if both exact literals aren't present. */ function wp_remove_surrounding_empty_script_tags( $contents ) { $contents = trim( $contents ); $opener = '<SCRIPT>'; $closer = '</SCRIPT>'; if ( strlen( $contents ) > strlen( $opener ) + strlen( $closer ) && strtoupper( substr( $contents, 0, strlen( $opener ) ) ) === $opener && strtoupper( substr( $contents, -strlen( $closer ) ) ) === $closer ) { return substr( $contents, strlen( $opener ), -strlen( $closer ) ); } else { $error_message = __( 'Expected string to start with script tag (without attributes) and end with script tag, with optional whitespace.' ); _doing_it_wrong( __FUNCTION__, $error_message, '6.4' ); return sprintf( 'console.error(%s)', wp_json_encode( sprintf( /* translators: %s: wp_remove_surrounding_empty_script_tags() */ __( 'Function %s used incorrectly in PHP.' ), 'wp_remove_surrounding_empty_script_tags()' ) . ' ' . $error_message ) ); } } /** * Adds hooks to load block styles on demand in classic themes. * * @since 6.9.0 * * @see _add_default_theme_supports() */ function wp_load_classic_theme_block_styles_on_demand() { // This is not relevant to block themes, as they are opted in to loading separate styles on demand via _add_default_theme_supports(). if ( wp_is_block_theme() ) { return; } /* * Make sure that wp_should_output_buffer_template_for_enhancement() returns true even if there aren't any * `wp_template_enhancement_output_buffer` filters added, but do so at priority zero so that applications which * wish to stream responses can more easily turn this off. */ add_filter( 'wp_should_output_buffer_template_for_enhancement', '__return_true', 0 ); // If a site has opted out of the template enhancement output buffer, then bail. if ( ! wp_should_output_buffer_template_for_enhancement() ) { return; } // The following two filters are added by default for block themes in _add_default_theme_supports(). /* * Load separate block styles so that the large block-library stylesheet is not enqueued unconditionally, and so * that block-specific styles will only be enqueued when they are used on the page. A priority of zero allows for * this to be easily overridden by themes which wish to opt out. If a site has explicitly opted out of loading * separate block styles, then abort. */ add_filter( 'should_load_separate_core_block_assets', '__return_true', 0 ); if ( ! wp_should_load_separate_core_block_assets() ) { return; } /* * Also ensure that block assets are loaded on demand (although the default value is from should_load_separate_core_block_assets). * As above, a priority of zero allows for this to be easily overridden by themes which wish to opt out. If a site * has explicitly opted out of loading block styles on demand, then abort. */ add_filter( 'should_load_block_assets_on_demand', '__return_true', 0 ); if ( ! wp_should_load_block_assets_on_demand() ) { return; } // Add hooks which require the presence of the output buffer. Ideally the above two filters could be added here, but they run too early. add_action( 'wp_template_enhancement_output_buffer_started', 'wp_hoist_late_printed_styles' ); } /** * Adds the hooks needed for CSS output to be delayed until after the content of the page has been established. * * @since 6.9.0 * * @see wp_load_classic_theme_block_styles_on_demand() * @see _wp_footer_scripts() */ function wp_hoist_late_printed_styles() { // Skip the embed template on-demand styles aren't relevant, and there is no wp_head action. if ( is_embed() ) { return; } // Capture the styles enqueued at the enqueue_block_assets action, so that non-core block styles and global styles can be inserted afterwards during hoisting. $style_handles_at_enqueue_block_assets = array(); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = wp_styles()->queue; }, PHP_INT_MIN ); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = array_values( array_diff( wp_styles()->queue, $style_handles_at_enqueue_block_assets ) ); }, PHP_INT_MAX ); /* * Add a placeholder comment into the inline styles for wp-block-library, after which the late block styles * can be hoisted from the footer to be printed in the header by means of a filter below on the template enhancement * output buffer. The `wp_print_styles` action is used to ensure that if the inline style gets replaced at * `enqueue_block_assets` or `wp_enqueue_scripts` that the placeholder will be sure to be present. */ $placeholder = sprintf( '/*%s*/', uniqid( 'wp_block_styles_on_demand_placeholder:' ) ); add_action( 'wp_print_styles', static function () use ( $placeholder ) { wp_add_inline_style( 'wp-block-library', $placeholder ); } ); /* * Create a substitute for `print_late_styles()` which is aware of block styles. This substitute does not print * the styles, but it captures what would be printed for block styles and non-block styles so that they can be * later hoisted to the HEAD in the template enhancement output buffer. This will run at `wp_print_footer_scripts` * before `print_footer_scripts()` is called. */ $printed_core_block_styles = ''; $printed_other_block_styles = ''; $printed_global_styles = ''; $printed_late_styles = ''; $capture_late_styles = static function () use ( &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Gather the styles related to on-demand block enqueues. $all_core_block_style_handles = array(); $all_other_block_style_handles = array(); foreach ( WP_Block_Type_Registry::get_instance()->get_all_registered() as $block_type ) { if ( str_starts_with( $block_type->name, 'core/' ) ) { foreach ( $block_type->style_handles as $style_handle ) { $all_core_block_style_handles[] = $style_handle; } } else { foreach ( $block_type->style_handles as $style_handle ) { $all_other_block_style_handles[] = $style_handle; } } } /* * First print all styles related to blocks which should be inserted right after the wp-block-library stylesheet * to preserve the CSS cascade. The logic in this `if` statement is derived from `wp_print_styles()`. */ $enqueued_core_block_styles = array_values( array_intersect( $all_core_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_core_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_core_block_styles ); $printed_core_block_styles = ob_get_clean(); } // Non-core block styles get printed after the classic-theme-styles stylesheet. $enqueued_other_block_styles = array_values( array_intersect( $all_other_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_other_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_other_block_styles ); $printed_other_block_styles = ob_get_clean(); } // Capture the global-styles so that it can be printed separately after classic-theme-styles and other styles enqueued at enqueue_block_assets. if ( wp_style_is( 'global-styles' ) ) { ob_start(); wp_styles()->do_items( array( 'global-styles' ) ); $printed_global_styles = ob_get_clean(); } /* * Print all remaining styles not related to blocks. This contains a subset of the logic from * `print_late_styles()`, without admin-specific logic and the `print_late_styles` filter to control whether * late styles are printed (since they are being hoisted anyway). */ ob_start(); wp_styles()->do_footer_items(); $printed_late_styles = ob_get_clean(); }; /* * If `_wp_footer_scripts()` was unhooked from the `wp_print_footer_scripts` action, or if `wp_print_footer_scripts()` * was unhooked from running at the `wp_footer` action, then only add a callback to `wp_footer` which will capture the * late-printed styles. * * Otherwise, in the normal case where `_wp_footer_scripts()` will run at the `wp_print_footer_scripts` action, then * swap out `_wp_footer_scripts()` with an alternative which captures the printed styles (for hoisting to HEAD) before * proceeding with printing the footer scripts. */ $wp_print_footer_scripts_priority = has_action( 'wp_print_footer_scripts', '_wp_footer_scripts' ); if ( false === $wp_print_footer_scripts_priority || false === has_action( 'wp_footer', 'wp_print_footer_scripts' ) ) { // The normal priority for wp_print_footer_scripts() is to run at 20. add_action( 'wp_footer', $capture_late_styles, 20 ); } else { remove_action( 'wp_print_footer_scripts', '_wp_footer_scripts', $wp_print_footer_scripts_priority ); add_action( 'wp_print_footer_scripts', static function () use ( $capture_late_styles ) { $capture_late_styles(); print_footer_scripts(); }, $wp_print_footer_scripts_priority ); } // Replace placeholder with the captured late styles. add_filter( 'wp_template_enhancement_output_buffer', static function ( $buffer ) use ( $placeholder, &$style_handles_at_enqueue_block_assets, &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Anonymous subclass of WP_HTML_Tag_Processor which exposes underlying bookmark spans. $processor = new class( $buffer ) extends WP_HTML_Tag_Processor { /** * Gets the span for the current token. * * @return WP_HTML_Span Current token span. */ private function get_span(): WP_HTML_Span { // Note: This call will never fail according to the usage of this class, given it is always called after ::next_tag() is true. $this->set_bookmark( 'here' ); return $this->bookmarks['here']; } /** * Inserts text before the current token. * * @param string $text Text to insert. */ public function insert_before( string $text ) { $this->lexical_updates[] = new WP_HTML_Text_Replacement( $this->get_span()->start, 0, $text ); } /** * Inserts text after the current token. * * @param string $text Text to insert. */ public function insert_after( string $text ) { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start + $span->length, 0, $text ); } /** * Removes the current token. */ public function remove() { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start, $span->length, '' ); } }; // Locate the insertion points in the HEAD. while ( $processor->next_tag( array( 'tag_closers' => 'visit' ) ) ) { if ( 'STYLE' === $processor->get_tag() && 'wp-block-library-inline-css' === $processor->get_attribute( 'id' ) ) { $processor->set_bookmark( 'wp_block_library' ); } elseif ( 'HEAD' === $processor->get_tag() && $processor->is_tag_closer() ) { $processor->set_bookmark( 'head_end' ); break; } elseif ( ( 'STYLE' === $processor->get_tag() || 'LINK' === $processor->get_tag() ) && $processor->get_attribute( 'id' ) ) { $id = $processor->get_attribute( 'id' ); $handle = null; if ( 'STYLE' === $processor->get_tag() ) { if ( preg_match( '/^(.+)-inline-css$/', $id, $matches ) ) { $handle = $matches[1]; } } elseif ( preg_match( '/^(.+)-css$/', $id, $matches ) ) { $handle = $matches[1]; } if ( 'classic-theme-styles' === $handle ) { $processor->set_bookmark( 'classic_theme_styles' ); } if ( $handle && in_array( $handle, $style_handles_at_enqueue_block_assets, true ) ) { if ( ! $processor->has_bookmark( 'first_style_at_enqueue_block_assets' ) ) { $processor->set_bookmark( 'first_style_at_enqueue_block_assets' ); } $processor->set_bookmark( 'last_style_at_enqueue_block_assets' ); } } } /* * Insert block styles right after wp-block-library (if it is present). The placeholder CSS comment will * always be added to the wp-block-library inline style since it gets printed at `wp_head` before the blocks * are rendered. This means that there may not actually be any block styles to hoist from the footer to * insert after this inline style. The placeholder CSS comment needs to be added so that the inline style * gets printed, but if the resulting inline style is empty after the placeholder is removed, then the * inline style is removed. */ if ( $processor->has_bookmark( 'wp_block_library' ) ) { $processor->seek( 'wp_block_library' ); $css_text = $processor->get_modifiable_text(); /* * A placeholder CSS comment is added to the inline style in order to force an inline STYLE tag to * be printed. Now that we've located the inline style, the placeholder comment can be removed. If * there is no CSS left in the STYLE tag after removing the placeholder (aside from the sourceURL * comment), then remove the STYLE entirely. */ $css_text = str_replace( $placeholder, '', $css_text ); if ( preg_match( ':^/\*# sourceURL=\S+? \*/$:', trim( $css_text ) ) ) { $processor->remove(); } else { $processor->set_modifiable_text( $css_text ); } $inserted_after = $printed_core_block_styles; $printed_core_block_styles = ''; // If the classic-theme-styles is absent, then the third-party block styles cannot be inserted after it, so they get inserted here. if ( ! $processor->has_bookmark( 'classic_theme_styles' ) ) { if ( '' !== $printed_other_block_styles ) { $inserted_after .= $printed_other_block_styles; } $printed_other_block_styles = ''; // If there aren't any other styles printed at enqueue_block_assets either, then the global styles need to also be printed here. if ( ! $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { if ( '' !== $printed_global_styles ) { $inserted_after .= $printed_global_styles; } $printed_global_styles = ''; } } if ( '' !== $inserted_after ) { $processor->insert_after( "\n" . $inserted_after ); } } // Insert global-styles after the styles enqueued at enqueue_block_assets. if ( '' !== $printed_global_styles && $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { $processor->seek( 'last_style_at_enqueue_block_assets' ); $processor->insert_after( "\n" . $printed_global_styles ); $printed_global_styles = ''; if ( ! $processor->has_bookmark( 'classic_theme_styles' ) && '' !== $printed_other_block_styles ) { $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } } // Insert third-party block styles right after the classic-theme-styles. if ( '' !== $printed_other_block_styles && $processor->has_bookmark( 'classic_theme_styles' ) ) { $processor->seek( 'classic_theme_styles' ); $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } // Print all remaining styles. $remaining_styles = $printed_core_block_styles . $printed_other_block_styles . $printed_global_styles . $printed_late_styles; if ( $remaining_styles && $processor->has_bookmark( 'head_end' ) ) { $processor->seek( 'head_end' ); $processor->insert_before( $remaining_styles . "\n" ); } return $processor->get_updated_html(); } ); } /** * Return the corresponding JavaScript `dataset` name for an attribute * if it represents a custom data attribute, or `null` if not. * * Custom data attributes appear in an element's `dataset` property in a * browser, but there's a specific way the names are translated from HTML * into JavaScript. This function indicates how the name would appear in * JavaScript if a browser would recognize it as a custom data attribute. * * Example: * * // Dash-letter pairs turn into capital letters. * 'postId' === wp_js_dataset_name( 'data-post-id' ); * 'Before' === wp_js_dataset_name( 'data--before' ); * '-One--Two---' === wp_js_dataset_name( 'data---one---two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_js_dataset_name( 'post-id' ); * null === wp_js_dataset_name( 'data' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * '' === wp_js_dataset_name( 'data-' ); * 0 === strlen( wp_js_dataset_name( 'data-' ) ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_html_custom_data_attribute_name() * * @param string $html_attribute_name Raw attribute name as found in the source HTML. * @return string|null Transformed `dataset` name, if interpretable as a custom data attribute, else `null`. */ function wp_js_dataset_name( string $html_attribute_name ): ?string { if ( 0 !== substr_compare( $html_attribute_name, 'data-', 0, 5, true ) ) { return null; } $end = strlen( $html_attribute_name ); /* * If it contains characters which would end the attribute name parsing then * something else is wrong and this contains more than just an attribute name. */ if ( ( $end - 5 ) !== strcspn( $html_attribute_name, "=/> \t\f\r\n", 5 ) ) { return null; } /** * > For each name in list, for each U+002D HYPHEN-MINUS character (-) * > in the name that is followed by an ASCII lower alpha, remove the * > U+002D HYPHEN-MINUS character (-) and replace the character that * > followed it by the same character converted to ASCII uppercase. * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs */ $custom_name = ''; $at = 5; $was_at = $at; while ( $at < $end ) { $next_dash_at = strpos( $html_attribute_name, '-', $at ); if ( false === $next_dash_at || $next_dash_at === $end - 1 ) { break; } // Transform `-a` to `A`, for example. $c = $html_attribute_name[ $next_dash_at + 1 ]; if ( ( $c >= 'A' && $c <= 'Z' ) || ( $c >= 'a' && $c <= 'z' ) ) { $prefix = substr( $html_attribute_name, $was_at, $next_dash_at - $was_at ); $custom_name .= strtolower( $prefix ); $custom_name .= strtoupper( $c ); $at = $next_dash_at + 2; $was_at = $at; continue; } $at = $next_dash_at + 1; } // If nothing has been added it means there are no dash-letter pairs; return the name as-is. return '' === $custom_name ? strtolower( substr( $html_attribute_name, 5 ) ) : ( $custom_name . strtolower( substr( $html_attribute_name, $was_at ) ) ); } /** * Returns a corresponding HTML attribute name for the given name, * if that name were found in a JS element’s `dataset` property. * * Example: * * 'data-post-id' === wp_html_custom_data_attribute_name( 'postId' ); * 'data--before' === wp_html_custom_data_attribute_name( 'Before' ); * 'data---one---two---' === wp_html_custom_data_attribute_name( '-One--Two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_html_custom_data_attribute_name( '/not-an-attribute/' ); * null === wp_html_custom_data_attribute_name( 'no spaces' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * 'data-' === wp_html_custom_data_attribute_name( '' ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_js_dataset_name() * * @param string $js_dataset_name Name of JS `dataset` property to transform. * @return string|null Corresponding name of an HTML custom data attribute for the given dataset name, * if possible to represent in HTML, otherwise `null`. */ function wp_html_custom_data_attribute_name( string $js_dataset_name ): ?string { $end = strlen( $js_dataset_name ); if ( 0 === $end ) { return 'data-'; } /* * If it contains characters which would end the attribute name parsing then * something it’s not possible to represent this in HTML. */ if ( strcspn( $js_dataset_name, "=/> \t\f\r\n" ) !== $end ) { return null; } $html_name = 'data-'; $at = 0; $was_at = $at; while ( $at < $end ) { $next_upper_after = strcspn( $js_dataset_name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', $at ); $next_upper_at = $at + $next_upper_after; if ( $next_upper_at >= $end ) { break; } $prefix = substr( $js_dataset_name, $was_at, $next_upper_at - $was_at ); $html_name .= strtolower( $prefix ); $html_name .= '-' . strtolower( $js_dataset_name[ $next_upper_at ] ); $at = $next_upper_at + 1; $was_at = $at; } if ( $was_at < $end ) { $html_name .= strtolower( substr( $js_dataset_name, $was_at ) ); } return $html_name; } HTTP/https-detection-20260605100823.php 0000666 00000013341 15226703613 0012545 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605125016-20260607145305.php 0000666 00000011205 15226703613 0014144 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606074155-20260607054748.php 0000666 00000011205 15226703613 0014166 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605070331-20260608091436.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Client-20260605051452.php 0000666 00000001137 15226703613 0010650 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Client interface * * @internal */ interface Client { public const METHOD_GET = 'GET'; /** * send a request and return the response * * @param Client::METHOD_* $method * @param array<string, string> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response; } HTTP/https-migration-20260605170226.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606143502-20260609175743.php 0000666 00000013341 15226703613 0014150 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605125727.php 0000666 00000011205 15226703613 0012567 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-editor.php 0000666 00000215217 15226703613 0011072 0 ustar 00 <?php /** * Facilitates adding of the WordPress editor as used on the Write and Edit screens. * * @package WordPress * @since 3.3.0 * * Private, not included by default. See wp_editor() in wp-includes/general-template.php. */ #[AllowDynamicProperties] final class _WP_Editors { public static $mce_locale; private static $mce_settings = array(); private static $qt_settings = array(); private static $plugins = array(); private static $qt_buttons = array(); private static $ext_plugins; private static $baseurl; private static $first_init; private static $this_tinymce = false; private static $this_quicktags = false; private static $has_tinymce = false; private static $has_quicktags = false; private static $has_medialib = false; private static $editor_buttons_css = true; private static $drag_drop_upload = false; private static $translation; private static $tinymce_scripts_printed = false; private static $link_dialog_printed = false; private function __construct() {} /** * Parse default arguments for the editor instance. * * @since 3.3.0 * * @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances. * Should not contain square brackets. * @param array $settings { * Array of editor arguments. * * @type bool $wpautop Whether to use wpautop(). Default true. * @type bool $media_buttons Whether to show the Add Media/other media buttons. * @type string $default_editor When both TinyMCE and Quicktags are used, set which * editor is shown on page load. Default empty. * @type bool $drag_drop_upload Whether to enable drag & drop on the editor uploading. Default false. * Requires the media modal. * @type string $textarea_name Give the textarea a unique name here. Square brackets * can be used here. Default $editor_id. * @type int $textarea_rows Number rows in the editor textarea. Default 20. * @type string|int $tabindex Tabindex value to use. Default empty. * @type string $tabfocus_elements The previous and next element ID to move the focus to * when pressing the Tab key in TinyMCE. Default ':prev,:next'. * @type string $editor_css Intended for extra styles for both Visual and Code editors. * Should include `<style>` tags, and can use "scoped". Default empty. * @type string $editor_class Extra classes to add to the editor textarea element. Default empty. * @type bool $teeny Whether to output the minimal editor config. Examples include * Press This and the Comment editor. Default false. * @type bool $dfw Deprecated in 4.1. Unused. * @type bool|array $tinymce Whether to load TinyMCE. Can be used to pass settings directly to * TinyMCE using an array. Default true. * @type bool|array $quicktags Whether to load Quicktags. Can be used to pass settings directly to * Quicktags using an array. Default true. * } * @return array Parsed arguments array. */ public static function parse_settings( $editor_id, $settings ) { /** * Filters the wp_editor() settings. * * @since 4.0.0 * * @see _WP_Editors::parse_settings() * * @param array $settings Array of editor arguments. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $settings = apply_filters( 'wp_editor_settings', $settings, $editor_id ); $set = wp_parse_args( $settings, array( // Disable autop if the current post has blocks in it. 'wpautop' => ! has_blocks(), 'media_buttons' => true, 'default_editor' => '', 'drag_drop_upload' => false, 'textarea_name' => $editor_id, 'textarea_rows' => 20, 'tabindex' => '', 'tabfocus_elements' => ':prev,:next', 'editor_css' => '', 'editor_class' => '', 'teeny' => false, '_content_editor_dfw' => false, 'tinymce' => true, 'quicktags' => true, ) ); self::$this_tinymce = ( $set['tinymce'] && user_can_richedit() ); if ( self::$this_tinymce ) { if ( str_contains( $editor_id, '[' ) ) { self::$this_tinymce = false; _deprecated_argument( 'wp_editor()', '3.9.0', 'TinyMCE editor IDs cannot have brackets.' ); } } self::$this_quicktags = (bool) $set['quicktags']; if ( self::$this_tinymce ) { self::$has_tinymce = true; } if ( self::$this_quicktags ) { self::$has_quicktags = true; } if ( empty( $set['editor_height'] ) ) { return $set; } if ( 'content' === $editor_id && empty( $set['tinymce']['wp_autoresize_on'] ) ) { // A cookie (set when a user resizes the editor) overrides the height. $cookie = (int) get_user_setting( 'ed_size' ); if ( $cookie ) { $set['editor_height'] = $cookie; } } if ( $set['editor_height'] < 50 ) { $set['editor_height'] = 50; } elseif ( $set['editor_height'] > 5000 ) { $set['editor_height'] = 5000; } return $set; } /** * Outputs the HTML for a single instance of the editor. * * @since 3.3.0 * * @global WP_Screen $current_screen WordPress current screen object. * * @param string $content Initial content for the editor. * @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances. * Should not contain square brackets. * @param array $settings See _WP_Editors::parse_settings() for description. */ public static function editor( $content, $editor_id, $settings = array() ) { $set = self::parse_settings( $editor_id, $settings ); $editor_class = ' class="' . trim( esc_attr( $set['editor_class'] ) . ' wp-editor-area' ) . '"'; $tabindex = $set['tabindex'] ? ' tabindex="' . (int) $set['tabindex'] . '"' : ''; $default_editor = 'html'; $buttons = ''; $autocomplete = ''; $editor_id_attr = esc_attr( $editor_id ); if ( $set['drag_drop_upload'] ) { self::$drag_drop_upload = true; } if ( ! empty( $set['editor_height'] ) ) { $height = ' style="height: ' . (int) $set['editor_height'] . 'px"'; } else { $height = ' rows="' . (int) $set['textarea_rows'] . '"'; } if ( ! current_user_can( 'upload_files' ) ) { $set['media_buttons'] = false; } if ( self::$this_tinymce ) { $autocomplete = ' autocomplete="off"'; if ( self::$this_quicktags ) { $default_editor = $set['default_editor'] ? $set['default_editor'] : wp_default_editor(); // 'html' is used for the "Code" editor tab. if ( 'html' !== $default_editor ) { $default_editor = 'tinymce'; } $tmce_active = ( 'html' === $default_editor ) ? ' aria-pressed="true"' : ''; $html_active = ( 'html' === $default_editor ) ? '' : ' aria-pressed="true"'; $buttons .= '<button type="button" id="' . $editor_id_attr . '-tmce"' . $html_active . ' class="wp-switch-editor switch-tmce"' . ' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Visual', 'Name for the Visual editor tab' ) . "</button>\n"; $buttons .= '<button type="button" id="' . $editor_id_attr . '-html"' . $tmce_active . ' class="wp-switch-editor switch-html"' . ' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Code', 'Name for the Code editor tab (formerly Text)' ) . "</button>\n"; } else { $default_editor = 'tinymce'; } } $switch_class = 'html' === $default_editor ? 'html-active' : 'tmce-active'; $wrap_class = 'wp-core-ui wp-editor-wrap ' . $switch_class; if ( $set['_content_editor_dfw'] ) { $wrap_class .= ' has-dfw'; } echo '<div id="wp-' . $editor_id_attr . '-wrap" class="' . $wrap_class . '">'; if ( self::$editor_buttons_css ) { wp_print_styles( 'editor-buttons' ); self::$editor_buttons_css = false; } if ( ! empty( $set['editor_css'] ) ) { echo $set['editor_css'] . "\n"; } if ( ! empty( $buttons ) || $set['media_buttons'] ) { echo '<div id="wp-' . $editor_id_attr . '-editor-tools" class="wp-editor-tools hide-if-no-js">'; if ( $set['media_buttons'] ) { self::$has_medialib = true; if ( ! function_exists( 'media_buttons' ) ) { require ABSPATH . 'wp-admin/includes/media.php'; } echo '<div id="wp-' . $editor_id_attr . '-media-buttons" class="wp-media-buttons">'; /** * Fires after the default media button(s) are displayed. * * @since 2.5.0 * * @param string $editor_id Unique editor identifier, e.g. 'content'. */ do_action( 'media_buttons', $editor_id ); echo "</div>\n"; } echo '<div class="wp-editor-tabs">' . $buttons . "</div>\n"; echo "</div>\n"; } $quicktags_toolbar = ''; if ( self::$this_quicktags ) { if ( 'content' === $editor_id && ! empty( $GLOBALS['current_screen'] ) && 'post' === $GLOBALS['current_screen']->base ) { $toolbar_id = 'ed_toolbar'; } else { $toolbar_id = 'qt_' . $editor_id_attr . '_toolbar'; } $quicktags_toolbar = '<div id="' . $toolbar_id . '" class="quicktags-toolbar hide-if-no-js"></div>'; } /** * Filters the HTML markup output that displays the editor. * * @since 2.1.0 * * @param string $output Editor's HTML markup. */ $the_editor = apply_filters( 'the_editor', '<div id="wp-' . $editor_id_attr . '-editor-container" class="wp-editor-container">' . $quicktags_toolbar . '<textarea' . $editor_class . $height . $tabindex . $autocomplete . ' cols="40" name="' . esc_attr( $set['textarea_name'] ) . '" ' . 'id="' . $editor_id_attr . '">%s</textarea></div>' ); // Prepare the content for the Visual or Code editor, only when TinyMCE is used (back-compat). if ( self::$this_tinymce ) { add_filter( 'the_editor_content', 'format_for_editor', 10, 2 ); } /** * Filters the default editor content. * * @since 2.1.0 * * @param string $content Default editor content. * @param string $default_editor The default editor for the current user. * Either 'html' or 'tinymce'. */ $content = apply_filters( 'the_editor_content', $content, $default_editor ); // Remove the filter as the next editor on the same page may not need it. if ( self::$this_tinymce ) { remove_filter( 'the_editor_content', 'format_for_editor' ); } // Back-compat for the `htmledit_pre` and `richedit_pre` filters. if ( 'html' === $default_editor && has_filter( 'htmledit_pre' ) ) { /** This filter is documented in wp-includes/deprecated.php */ $content = apply_filters_deprecated( 'htmledit_pre', array( $content ), '4.3.0', 'format_for_editor' ); } elseif ( 'tinymce' === $default_editor && has_filter( 'richedit_pre' ) ) { /** This filter is documented in wp-includes/deprecated.php */ $content = apply_filters_deprecated( 'richedit_pre', array( $content ), '4.3.0', 'format_for_editor' ); } if ( false !== stripos( $content, 'textarea' ) ) { $content = preg_replace( '%</textarea%i', '</textarea', $content ); } printf( $the_editor, $content ); echo "\n</div>\n\n"; self::editor_settings( $editor_id, $set ); } /** * @since 3.3.0 * * @param string $editor_id Unique editor identifier, e.g. 'content'. * @param array $set Array of editor arguments. */ public static function editor_settings( $editor_id, $set ) { if ( empty( self::$first_init ) ) { if ( is_admin() ) { add_action( 'admin_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 ); } else { add_action( 'wp_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 ); } } if ( self::$this_quicktags ) { $qt_init = array( 'id' => $editor_id, 'buttons' => '', ); if ( is_array( $set['quicktags'] ) ) { $qt_init = array_merge( $qt_init, $set['quicktags'] ); } if ( empty( $qt_init['buttons'] ) ) { $qt_init['buttons'] = 'strong,em,link,block,del,ins,img,ul,ol,li,code,more,close'; } if ( $set['_content_editor_dfw'] ) { $qt_init['buttons'] .= ',dfw'; } /** * Filters the Quicktags settings. * * @since 3.3.0 * * @param array $qt_init Quicktags settings. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $qt_init = apply_filters( 'quicktags_settings', $qt_init, $editor_id ); self::$qt_settings[ $editor_id ] = $qt_init; self::$qt_buttons = array_merge( self::$qt_buttons, explode( ',', $qt_init['buttons'] ) ); } if ( self::$this_tinymce ) { if ( empty( self::$first_init ) ) { $baseurl = self::get_baseurl(); $mce_locale = self::get_mce_locale(); $ext_plugins = ''; if ( $set['teeny'] ) { /** * Filters the list of teenyMCE plugins. * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $plugins An array of teenyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $plugins = apply_filters( 'teeny_mce_plugins', array( 'colorpicker', 'lists', 'fullscreen', 'image', 'wordpress', 'wpeditimage', 'wplink', ), $editor_id ); } else { /** * Filters the list of TinyMCE external plugins. * * The filter takes an associative array of external plugins for * TinyMCE in the form 'plugin_name' => 'url'. * * The url should be absolute, and should include the js filename * to be loaded. For example: * 'myplugin' => 'http://mysite.com/wp-content/plugins/myfolder/mce_plugin.js'. * * If the external plugin adds a button, it should be added with * one of the 'mce_buttons' filters. * * @since 2.5.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $external_plugins An array of external TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_external_plugins = apply_filters( 'mce_external_plugins', array(), $editor_id ); $plugins = array( 'charmap', 'colorpicker', 'hr', 'lists', 'media', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wpdialogs', 'wptextpattern', 'wpview', ); if ( ! self::$has_medialib ) { $plugins[] = 'image'; } /** * Filters the list of default TinyMCE plugins. * * The filter specifies which of the default plugins included * in WordPress should be added to the TinyMCE instance. * * @since 3.3.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $plugins An array of default TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $plugins = array_unique( apply_filters( 'tiny_mce_plugins', $plugins, $editor_id ) ); $key = array_search( 'spellchecker', $plugins, true ); if ( false !== $key ) { /* * Remove 'spellchecker' from the internal plugins if added with 'tiny_mce_plugins' filter to prevent errors. * It can be added with 'mce_external_plugins'. */ unset( $plugins[ $key ] ); } if ( ! empty( $mce_external_plugins ) ) { /** * Filters the translations loaded for external TinyMCE 3.x plugins. * * The filter takes an associative array ('plugin_name' => 'path') * where 'path' is the include path to the file. * * The language file should follow the same format as wp_mce_translation(), * and should define a variable ($strings) that holds all translated strings. * * @since 2.5.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $translations Translations for external TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_external_languages = apply_filters( 'mce_external_languages', array(), $editor_id ); $loaded_langs = array(); $strings = ''; if ( ! empty( $mce_external_languages ) ) { foreach ( $mce_external_languages as $name => $path ) { if ( @is_file( $path ) && @is_readable( $path ) ) { include_once $path; $ext_plugins .= $strings . "\n"; $loaded_langs[] = $name; } } } foreach ( $mce_external_plugins as $name => $url ) { if ( in_array( $name, $plugins, true ) ) { unset( $mce_external_plugins[ $name ] ); continue; } $url = set_url_scheme( $url ); $mce_external_plugins[ $name ] = $url; $plugurl = dirname( $url ); $strings = ''; // Try to load langs/[locale].js and langs/[locale]_dlg.js. if ( ! in_array( $name, $loaded_langs, true ) ) { $path = str_replace( content_url(), '', $plugurl ); $path = realpath( WP_CONTENT_DIR . $path . '/langs/' ); if ( ! $path ) { continue; } $path = trailingslashit( $path ); if ( @is_file( $path . $mce_locale . '.js' ) ) { $strings .= @file_get_contents( $path . $mce_locale . '.js' ) . "\n"; } if ( @is_file( $path . $mce_locale . '_dlg.js' ) ) { $strings .= @file_get_contents( $path . $mce_locale . '_dlg.js' ) . "\n"; } if ( 'en' !== $mce_locale && empty( $strings ) ) { if ( @is_file( $path . 'en.js' ) ) { $str1 = @file_get_contents( $path . 'en.js' ); $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 ) . "\n"; } if ( @is_file( $path . 'en_dlg.js' ) ) { $str2 = @file_get_contents( $path . 'en_dlg.js' ); $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 ) . "\n"; } } if ( ! empty( $strings ) ) { $ext_plugins .= "\n" . $strings . "\n"; } } $ext_plugins .= 'tinyMCEPreInit.load_ext("' . $plugurl . '", "' . $mce_locale . '");' . "\n"; } } } self::$plugins = $plugins; self::$ext_plugins = $ext_plugins; $settings = self::default_settings(); $settings['plugins'] = implode( ',', $plugins ); if ( ! empty( $mce_external_plugins ) ) { $settings['external_plugins'] = wp_json_encode( $mce_external_plugins ); } /** This filter is documented in wp-admin/includes/media.php */ if ( apply_filters( 'disable_captions', '' ) ) { $settings['wpeditimage_disable_captions'] = true; } $mce_css = $settings['content_css']; /* * The `editor-style.css` added by the theme is generally intended for the editor instance on the Edit Post screen. * Plugins that use wp_editor() on the front-end can decide whether to add the theme stylesheet * by using `get_editor_stylesheets()` and the `mce_css` or `tiny_mce_before_init` filters, see below. */ if ( is_admin() ) { $editor_styles = get_editor_stylesheets(); if ( ! empty( $editor_styles ) ) { // Force urlencoding of commas. foreach ( $editor_styles as $key => $url ) { if ( str_contains( $url, ',' ) ) { $editor_styles[ $key ] = str_replace( ',', '%2C', $url ); } } $mce_css .= ',' . implode( ',', $editor_styles ); } } /** * Filters the comma-delimited list of stylesheets to load in TinyMCE. * * @since 2.1.0 * * @param string $stylesheets Comma-delimited list of stylesheets. */ $mce_css = trim( apply_filters( 'mce_css', $mce_css ), ' ,' ); if ( ! empty( $mce_css ) ) { $settings['content_css'] = $mce_css; } else { unset( $settings['content_css'] ); } self::$first_init = $settings; } if ( $set['teeny'] ) { $mce_buttons = array( 'bold', 'italic', 'underline', 'blockquote', 'strikethrough', 'bullist', 'numlist', 'alignleft', 'aligncenter', 'alignright', 'undo', 'redo', 'link', 'fullscreen', ); /** * Filters the list of teenyMCE buttons (Code tab). * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons An array of teenyMCE buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_buttons = apply_filters( 'teeny_mce_buttons', $mce_buttons, $editor_id ); $mce_buttons_2 = array(); $mce_buttons_3 = array(); $mce_buttons_4 = array(); } else { $mce_buttons = array( 'formatselect', 'bold', 'italic', 'bullist', 'numlist', 'blockquote', 'alignleft', 'aligncenter', 'alignright', 'link', 'wp_more', 'spellchecker', ); if ( ! wp_is_mobile() ) { if ( $set['_content_editor_dfw'] ) { $mce_buttons[] = 'wp_adv'; $mce_buttons[] = 'dfw'; } else { $mce_buttons[] = 'fullscreen'; $mce_buttons[] = 'wp_adv'; } } else { $mce_buttons[] = 'wp_adv'; } /** * Filters the first-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons First-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons = apply_filters( 'mce_buttons', $mce_buttons, $editor_id ); $mce_buttons_2 = array( 'strikethrough', 'hr', 'forecolor', 'pastetext', 'removeformat', 'charmap', 'outdent', 'indent', 'undo', 'redo', ); if ( ! wp_is_mobile() ) { $mce_buttons_2[] = 'wp_help'; } /** * Filters the second-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_2 Second-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_2 = apply_filters( 'mce_buttons_2', $mce_buttons_2, $editor_id ); /** * Filters the third-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_3 Third-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_3 = apply_filters( 'mce_buttons_3', array(), $editor_id ); /** * Filters the fourth-row list of TinyMCE buttons (Visual tab). * * @since 2.5.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_4 Fourth-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_4 = apply_filters( 'mce_buttons_4', array(), $editor_id ); } $body_class = $editor_id; $post = get_post(); if ( $post ) { $body_class .= ' post-type-' . sanitize_html_class( $post->post_type ) . ' post-status-' . sanitize_html_class( $post->post_status ); if ( post_type_supports( $post->post_type, 'post-formats' ) ) { $post_format = get_post_format( $post ); if ( $post_format && ! is_wp_error( $post_format ) ) { $body_class .= ' post-format-' . sanitize_html_class( $post_format ); } else { $body_class .= ' post-format-standard'; } } $page_template = get_page_template_slug( $post ); if ( false !== $page_template ) { $page_template = empty( $page_template ) ? 'default' : str_replace( '.', '-', basename( $page_template, '.php' ) ); $body_class .= ' page-template-' . sanitize_html_class( $page_template ); } } $body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) ); if ( ! empty( $set['tinymce']['body_class'] ) ) { $body_class .= ' ' . $set['tinymce']['body_class']; unset( $set['tinymce']['body_class'] ); } $mce_init = array( 'selector' => "#$editor_id", 'wpautop' => (bool) $set['wpautop'], 'indent' => ! $set['wpautop'], 'toolbar1' => implode( ',', $mce_buttons ), 'toolbar2' => implode( ',', $mce_buttons_2 ), 'toolbar3' => implode( ',', $mce_buttons_3 ), 'toolbar4' => implode( ',', $mce_buttons_4 ), 'tabfocus_elements' => $set['tabfocus_elements'], 'body_class' => $body_class, ); // Merge with the first part of the init array. $mce_init = array_merge( self::$first_init, $mce_init ); if ( is_array( $set['tinymce'] ) ) { $mce_init = array_merge( $mce_init, $set['tinymce'] ); } /* * For people who really REALLY know what they're doing with TinyMCE * You can modify $mceInit to add, remove, change elements of the config * before tinyMCE.init. Setting "valid_elements", "invalid_elements" * and "extended_valid_elements" can be done through this filter. Best * is to use the default cleanup by not specifying valid_elements, * as TinyMCE checks against the full set of HTML 5.0 elements and attributes. */ if ( $set['teeny'] ) { /** * Filters the teenyMCE config before init. * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_init An array with teenyMCE config. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_init = apply_filters( 'teeny_mce_before_init', $mce_init, $editor_id ); } else { /** * Filters the TinyMCE config before init. * * @since 2.5.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_init An array with TinyMCE config. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_init = apply_filters( 'tiny_mce_before_init', $mce_init, $editor_id ); } if ( empty( $mce_init['toolbar3'] ) && ! empty( $mce_init['toolbar4'] ) ) { $mce_init['toolbar3'] = $mce_init['toolbar4']; $mce_init['toolbar4'] = ''; } self::$mce_settings[ $editor_id ] = $mce_init; } // End if self::$this_tinymce. } /** * @since 3.3.0 * * @param array $init * @return string */ private static function _parse_init( $init ) { $options = ''; foreach ( $init as $key => $value ) { if ( is_bool( $value ) ) { $val = $value ? 'true' : 'false'; $options .= $key . ':' . $val . ','; continue; } elseif ( ! empty( $value ) && is_string( $value ) && ( ( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) || ( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) || preg_match( '/^\(?function ?\(/', $value ) ) ) { $options .= $key . ':' . $value . ','; continue; } $options .= $key . ':"' . $value . '",'; } return '{' . trim( $options, ' ,' ) . '}'; } /** * @since 3.3.0 * * @param bool $default_scripts Optional. Whether default scripts should be enqueued. Default false. */ public static function enqueue_scripts( $default_scripts = false ) { if ( $default_scripts || self::$has_tinymce ) { wp_enqueue_script( 'editor' ); } if ( $default_scripts || self::$has_quicktags ) { wp_enqueue_script( 'quicktags' ); wp_enqueue_style( 'buttons' ); } if ( $default_scripts || in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) { wp_enqueue_script( 'wplink' ); wp_enqueue_script( 'jquery-ui-autocomplete' ); } if ( self::$has_medialib ) { add_thickbox(); wp_enqueue_script( 'media-upload' ); wp_enqueue_script( 'wp-embed' ); } elseif ( $default_scripts ) { wp_enqueue_script( 'media-upload' ); } /** * Fires when scripts and styles are enqueued for the editor. * * @since 3.9.0 * * @param array $to_load An array containing boolean values whether TinyMCE * and Quicktags are being loaded. */ do_action( 'wp_enqueue_editor', array( 'tinymce' => ( $default_scripts || self::$has_tinymce ), 'quicktags' => ( $default_scripts || self::$has_quicktags ), ) ); } /** * Enqueue all editor scripts. * For use when the editor is going to be initialized after page load. * * @since 4.8.0 */ public static function enqueue_default_editor() { // We are past the point where scripts can be enqueued properly. if ( did_action( 'wp_enqueue_editor' ) ) { return; } self::enqueue_scripts( true ); // Also add wp-includes/css/editor.css. wp_enqueue_style( 'editor-buttons' ); if ( is_admin() ) { add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 ); } else { add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 ); } } /** * Print (output) all editor scripts and default settings. * For use when the editor is going to be initialized after page load. * * @since 4.8.0 */ public static function print_default_editor_scripts() { $user_can_richedit = user_can_richedit(); if ( $user_can_richedit ) { $settings = self::default_settings(); $settings['toolbar1'] = 'bold,italic,bullist,numlist,link'; $settings['wpautop'] = false; $settings['indent'] = true; $settings['elementpath'] = false; if ( is_rtl() ) { $settings['directionality'] = 'rtl'; } /* * In production all plugins are loaded (they are in wp-editor.js.gz). * The 'wpview', 'wpdialogs', and 'media' TinyMCE plugins are not initialized by default. * Can be added from js by using the 'wp-before-tinymce-init' event. */ $settings['plugins'] = implode( ',', array( 'charmap', 'colorpicker', 'hr', 'lists', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wptextpattern', ) ); $settings = self::_parse_init( $settings ); } else { $settings = '{}'; } ?> <script type="text/javascript"> window.wp = window.wp || {}; window.wp.editor = window.wp.editor || {}; window.wp.editor.getDefaultSettings = function() { return { tinymce: <?php echo $settings; ?>, quicktags: { buttons: 'strong,em,link,ul,ol,li,code' } }; }; <?php if ( $user_can_richedit ) { $suffix = SCRIPT_DEBUG ? '' : '.min'; $baseurl = self::get_baseurl(); ?> var tinyMCEPreInit = { baseURL: "<?php echo $baseurl; ?>", suffix: "<?php echo $suffix; ?>", mceInit: {}, qtInit: {}, load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');} }; <?php } ?> </script> <?php if ( $user_can_richedit ) { self::print_tinymce_scripts(); } /** * Fires when the editor scripts are loaded for later initialization, * after all scripts and settings are printed. * * @since 4.8.0 */ do_action( 'print_default_editor_scripts' ); self::wp_link_dialog(); } /** * Returns the TinyMCE locale. * * @since 4.8.0 * * @return string */ public static function get_mce_locale() { if ( empty( self::$mce_locale ) ) { $mce_locale = get_user_locale(); self::$mce_locale = empty( $mce_locale ) ? 'en' : strtolower( substr( $mce_locale, 0, 2 ) ); // ISO 639-1. } return self::$mce_locale; } /** * Returns the TinyMCE base URL. * * @since 4.8.0 * * @return string */ public static function get_baseurl() { if ( empty( self::$baseurl ) ) { self::$baseurl = includes_url( 'js/tinymce' ); } return self::$baseurl; } /** * Returns the default TinyMCE settings. * Doesn't include plugins, buttons, editor selector. * * @since 4.8.0 * * @global string $tinymce_version * * @return array */ private static function default_settings() { global $tinymce_version; $shortcut_labels = array(); foreach ( self::get_translation() as $name => $value ) { if ( is_array( $value ) ) { $shortcut_labels[ $name ] = $value[1]; } } $settings = array( 'theme' => 'modern', 'skin' => 'lightgray', 'language' => self::get_mce_locale(), 'formats' => '{' . 'alignleft: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"left"}},' . '{selector: "img,table,dl.wp-caption", classes: "alignleft"}' . '],' . 'aligncenter: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"center"}},' . '{selector: "img,table,dl.wp-caption", classes: "aligncenter"}' . '],' . 'alignright: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"right"}},' . '{selector: "img,table,dl.wp-caption", classes: "alignright"}' . '],' . 'strikethrough: {inline: "del"}' . '}', 'relative_urls' => false, 'remove_script_host' => false, 'convert_urls' => false, 'browser_spellcheck' => true, 'fix_list_elements' => true, 'entities' => '38,amp,60,lt,62,gt', 'entity_encoding' => 'raw', 'keep_styles' => false, 'cache_suffix' => 'wp-mce-' . $tinymce_version, 'resize' => 'vertical', 'menubar' => false, 'branding' => false, // Limit the preview styles in the menu/toolbar. 'preview_styles' => 'font-family font-size font-weight font-style text-decoration text-transform', 'end_container_on_empty_block' => true, 'wpeditimage_html5_captions' => true, 'wp_lang_attr' => get_bloginfo( 'language' ), 'wp_shortcut_labels' => wp_json_encode( $shortcut_labels ), ); $suffix = SCRIPT_DEBUG ? '' : '.min'; $version = 'ver=' . get_bloginfo( 'version' ); // Default stylesheets. $settings['content_css'] = includes_url( "css/dashicons$suffix.css?$version" ) . ',' . includes_url( "js/tinymce/skins/wordpress/wp-content.css?$version" ); return $settings; } /** * @since 4.7.0 * * @return array */ private static function get_translation() { if ( empty( self::$translation ) ) { self::$translation = array( // Default TinyMCE strings. 'New document' => __( 'New document' ), 'Formats' => _x( 'Formats', 'TinyMCE' ), 'Headings' => _x( 'Headings', 'TinyMCE' ), 'Heading 1' => array( __( 'Heading 1' ), 'access1' ), 'Heading 2' => array( __( 'Heading 2' ), 'access2' ), 'Heading 3' => array( __( 'Heading 3' ), 'access3' ), 'Heading 4' => array( __( 'Heading 4' ), 'access4' ), 'Heading 5' => array( __( 'Heading 5' ), 'access5' ), 'Heading 6' => array( __( 'Heading 6' ), 'access6' ), /* translators: Block tags. */ 'Blocks' => _x( 'Blocks', 'TinyMCE' ), 'Paragraph' => array( __( 'Paragraph' ), 'access7' ), 'Blockquote' => array( __( 'Blockquote' ), 'accessQ' ), 'Div' => _x( 'Div', 'HTML tag' ), 'Pre' => _x( 'Pre', 'HTML tag' ), 'Preformatted' => _x( 'Preformatted', 'HTML tag' ), 'Address' => _x( 'Address', 'HTML tag' ), 'Inline' => _x( 'Inline', 'HTML elements' ), 'Underline' => array( __( 'Underline' ), 'metaU' ), 'Strikethrough' => array( __( 'Strikethrough' ), 'accessD' ), 'Subscript' => __( 'Subscript' ), 'Superscript' => __( 'Superscript' ), 'Clear formatting' => __( 'Clear formatting' ), 'Bold' => array( __( 'Bold' ), 'metaB' ), 'Italic' => array( __( 'Italic' ), 'metaI' ), 'Code' => array( __( 'Code' ), 'accessX' ), 'Source code' => __( 'Source code' ), 'Font Family' => __( 'Font Family' ), 'Font Sizes' => __( 'Font Sizes' ), 'Align center' => array( __( 'Align center' ), 'accessC' ), 'Align right' => array( __( 'Align right' ), 'accessR' ), 'Align left' => array( __( 'Align left' ), 'accessL' ), 'Justify' => array( __( 'Justify' ), 'accessJ' ), 'Increase indent' => __( 'Increase indent' ), 'Decrease indent' => __( 'Decrease indent' ), 'Cut' => array( __( 'Cut' ), 'metaX' ), 'Copy' => array( __( 'Copy' ), 'metaC' ), 'Paste' => array( __( 'Paste' ), 'metaV' ), 'Select all' => array( __( 'Select all' ), 'metaA' ), 'Undo' => array( __( 'Undo' ), 'metaZ' ), 'Redo' => array( __( 'Redo' ), 'metaY' ), 'Ok' => __( 'OK' ), 'Cancel' => __( 'Cancel' ), 'Close' => __( 'Close' ), 'Visual aids' => __( 'Visual aids' ), 'Bullet list' => array( __( 'Bulleted list' ), 'accessU' ), 'Numbered list' => array( __( 'Numbered list' ), 'accessO' ), 'Square' => _x( 'Square', 'list style' ), 'Default' => _x( 'Default', 'list style' ), 'Circle' => _x( 'Circle', 'list style' ), 'Disc' => _x( 'Disc', 'list style' ), 'Lower Greek' => _x( 'Lower Greek', 'list style' ), 'Lower Alpha' => _x( 'Lower Alpha', 'list style' ), 'Upper Alpha' => _x( 'Upper Alpha', 'list style' ), 'Upper Roman' => _x( 'Upper Roman', 'list style' ), 'Lower Roman' => _x( 'Lower Roman', 'list style' ), // Anchor plugin. 'Name' => _x( 'Name', 'Name of link anchor (TinyMCE)' ), 'Anchor' => _x( 'Anchor', 'Link anchor (TinyMCE)' ), 'Anchors' => _x( 'Anchors', 'Link anchors (TinyMCE)' ), 'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' => __( 'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' ), 'Id' => _x( 'Id', 'Id for link anchor (TinyMCE)' ), // Fullpage plugin. 'Document properties' => __( 'Document properties' ), 'Robots' => __( 'Robots' ), 'Title' => __( 'Title' ), 'Keywords' => __( 'Keywords' ), 'Encoding' => __( 'Encoding' ), 'Description' => __( 'Description' ), 'Author' => __( 'Author' ), // Media, image plugins. 'Image' => __( 'Image' ), 'Insert/edit image' => array( __( 'Insert/edit image' ), 'accessM' ), 'General' => __( 'General' ), 'Advanced' => __( 'Advanced' ), 'Source' => __( 'Source' ), 'Border' => __( 'Border' ), 'Constrain proportions' => __( 'Constrain proportions' ), 'Vertical space' => __( 'Vertical space' ), 'Image description' => __( 'Image description' ), 'Style' => __( 'Style' ), 'Dimensions' => __( 'Dimensions' ), 'Insert image' => __( 'Insert image' ), 'Date/time' => __( 'Date/time' ), 'Insert date/time' => __( 'Insert date/time' ), 'Table of Contents' => __( 'Table of Contents' ), 'Insert/Edit code sample' => __( 'Insert/edit code sample' ), 'Language' => __( 'Language' ), 'Media' => __( 'Media' ), 'Insert/edit media' => __( 'Insert/edit media' ), 'Poster' => __( 'Poster' ), 'Alternative source' => __( 'Alternative source' ), 'Paste your embed code below:' => __( 'Paste your embed code below:' ), 'Insert video' => __( 'Insert video' ), 'Embed' => __( 'Embed' ), // Each of these have a corresponding plugin. 'Special character' => __( 'Special character' ), 'Right to left' => _x( 'Right to left', 'editor button' ), 'Left to right' => _x( 'Left to right', 'editor button' ), 'Emoticons' => __( 'Emoticons' ), 'Nonbreaking space' => __( 'Nonbreaking space' ), 'Page break' => __( 'Page break' ), 'Paste as text' => __( 'Paste as text' ), 'Preview' => __( 'Preview' ), 'Print' => __( 'Print' ), 'Save' => __( 'Save' ), 'Fullscreen' => __( 'Fullscreen' ), 'Horizontal line' => __( 'Horizontal line' ), 'Horizontal space' => __( 'Horizontal space' ), 'Restore last draft' => __( 'Restore last draft' ), 'Insert/edit link' => array( __( 'Insert/edit link' ), 'metaK' ), 'Remove link' => array( __( 'Remove link' ), 'accessS' ), // Link plugin. 'Link' => __( 'Link' ), 'Insert link' => __( 'Insert link' ), 'Target' => __( 'Target' ), 'New window' => __( 'New window' ), 'Text to display' => __( 'Text to display' ), 'Url' => __( 'URL' ), 'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' => __( 'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' ), 'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' => __( 'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' ), 'Color' => __( 'Color' ), 'Custom color' => __( 'Custom color' ), 'Custom...' => _x( 'Custom...', 'label for custom color' ), // No ellipsis. 'No color' => __( 'No color' ), 'R' => _x( 'R', 'Short for red in RGB' ), 'G' => _x( 'G', 'Short for green in RGB' ), 'B' => _x( 'B', 'Short for blue in RGB' ), // Spelling, search/replace plugins. 'Could not find the specified string.' => __( 'Could not find the specified string.' ), 'Replace' => _x( 'Replace', 'find/replace' ), 'Next' => _x( 'Next', 'find/replace' ), /* translators: Previous. */ 'Prev' => _x( 'Prev', 'find/replace' ), 'Whole words' => _x( 'Whole words', 'find/replace' ), 'Find and replace' => __( 'Find and replace' ), 'Replace with' => _x( 'Replace with', 'find/replace' ), 'Find' => _x( 'Find', 'find/replace' ), 'Replace all' => _x( 'Replace all', 'find/replace' ), 'Match case' => __( 'Match case' ), 'Spellcheck' => __( 'Check Spelling' ), 'Finish' => _x( 'Finish', 'spellcheck' ), 'Ignore all' => _x( 'Ignore all', 'spellcheck' ), 'Ignore' => _x( 'Ignore', 'spellcheck' ), 'Add to Dictionary' => __( 'Add to Dictionary' ), // TinyMCE tables. 'Insert table' => __( 'Insert table' ), 'Delete table' => __( 'Delete table' ), 'Table properties' => __( 'Table properties' ), 'Row properties' => __( 'Table row properties' ), 'Cell properties' => __( 'Table cell properties' ), 'Border color' => __( 'Border color' ), 'Row' => __( 'Row' ), 'Rows' => __( 'Rows' ), 'Column' => __( 'Column' ), 'Cols' => __( 'Columns' ), 'Cell' => _x( 'Cell', 'table cell' ), 'Header cell' => __( 'Header cell' ), 'Header' => _x( 'Header', 'table header' ), 'Body' => _x( 'Body', 'table body' ), 'Footer' => _x( 'Footer', 'table footer' ), 'Insert row before' => __( 'Insert row before' ), 'Insert row after' => __( 'Insert row after' ), 'Insert column before' => __( 'Insert column before' ), 'Insert column after' => __( 'Insert column after' ), 'Paste row before' => __( 'Paste table row before' ), 'Paste row after' => __( 'Paste table row after' ), 'Delete row' => __( 'Delete row' ), 'Delete column' => __( 'Delete column' ), 'Cut row' => __( 'Cut table row' ), 'Copy row' => __( 'Copy table row' ), 'Merge cells' => __( 'Merge table cells' ), 'Split cell' => __( 'Split table cell' ), 'Height' => __( 'Height' ), 'Width' => __( 'Width' ), 'Caption' => __( 'Caption' ), 'Alignment' => __( 'Alignment' ), 'H Align' => _x( 'H Align', 'horizontal table cell alignment' ), 'Left' => __( 'Left' ), 'Center' => __( 'Center' ), 'Right' => __( 'Right' ), 'None' => _x( 'None', 'table cell alignment attribute' ), 'V Align' => _x( 'V Align', 'vertical table cell alignment' ), 'Top' => __( 'Top' ), 'Middle' => __( 'Middle' ), 'Bottom' => __( 'Bottom' ), 'Row group' => __( 'Row group' ), 'Column group' => __( 'Column group' ), 'Row type' => __( 'Row type' ), 'Cell type' => __( 'Cell type' ), 'Cell padding' => __( 'Cell padding' ), 'Cell spacing' => __( 'Cell spacing' ), 'Scope' => _x( 'Scope', 'table cell scope attribute' ), 'Insert template' => _x( 'Insert template', 'TinyMCE' ), 'Templates' => _x( 'Templates', 'TinyMCE' ), 'Background color' => __( 'Background color' ), 'Text color' => __( 'Text color' ), 'Show blocks' => _x( 'Show blocks', 'editor button' ), 'Show invisible characters' => __( 'Show invisible characters' ), /* translators: Word count. */ 'Words: {0}' => sprintf( __( 'Words: %s' ), '{0}' ), 'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' => __( 'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' ) . "\n\n" . __( 'If you are looking to paste rich content from Microsoft Word, try turning this option off. The editor will clean up text pasted from Word automatically.' ), 'Rich Text Area. Press ALT-F9 for menu. Press ALT-F10 for toolbar. Press ALT-0 for help' => __( 'Rich Text Area. Press Alt-Shift-H for help.' ), 'Rich Text Area. Press Control-Option-H for help.' => __( 'Rich Text Area. Press Control-Option-H for help.' ), 'You have unsaved changes are you sure you want to navigate away?' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'Your browser doesn\'t support direct access to the clipboard. Please use the Ctrl+X/C/V keyboard shortcuts instead.' => __( 'Your browser does not support direct access to the clipboard. Please use keyboard shortcuts or your browser’s edit menu instead.' ), // TinyMCE menus. 'Insert' => _x( 'Insert', 'TinyMCE menu' ), 'File' => _x( 'File', 'TinyMCE menu' ), 'Edit' => _x( 'Edit', 'TinyMCE menu' ), 'Tools' => _x( 'Tools', 'TinyMCE menu' ), 'View' => _x( 'View', 'TinyMCE menu' ), 'Table' => _x( 'Table', 'TinyMCE menu' ), 'Format' => _x( 'Format', 'TinyMCE menu' ), // WordPress strings. 'Toolbar Toggle' => array( __( 'Toolbar Toggle' ), 'accessZ' ), 'Insert Read More tag' => array( __( 'Insert Read More tag' ), 'accessT' ), 'Insert Page Break tag' => array( __( 'Insert Page Break tag' ), 'accessP' ), 'Read more...' => __( 'Read more...' ), // Title on the placeholder inside the editor (no ellipsis). 'Distraction-free writing mode' => array( __( 'Distraction-free writing mode' ), 'accessW' ), 'No alignment' => __( 'No alignment' ), // Tooltip for the 'alignnone' button in the image toolbar. 'Remove' => __( 'Remove' ), // Tooltip for the 'remove' button in the image toolbar. 'Edit|button' => __( 'Edit' ), // Tooltip for the 'edit' button in the image toolbar. 'Paste URL or type to search' => __( 'Paste URL or type to search' ), // Placeholder for the inline link dialog. 'Apply' => __( 'Apply' ), // Tooltip for the 'apply' button in the inline link dialog. 'Link options' => __( 'Link options' ), // Tooltip for the 'link options' button in the inline link dialog. 'Visual' => _x( 'Visual', 'Name for the Visual editor tab' ), // Editor switch tab label. 'Code|tab' => _x( 'Code', 'Name for the Code editor tab (formerly Text)' ), // Editor switch tab label. 'Add Media' => array( __( 'Add Media' ), 'accessM' ), // Tooltip for the 'Add Media' button in the block editor Classic block. // Shortcuts help modal. 'Keyboard Shortcuts' => array( __( 'Keyboard Shortcuts' ), 'accessH' ), 'Classic Block Keyboard Shortcuts' => __( 'Classic Block Keyboard Shortcuts' ), 'Default shortcuts,' => __( 'Default shortcuts,' ), 'Additional shortcuts,' => __( 'Additional shortcuts,' ), 'Focus shortcuts:' => __( 'Focus shortcuts:' ), 'Inline toolbar (when an image, link or preview is selected)' => __( 'Inline toolbar (when an image, link or preview is selected)' ), 'Editor menu (when enabled)' => __( 'Editor menu (when enabled)' ), 'Editor toolbar' => __( 'Editor toolbar' ), 'Elements path' => __( 'Elements path' ), 'Ctrl + Alt + letter:' => __( 'Ctrl + Alt + letter:' ), 'Shift + Alt + letter:' => __( 'Shift + Alt + letter:' ), 'Cmd + letter:' => __( 'Cmd + letter:' ), 'Ctrl + letter:' => __( 'Ctrl + letter:' ), 'Letter' => __( 'Letter' ), 'Action' => __( 'Action' ), 'Warning: the link has been inserted but may have errors. Please test it.' => __( 'Warning: the link has been inserted but may have errors. Please test it.' ), 'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' => __( 'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' ), 'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' => __( 'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' ), 'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' => __( 'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' ), 'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' => __( 'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' ), ); } /* Imagetools plugin (not included): 'Edit image' => __( 'Edit image' ), 'Image options' => __( 'Image options' ), 'Back' => __( 'Back' ), 'Invert' => __( 'Invert' ), 'Flip horizontally' => __( 'Flip horizontal' ), 'Flip vertically' => __( 'Flip vertical' ), 'Crop' => __( 'Crop' ), 'Orientation' => __( 'Orientation' ), 'Resize' => __( 'Resize' ), 'Rotate clockwise' => __( 'Rotate right' ), 'Rotate counterclockwise' => __( 'Rotate left' ), 'Sharpen' => __( 'Sharpen' ), 'Brightness' => __( 'Brightness' ), 'Color levels' => __( 'Color levels' ), 'Contrast' => __( 'Contrast' ), 'Gamma' => __( 'Gamma' ), 'Zoom in' => __( 'Zoom in' ), 'Zoom out' => __( 'Zoom out' ), */ return self::$translation; } /** * Translates the default TinyMCE strings and returns them as JSON encoded object ready to be loaded with tinymce.addI18n(), * or as JS snippet that should run after tinymce.js is loaded. * * @since 3.9.0 * * @param string $mce_locale The locale used for the editor. * @param bool $json_only Optional. Whether to include the JavaScript calls to tinymce.addI18n() and * tinymce.ScriptLoader.markDone(). Default false. * @return string Translation object, JSON encoded. */ public static function wp_mce_translation( $mce_locale = '', $json_only = false ) { if ( ! $mce_locale ) { $mce_locale = self::get_mce_locale(); } $mce_translation = self::get_translation(); foreach ( $mce_translation as $name => $value ) { if ( is_array( $value ) ) { $mce_translation[ $name ] = $value[0]; } } /** * Filters translated strings prepared for TinyMCE. * * @since 3.9.0 * * @param array $mce_translation Key/value pairs of strings. * @param string $mce_locale Locale. */ $mce_translation = apply_filters( 'wp_mce_translation', $mce_translation, $mce_locale ); foreach ( $mce_translation as $key => $value ) { // Remove strings that are not translated. if ( $key === $value ) { unset( $mce_translation[ $key ] ); continue; } if ( str_contains( $value, '&' ) ) { $mce_translation[ $key ] = html_entity_decode( $value, ENT_QUOTES, 'UTF-8' ); } } // Set direction. if ( is_rtl() ) { $mce_translation['_dir'] = 'rtl'; } if ( $json_only ) { return wp_json_encode( $mce_translation ); } $baseurl = self::get_baseurl(); return "tinymce.addI18n( '$mce_locale', " . wp_json_encode( $mce_translation ) . ");\n" . "tinymce.ScriptLoader.markDone( '$baseurl/langs/$mce_locale.js' );\n"; } /** * Force uncompressed TinyMCE when a custom theme has been defined. * * The compressed TinyMCE file cannot deal with custom themes, so this makes * sure that WordPress uses the uncompressed TinyMCE file if a theme is defined. * Even if the website is running on a production environment. * * @since 5.0.0 */ public static function force_uncompressed_tinymce() { $has_custom_theme = false; foreach ( self::$mce_settings as $init ) { if ( ! empty( $init['theme_url'] ) ) { $has_custom_theme = true; break; } } if ( ! $has_custom_theme ) { return; } $wp_scripts = wp_scripts(); $wp_scripts->remove( 'wp-tinymce' ); wp_register_tinymce_scripts( $wp_scripts, true ); } /** * Print (output) the main TinyMCE scripts. * * @since 4.8.0 * * @global bool $concatenate_scripts */ public static function print_tinymce_scripts() { global $concatenate_scripts; if ( self::$tinymce_scripts_printed ) { return; } self::$tinymce_scripts_printed = true; if ( ! isset( $concatenate_scripts ) ) { script_concat_settings(); } wp_print_scripts( array( 'wp-tinymce' ) ); echo "<script type='text/javascript'>\n" . self::wp_mce_translation() . "</script>\n"; } /** * Print (output) the TinyMCE configuration and initialization scripts. * * @since 3.3.0 * * @global string $tinymce_version */ public static function editor_js() { global $tinymce_version; $tmce_on = ! empty( self::$mce_settings ); $mce_init = ''; $qt_init = ''; if ( $tmce_on ) { foreach ( self::$mce_settings as $editor_id => $init ) { $options = self::_parse_init( $init ); $mce_init .= "'$editor_id':{$options},"; } $mce_init = '{' . trim( $mce_init, ',' ) . '}'; } else { $mce_init = '{}'; } if ( ! empty( self::$qt_settings ) ) { foreach ( self::$qt_settings as $editor_id => $init ) { $options = self::_parse_init( $init ); $qt_init .= "'$editor_id':{$options},"; } $qt_init = '{' . trim( $qt_init, ',' ) . '}'; } else { $qt_init = '{}'; } $ref = array( 'plugins' => implode( ',', self::$plugins ), 'theme' => 'modern', 'language' => self::$mce_locale, ); $suffix = SCRIPT_DEBUG ? '' : '.min'; $baseurl = self::get_baseurl(); $version = 'ver=' . $tinymce_version; /** * Fires immediately before the TinyMCE settings are printed. * * @since 3.2.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'before_wp_tiny_mce', self::$mce_settings ); ?> <script type="text/javascript"> tinyMCEPreInit = { baseURL: "<?php echo $baseurl; ?>", suffix: "<?php echo $suffix; ?>", <?php if ( self::$drag_drop_upload ) { echo 'dragDropUpload: true,'; } ?> mceInit: <?php echo $mce_init; ?>, qtInit: <?php echo $qt_init; ?>, ref: <?php echo self::_parse_init( $ref ); ?>, load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');} }; </script> <?php if ( $tmce_on ) { self::print_tinymce_scripts(); if ( self::$ext_plugins ) { // Load the old-format English strings to prevent unsightly labels in old style popups. echo "<script type='text/javascript' src='{$baseurl}/langs/wp-langs-en.js?$version'></script>\n"; } } /** * Fires after tinymce.js is loaded, but before any TinyMCE editor * instances are created. * * @since 3.9.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'wp_tiny_mce_init', self::$mce_settings ); ?> <script type="text/javascript"> <?php if ( self::$ext_plugins ) { echo self::$ext_plugins . "\n"; } if ( ! is_admin() ) { echo 'var ajaxurl = "' . admin_url( 'admin-ajax.php', 'relative' ) . '";'; } ?> ( function() { var initialized = []; var initialize = function() { var init, id, inPostbox, $wrap; var readyState = document.readyState; if ( readyState !== 'complete' && readyState !== 'interactive' ) { return; } for ( id in tinyMCEPreInit.mceInit ) { if ( initialized.indexOf( id ) > -1 ) { continue; } init = tinyMCEPreInit.mceInit[id]; $wrap = tinymce.$( '#wp-' + id + '-wrap' ); inPostbox = $wrap.parents( '.postbox' ).length > 0; if ( ! init.wp_skip_init && ( $wrap.hasClass( 'tmce-active' ) || ! tinyMCEPreInit.qtInit.hasOwnProperty( id ) ) && ( readyState === 'complete' || ( ! inPostbox && readyState === 'interactive' ) ) ) { tinymce.init( init ); initialized.push( id ); if ( ! window.wpActiveEditor ) { window.wpActiveEditor = id; } } } } if ( typeof tinymce !== 'undefined' ) { if ( tinymce.Env.ie && tinymce.Env.ie < 11 ) { tinymce.$( '.wp-editor-wrap ' ).removeClass( 'tmce-active' ).addClass( 'html-active' ); } else { if ( document.readyState === 'complete' ) { initialize(); } else { document.addEventListener( 'readystatechange', initialize ); } } } if ( typeof quicktags !== 'undefined' ) { for ( id in tinyMCEPreInit.qtInit ) { quicktags( tinyMCEPreInit.qtInit[id] ); if ( ! window.wpActiveEditor ) { window.wpActiveEditor = id; } } } }()); </script> <?php if ( in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) { self::wp_link_dialog(); } /** * Fires after any core TinyMCE editor instances are created. * * @since 3.2.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'after_wp_tiny_mce', self::$mce_settings ); } /** * Outputs the HTML for distraction-free writing mode. * * @since 3.2.0 * @deprecated 4.3.0 */ public static function wp_fullscreen_html() { _deprecated_function( __FUNCTION__, '4.3.0' ); } /** * Performs post queries for internal linking. * * @since 3.1.0 * * @param array $args { * Optional. Array of link query arguments. * * @type int $pagenum Page number. Default 1. * @type string $s Search keywords. * } * @return array|false $results { * An array of associative arrays of query results, false if there are none. * * @type array ...$0 { * @type int $ID Post ID. * @type string $title The trimmed, escaped post title. * @type string $permalink Post permalink. * @type string $info A 'Y/m/d'-formatted date for 'post' post type, * the 'singular_name' post type label otherwise. * } * } */ public static function wp_link_query( $args = array() ) { $pts = get_post_types( array( 'public' => true ), 'objects' ); $pt_names = array_keys( $pts ); $query = array( 'post_type' => $pt_names, 'suppress_filters' => true, 'update_post_term_cache' => false, 'update_post_meta_cache' => false, 'post_status' => 'publish', 'posts_per_page' => 20, ); $args['pagenum'] = isset( $args['pagenum'] ) ? absint( $args['pagenum'] ) : 1; if ( isset( $args['s'] ) ) { $query['s'] = $args['s']; } $query['offset'] = $args['pagenum'] > 1 ? $query['posts_per_page'] * ( $args['pagenum'] - 1 ) : 0; /** * Filters the link query arguments. * * Allows modification of the link query arguments before querying. * * @see WP_Query for a full list of arguments * * @since 3.7.0 * * @param array $query An array of WP_Query arguments. */ $query = apply_filters( 'wp_link_query_args', $query ); // Do main query. $get_posts = new WP_Query(); $posts = $get_posts->query( $query ); // Build results. $results = array(); foreach ( $posts as $post ) { if ( 'post' === $post->post_type ) { $info = mysql2date( __( 'Y/m/d' ), $post->post_date ); } else { $info = $pts[ $post->post_type ]->labels->singular_name; } $results[] = array( 'ID' => $post->ID, 'title' => trim( esc_html( strip_tags( get_the_title( $post ) ) ) ), 'permalink' => get_permalink( $post->ID ), 'info' => $info, ); } /** * Filters the link query results. * * Allows modification of the returned link query results. * * @since 3.7.0 * * @see 'wp_link_query_args' filter * * @param array $results { * An array of associative arrays of query results. * * @type array ...$0 { * @type int $ID Post ID. * @type string $title The trimmed, escaped post title. * @type string $permalink Post permalink. * @type string $info A 'Y/m/d'-formatted date for 'post' post type, * the 'singular_name' post type label otherwise. * } * } * @param array $query An array of WP_Query arguments. */ $results = apply_filters( 'wp_link_query', $results, $query ); return ! empty( $results ) ? $results : false; } /** * Dialog for internal linking. * * @since 3.1.0 */ public static function wp_link_dialog() { // Run once. if ( self::$link_dialog_printed ) { return; } self::$link_dialog_printed = true; // `display: none` is required here, see #WP27605. ?> <div id="wp-link-backdrop" style="display: none"></div> <div id="wp-link-wrap" class="wp-core-ui" style="display: none" role="dialog" aria-modal="true" aria-labelledby="link-modal-title"> <form id="wp-link" tabindex="-1"> <?php wp_nonce_field( 'internal-linking', '_ajax_linking_nonce', false ); ?> <h1 id="link-modal-title"><?php _e( 'Insert/edit link' ); ?></h1> <button type="button" id="wp-link-close"><span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Close' ); ?> </span></button> <div id="link-selector"> <div id="link-options"> <p class="howto" id="wplink-enter-url"><?php _e( 'Enter the destination URL' ); ?></p> <div> <label><span><?php _e( 'URL' ); ?></span> <input id="wp-link-url" type="text" aria-describedby="wplink-enter-url" /></label> </div> <div class="wp-link-text-field"> <label><span><?php _e( 'Link Text' ); ?></span> <input id="wp-link-text" type="text" /></label> </div> <div class="link-target"> <label><span></span> <input type="checkbox" id="wp-link-target" /> <?php _e( 'Open link in a new tab' ); ?></label> </div> </div> <p class="howto" id="wplink-link-existing-content"><?php _e( 'Or link to existing content' ); ?></p> <div id="search-panel"> <div class="link-search-wrapper"> <label> <span class="search-label"><?php _e( 'Search' ); ?></span> <input type="search" id="wp-link-search" class="link-search-field" autocomplete="off" aria-describedby="wplink-link-existing-content" /> <span class="spinner"></span> </label> </div> <div id="search-results" class="query-results" tabindex="0"> <ul></ul> <div class="river-waiting"> <span class="spinner"></span> </div> </div> <div id="most-recent-results" class="query-results" tabindex="0"> <div class="query-notice" id="query-notice-message"> <em class="query-notice-default"><?php _e( 'No search term specified. Showing recent items.' ); ?></em> <em class="query-notice-hint screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Search or use up and down arrow keys to select an item.' ); ?> </em> </div> <ul></ul> <div class="river-waiting"> <span class="spinner"></span> </div> </div> </div> </div> <div class="submitbox"> <div id="wp-link-cancel"> <button type="button" class="button"><?php _e( 'Cancel' ); ?></button> </div> <div id="wp-link-update"> <input type="submit" value="<?php esc_attr_e( 'Add Link' ); ?>" class="button button-primary" id="wp-link-submit" name="wp-link-submit"> </div> </div> </form> </div> <?php } } HTTP/functions.wp-scripts-20260605094328.php 0000666 00000035717 15226703613 0013600 0 ustar 00 <?php /** * Dependencies API: Scripts functions * * @since 2.6.0 * * @package WordPress * @subpackage Dependencies */ /** * Initializes $wp_scripts if it has not been set. * * @since 4.2.0 * * @global WP_Scripts $wp_scripts * * @return WP_Scripts WP_Scripts instance. */ function wp_scripts() { global $wp_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { $wp_scripts = new WP_Scripts(); } return $wp_scripts; } /** * Helper function to output a _doing_it_wrong message when applicable. * * @ignore * @since 4.2.0 * @since 5.5.0 Added the `$handle` parameter. * * @param string $function_name Function name. * @param string $handle Optional. Name of the script or stylesheet that was * registered or enqueued too early. Default empty. */ function _wp_scripts_maybe_doing_it_wrong( $function_name, $handle = '' ) { if ( did_action( 'init' ) || did_action( 'wp_enqueue_scripts' ) || did_action( 'admin_enqueue_scripts' ) || did_action( 'login_enqueue_scripts' ) ) { return; } $message = sprintf( /* translators: 1: wp_enqueue_scripts, 2: admin_enqueue_scripts, 3: login_enqueue_scripts */ __( 'Scripts and styles should not be registered or enqueued until the %1$s, %2$s, or %3$s hooks.' ), '<code>wp_enqueue_scripts</code>', '<code>admin_enqueue_scripts</code>', '<code>login_enqueue_scripts</code>' ); if ( $handle ) { $message .= ' ' . sprintf( /* translators: %s: Name of the script or stylesheet. */ __( 'This notice was triggered by the %s handle.' ), '<code>' . $handle . '</code>' ); } _doing_it_wrong( $function_name, $message, '3.3.0' ); } /** * Prints scripts in document head that are in the $handles queue. * * Called by admin-header.php and {@see 'wp_head'} hook. Since it is called by wp_head on every page load, * the function does not instantiate the WP_Scripts object unless script names are explicitly passed. * Makes use of already-instantiated `$wp_scripts` global if present. Use provided {@see 'wp_print_scripts'} * hook to register/enqueue new scripts. * * @see WP_Scripts::do_item() * @since 2.1.0 * * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * * @param string|string[]|false $handles Optional. Scripts to be printed. Default 'false'. * @return string[] On success, an array of handles of processed WP_Dependencies items; otherwise, an empty array. */ function wp_print_scripts( $handles = false ) { global $wp_scripts; /** * Fires before scripts in the $handles queue are printed. * * @since 2.1.0 */ do_action( 'wp_print_scripts' ); if ( '' === $handles ) { // For 'wp_head'. $handles = false; } _wp_scripts_maybe_doing_it_wrong( __FUNCTION__ ); if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { if ( ! $handles ) { return array(); // No need to instantiate if nothing is there. } } return wp_scripts()->do_items( $handles ); } /** * Adds extra code to a registered script. * * Code will only be added if the script is already in the queue. * Accepts a string `$data` containing the code. If two or more code blocks * are added to the same script `$handle`, they will be printed in the order * they were added, i.e. the latter added code can redeclare the previous. * * @since 4.5.0 * * @see WP_Scripts::add_inline_script() * * @param string $handle Name of the script to add the inline script to. * @param string $data String containing the JavaScript to be added. * @param string $position Optional. Whether to add the inline script before the handle * or after. Default 'after'. * @return bool True on success, false on failure. */ function wp_add_inline_script( $handle, $data, $position = 'after' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); if ( false !== stripos( $data, '</script>' ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: <script>, 2: wp_add_inline_script() */ __( 'Do not pass %1$s tags to %2$s.' ), '<code><script></code>', '<code>wp_add_inline_script()</code>' ), '4.5.0' ); $data = trim( preg_replace( '#<script[^>]*>(.*)</script>#is', '$1', $data ) ); } return wp_scripts()->add_inline_script( $handle, $data, $position ); } /** * Registers a new script. * * Registers a script to be enqueued later using the wp_enqueue_script() function. * * @see WP_Dependencies::add() * @see WP_Dependencies::add_data() * * @since 2.1.0 * @since 4.3.0 A return value was added. * @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array. * @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array. * * @param string $handle Name of the script. Should be unique. * @param string|false $src Full URL of the script, or path of the script relative to the WordPress root directory. * If source is set to false, script is an alias of other scripts it depends on. * @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param array|bool $args { * Optional. An array of additional script loading strategies. Default empty array. * Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false. * * @type string $strategy Optional. If provided, may be either 'defer' or 'async'. * @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'. * @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'. * } * @return bool Whether the script has been registered. True on success, false on failure. */ function wp_register_script( $handle, $src, $deps = array(), $ver = false, $args = array() ) { if ( ! is_array( $args ) ) { $args = array( 'in_footer' => (bool) $args, ); } _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); $wp_scripts = wp_scripts(); $registered = $wp_scripts->add( $handle, $src, $deps, $ver ); if ( ! empty( $args['in_footer'] ) ) { $wp_scripts->add_data( $handle, 'group', 1 ); } if ( ! empty( $args['strategy'] ) ) { $wp_scripts->add_data( $handle, 'strategy', $args['strategy'] ); } if ( ! empty( $args['fetchpriority'] ) ) { $wp_scripts->add_data( $handle, 'fetchpriority', $args['fetchpriority'] ); } return $registered; } /** * Localizes a script. * * Works only if the script has already been registered. * * Accepts an associative array `$l10n` and creates a JavaScript object: * * "$object_name": { * key: value, * key: value, * ... * } * * @see WP_Scripts::localize() * @link https://core.trac.wordpress.org/ticket/11520 * * @since 2.2.0 * * @todo Documentation cleanup * * @param string $handle Script handle the data will be attached to. * @param string $object_name Name for the JavaScript object. Passed directly, so it should be qualified JS variable. * Example: '/[a-zA-Z0-9_]+/'. * @param array $l10n The data itself. The data can be either a single or multi-dimensional array. * @return bool True if the script was successfully localized, false otherwise. */ function wp_localize_script( $handle, $object_name, $l10n ) { $wp_scripts = wp_scripts(); return $wp_scripts->localize( $handle, $object_name, $l10n ); } /** * Sets translated strings for a script. * * Works only if the script has already been registered. * * @see WP_Scripts::set_translations() * @since 5.0.0 * @since 5.1.0 The `$domain` parameter was made optional. * * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * * @param string $handle Script handle the textdomain will be attached to. * @param string $domain Optional. Text domain. Default 'default'. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool True if the text domain was successfully localized, false otherwise. */ function wp_set_script_translations( $handle, $domain = 'default', $path = '' ) { global $wp_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return false; } return $wp_scripts->set_translations( $handle, $domain, $path ); } /** * Removes a registered script. * * Note: there are intentional safeguards in place to prevent critical admin scripts, * such as jQuery core, from being unregistered. * * @see WP_Dependencies::remove() * * @since 2.1.0 * * @global string $pagenow The filename of the current screen. * * @param string $handle Name of the script to be removed. */ function wp_deregister_script( $handle ) { global $pagenow; _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); /** * Do not allow accidental or negligent de-registering of critical scripts in the admin. * Show minimal remorse if the correct hook is used. */ $current_filter = current_filter(); if ( ( is_admin() && 'admin_enqueue_scripts' !== $current_filter ) || ( 'wp-login.php' === $pagenow && 'login_enqueue_scripts' !== $current_filter ) ) { $not_allowed = array( 'jquery', 'jquery-core', 'jquery-migrate', 'jquery-ui-core', 'jquery-ui-accordion', 'jquery-ui-autocomplete', 'jquery-ui-button', 'jquery-ui-datepicker', 'jquery-ui-dialog', 'jquery-ui-draggable', 'jquery-ui-droppable', 'jquery-ui-menu', 'jquery-ui-mouse', 'jquery-ui-position', 'jquery-ui-progressbar', 'jquery-ui-resizable', 'jquery-ui-selectable', 'jquery-ui-slider', 'jquery-ui-sortable', 'jquery-ui-spinner', 'jquery-ui-tabs', 'jquery-ui-tooltip', 'jquery-ui-widget', 'underscore', 'backbone', ); if ( in_array( $handle, $not_allowed, true ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: Script name, 2: wp_enqueue_scripts */ __( 'Do not deregister the %1$s script in the administration area. To target the front-end theme, use the %2$s hook.' ), "<code>$handle</code>", '<code>wp_enqueue_scripts</code>' ), '3.6.0' ); return; } } wp_scripts()->remove( $handle ); } /** * Enqueues a script. * * Registers the script if `$src` provided (does NOT overwrite), and enqueues it. * * @see WP_Dependencies::add() * @see WP_Dependencies::add_data() * @see WP_Dependencies::enqueue() * * @since 2.1.0 * @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array. * @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array. * * @param string $handle Name of the script. Should be unique. * @param string $src Full URL of the script, or path of the script relative to the WordPress root directory. * Default empty. * @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param array|bool $args { * Optional. An array of additional script loading strategies. Default empty array. * Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false. * * @type string $strategy Optional. If provided, may be either 'defer' or 'async'. * @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'. * @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'. * } */ function wp_enqueue_script( $handle, $src = '', $deps = array(), $ver = false, $args = array() ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); $wp_scripts = wp_scripts(); if ( $src || ! empty( $args ) ) { $_handle = explode( '?', $handle ); if ( ! is_array( $args ) ) { $args = array( 'in_footer' => (bool) $args, ); } if ( $src ) { $wp_scripts->add( $_handle[0], $src, $deps, $ver ); } if ( ! empty( $args['in_footer'] ) ) { $wp_scripts->add_data( $_handle[0], 'group', 1 ); } if ( ! empty( $args['strategy'] ) ) { $wp_scripts->add_data( $_handle[0], 'strategy', $args['strategy'] ); } if ( ! empty( $args['fetchpriority'] ) ) { $wp_scripts->add_data( $_handle[0], 'fetchpriority', $args['fetchpriority'] ); } } $wp_scripts->enqueue( $handle ); } /** * Removes a previously enqueued script. * * @see WP_Dependencies::dequeue() * * @since 3.1.0 * * @param string $handle Name of the script to be removed. */ function wp_dequeue_script( $handle ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); wp_scripts()->dequeue( $handle ); } /** * Determines whether a script has been added to the queue. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.8.0 * @since 3.5.0 'enqueued' added as an alias of the 'queue' list. * * @param string $handle Name of the script. * @param string $status Optional. Status of the script to check. Default 'enqueued'. * Accepts 'enqueued', 'registered', 'queue', 'to_do', and 'done'. * @return bool Whether the script is queued. */ function wp_script_is( $handle, $status = 'enqueued' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return (bool) wp_scripts()->query( $handle, $status ); } /** * Adds metadata to a script. * * Works only if the script has already been registered. * * Possible values for $key and $value: * 'strategy' string 'defer' or 'async'. * * @since 4.2.0 * @since 6.9.0 Updated possible values to remove reference to 'conditional' and add 'strategy'. * * @see WP_Dependencies::add_data() * * @param string $handle Name of the script. * @param string $key Name of data point for which we're storing a value. * @param mixed $value String containing the data to be added. * @return bool True on success, false on failure. */ function wp_script_add_data( $handle, $key, $value ) { return wp_scripts()->add_data( $handle, $key, $value ); } HTTP/class-wp-theme-json.php 0000666 00000500773 15226703613 0011661 0 ustar 00 <?php /** * WP_Theme_JSON class * * @package WordPress * @subpackage Theme * @since 5.8.0 */ /** * Class that encapsulates the processing of structures that adhere to the theme.json spec. * * This class is for internal core usage and is not supposed to be used by extenders (plugins and/or themes). * This is a low-level API that may need to do breaking changes. Please, * use get_global_settings, get_global_styles, and get_global_stylesheet instead. * * @access private */ #[AllowDynamicProperties] class WP_Theme_JSON { /** * Container of data in theme.json format. * * @since 5.8.0 * @var array */ protected $theme_json = null; /** * Holds block metadata extracted from block.json * to be shared among all instances so we don't * process it twice. * * @since 5.8.0 * @since 6.1.0 Initialize as an empty array. * @var array */ protected static $blocks_metadata = array(); /** * The CSS selector for the top-level preset settings. * * @since 6.6.0 * @var string */ const ROOT_CSS_PROPERTIES_SELECTOR = ':root'; /** * The CSS selector for the top-level styles. * * @since 5.8.0 * @var string */ const ROOT_BLOCK_SELECTOR = 'body'; /** * The sources of data this object can represent. * * @since 5.8.0 * @since 6.1.0 Added 'blocks'. * @var string[] */ const VALID_ORIGINS = array( 'default', 'blocks', 'theme', 'custom', ); /** * Presets are a set of values that serve * to bootstrap some styles: colors, font sizes, etc. * * They are a unkeyed array of values such as: * * array( * array( * 'slug' => 'unique-name-within-the-set', * 'name' => 'Name for the UI', * <value_key> => 'value' * ), * ) * * This contains the necessary metadata to process them: * * - path => Where to find the preset within the settings section. * - prevent_override => Disables override of default presets by theme presets. * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults by setting this false. * - use_default_names => whether to use the default names * - value_key => the key that represents the value * - value_func => optionally, instead of value_key, a function to generate * the value that takes a preset as an argument * (either value_key or value_func should be present) * - css_vars => template string to use in generating the CSS Custom Property. * Example output: "--wp--preset--duotone--blue: <value>" will generate as many CSS Custom Properties as presets defined * substituting the $slug for the slug's value for each preset value. * - classes => array containing a structure with the classes to * generate for the presets, where for each array item * the key is the class name and the value the property name. * The "$slug" substring will be replaced by the slug of each preset. * For example: * 'classes' => array( * '.has-$slug-color' => 'color', * '.has-$slug-background-color' => 'background-color', * '.has-$slug-border-color' => 'border-color', * ) * - properties => array of CSS properties to be used by kses to * validate the content of each preset * by means of the remove_insecure_properties method. * * @since 5.8.0 * @since 5.9.0 Added the `color.duotone` and `typography.fontFamilies` presets, * `use_default_names` preset key, and simplified the metadata structure. * @since 6.0.0 Replaced `override` with `prevent_override` and updated the * `prevent_override` value for `color.duotone` to use `color.defaultDuotone`. * @since 6.2.0 Added 'shadow' presets. * @since 6.3.0 Replaced value_func for duotone with `null`. Custom properties are handled by class-wp-duotone.php. * @since 6.6.0 Added the `dimensions.aspectRatios` and `dimensions.defaultAspectRatios` presets. * Updated the 'prevent_override' value for font size presets to use 'typography.defaultFontSizes' * and spacing size presets to use `spacing.defaultSpacingSizes`. * @since 6.9.0 Added `border.radiusSizes`. * @var array */ const PRESETS_METADATA = array( array( 'path' => array( 'dimensions', 'aspectRatios' ), 'prevent_override' => array( 'dimensions', 'defaultAspectRatios' ), 'use_default_names' => false, 'value_key' => 'ratio', 'css_vars' => '--wp--preset--aspect-ratio--$slug', 'classes' => array(), 'properties' => array( 'aspect-ratio' ), ), array( 'path' => array( 'color', 'palette' ), 'prevent_override' => array( 'color', 'defaultPalette' ), 'use_default_names' => false, 'value_key' => 'color', 'css_vars' => '--wp--preset--color--$slug', 'classes' => array( '.has-$slug-color' => 'color', '.has-$slug-background-color' => 'background-color', '.has-$slug-border-color' => 'border-color', ), 'properties' => array( 'color', 'background-color', 'border-color' ), ), array( 'path' => array( 'color', 'gradients' ), 'prevent_override' => array( 'color', 'defaultGradients' ), 'use_default_names' => false, 'value_key' => 'gradient', 'css_vars' => '--wp--preset--gradient--$slug', 'classes' => array( '.has-$slug-gradient-background' => 'background' ), 'properties' => array( 'background' ), ), array( 'path' => array( 'color', 'duotone' ), 'prevent_override' => array( 'color', 'defaultDuotone' ), 'use_default_names' => false, 'value_func' => null, // CSS Custom Properties for duotone are handled by block supports in class-wp-duotone.php. 'css_vars' => null, 'classes' => array(), 'properties' => array( 'filter' ), ), array( 'path' => array( 'typography', 'fontSizes' ), 'prevent_override' => array( 'typography', 'defaultFontSizes' ), 'use_default_names' => true, 'value_func' => 'wp_get_typography_font_size_value', 'css_vars' => '--wp--preset--font-size--$slug', 'classes' => array( '.has-$slug-font-size' => 'font-size' ), 'properties' => array( 'font-size' ), ), array( 'path' => array( 'typography', 'fontFamilies' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'fontFamily', 'css_vars' => '--wp--preset--font-family--$slug', 'classes' => array( '.has-$slug-font-family' => 'font-family' ), 'properties' => array( 'font-family' ), ), array( 'path' => array( 'spacing', 'spacingSizes' ), 'prevent_override' => array( 'spacing', 'defaultSpacingSizes' ), 'use_default_names' => true, 'value_key' => 'size', 'css_vars' => '--wp--preset--spacing--$slug', 'classes' => array(), 'properties' => array( 'padding', 'margin' ), ), array( 'path' => array( 'shadow', 'presets' ), 'prevent_override' => array( 'shadow', 'defaultPresets' ), 'use_default_names' => false, 'value_key' => 'shadow', 'css_vars' => '--wp--preset--shadow--$slug', 'classes' => array(), 'properties' => array( 'box-shadow' ), ), array( 'path' => array( 'border', 'radiusSizes' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'size', 'css_vars' => '--wp--preset--border-radius--$slug', 'classes' => array(), 'properties' => array( 'border-radius' ), ), ); /** * Metadata for style properties. * * Each element is a direct mapping from the CSS property name to the * path to the value in theme.json & block attributes. * * @since 5.8.0 * @since 5.9.0 Added the `border-*`, `font-family`, `font-style`, `font-weight`, * `letter-spacing`, `margin-*`, `padding-*`, `--wp--style--block-gap`, * `text-decoration`, `text-transform`, and `filter` properties, * simplified the metadata structure. * @since 6.1.0 Added the `border-*-color`, `border-*-width`, `border-*-style`, * `--wp--style--root--padding-*`, and `box-shadow` properties, * removed the `--wp--style--block-gap` property. * @since 6.2.0 Added `outline-*`, and `min-height` properties. * @since 6.3.0 Added `column-count` property. * @since 6.4.0 Added `writing-mode` property. * @since 6.5.0 Added `aspect-ratio` property. * @since 6.6.0 Added `background-[image|position|repeat|size]` properties. * @since 6.7.0 Added `background-attachment` property. * @var array */ const PROPERTIES_METADATA = array( 'aspect-ratio' => array( 'dimensions', 'aspectRatio' ), 'background' => array( 'color', 'gradient' ), 'background-color' => array( 'color', 'background' ), 'background-image' => array( 'background', 'backgroundImage' ), 'background-position' => array( 'background', 'backgroundPosition' ), 'background-repeat' => array( 'background', 'backgroundRepeat' ), 'background-size' => array( 'background', 'backgroundSize' ), 'background-attachment' => array( 'background', 'backgroundAttachment' ), 'border-radius' => array( 'border', 'radius' ), 'border-top-left-radius' => array( 'border', 'radius', 'topLeft' ), 'border-top-right-radius' => array( 'border', 'radius', 'topRight' ), 'border-bottom-left-radius' => array( 'border', 'radius', 'bottomLeft' ), 'border-bottom-right-radius' => array( 'border', 'radius', 'bottomRight' ), 'border-color' => array( 'border', 'color' ), 'border-width' => array( 'border', 'width' ), 'border-style' => array( 'border', 'style' ), 'border-top-color' => array( 'border', 'top', 'color' ), 'border-top-width' => array( 'border', 'top', 'width' ), 'border-top-style' => array( 'border', 'top', 'style' ), 'border-right-color' => array( 'border', 'right', 'color' ), 'border-right-width' => array( 'border', 'right', 'width' ), 'border-right-style' => array( 'border', 'right', 'style' ), 'border-bottom-color' => array( 'border', 'bottom', 'color' ), 'border-bottom-width' => array( 'border', 'bottom', 'width' ), 'border-bottom-style' => array( 'border', 'bottom', 'style' ), 'border-left-color' => array( 'border', 'left', 'color' ), 'border-left-width' => array( 'border', 'left', 'width' ), 'border-left-style' => array( 'border', 'left', 'style' ), 'color' => array( 'color', 'text' ), 'text-align' => array( 'typography', 'textAlign' ), 'column-count' => array( 'typography', 'textColumns' ), 'font-family' => array( 'typography', 'fontFamily' ), 'font-size' => array( 'typography', 'fontSize' ), 'font-style' => array( 'typography', 'fontStyle' ), 'font-weight' => array( 'typography', 'fontWeight' ), 'letter-spacing' => array( 'typography', 'letterSpacing' ), 'line-height' => array( 'typography', 'lineHeight' ), 'margin' => array( 'spacing', 'margin' ), 'margin-top' => array( 'spacing', 'margin', 'top' ), 'margin-right' => array( 'spacing', 'margin', 'right' ), 'margin-bottom' => array( 'spacing', 'margin', 'bottom' ), 'margin-left' => array( 'spacing', 'margin', 'left' ), 'min-height' => array( 'dimensions', 'minHeight' ), 'outline-color' => array( 'outline', 'color' ), 'outline-offset' => array( 'outline', 'offset' ), 'outline-style' => array( 'outline', 'style' ), 'outline-width' => array( 'outline', 'width' ), 'padding' => array( 'spacing', 'padding' ), 'padding-top' => array( 'spacing', 'padding', 'top' ), 'padding-right' => array( 'spacing', 'padding', 'right' ), 'padding-bottom' => array( 'spacing', 'padding', 'bottom' ), 'padding-left' => array( 'spacing', 'padding', 'left' ), '--wp--style--root--padding' => array( 'spacing', 'padding' ), '--wp--style--root--padding-top' => array( 'spacing', 'padding', 'top' ), '--wp--style--root--padding-right' => array( 'spacing', 'padding', 'right' ), '--wp--style--root--padding-bottom' => array( 'spacing', 'padding', 'bottom' ), '--wp--style--root--padding-left' => array( 'spacing', 'padding', 'left' ), 'text-decoration' => array( 'typography', 'textDecoration' ), 'text-transform' => array( 'typography', 'textTransform' ), 'filter' => array( 'filter', 'duotone' ), 'box-shadow' => array( 'shadow' ), 'writing-mode' => array( 'typography', 'writingMode' ), ); /** * Indirect metadata for style properties that are not directly output. * * Each element maps from a CSS property name to an array of * paths to the value in theme.json & block attributes. * * Indirect properties are not output directly by `compute_style_properties`, * but are used elsewhere in the processing of global styles. The indirect * property is used to validate whether a style value is allowed. * * @since 6.2.0 * @since 6.6.0 Added background-image properties. * @var array */ const INDIRECT_PROPERTIES_METADATA = array( 'gap' => array( array( 'spacing', 'blockGap' ), ), 'column-gap' => array( array( 'spacing', 'blockGap', 'left' ), ), 'row-gap' => array( array( 'spacing', 'blockGap', 'top' ), ), 'max-width' => array( array( 'layout', 'contentSize' ), array( 'layout', 'wideSize' ), ), 'background-image' => array( array( 'background', 'backgroundImage', 'url' ), ), ); /** * Protected style properties. * * These style properties are only rendered if a setting enables it * via a value other than `null`. * * Each element maps the style property to the corresponding theme.json * setting key. * * @since 5.9.0 * @var array */ const PROTECTED_PROPERTIES = array( 'spacing.blockGap' => array( 'spacing', 'blockGap' ), ); /** * The top-level keys a theme.json can have. * * @since 5.8.0 As `ALLOWED_TOP_LEVEL_KEYS`. * @since 5.9.0 Renamed from `ALLOWED_TOP_LEVEL_KEYS` to `VALID_TOP_LEVEL_KEYS`, * added the `customTemplates` and `templateParts` values. * @since 6.3.0 Added the `description` value. * @since 6.6.0 Added `blockTypes` to support block style variation theme.json partials. * @var string[] */ const VALID_TOP_LEVEL_KEYS = array( 'blockTypes', 'customTemplates', 'description', 'patterns', 'settings', 'slug', 'styles', 'templateParts', 'title', 'version', ); /** * The valid properties under the settings key. * * @since 5.8.0 As `ALLOWED_SETTINGS`. * @since 5.9.0 Renamed from `ALLOWED_SETTINGS` to `VALID_SETTINGS`, * added new properties for `border`, `color`, `spacing`, * and `typography`, and renamed others according to the new schema. * @since 6.0.0 Added `color.defaultDuotone`. * @since 6.1.0 Added `layout.definitions` and `useRootPaddingAwareAlignments`. * @since 6.2.0 Added `dimensions.minHeight`, 'shadow.presets', 'shadow.defaultPresets', * `position.fixed` and `position.sticky`. * @since 6.3.0 Added support for `typography.textColumns`, removed `layout.definitions`. * @since 6.4.0 Added support for `layout.allowEditing`, `background.backgroundImage`, * `typography.writingMode`, `lightbox.enabled` and `lightbox.allowEditing`. * @since 6.5.0 Added support for `layout.allowCustomContentAndWideSize`, * `background.backgroundSize` and `dimensions.aspectRatio`. * @since 6.6.0 Added support for 'dimensions.aspectRatios', 'dimensions.defaultAspectRatios', * 'typography.defaultFontSizes', and 'spacing.defaultSpacingSizes'. * @since 6.9.0 Added support for `border.radiusSizes`. * @var array */ const VALID_SETTINGS = array( 'appearanceTools' => null, 'useRootPaddingAwareAlignments' => null, 'background' => array( 'backgroundImage' => null, 'backgroundSize' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'radiusSizes' => null, 'style' => null, 'width' => null, ), 'color' => array( 'background' => null, 'custom' => null, 'customDuotone' => null, 'customGradient' => null, 'defaultDuotone' => null, 'defaultGradients' => null, 'defaultPalette' => null, 'duotone' => null, 'gradients' => null, 'link' => null, 'heading' => null, 'button' => null, 'caption' => null, 'palette' => null, 'text' => null, ), 'custom' => null, 'dimensions' => array( 'aspectRatio' => null, 'aspectRatios' => null, 'defaultAspectRatios' => null, 'minHeight' => null, ), 'layout' => array( 'contentSize' => null, 'wideSize' => null, 'allowEditing' => null, 'allowCustomContentAndWideSize' => null, ), 'lightbox' => array( 'enabled' => null, 'allowEditing' => null, ), 'position' => array( 'fixed' => null, 'sticky' => null, ), 'spacing' => array( 'customSpacingSize' => null, 'defaultSpacingSizes' => null, 'spacingSizes' => null, 'spacingScale' => null, 'blockGap' => null, 'margin' => null, 'padding' => null, 'units' => null, ), 'shadow' => array( 'presets' => null, 'defaultPresets' => null, ), 'typography' => array( 'fluid' => null, 'customFontSize' => null, 'defaultFontSizes' => null, 'dropCap' => null, 'fontFamilies' => null, 'fontSizes' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), ); /** * The valid properties for fontFamilies under settings key. * * @since 6.5.0 * @var array */ const FONT_FAMILY_SCHEMA = array( array( 'fontFamily' => null, 'name' => null, 'slug' => null, 'fontFace' => array( array( 'ascentOverride' => null, 'descentOverride' => null, 'fontDisplay' => null, 'fontFamily' => null, 'fontFeatureSettings' => null, 'fontStyle' => null, 'fontStretch' => null, 'fontVariationSettings' => null, 'fontWeight' => null, 'lineGapOverride' => null, 'sizeAdjust' => null, 'src' => null, 'unicodeRange' => null, ), ), ), ); /** * The valid properties under the styles key. * * @since 5.8.0 As `ALLOWED_STYLES`. * @since 5.9.0 Renamed from `ALLOWED_STYLES` to `VALID_STYLES`, * added new properties for `border`, `filter`, `spacing`, * and `typography`. * @since 6.1.0 Added new side properties for `border`, * added new property `shadow`, * updated `blockGap` to be allowed at any level. * @since 6.2.0 Added `outline`, and `minHeight` properties. * @since 6.3.0 Added support for `typography.textColumns`. * @since 6.5.0 Added support for `dimensions.aspectRatio`. * @since 6.6.0 Added `background` sub properties to top-level only. * @var array */ const VALID_STYLES = array( 'background' => array( 'backgroundImage' => null, 'backgroundPosition' => null, 'backgroundRepeat' => null, 'backgroundSize' => null, 'backgroundAttachment' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'style' => null, 'width' => null, 'top' => null, 'right' => null, 'bottom' => null, 'left' => null, ), 'color' => array( 'background' => null, 'gradient' => null, 'text' => null, ), 'dimensions' => array( 'aspectRatio' => null, 'minHeight' => null, ), 'filter' => array( 'duotone' => null, ), 'outline' => array( 'color' => null, 'offset' => null, 'style' => null, 'width' => null, ), 'shadow' => null, 'spacing' => array( 'margin' => null, 'padding' => null, 'blockGap' => null, ), 'typography' => array( 'fontFamily' => null, 'fontSize' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), 'css' => null, ); /** * Defines which pseudo selectors are enabled for which elements. * * The order of the selectors should be: link, any-link, visited, hover, focus, focus-visible, active. * This is to ensure the user action (hover, focus and active) styles have a higher * specificity than the visited styles, which in turn have a higher specificity than * the unvisited styles. * * See https://core.trac.wordpress.org/ticket/56928. * Note: this will affect both top-level and block-level elements. * * @since 6.1.0 * @since 6.2.0 Added support for ':link' and ':any-link'. * @since 6.8.0 Added support for ':focus-visible'. * @since 6.9.0 Added `textInput` and `select` elements. * @var array */ const VALID_ELEMENT_PSEUDO_SELECTORS = array( 'link' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), 'button' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), ); /** * The valid elements that can be found under styles. * * @since 5.8.0 * @since 6.1.0 Added `heading`, `button`, and `caption` elements. * @var string[] */ const ELEMENTS = array( 'link' => 'a:where(:not(.wp-element-button))', // The `where` is needed to lower the specificity. 'heading' => 'h1, h2, h3, h4, h5, h6', 'h1' => 'h1', 'h2' => 'h2', 'h3' => 'h3', 'h4' => 'h4', 'h5' => 'h5', 'h6' => 'h6', // We have the .wp-block-button__link class so that this will target older buttons that have been serialized. 'button' => '.wp-element-button, .wp-block-button__link', // The block classes are necessary to target older content that won't use the new class names. 'caption' => '.wp-element-caption, .wp-block-audio figcaption, .wp-block-embed figcaption, .wp-block-gallery figcaption, .wp-block-image figcaption, .wp-block-table figcaption, .wp-block-video figcaption', 'cite' => 'cite', 'textInput' => 'textarea, input:where([type=email],[type=number],[type=password],[type=search],[type=text],[type=tel],[type=url])', 'select' => 'select', ); const __EXPERIMENTAL_ELEMENT_CLASS_NAMES = array( 'button' => 'wp-element-button', 'caption' => 'wp-element-caption', ); /** * List of block support features that can have their related styles * generated under their own feature level selector rather than the block's. * * @since 6.1.0 * @var string[] */ const BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS = array( '__experimentalBorder' => 'border', 'color' => 'color', 'spacing' => 'spacing', 'typography' => 'typography', ); /** * Return the input schema at the root and per origin. * * @since 6.5.0 * * @param array $schema The base schema. * @return array The schema at the root and per origin. * * Example: * schema_in_root_and_per_origin( * array( * 'fontFamily' => null, * 'slug' => null, * ) * ) * * Returns: * array( * 'fontFamily' => null, * 'slug' => null, * 'default' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'blocks' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'theme' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'custom' => array( * 'fontFamily' => null, * 'slug' => null, * ), * ) */ protected static function schema_in_root_and_per_origin( $schema ) { $schema_in_root_and_per_origin = $schema; foreach ( static::VALID_ORIGINS as $origin ) { $schema_in_root_and_per_origin[ $origin ] = $schema; } return $schema_in_root_and_per_origin; } /** * Returns a class name by an element name. * * @since 6.1.0 * * @param string $element The name of the element. * @return string The name of the class. */ public static function get_element_class_name( $element ) { $class_name = ''; if ( isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ] ) ) { $class_name = static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ]; } return $class_name; } /** * Options that settings.appearanceTools enables. * * @since 6.0.0 * @since 6.2.0 Added `dimensions.minHeight` and `position.sticky`. * @since 6.4.0 Added `background.backgroundImage`. * @since 6.5.0 Added `background.backgroundSize` and `dimensions.aspectRatio`. * @var array */ const APPEARANCE_TOOLS_OPT_INS = array( array( 'background', 'backgroundImage' ), array( 'background', 'backgroundSize' ), array( 'border', 'color' ), array( 'border', 'radius' ), array( 'border', 'style' ), array( 'border', 'width' ), array( 'color', 'link' ), array( 'color', 'heading' ), array( 'color', 'button' ), array( 'color', 'caption' ), array( 'dimensions', 'aspectRatio' ), array( 'dimensions', 'minHeight' ), array( 'position', 'sticky' ), array( 'spacing', 'blockGap' ), array( 'spacing', 'margin' ), array( 'spacing', 'padding' ), array( 'typography', 'lineHeight' ), ); /** * The latest version of the schema in use. * * @since 5.8.0 * @since 5.9.0 Changed value from 1 to 2. * @since 6.6.0 Changed value from 2 to 3. * @var int */ const LATEST_SCHEMA = 3; /** * Constructor. * * @since 5.8.0 * @since 6.6.0 Key spacingScale by origin, and Pre-generate the spacingSizes from spacingScale. * Added unwrapping of shared block style variations into block type variations if registered. * * @param array $theme_json A structure that follows the theme.json schema. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. */ public function __construct( $theme_json = array( 'version' => self::LATEST_SCHEMA ), $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $this->theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $this->theme_json = static::unwrap_shared_block_style_variations( $this->theme_json, $valid_variations ); $this->theme_json = static::sanitize( $this->theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $this->theme_json = static::maybe_opt_in_into_settings( $this->theme_json ); // Internally, presets are keyed by origin. $nodes = static::get_setting_nodes( $this->theme_json ); foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $subpath ) { $path[] = $subpath; } $preset = _wp_array_get( $this->theme_json, $path, null ); if ( null !== $preset ) { // If the preset is not already keyed by origin. if ( isset( $preset[0] ) || empty( $preset ) ) { _wp_array_set( $this->theme_json, $path, array( $origin => $preset ) ); } } } } // In addition to presets, spacingScale (which generates presets) is also keyed by origin. $scale_path = array( 'settings', 'spacing', 'spacingScale' ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( null !== $spacing_scale ) { // If the spacingScale is not already keyed by origin. if ( empty( array_intersect( array_keys( $spacing_scale ), static::VALID_ORIGINS ) ) ) { _wp_array_set( $this->theme_json, $scale_path, array( $origin => $spacing_scale ) ); } } // Pre-generate the spacingSizes from spacingScale. $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( isset( $spacing_scale ) ) { $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $this->theme_json, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $this->theme_json, $sizes_path, $merged_spacing_sizes ); } } /** * Unwraps shared block style variations. * * It takes the shared variations (styles.variations.variationName) and * applies them to all the blocks that have the given variation registered * (styles.blocks.blockType.variations.variationName). * * For example, given the `core/paragraph` and `core/group` blocks have * registered the `section-a` style variation, and given the following input: * * { * "styles": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * * It returns the following output: * * { * "styles": { * "blocks": { * "core/paragraph": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * }, * }, * "core/group": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * } * } * * @since 6.6.0 * * @param array $theme_json A structure that follows the theme.json schema. * @param array $valid_variations Valid block style variations. * @return array Theme json data with shared variation definitions unwrapped under appropriate block types. */ private static function unwrap_shared_block_style_variations( $theme_json, $valid_variations ) { if ( empty( $theme_json['styles']['variations'] ) || empty( $valid_variations ) ) { return $theme_json; } $new_theme_json = $theme_json; $variations = $new_theme_json['styles']['variations']; foreach ( $valid_variations as $block_type => $registered_variations ) { foreach ( $registered_variations as $variation_name ) { $block_level_data = $new_theme_json['styles']['blocks'][ $block_type ]['variations'][ $variation_name ] ?? array(); $top_level_data = $variations[ $variation_name ] ?? array(); $merged_data = array_replace_recursive( $top_level_data, $block_level_data ); if ( ! empty( $merged_data ) ) { _wp_array_set( $new_theme_json, array( 'styles', 'blocks', $block_type, 'variations', $variation_name ), $merged_data ); } } } unset( $new_theme_json['styles']['variations'] ); return $new_theme_json; } /** * Enables some opt-in settings if theme declared support. * * @since 5.9.0 * * @param array $theme_json A theme.json structure to modify. * @return array The modified theme.json structure. */ protected static function maybe_opt_in_into_settings( $theme_json ) { $new_theme_json = $theme_json; if ( isset( $new_theme_json['settings']['appearanceTools'] ) && true === $new_theme_json['settings']['appearanceTools'] ) { static::do_opt_in_into_settings( $new_theme_json['settings'] ); } if ( isset( $new_theme_json['settings']['blocks'] ) && is_array( $new_theme_json['settings']['blocks'] ) ) { foreach ( $new_theme_json['settings']['blocks'] as &$block ) { if ( isset( $block['appearanceTools'] ) && ( true === $block['appearanceTools'] ) ) { static::do_opt_in_into_settings( $block ); } } } return $new_theme_json; } /** * Enables some settings. * * @since 5.9.0 * * @param array $context The context to which the settings belong. */ protected static function do_opt_in_into_settings( &$context ) { foreach ( static::APPEARANCE_TOOLS_OPT_INS as $path ) { /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ if ( 'unset prop' === _wp_array_get( $context, $path, 'unset prop' ) ) { _wp_array_set( $context, $path, true ); } } unset( $context['appearanceTools'] ); } /** * Sanitizes the input according to the schemas. * * @since 5.8.0 * @since 5.9.0 Added the `$valid_block_names` and `$valid_element_name` parameters. * @since 6.3.0 Added the `$valid_variations` parameter. * @since 6.6.0 Updated schema to allow extended block style variations. * * @param array $input Structure to sanitize. * @param array $valid_block_names List of valid block names. * @param array $valid_element_names List of valid element names. * @param array $valid_variations List of valid variations per block. * @return array The sanitized output. */ protected static function sanitize( $input, $valid_block_names, $valid_element_names, $valid_variations ) { $output = array(); if ( ! is_array( $input ) ) { return $output; } // Preserve only the top most level keys. $output = array_intersect_key( $input, array_flip( static::VALID_TOP_LEVEL_KEYS ) ); /* * Remove any rules that are annotated as "top" in VALID_STYLES constant. * Some styles are only meant to be available at the top-level (e.g.: blockGap), * hence, the schema for blocks & elements should not have them. */ $styles_non_top_level = static::VALID_STYLES; foreach ( array_keys( $styles_non_top_level ) as $section ) { // array_key_exists() needs to be used instead of isset() because the value can be null. if ( array_key_exists( $section, $styles_non_top_level ) && is_array( $styles_non_top_level[ $section ] ) ) { foreach ( array_keys( $styles_non_top_level[ $section ] ) as $prop ) { if ( 'top' === $styles_non_top_level[ $section ][ $prop ] ) { unset( $styles_non_top_level[ $section ][ $prop ] ); } } } } // Build the schema based on valid block & element names. $schema = array(); $schema_styles_elements = array(); /* * Set allowed element pseudo selectors based on per element allow list. * Target data structure in schema: * e.g. * - top level elements: `$schema['styles']['elements']['link'][':hover']`. * - block level elements: `$schema['styles']['blocks']['core/button']['elements']['link'][':hover']`. */ foreach ( $valid_element_names as $element ) { $schema_styles_elements[ $element ] = $styles_non_top_level; if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { $schema_styles_elements[ $element ][ $pseudo_selector ] = $styles_non_top_level; } } } $schema_styles_blocks = array(); $schema_settings_blocks = array(); /* * Generate a schema for blocks. * - Block styles can contain `elements` & `variations` definitions. * - Variations definitions cannot be nested. * - Variations can contain styles for inner `blocks`. * - Variation inner `blocks` styles can contain `elements`. * * As each variation needs a `blocks` schema but further nested * inner `blocks`, the overall schema will be generated in multiple passes. */ foreach ( $valid_block_names as $block ) { $schema_settings_blocks[ $block ] = static::VALID_SETTINGS; $schema_styles_blocks[ $block ] = $styles_non_top_level; $schema_styles_blocks[ $block ]['elements'] = $schema_styles_elements; } $block_style_variation_styles = static::VALID_STYLES; $block_style_variation_styles['blocks'] = $schema_styles_blocks; $block_style_variation_styles['elements'] = $schema_styles_elements; foreach ( $valid_block_names as $block ) { // Build the schema for each block style variation. $style_variation_names = array(); if ( ! empty( $input['styles']['blocks'][ $block ]['variations'] ) && is_array( $input['styles']['blocks'][ $block ]['variations'] ) && isset( $valid_variations[ $block ] ) ) { $style_variation_names = array_intersect( array_keys( $input['styles']['blocks'][ $block ]['variations'] ), $valid_variations[ $block ] ); } $schema_styles_variations = array(); if ( ! empty( $style_variation_names ) ) { $schema_styles_variations = array_fill_keys( $style_variation_names, $block_style_variation_styles ); } $schema_styles_blocks[ $block ]['variations'] = $schema_styles_variations; } $schema['styles'] = static::VALID_STYLES; $schema['styles']['blocks'] = $schema_styles_blocks; $schema['styles']['elements'] = $schema_styles_elements; $schema['settings'] = static::VALID_SETTINGS; $schema['settings']['blocks'] = $schema_settings_blocks; $schema['settings']['typography']['fontFamilies'] = static::schema_in_root_and_per_origin( static::FONT_FAMILY_SCHEMA ); // Remove anything that's not present in the schema. foreach ( array( 'styles', 'settings' ) as $subtree ) { if ( ! isset( $input[ $subtree ] ) ) { continue; } if ( ! is_array( $input[ $subtree ] ) ) { unset( $output[ $subtree ] ); continue; } $result = static::remove_keys_not_in_schema( $input[ $subtree ], $schema[ $subtree ] ); if ( empty( $result ) ) { unset( $output[ $subtree ] ); } else { $output[ $subtree ] = static::resolve_custom_css_format( $result ); } } return $output; } /** * Appends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_append selector ".some-class" the result will be * "h1.some-class, h2.some-class, h3.some-class". * * @since 5.8.0 * @since 6.1.0 Added append position. * @since 6.3.0 Removed append position parameter. * * @param string $selector Original selector. * @param string $to_append Selector to append. * @return string The new selector. */ protected static function append_to_selector( $selector, $to_append ) { if ( ! str_contains( $selector, ',' ) ) { return $selector . $to_append; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $sel . $to_append; } return implode( ',', $new_selectors ); } /** * Prepends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_prepend selector ".some-class " the result will be * ".some-class h1, .some-class h2, .some-class h3". * * @since 6.3.0 * * @param string $selector Original selector. * @param string $to_prepend Selector to prepend. * @return string The new selector. */ protected static function prepend_to_selector( $selector, $to_prepend ) { if ( ! str_contains( $selector, ',' ) ) { return $to_prepend . $selector; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $to_prepend . $sel; } return implode( ',', $new_selectors ); } /** * Returns the metadata for each block. * * Example: * * { * 'core/paragraph': { * 'selector': 'p', * 'elements': { * 'link' => 'link selector', * 'etc' => 'element selector' * } * }, * 'core/heading': { * 'selector': 'h1', * 'elements': {} * }, * 'core/image': { * 'selector': '.wp-block-image', * 'duotone': 'img', * 'elements': {} * } * } * * @since 5.8.0 * @since 5.9.0 Added `duotone` key with CSS selector. * @since 6.1.0 Added `features` key with block support feature level selectors. * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Updated to include block style variations from the block styles registry. * * @return array Block metadata. */ protected static function get_blocks_metadata() { $registry = WP_Block_Type_Registry::get_instance(); $blocks = $registry->get_all_registered(); $style_registry = WP_Block_Styles_Registry::get_instance(); // Is there metadata for all currently registered blocks? $blocks = array_diff_key( $blocks, static::$blocks_metadata ); if ( empty( $blocks ) ) { /* * New block styles may have been registered within WP_Block_Styles_Registry. * Update block metadata for any new block style variations. */ $registered_styles = $style_registry->get_all_registered(); foreach ( static::$blocks_metadata as $block_name => $block_metadata ) { if ( ! empty( $registered_styles[ $block_name ] ) ) { $style_selectors = $block_metadata['styleVariations'] ?? array(); foreach ( $registered_styles[ $block_name ] as $block_style ) { if ( ! isset( $style_selectors[ $block_style['name'] ] ) ) { $style_selectors[ $block_style['name'] ] = static::get_block_style_variation_selector( $block_style['name'], $block_metadata['selector'] ); } } static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } foreach ( $blocks as $block_name => $block_type ) { $root_selector = wp_get_block_css_selector( $block_type ); static::$blocks_metadata[ $block_name ]['selector'] = $root_selector; static::$blocks_metadata[ $block_name ]['selectors'] = static::get_block_selectors( $block_type, $root_selector ); $elements = static::get_block_element_selectors( $root_selector ); if ( ! empty( $elements ) ) { static::$blocks_metadata[ $block_name ]['elements'] = $elements; } // The block may or may not have a duotone selector. $duotone_selector = wp_get_block_css_selector( $block_type, 'filter.duotone' ); // Keep backwards compatibility for support.color.__experimentalDuotone. if ( null === $duotone_selector ) { $duotone_support = isset( $block_type->supports['color']['__experimentalDuotone'] ) ? $block_type->supports['color']['__experimentalDuotone'] : null; if ( $duotone_support ) { $root_selector = wp_get_block_css_selector( $block_type ); $duotone_selector = static::scope_selector( $root_selector, $duotone_support ); } } if ( null !== $duotone_selector ) { static::$blocks_metadata[ $block_name ]['duotone'] = $duotone_selector; } // If the block has style variations, append their selectors to the block metadata. $style_selectors = array(); if ( ! empty( $block_type->styles ) ) { foreach ( $block_type->styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } } // Block style variations can be registered through the WP_Block_Styles_Registry as well as block.json. $registered_styles = $style_registry->get_registered_styles_for_block( $block_name ); foreach ( $registered_styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } if ( ! empty( $style_selectors ) ) { static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } /** * Given a tree, removes the keys that are not present in the schema. * * It is recursive and modifies the input in-place. * * @since 5.8.0 * * @param array $tree Input to process. * @param array $schema Schema to adhere to. * @return array The modified $tree. */ protected static function remove_keys_not_in_schema( $tree, $schema ) { if ( ! is_array( $tree ) ) { return $tree; } foreach ( $tree as $key => $value ) { // Remove keys not in the schema or with null/empty values. if ( ! array_key_exists( $key, $schema ) ) { unset( $tree[ $key ] ); continue; } if ( is_array( $schema[ $key ] ) ) { if ( ! is_array( $value ) ) { unset( $tree[ $key ] ); } elseif ( wp_is_numeric_array( $value ) ) { // If indexed, process each item in the array. foreach ( $value as $item_key => $item_value ) { if ( isset( $schema[ $key ][0] ) && is_array( $schema[ $key ][0] ) ) { $tree[ $key ][ $item_key ] = self::remove_keys_not_in_schema( $item_value, $schema[ $key ][0] ); } else { // If the schema does not define a further structure, keep the value as is. $tree[ $key ][ $item_key ] = $item_value; } } } else { // If associative, process as a single object. $tree[ $key ] = self::remove_keys_not_in_schema( $value, $schema[ $key ] ); if ( empty( $tree[ $key ] ) ) { unset( $tree[ $key ] ); } } } } return $tree; } /** * Returns the existing settings for each block. * * Example: * * { * 'root': { * 'color': { * 'custom': true * } * }, * 'core/paragraph': { * 'spacing': { * 'customPadding': true * } * } * } * * @since 5.8.0 * * @return array Settings per block. */ public function get_settings() { if ( ! isset( $this->theme_json['settings'] ) ) { return array(); } else { return $this->theme_json['settings']; } } /** * Returns the stylesheet that results of processing * the theme.json structure this object represents. * * @since 5.8.0 * @since 5.9.0 Removed the `$type` parameter, added the `$types` and `$origins` parameters. * @since 6.3.0 Add fallback layout styles for Post Template when block gap support isn't available. * @since 6.6.0 Added boolean `skip_root_layout_styles` and `include_block_style_variations` options * to control styles output as desired. * * @param string[] $types Types of styles to load. Will load all by default. It accepts: * - `variables`: only the CSS Custom Properties for presets & custom ones. * - `styles`: only the styles section in theme.json. * - `presets`: only the classes for the presets. * - `base-layout-styles`: only the base layout styles. * - `custom-css`: only the custom CSS. * @param string[] $origins A list of origins to include. By default it includes VALID_ORIGINS. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type string $scope Makes sure all style are scoped to a given selector * @type string $root_selector Overwrites and forces a given selector to be used on the root node * @type bool $skip_root_layout_styles Omits root layout styles from the generated stylesheet. Default false. * @type bool $include_block_style_variations Includes styles for block style variations in the generated stylesheet. Default false. * } * @return string The resulting stylesheet. */ public function get_stylesheet( $types = array( 'variables', 'styles', 'presets' ), $origins = null, $options = array() ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } if ( is_string( $types ) ) { // Dispatch error and map old arguments to new ones. _deprecated_argument( __FUNCTION__, '5.9.0' ); if ( 'block_styles' === $types ) { $types = array( 'styles', 'presets' ); } elseif ( 'css_variables' === $types ) { $types = array( 'variables' ); } else { $types = array( 'variables', 'styles', 'presets' ); } } $blocks_metadata = static::get_blocks_metadata(); $style_nodes = static::get_style_nodes( $this->theme_json, $blocks_metadata, $options ); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $root_style_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $style_nodes, 'selector' ), true ); $root_settings_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $setting_nodes, 'selector' ), true ); if ( ! empty( $options['scope'] ) ) { foreach ( $setting_nodes as &$node ) { $node['selector'] = static::scope_selector( $options['scope'], $node['selector'] ); } foreach ( $style_nodes as &$node ) { $node = static::scope_style_node_selectors( $options['scope'], $node ); } unset( $node ); } if ( ! empty( $options['root_selector'] ) ) { if ( false !== $root_settings_key ) { $setting_nodes[ $root_settings_key ]['selector'] = $options['root_selector']; } if ( false !== $root_style_key ) { $style_nodes[ $root_style_key ]['selector'] = $options['root_selector']; } } $stylesheet = ''; if ( in_array( 'variables', $types, true ) ) { $stylesheet .= $this->get_css_variables( $setting_nodes, $origins ); } if ( in_array( 'styles', $types, true ) ) { if ( false !== $root_style_key && empty( $options['skip_root_layout_styles'] ) ) { $stylesheet .= $this->get_root_layout_rules( $style_nodes[ $root_style_key ]['selector'], $style_nodes[ $root_style_key ] ); } $stylesheet .= $this->get_block_classes( $style_nodes ); } elseif ( in_array( 'base-layout-styles', $types, true ) ) { $root_selector = static::ROOT_BLOCK_SELECTOR; $columns_selector = '.wp-block-columns'; $post_template_selector = '.wp-block-post-template'; if ( ! empty( $options['scope'] ) ) { $root_selector = static::scope_selector( $options['scope'], $root_selector ); $columns_selector = static::scope_selector( $options['scope'], $columns_selector ); $post_template_selector = static::scope_selector( $options['scope'], $post_template_selector ); } if ( ! empty( $options['root_selector'] ) ) { $root_selector = $options['root_selector']; } /* * Base layout styles are provided as part of `styles`, so only output separately if explicitly requested. * For backwards compatibility, the Columns block is explicitly included, to support a different default gap value. */ $base_styles_nodes = array( array( 'path' => array( 'styles' ), 'selector' => $root_selector, ), array( 'path' => array( 'styles', 'blocks', 'core/columns' ), 'selector' => $columns_selector, 'name' => 'core/columns', ), array( 'path' => array( 'styles', 'blocks', 'core/post-template' ), 'selector' => $post_template_selector, 'name' => 'core/post-template', ), ); foreach ( $base_styles_nodes as $base_style_node ) { $stylesheet .= $this->get_layout_styles( $base_style_node, $types ); } } if ( in_array( 'presets', $types, true ) ) { $stylesheet .= $this->get_preset_classes( $setting_nodes, $origins ); } // Load the custom CSS last so it has the highest specificity. if ( in_array( 'custom-css', $types, true ) ) { // Add the global styles root CSS. $stylesheet .= _wp_array_get( $this->theme_json, array( 'styles', 'css' ) ); } return $stylesheet; } /** * Processes the CSS, to apply nesting. * * @since 6.2.0 * @since 6.6.0 Enforced 0-1-0 specificity for block custom CSS selectors. * * @param string $css The CSS to process. * @param string $selector The selector to nest. * @return string The processed CSS. */ protected function process_blocks_custom_css( $css, $selector ) { $processed_css = ''; if ( empty( $css ) ) { return $processed_css; } // Split CSS nested rules. $parts = explode( '&', $css ); foreach ( $parts as $part ) { if ( empty( $part ) ) { continue; } $is_root_css = ( ! str_contains( $part, '{' ) ); if ( $is_root_css ) { // If the part doesn't contain braces, it applies to the root level. $processed_css .= ':root :where(' . trim( $selector ) . '){' . trim( $part ) . '}'; } else { // If the part contains braces, it's a nested CSS rule. $part = explode( '{', str_replace( '}', '', $part ) ); if ( count( $part ) !== 2 ) { continue; } $nested_selector = $part[0]; $css_value = $part[1]; /* * Handle pseudo elements such as ::before, ::after etc. Regex will also * capture any leading combinator such as >, +, or ~, as well as spaces. * This allows pseudo elements as descendants e.g. `.parent ::before`. */ $matches = array(); $has_pseudo_element = preg_match( '/([>+~\s]*::[a-zA-Z-]+)/', $nested_selector, $matches ); $pseudo_part = $has_pseudo_element ? $matches[1] : ''; $nested_selector = $has_pseudo_element ? str_replace( $pseudo_part, '', $nested_selector ) : $nested_selector; // Finalize selector and re-append pseudo element if required. $part_selector = str_starts_with( $nested_selector, ' ' ) ? static::scope_selector( $selector, $nested_selector ) : static::append_to_selector( $selector, $nested_selector ); $final_selector = ":root :where($part_selector)$pseudo_part"; $processed_css .= $final_selector . '{' . trim( $css_value ) . '}'; } } return $processed_css; } /** * Returns the global styles custom CSS. * * @since 6.2.0 * @deprecated 6.7.0 Use {@see 'get_stylesheet'} instead. * * @return string The global styles custom CSS. */ public function get_custom_css() { _deprecated_function( __METHOD__, '6.7.0', 'get_stylesheet' ); // Add the global styles root CSS. $stylesheet = isset( $this->theme_json['styles']['css'] ) ? $this->theme_json['styles']['css'] : ''; // Add the global styles block CSS. if ( isset( $this->theme_json['styles']['blocks'] ) ) { foreach ( $this->theme_json['styles']['blocks'] as $name => $node ) { $custom_block_css = isset( $this->theme_json['styles']['blocks'][ $name ]['css'] ) ? $this->theme_json['styles']['blocks'][ $name ]['css'] : null; if ( $custom_block_css ) { $selector = static::$blocks_metadata[ $name ]['selector']; $stylesheet .= $this->process_blocks_custom_css( $custom_block_css, $selector ); } } } return $stylesheet; } /** * Returns the page templates of the active theme. * * @since 5.9.0 * * @return array */ public function get_custom_templates() { $custom_templates = array(); if ( ! isset( $this->theme_json['customTemplates'] ) || ! is_array( $this->theme_json['customTemplates'] ) ) { return $custom_templates; } foreach ( $this->theme_json['customTemplates'] as $item ) { if ( isset( $item['name'] ) ) { $custom_templates[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'postTypes' => isset( $item['postTypes'] ) ? $item['postTypes'] : array( 'page' ), ); } } return $custom_templates; } /** * Returns the template part data of active theme. * * @since 5.9.0 * * @return array */ public function get_template_parts() { $template_parts = array(); if ( ! isset( $this->theme_json['templateParts'] ) || ! is_array( $this->theme_json['templateParts'] ) ) { return $template_parts; } foreach ( $this->theme_json['templateParts'] as $item ) { if ( isset( $item['name'] ) ) { $template_parts[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'area' => isset( $item['area'] ) ? $item['area'] : '', ); } } return $template_parts; } /** * Converts each style section into a list of rulesets * containing the block styles to be appended to the stylesheet. * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * style-property-one: value; * } * * @since 5.8.0 As `get_block_styles()`. * @since 5.9.0 Renamed from `get_block_styles()` to `get_block_classes()` * and no longer returns preset classes. * Removed the `$setting_nodes` parameter. * @since 6.1.0 Moved most internal logic to `get_styles_for_block()`. * * @param array $style_nodes Nodes with styles. * @return string The new stylesheet. */ protected function get_block_classes( $style_nodes ) { $block_rules = ''; foreach ( $style_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $block_rules .= static::get_styles_for_block( $metadata ); } return $block_rules; } /** * Gets the CSS layout rules for a particular block from theme.json layout definitions. * * @since 6.1.0 * @since 6.3.0 Reduced specificity for layout margin rules. * @since 6.5.1 Only output rules referencing content and wide sizes when values exist. * @since 6.5.3 Add types parameter to check if only base layout styles are needed. * @since 6.6.0 Updated layout style specificity to be compatible with overall 0-1-0 specificity in global styles. * * @param array $block_metadata Metadata about the block to get styles for. * @param array $types Optional. Types of styles to output. If empty, all styles will be output. * @return string Layout styles for the block. */ protected function get_layout_styles( $block_metadata, $types = array() ) { $block_rules = ''; $block_type = null; // Skip outputting layout styles if explicitly disabled. if ( current_theme_supports( 'disable-layout-styles' ) ) { return $block_rules; } if ( isset( $block_metadata['name'] ) ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block_metadata['name'] ); if ( ! block_has_support( $block_type, 'layout', false ) && ! block_has_support( $block_type, '__experimentalLayout', false ) ) { return $block_rules; } } $selector = isset( $block_metadata['selector'] ) ? $block_metadata['selector'] : ''; $has_block_gap_support = isset( $this->theme_json['settings']['spacing']['blockGap'] ); $has_fallback_gap_support = ! $has_block_gap_support; // This setting isn't useful yet: it exists as a placeholder for a future explicit fallback gap styles support. $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $layout_definitions = wp_get_layout_definitions(); $layout_selector_pattern = '/^[a-zA-Z0-9\-\.\,\ *+>:\(\)]*$/'; // Allow alphanumeric classnames, spaces, wildcard, sibling, child combinator and pseudo class selectors. /* * Gap styles will only be output if the theme has block gap support, or supports a fallback gap. * Default layout gap styles will be skipped for themes that do not explicitly opt-in to blockGap with a `true` or `false` value. */ if ( $has_block_gap_support || $has_fallback_gap_support ) { $block_gap_value = null; // Use a fallback gap value if block gap support is not available. if ( ! $has_block_gap_support ) { $block_gap_value = static::ROOT_BLOCK_SELECTOR === $selector ? '0.5em' : null; if ( ! empty( $block_type ) ) { $block_gap_value = isset( $block_type->supports['spacing']['blockGap']['__experimentalDefault'] ) ? $block_type->supports['spacing']['blockGap']['__experimentalDefault'] : null; } } else { $block_gap_value = static::get_property_value( $node, array( 'spacing', 'blockGap' ) ); } // Support split row / column values and concatenate to a shorthand value. if ( is_array( $block_gap_value ) ) { if ( isset( $block_gap_value['top'] ) && isset( $block_gap_value['left'] ) ) { $gap_row = static::get_property_value( $node, array( 'spacing', 'blockGap', 'top' ) ); $gap_column = static::get_property_value( $node, array( 'spacing', 'blockGap', 'left' ) ); $block_gap_value = $gap_row === $gap_column ? $gap_row : $gap_row . ' ' . $gap_column; } else { // Skip outputting gap value if not all sides are provided. $block_gap_value = null; } } // If the block should have custom gap, add the gap styles. if ( null !== $block_gap_value && false !== $block_gap_value && '' !== $block_gap_value ) { foreach ( $layout_definitions as $layout_definition_key => $layout_definition ) { // Allow outputting fallback gap styles for flex and grid layout types when block gap support isn't available. if ( ! $has_block_gap_support && 'flex' !== $layout_definition_key && 'grid' !== $layout_definition_key ) { continue; } $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $spacing_rules = isset( $layout_definition['spacingStyles'] ) ? $layout_definition['spacingStyles'] : array(); if ( ! empty( $class_name ) && ! empty( $spacing_rules ) ) { foreach ( $spacing_rules as $spacing_rule ) { $declarations = array(); if ( isset( $spacing_rule['selector'] ) && preg_match( $layout_selector_pattern, $spacing_rule['selector'] ) && ! empty( $spacing_rule['rules'] ) ) { // Iterate over each of the styling rules and substitute non-string values such as `null` with the real `blockGap` value. foreach ( $spacing_rule['rules'] as $css_property => $css_value ) { $current_css_value = is_string( $css_value ) ? $css_value : $block_gap_value; if ( static::is_safe_css_declaration( $css_property, $current_css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $current_css_value, ); } } if ( ! $has_block_gap_support ) { // For fallback gap styles, use lower specificity, to ensure styles do not unintentionally override theme styles. $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':where(.%2$s%3$s)' : ':where(%1$s.%2$s%3$s)'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } else { $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':root :where(.%2$s)%3$s' : ':root :where(%1$s-%2$s)%3$s'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } } // Output base styles. if ( static::ROOT_BLOCK_SELECTOR === $selector ) { $valid_display_modes = array( 'block', 'flex', 'grid' ); foreach ( $layout_definitions as $layout_definition ) { $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $base_style_rules = isset( $layout_definition['baseStyles'] ) ? $layout_definition['baseStyles'] : array(); if ( ! empty( $class_name ) && is_array( $base_style_rules ) ) { // Output display mode. This requires special handling as `display` is not exposed in `safe_style_css_filter`. if ( ! empty( $layout_definition['displayMode'] ) && is_string( $layout_definition['displayMode'] ) && in_array( $layout_definition['displayMode'], $valid_display_modes, true ) ) { $layout_selector = sprintf( '%s .%s', $selector, $class_name ); $block_rules .= static::to_ruleset( $layout_selector, array( array( 'name' => 'display', 'value' => $layout_definition['displayMode'], ), ) ); } foreach ( $base_style_rules as $base_style_rule ) { $declarations = array(); // Skip outputting base styles for flow and constrained layout types if theme doesn't support theme.json. The 'base-layout-styles' type flags this. if ( in_array( 'base-layout-styles', $types, true ) && ( 'default' === $layout_definition['name'] || 'constrained' === $layout_definition['name'] ) ) { continue; } if ( isset( $base_style_rule['selector'] ) && preg_match( $layout_selector_pattern, $base_style_rule['selector'] ) && ! empty( $base_style_rule['rules'] ) ) { foreach ( $base_style_rule['rules'] as $css_property => $css_value ) { // Skip rules that reference content size or wide size if they are not defined in the theme.json. if ( is_string( $css_value ) && ( str_contains( $css_value, '--global--content-size' ) || str_contains( $css_value, '--global--wide-size' ) ) && ! isset( $this->theme_json['settings']['layout']['contentSize'] ) && ! isset( $this->theme_json['settings']['layout']['wideSize'] ) ) { continue; } if ( static::is_safe_css_declaration( $css_property, $css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $css_value, ); } } $layout_selector = sprintf( '.%s%s', $class_name, $base_style_rule['selector'] ); $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } return $block_rules; } /** * Creates new rulesets as classes for each preset value such as: * * .has-value-color { * color: value; * } * * .has-value-background-color { * background-color: value; * } * * .has-value-font-size { * font-size: value; * } * * .has-value-gradient-background { * background: value; * } * * p.has-value-gradient-background { * background: value; * } * * @since 5.9.0 * * @param array $setting_nodes Nodes with settings. * @param string[] $origins List of origins to process presets from. * @return string The new stylesheet. */ protected function get_preset_classes( $setting_nodes, $origins ) { $preset_rules = ''; foreach ( $setting_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $preset_rules .= static::compute_preset_classes( $node, $selector, $origins ); } return $preset_rules; } /** * Converts each styles section into a list of rulesets * to be appended to the stylesheet. * These rulesets contain all the css variables (custom variables and preset variables). * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * --wp--preset--category--slug: value; * --wp--custom--variable: value; * } * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $nodes Nodes with settings. * @param string[] $origins List of origins to process. * @return string The new stylesheet. */ protected function get_css_variables( $nodes, $origins ) { $stylesheet = ''; foreach ( $nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $declarations = static::compute_preset_vars( $node, $origins ); $theme_vars_declarations = static::compute_theme_vars( $node ); foreach ( $theme_vars_declarations as $theme_vars_declaration ) { $declarations[] = $theme_vars_declaration; } $stylesheet .= static::to_ruleset( $selector, $declarations ); } return $stylesheet; } /** * Given a selector and a declaration list, * creates the corresponding ruleset. * * @since 5.8.0 * * @param string $selector CSS selector. * @param array $declarations List of declarations. * @return string The resulting CSS ruleset. */ protected static function to_ruleset( $selector, $declarations ) { if ( empty( $declarations ) ) { return ''; } $declaration_block = array_reduce( $declarations, static function ( $carry, $element ) { return $carry .= $element['name'] . ': ' . $element['value'] . ';'; }, '' ); return $selector . '{' . $declaration_block . '}'; } /** * Given a settings array, returns the generated rulesets * for the preset classes. * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * @since 6.6.0 Added check for root CSS properties selector. * * @param array $settings Settings to process. * @param string $selector Selector wrapping the classes. * @param string[] $origins List of origins to process. * @return string The result of processing the presets. */ protected static function compute_preset_classes( $settings, $selector, $origins ) { if ( static::ROOT_BLOCK_SELECTOR === $selector || static::ROOT_CSS_PROPERTIES_SELECTOR === $selector ) { /* * Classes at the global level do not need any CSS prefixed, * and we don't want to increase its specificity. */ $selector = ''; } $stylesheet = ''; foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['classes'] ) ) { continue; } $slugs = static::get_settings_slugs( $settings, $preset_metadata, $origins ); foreach ( $preset_metadata['classes'] as $class => $property ) { foreach ( $slugs as $slug ) { $css_var = static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ); $class_name = static::replace_slug_in_string( $class, $slug ); // $selector is often empty, so we can save ourselves the `append_to_selector()` call then. $new_selector = '' === $selector ? $class_name : static::append_to_selector( $selector, $class_name ); $stylesheet .= static::to_ruleset( $new_selector, array( array( 'name' => $property, 'value' => 'var(' . $css_var . ') !important', ), ) ); } } } return $stylesheet; } /** * Function that scopes a selector with another one. This works a bit like * SCSS nesting except the `&` operator isn't supported. * * <code> * $scope = '.a, .b .c'; * $selector = '> .x, .y'; * $merged = scope_selector( $scope, $selector ); * // $merged is '.a > .x, .a .y, .b .c > .x, .b .c .y' * </code> * * @since 5.9.0 * @since 6.6.0 Added early return if missing scope or selector. * * @param string $scope Selector to scope to. * @param string $selector Original selector. * @return string Scoped selector. */ public static function scope_selector( $scope, $selector ) { if ( ! $scope || ! $selector ) { return $selector; } $scopes = explode( ',', $scope ); $selectors = explode( ',', $selector ); $selectors_scoped = array(); foreach ( $scopes as $outer ) { foreach ( $selectors as $inner ) { $outer = trim( $outer ); $inner = trim( $inner ); if ( ! empty( $outer ) && ! empty( $inner ) ) { $selectors_scoped[] = $outer . ' ' . $inner; } elseif ( empty( $outer ) ) { $selectors_scoped[] = $inner; } elseif ( empty( $inner ) ) { $selectors_scoped[] = $outer; } } } $result = implode( ', ', $selectors_scoped ); return $result; } /** * Scopes the selectors for a given style node. * * This includes the primary selector, i.e. `$node['selector']`, as well as any custom * selectors for features and subfeatures, e.g. `$node['selectors']['border']` etc. * * @since 6.6.0 * * @param string $scope Selector to scope to. * @param array $node Style node with selectors to scope. * @return array Node with updated selectors. */ protected static function scope_style_node_selectors( $scope, $node ) { $node['selector'] = static::scope_selector( $scope, $node['selector'] ); if ( empty( $node['selectors'] ) ) { return $node; } foreach ( $node['selectors'] as $feature => $selector ) { if ( is_string( $selector ) ) { $node['selectors'][ $feature ] = static::scope_selector( $scope, $selector ); } if ( is_array( $selector ) ) { foreach ( $selector as $subfeature => $subfeature_selector ) { $node['selectors'][ $feature ][ $subfeature ] = static::scope_selector( $scope, $subfeature_selector ); } } } return $node; } /** * Gets preset values keyed by slugs based on settings and metadata. * * <code> * $settings = array( * 'typography' => array( * 'fontFamilies' => array( * array( * 'slug' => 'sansSerif', * 'fontFamily' => '"Helvetica Neue", sans-serif', * ), * array( * 'slug' => 'serif', * 'colors' => 'Georgia, serif', * ) * ), * ), * ); * $meta = array( * 'path' => array( 'typography', 'fontFamilies' ), * 'value_key' => 'fontFamily', * ); * $values_by_slug = get_settings_values_by_slug(); * // $values_by_slug === array( * // 'sans-serif' => '"Helvetica Neue", sans-serif', * // 'serif' => 'Georgia, serif', * // ); * </code> * * @since 5.9.0 * @since 6.6.0 Passing $settings to the callbacks defined in static::PRESETS_METADATA. * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where each key is a slug and each value is the preset value. */ protected static function get_settings_values_by_slug( $settings, $preset_metadata, $origins ) { $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); $value = ''; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value_key = $preset_metadata['value_key']; $value = $preset[ $value_key ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value_func = $preset_metadata['value_func']; $value = call_user_func( $value_func, $preset, $settings ); } else { // If we don't have a value, then don't add it to the result. continue; } $result[ $slug ] = $value; } } return $result; } /** * Similar to get_settings_values_by_slug, but doesn't compute the value. * * @since 5.9.0 * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where the key and value are both the slug. */ protected static function get_settings_slugs( $settings, $preset_metadata, $origins = null ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); // Use the array as a set so we don't get duplicates. $result[ $slug ] = $slug; } } return $result; } /** * Transforms a slug into a CSS Custom Property. * * @since 5.9.0 * * @param string $input String to replace. * @param string $slug The slug value to use to generate the custom property. * @return string The CSS Custom Property. Something along the lines of `--wp--preset--color--black`. */ protected static function replace_slug_in_string( $input, $slug ) { return strtr( $input, array( '$slug' => $slug ) ); } /** * Given the block settings, extracts the CSS Custom Properties * for the presets and adds them to the $declarations array * following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $settings Settings to process. * @param string[] $origins List of origins to process. * @return array The modified $declarations. */ protected static function compute_preset_vars( $settings, $origins ) { $declarations = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['css_vars'] ) ) { continue; } $values_by_slug = static::get_settings_values_by_slug( $settings, $preset_metadata, $origins ); foreach ( $values_by_slug as $slug => $value ) { $declarations[] = array( 'name' => static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ), 'value' => $value, ); } } return $declarations; } /** * Given an array of settings, extracts the CSS Custom Properties * for the custom values and adds them to the $declarations * array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * * @param array $settings Settings to process. * @return array The modified $declarations. */ protected static function compute_theme_vars( $settings ) { $declarations = array(); $custom_values = isset( $settings['custom'] ) ? $settings['custom'] : array(); $css_vars = static::flatten_tree( $custom_values ); foreach ( $css_vars as $key => $value ) { $declarations[] = array( 'name' => '--wp--custom--' . $key, 'value' => $value, ); } return $declarations; } /** * Given a tree, it creates a flattened one * by merging the keys and binding the leaf values * to the new keys. * * It also transforms camelCase names into kebab-case * and substitutes '/' by '-'. * * This is thought to be useful to generate * CSS Custom Properties from a tree, * although there's nothing in the implementation * of this function that requires that format. * * For example, assuming the given prefix is '--wp' * and the token is '--', for this input tree: * * { * 'some/property': 'value', * 'nestedProperty': { * 'sub-property': 'value' * } * } * * it'll return this output: * * { * '--wp--some-property': 'value', * '--wp--nested-property--sub-property': 'value' * } * * @since 5.8.0 * * @param array $tree Input tree to process. * @param string $prefix Optional. Prefix to prepend to each variable. Default empty string. * @param string $token Optional. Token to use between levels. Default '--'. * @return array The flattened tree. */ protected static function flatten_tree( $tree, $prefix = '', $token = '--' ) { $result = array(); foreach ( $tree as $property => $value ) { $new_key = $prefix . str_replace( '/', '-', strtolower( _wp_to_kebab_case( $property ) ) ); if ( is_array( $value ) ) { $new_prefix = $new_key . $token; $flattened_subtree = static::flatten_tree( $value, $new_prefix, $token ); foreach ( $flattened_subtree as $subtree_key => $subtree_value ) { $result[ $subtree_key ] = $subtree_value; } } else { $result[ $new_key ] = $value; } } return $result; } /** * Given a styles array, it extracts the style properties * and adds them to the $declarations array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value', * ) * * @since 5.8.0 * @since 5.9.0 Added the `$settings` and `$properties` parameters. * @since 6.1.0 Added `$theme_json`, `$selector`, and `$use_root_padding` parameters. * @since 6.5.0 Output a `min-height: unset` rule when `aspect-ratio` is set. * @since 6.6.0 Pass current theme JSON settings to wp_get_typography_font_size_value(), and process background properties. * @since 6.7.0 `ref` resolution of background properties, and assigning custom default values. * * @param array $styles Styles to process. * @param array $settings Theme settings. * @param array $properties Properties metadata. * @param array $theme_json Theme JSON array. * @param string $selector The style block selector. * @param boolean $use_root_padding Whether to add custom properties at root level. * @return array Returns the modified $declarations. */ protected static function compute_style_properties( $styles, $settings = array(), $properties = null, $theme_json = null, $selector = null, $use_root_padding = null ) { if ( empty( $styles ) ) { return array(); } if ( null === $properties ) { $properties = static::PROPERTIES_METADATA; } $declarations = array(); $root_variable_duplicates = array(); $root_style_length = strlen( '--wp--style--root--' ); foreach ( $properties as $css_property => $value_path ) { if ( ! is_array( $value_path ) ) { continue; } $is_root_style = str_starts_with( $css_property, '--wp--style--root--' ); if ( $is_root_style && ( static::ROOT_BLOCK_SELECTOR !== $selector || ! $use_root_padding ) ) { continue; } $value = static::get_property_value( $styles, $value_path, $theme_json ); /* * Root-level padding styles don't currently support strings with CSS shorthand values. * This may change: https://github.com/WordPress/gutenberg/issues/40132. */ if ( '--wp--style--root--padding' === $css_property && is_string( $value ) ) { continue; } if ( $is_root_style && $use_root_padding ) { $root_variable_duplicates[] = substr( $css_property, $root_style_length ); } /* * Processes background image styles. * If the value is a URL, it will be converted to a CSS `url()` value. * For uploaded image (images with a database ID), apply size and position defaults, * equal to those applied in block supports in lib/background.php. */ if ( 'background-image' === $css_property && ! empty( $value ) ) { $background_styles = wp_style_engine_get_styles( array( 'background' => array( 'backgroundImage' => $value ) ) ); $value = $background_styles['declarations'][ $css_property ]; } if ( empty( $value ) && static::ROOT_BLOCK_SELECTOR !== $selector && ! empty( $styles['background']['backgroundImage']['id'] ) ) { if ( 'background-size' === $css_property ) { $value = 'cover'; } // If the background size is set to `contain` and no position is set, set the position to `center`. if ( 'background-position' === $css_property ) { $background_size = $styles['background']['backgroundSize'] ?? null; $value = 'contain' === $background_size ? '50% 50%' : null; } } // Skip if empty and not "0" or value represents array of longhand values. $has_missing_value = empty( $value ) && ! is_numeric( $value ); if ( $has_missing_value || is_array( $value ) ) { continue; } /* * Look up protected properties, keyed by value path. * Skip protected properties that are explicitly set to `null`. */ $path_string = implode( '.', $value_path ); if ( isset( static::PROTECTED_PROPERTIES[ $path_string ] ) && _wp_array_get( $settings, static::PROTECTED_PROPERTIES[ $path_string ], null ) === null ) { continue; } // Calculates fluid typography rules where available. if ( 'font-size' === $css_property ) { /* * wp_get_typography_font_size_value() will check * if fluid typography has been activated and also * whether the incoming value can be converted to a fluid value. * Values that already have a clamp() function will not pass the test, * and therefore the original $value will be returned. * Pass the current theme_json settings to override any global settings. */ $value = wp_get_typography_font_size_value( array( 'size' => $value ), $settings ); } if ( 'aspect-ratio' === $css_property ) { // For aspect ratio to work, other dimensions rules must be unset. // This ensures that a fixed height does not override the aspect ratio. $declarations[] = array( 'name' => 'min-height', 'value' => 'unset', ); } $declarations[] = array( 'name' => $css_property, 'value' => $value, ); } // If a variable value is added to the root, the corresponding property should be removed. foreach ( $root_variable_duplicates as $duplicate ) { $discard = array_search( $duplicate, array_column( $declarations, 'name' ), true ); if ( is_numeric( $discard ) ) { array_splice( $declarations, $discard, 1 ); } } return $declarations; } /** * Returns the style property for the given path. * * It also converts references to a path to the value * stored at that location, e.g. * { "ref": "style.color.background" } => "#fff". * * @since 5.8.0 * @since 5.9.0 Added support for values of array type, which are returned as is. * @since 6.1.0 Added the `$theme_json` parameter. * @since 6.3.0 It no longer converts the internal format "var:preset|color|secondary" * to the standard form "--wp--preset--color--secondary". * This is already done by the sanitize method, * so every property will be in the standard form. * @since 6.7.0 Added support for background image refs. * * @param array $styles Styles subtree. * @param array $path Which property to process. * @param array $theme_json Theme JSON array. * @return string|array Style property value. */ protected static function get_property_value( $styles, $path, $theme_json = null ) { $value = _wp_array_get( $styles, $path, '' ); if ( '' === $value || null === $value ) { // No need to process the value further. return ''; } /* * This converts references to a path to the value at that path * where the value is an array with a "ref" key, pointing to a path. * For example: { "ref": "style.color.background" } => "#fff". * In the case of backgroundImage, if both a ref and a URL are present in the value, * the URL takes precedence and the ref is ignored. */ if ( is_array( $value ) && isset( $value['ref'] ) ) { $value_path = explode( '.', $value['ref'] ); $ref_value = _wp_array_get( $theme_json, $value_path ); // Background Image refs can refer to a string or an array containing a URL string. $ref_value_url = $ref_value['url'] ?? null; // Only use the ref value if we find anything. if ( ! empty( $ref_value ) && ( is_string( $ref_value ) || is_string( $ref_value_url ) ) ) { $value = $ref_value; } if ( is_array( $ref_value ) && isset( $ref_value['ref'] ) ) { $path_string = json_encode( $path ); $ref_value_string = json_encode( $ref_value ); _doing_it_wrong( 'get_property_value', sprintf( /* translators: 1: theme.json, 2: Value name, 3: Value path, 4: Another value name. */ __( 'Your %1$s file uses a dynamic value (%2$s) for the path at %3$s. However, the value at %3$s is also a dynamic value (pointing to %4$s) and pointing to another dynamic value is not supported. Please update %3$s to point directly to %4$s.' ), 'theme.json', $ref_value_string, $path_string, $ref_value['ref'] ), '6.1.0' ); } } if ( is_array( $value ) ) { return $value; } return $value; } /** * Builds metadata for the setting nodes, which returns in the form of: * * [ * [ * 'path' => ['path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node' * ], * [ * 'path' => [ 'path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node' * ], * ] * * @since 5.8.0 * * @param array $theme_json The tree to extract setting nodes from. * @param array $selectors List of selectors per block. * @return array An array of setting nodes metadata. */ protected static function get_setting_nodes( $theme_json, $selectors = array() ) { $nodes = array(); if ( ! isset( $theme_json['settings'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'settings' ), 'selector' => static::ROOT_CSS_PROPERTIES_SELECTOR, ); // Calculate paths for blocks. if ( ! isset( $theme_json['settings']['blocks'] ) ) { return $nodes; } foreach ( $theme_json['settings']['blocks'] as $name => $node ) { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $nodes[] = array( 'path' => array( 'settings', 'blocks', $name ), 'selector' => $selector, ); } return $nodes; } /** * Builds metadata for the style nodes, which returns in the form of: * * [ * [ * 'path' => [ 'path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node', * 'duotone' => 'CSS selector for duotone for some node' * ], * [ * 'path' => ['path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node', * 'duotone' => null * ], * ] * * @since 5.8.0 * @since 6.6.0 Added options array for modifying generated nodes. * * @param array $theme_json The tree to extract style nodes from. * @param array $selectors List of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Includes style nodes for block style variations. Default false. * } * @return array An array of style nodes metadata. */ protected static function get_style_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'styles' ), 'selector' => static::ROOT_BLOCK_SELECTOR, ); if ( isset( $theme_json['styles']['elements'] ) ) { foreach ( self::ELEMENTS as $element => $selector ) { if ( ! isset( $theme_json['styles']['elements'][ $element ] ) ) { continue; } $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::ELEMENTS[ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['elements'][ $element ][ $pseudo_selector ] ) ) { $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::append_to_selector( static::ELEMENTS[ $element ], $pseudo_selector ), ); } } } } } // Blocks. if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $block_nodes = static::get_block_nodes( $theme_json, $selectors, $options ); foreach ( $block_nodes as $block_node ) { $nodes[] = $block_node; } /** * Filters the list of style nodes with metadata. * * This allows for things like loading block CSS independently. * * @since 6.1.0 * * @param array $nodes Style nodes with metadata. */ return apply_filters( 'wp_theme_json_get_style_nodes', $nodes ); } /** * A public helper to get the block nodes from a theme.json file. * * @since 6.1.0 * * @return array The block nodes in theme.json. */ public function get_styles_block_nodes() { return static::get_block_nodes( $this->theme_json ); } /** * Returns a filtered declarations array if there is a separator block with only a background * style defined in theme.json by adding a color attribute to reflect the changes in the front. * * @since 6.1.1 * * @param array $declarations List of declarations. * @return array $declarations List of declarations filtered. */ private static function update_separator_declarations( $declarations ) { $background_color = ''; $border_color_matches = false; $text_color_matches = false; foreach ( $declarations as $declaration ) { if ( 'background-color' === $declaration['name'] && ! $background_color && isset( $declaration['value'] ) ) { $background_color = $declaration['value']; } elseif ( 'border-color' === $declaration['name'] ) { $border_color_matches = true; } elseif ( 'color' === $declaration['name'] ) { $text_color_matches = true; } if ( $background_color && $border_color_matches && $text_color_matches ) { break; } } if ( $background_color && ! $border_color_matches && ! $text_color_matches ) { $declarations[] = array( 'name' => 'color', 'value' => $background_color, ); } return $declarations; } /** * An internal method to get the block nodes from a theme.json file. * * @since 6.1.0 * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Added optional selectors and options for generating block nodes. * @since 6.7.0 Added $include_node_paths_only option. * * @param array $theme_json The theme.json converted to an array. * @param array $selectors Optional list of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Include nodes for block style variations. Default false. * @type bool $include_node_paths_only Return only block nodes node paths. Default false. * } * @return array The block nodes in theme.json. */ private static function get_block_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $include_variations = $options['include_block_style_variations'] ?? false; $include_node_paths_only = $options['include_node_paths_only'] ?? false; // If only node paths are to be returned, skip selector assignment. if ( ! $include_node_paths_only ) { $selectors = empty( $selectors ) ? static::get_blocks_metadata() : $selectors; } foreach ( $theme_json['styles']['blocks'] as $name => $node ) { $node_path = array( 'styles', 'blocks', $name ); if ( $include_node_paths_only ) { $variation_paths = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $variation_node ) { $variation_paths[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), ); } } $node = array( 'path' => $node_path, ); if ( ! empty( $variation_paths ) ) { $node['variations'] = $variation_paths; } $nodes[] = $node; } else { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $duotone_selector = null; if ( isset( $selectors[ $name ]['duotone'] ) ) { $duotone_selector = $selectors[ $name ]['duotone']; } $feature_selectors = null; if ( isset( $selectors[ $name ]['selectors'] ) ) { $feature_selectors = $selectors[ $name ]['selectors']; } $variation_selectors = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $node ) { $variation_selectors[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), 'selector' => $selectors[ $name ]['styleVariations'][ $variation ], ); } } $nodes[] = array( 'name' => $name, 'path' => $node_path, 'selector' => $selector, 'selectors' => $feature_selectors, 'duotone' => $duotone_selector, 'features' => $feature_selectors, 'variations' => $variation_selectors, 'css' => $selector, ); } if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'] ) ) { foreach ( $theme_json['styles']['blocks'][ $name ]['elements'] as $element => $node ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); if ( $include_node_paths_only ) { $nodes[] = array( 'path' => $node_path, ); continue; } $nodes[] = array( 'path' => $node_path, 'selector' => $selectors[ $name ]['elements'][ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'][ $element ][ $pseudo_selector ] ) ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); $nodes[] = array( 'path' => $node_path, 'selector' => static::append_to_selector( $selectors[ $name ]['elements'][ $element ], $pseudo_selector ), ); } } } } } } return $nodes; } /** * Gets the CSS rules for a particular block from theme.json. * * @since 6.1.0 * @since 6.6.0 Setting a min-height of HTML when root styles have a background gradient or image. * Updated general global styles specificity to 0-1-0. * Fixed custom CSS output in block style variations. * * @param array $block_metadata Metadata about the block to get styles for. * @return string Styles for the block. */ public function get_styles_for_block( $block_metadata ) { $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; $selector = $block_metadata['selector']; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $feature_declarations = static::get_feature_declarations_for_node( $block_metadata, $node ); $is_root_selector = static::ROOT_BLOCK_SELECTOR === $selector; // If there are style variations, generate the declarations for them, including any feature selectors the block may have. $style_variation_declarations = array(); $style_variation_custom_css = array(); if ( ! empty( $block_metadata['variations'] ) ) { foreach ( $block_metadata['variations'] as $style_variation ) { $style_variation_node = _wp_array_get( $this->theme_json, $style_variation['path'], array() ); $clean_style_variation_selector = trim( $style_variation['selector'] ); // Generate any feature/subfeature style declarations for the current style variation. $variation_declarations = static::get_feature_declarations_for_node( $block_metadata, $style_variation_node ); // Combine selectors with style variation's selector and add to overall style variation declarations. foreach ( $variation_declarations as $current_selector => $new_declarations ) { /* * Clean up any whitespace between comma separated selectors. * This prevents these spaces breaking compound selectors such as: * - `.wp-block-list:not(.wp-block-list .wp-block-list)` * - `.wp-block-image img, .wp-block-image.my-class img` */ $clean_current_selector = preg_replace( '/,\s+/', ',', $current_selector ); $shortened_selector = str_replace( $block_metadata['selector'], '', $clean_current_selector ); // Prepend the variation selector to the current selector. $split_selectors = explode( ',', $shortened_selector ); $updated_selectors = array_map( static function ( $split_selector ) use ( $clean_style_variation_selector ) { return $clean_style_variation_selector . $split_selector; }, $split_selectors ); $combined_selectors = implode( ',', $updated_selectors ); // Add the new declarations to the overall results under the modified selector. $style_variation_declarations[ $combined_selectors ] = $new_declarations; } // Compute declarations for remaining styles not covered by feature level selectors. $style_variation_declarations[ $style_variation['selector'] ] = static::compute_style_properties( $style_variation_node, $settings, null, $this->theme_json ); // Store custom CSS for the style variation. if ( isset( $style_variation_node['css'] ) ) { $style_variation_custom_css[ $style_variation['selector'] ] = $this->process_blocks_custom_css( $style_variation_node['css'], $style_variation['selector'] ); } } } /* * Get a reference to element name from path. * $block_metadata['path'] = array( 'styles','elements','link' ); * Make sure that $block_metadata['path'] describes an element node, like [ 'styles', 'element', 'link' ]. * Skip non-element paths like just ['styles']. */ $is_processing_element = in_array( 'elements', $block_metadata['path'], true ); $current_element = $is_processing_element ? $block_metadata['path'][ count( $block_metadata['path'] ) - 1 ] : null; $element_pseudo_allowed = array(); if ( isset( $current_element, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { $element_pseudo_allowed = static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ]; } /* * Check for allowed pseudo classes (e.g. ":hover") from the $selector ("a:hover"). * This also resets the array keys. */ $pseudo_matches = array_values( array_filter( $element_pseudo_allowed, static function ( $pseudo_selector ) use ( $selector ) { /* * Check if the pseudo selector is in the current selector, * ensuring it is not followed by a dash (e.g., :focus should not match :focus-visible). */ return preg_match( '/' . preg_quote( $pseudo_selector, '/' ) . '(?!-)/', $selector ) === 1; } ) ); $pseudo_selector = isset( $pseudo_matches[0] ) ? $pseudo_matches[0] : null; /* * If the current selector is a pseudo selector that's defined in the allow list for the current * element then compute the style properties for it. * Otherwise just compute the styles for the default selector as normal. */ if ( $pseudo_selector && isset( $node[ $pseudo_selector ] ) && isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) && in_array( $pseudo_selector, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ], true ) ) { $declarations = static::compute_style_properties( $node[ $pseudo_selector ], $settings, null, $this->theme_json, $selector, $use_root_padding ); } else { $declarations = static::compute_style_properties( $node, $settings, null, $this->theme_json, $selector, $use_root_padding ); } $block_rules = ''; /* * 1. Bespoke declaration modifiers: * - 'filter': Separate the declarations that use the general selector * from the ones using the duotone selector. * - 'background|background-image': set the html min-height to 100% * to ensure the background covers the entire viewport. */ $declarations_duotone = array(); $should_set_root_min_height = false; foreach ( $declarations as $index => $declaration ) { if ( 'filter' === $declaration['name'] ) { /* * 'unset' filters happen when a filter is unset * in the site-editor UI. Because the 'unset' value * in the user origin overrides the value in the * theme origin, we can skip rendering anything * here as no filter needs to be applied anymore. * So only add declarations to with values other * than 'unset'. */ if ( 'unset' !== $declaration['value'] ) { $declarations_duotone[] = $declaration; } unset( $declarations[ $index ] ); } if ( $is_root_selector && ( 'background-image' === $declaration['name'] || 'background' === $declaration['name'] ) ) { $should_set_root_min_height = true; } } /* * If root styles has a background-image or a background (gradient) set, * set the min-height to '100%'. Minus `--wp-admin--admin-bar--height` for logged-in view. * Setting the CSS rule on the HTML tag ensures background gradients and images behave similarly, * and matches the behavior of the site editor. */ if ( $should_set_root_min_height ) { $block_rules .= static::to_ruleset( 'html', array( array( 'name' => 'min-height', 'value' => 'calc(100% - var(--wp-admin--admin-bar--height, 0px))', ), ) ); } // Update declarations if there are separators with only background color defined. if ( '.wp-block-separator' === $selector ) { $declarations = static::update_separator_declarations( $declarations ); } /* * Root selector (body) styles should not be wrapped in `:root where()` to keep * specificity at (0,0,1) and maintain backwards compatibility. * * Top-level element styles using element-only specificity selectors should * not get wrapped in `:root :where()` to maintain backwards compatibility. * * Pseudo classes, e.g. :hover, :focus etc., are a class-level selector so * still need to be wrapped in `:root :where` to cap specificity for nested * variations etc. Pseudo selectors won't match the ELEMENTS selector exactly. */ $element_only_selector = $is_root_selector || ( $current_element && isset( static::ELEMENTS[ $current_element ] ) && // buttons, captions etc. still need `:root :where()` as they are class based selectors. ! isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $current_element ] ) && static::ELEMENTS[ $current_element ] === $selector ); // 2. Generate and append the rules that use the general selector. $general_selector = $element_only_selector ? $selector : ":root :where($selector)"; $block_rules .= static::to_ruleset( $general_selector, $declarations ); // 3. Generate and append the rules that use the duotone selector. if ( isset( $block_metadata['duotone'] ) && ! empty( $declarations_duotone ) ) { $block_rules .= static::to_ruleset( $block_metadata['duotone'], $declarations_duotone ); } // 4. Generate Layout block gap styles. if ( ! $is_root_selector && ! empty( $block_metadata['name'] ) ) { $block_rules .= $this->get_layout_styles( $block_metadata ); } // 5. Generate and append the feature level rulesets. foreach ( $feature_declarations as $feature_selector => $individual_feature_declarations ) { $block_rules .= static::to_ruleset( ":root :where($feature_selector)", $individual_feature_declarations ); } // 6. Generate and append the style variation rulesets. foreach ( $style_variation_declarations as $style_variation_selector => $individual_style_variation_declarations ) { $block_rules .= static::to_ruleset( ":root :where($style_variation_selector)", $individual_style_variation_declarations ); if ( isset( $style_variation_custom_css[ $style_variation_selector ] ) ) { $block_rules .= $style_variation_custom_css[ $style_variation_selector ]; } } // 7. Generate and append any custom CSS rules. if ( isset( $node['css'] ) && ! $is_root_selector ) { $block_rules .= $this->process_blocks_custom_css( $node['css'], $selector ); } return $block_rules; } /** * Outputs the CSS for layout rules on the root. * * @since 6.1.0 * @since 6.6.0 Use `ROOT_CSS_PROPERTIES_SELECTOR` for CSS custom properties and improved consistency of root padding rules. * Updated specificity of body margin reset and first/last child selectors. * * @param string $selector The root node selector. * @param array $block_metadata The metadata for the root block. * @return string The additional root rules CSS. */ public function get_root_layout_rules( $selector, $block_metadata ) { $css = ''; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; /* * If there are content and wide widths in theme.json, output them * as custom properties on the body element so all blocks can use them. */ if ( isset( $settings['layout']['contentSize'] ) || isset( $settings['layout']['wideSize'] ) ) { $content_size = isset( $settings['layout']['contentSize'] ) ? $settings['layout']['contentSize'] : $settings['layout']['wideSize']; $content_size = static::is_safe_css_declaration( 'max-width', $content_size ) ? $content_size : 'initial'; $wide_size = isset( $settings['layout']['wideSize'] ) ? $settings['layout']['wideSize'] : $settings['layout']['contentSize']; $wide_size = static::is_safe_css_declaration( 'max-width', $wide_size ) ? $wide_size : 'initial'; $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . ' { --wp--style--global--content-size: ' . $content_size . ';'; $css .= '--wp--style--global--wide-size: ' . $wide_size . '; }'; } /* * Reset default browser margin on the body element. * This is set on the body selector **before** generating the ruleset * from the `theme.json`. This is to ensure that if the `theme.json` declares * `margin` in its `spacing` declaration for the `body` element then these * user-generated values take precedence in the CSS cascade. * @link https://github.com/WordPress/gutenberg/issues/36147. */ $css .= ':where(body) { margin: 0; }'; if ( $use_root_padding ) { // Top and bottom padding are applied to the outer block container. $css .= '.wp-site-blocks { padding-top: var(--wp--style--root--padding-top); padding-bottom: var(--wp--style--root--padding-bottom); }'; // Right and left padding are applied to the first container with `.has-global-padding` class. $css .= '.has-global-padding { padding-right: var(--wp--style--root--padding-right); padding-left: var(--wp--style--root--padding-left); }'; // Alignfull children of the container with left and right padding have negative margins so they can still be full width. $css .= '.has-global-padding > .alignfull { margin-right: calc(var(--wp--style--root--padding-right) * -1); margin-left: calc(var(--wp--style--root--padding-left) * -1); }'; // Nested children of the container with left and right padding that are not full aligned do not get padding, unless they are direct children of an alignfull flow container. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) { padding-right: 0; padding-left: 0; }'; // Alignfull direct children of the containers that are targeted by the rule above do not need negative margins. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) > .alignfull { margin-left: 0; margin-right: 0; }'; } $css .= '.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }'; $css .= '.wp-site-blocks > .alignright { float: right; margin-left: 2em; }'; $css .= '.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }'; // Block gap styles will be output unless explicitly set to `null`. See static::PROTECTED_PROPERTIES. if ( isset( $this->theme_json['settings']['spacing']['blockGap'] ) ) { $block_gap_value = static::get_property_value( $this->theme_json, array( 'styles', 'spacing', 'blockGap' ) ); $css .= ":where(.wp-site-blocks) > * { margin-block-start: $block_gap_value; margin-block-end: 0; }"; $css .= ':where(.wp-site-blocks) > :first-child { margin-block-start: 0; }'; $css .= ':where(.wp-site-blocks) > :last-child { margin-block-end: 0; }'; // For backwards compatibility, ensure the legacy block gap CSS variable is still available. $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . " { --wp--style--block-gap: $block_gap_value; }"; } $css .= $this->get_layout_styles( $block_metadata ); return $css; } /** * For metadata values that can either be booleans or paths to booleans, gets the value. * * $data = array( * 'color' => array( * 'defaultPalette' => true * ) * ); * * static::get_metadata_boolean( $data, false ); * // => false * * static::get_metadata_boolean( $data, array( 'color', 'defaultPalette' ) ); * // => true * * @since 6.0.0 * * @param array $data The data to inspect. * @param bool|array $path Boolean or path to a boolean. * @param bool $default_value Default value if the referenced path is missing. * Default false. * @return bool Value of boolean metadata. */ protected static function get_metadata_boolean( $data, $path, $default_value = false ) { if ( is_bool( $path ) ) { return $path; } if ( is_array( $path ) ) { $value = _wp_array_get( $data, $path ); if ( null !== $value ) { return $value; } } return $default_value; } /** * Merges new incoming data. * * @since 5.8.0 * @since 5.9.0 Duotone preset also has origins. * @since 6.7.0 Replace background image objects during merge. * * @param WP_Theme_JSON $incoming Data to merge. */ public function merge( $incoming ) { $incoming_data = $incoming->get_raw_data(); $this->theme_json = array_replace_recursive( $this->theme_json, $incoming_data ); /* * Recompute all the spacing sizes based on the new hierarchy of data. In the constructor * spacingScale and spacingSizes are both keyed by origin and VALID_ORIGINS is ordered, so * we can allow partial spacingScale data to inherit missing data from earlier layers when * computing the spacing sizes. * * This happens before the presets are merged to ensure that default spacing sizes can be * removed from the theme origin if $prevent_override is true. */ $flattened_spacing_scale = array(); foreach ( static::VALID_ORIGINS as $origin ) { $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); // Apply the base spacing scale to the current layer. $base_spacing_scale = _wp_array_get( $this->theme_json, $scale_path, array() ); $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $base_spacing_scale ); $spacing_scale = _wp_array_get( $incoming_data, $scale_path, null ); if ( ! isset( $spacing_scale ) ) { continue; } // Allow partial scale settings by merging with lower layers. $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $spacing_scale ); // Generate and merge the scales for this layer. $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $incoming_data, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $flattened_spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $incoming_data, $sizes_path, $merged_spacing_sizes ); } /* * The array_replace_recursive algorithm merges at the leaf level, * but we don't want leaf arrays to be merged, so we overwrite it. * * For leaf values that are sequential arrays it will use the numeric indexes for replacement. * We rather replace the existing with the incoming value, if it exists. * This is the case of spacing.units. * * For leaf values that are associative arrays it will merge them as expected. * This is also not the behavior we want for the current associative arrays (presets). * We rather replace the existing with the incoming value, if it exists. * This happens, for example, when we merge data from theme.json upon existing * theme supports or when we merge anything coming from the same source twice. * This is the case of color.palette, color.gradients, color.duotone, * typography.fontSizes, or typography.fontFamilies. * * Additionally, for some preset types, we also want to make sure the * values they introduce don't conflict with default values. We do so * by checking the incoming slugs for theme presets and compare them * with the equivalent default presets: if a slug is present as a default * we remove it from the theme presets. */ $nodes = static::get_setting_nodes( $incoming_data ); $slugs_global = static::get_default_slugs( $this->theme_json, array( 'settings' ) ); foreach ( $nodes as $node ) { // Replace the spacing.units. $path = $node['path']; $path[] = 'spacing'; $path[] = 'units'; $content = _wp_array_get( $incoming_data, $path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $path, $content ); } // Replace the presets. foreach ( static::PRESETS_METADATA as $preset_metadata ) { $prevent_override = $preset_metadata['prevent_override']; if ( is_array( $prevent_override ) ) { $global_path = array_merge( array( 'settings' ), $prevent_override ); $global_value = _wp_array_get( $this->theme_json, $global_path, null ); $node_level_path = array_merge( $node['path'], $prevent_override ); $prevent_override = _wp_array_get( $this->theme_json, $node_level_path, $global_value ); } foreach ( static::VALID_ORIGINS as $origin ) { $base_path = $node['path']; foreach ( $preset_metadata['path'] as $leaf ) { $base_path[] = $leaf; } $path = $base_path; $path[] = $origin; $content = _wp_array_get( $incoming_data, $path, null ); if ( ! isset( $content ) ) { continue; } // Set names for theme presets based on the slug if they are not set and can use default names. if ( 'theme' === $origin && $preset_metadata['use_default_names'] ) { foreach ( $content as $key => $item ) { if ( ! isset( $item['name'] ) ) { $name = static::get_name_from_defaults( $item['slug'], $base_path ); if ( null !== $name ) { $content[ $key ]['name'] = $name; } } } } // Filter out default slugs from theme presets when defaults should not be overridden. if ( 'theme' === $origin && $prevent_override ) { $slugs_node = static::get_default_slugs( $this->theme_json, $node['path'] ); $preset_global = _wp_array_get( $slugs_global, $preset_metadata['path'], array() ); $preset_node = _wp_array_get( $slugs_node, $preset_metadata['path'], array() ); $preset_slugs = array_merge_recursive( $preset_global, $preset_node ); $content = static::filter_slugs( $content, $preset_slugs ); } _wp_array_set( $this->theme_json, $path, $content ); } } } /* * Style values are merged at the leaf level, however * some values provide exceptions, namely style values that are * objects and represent unique definitions for the style. */ $style_nodes = static::get_block_nodes( $this->theme_json, array(), array( 'include_node_paths_only' => true ) ); // Add top-level styles. $style_nodes[] = array( 'path' => array( 'styles' ) ); foreach ( $style_nodes as $style_node ) { $path = $style_node['path']; /* * Background image styles should be replaced, not merged, * as they themselves are specific object definitions for the style. */ $background_image_path = array_merge( $path, static::PROPERTIES_METADATA['background-image'] ); $content = _wp_array_get( $incoming_data, $background_image_path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $background_image_path, $content ); } } } /** * Converts all filter (duotone) presets into SVGs. * * @since 5.9.1 * * @param array $origins List of origins to process. * @return string SVG filters. */ public function get_svg_filters( $origins ) { $blocks_metadata = static::get_blocks_metadata(); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $filters = ''; foreach ( $setting_nodes as $metadata ) { $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); if ( empty( $node['color']['duotone'] ) ) { continue; } $duotone_presets = $node['color']['duotone']; foreach ( $origins as $origin ) { if ( ! isset( $duotone_presets[ $origin ] ) ) { continue; } foreach ( $duotone_presets[ $origin ] as $duotone_preset ) { $filters .= WP_Duotone::get_filter_svg_from_preset( $duotone_preset ); } } } return $filters; } /** * Determines whether a presets should be overridden or not. * * @since 5.9.0 * @deprecated 6.0.0 Use {@see 'get_metadata_boolean'} instead. * * @param array $theme_json The theme.json like structure to inspect. * @param array $path Path to inspect. * @param bool|array $override Data to compute whether to override the preset. * @return bool */ protected static function should_override_preset( $theme_json, $path, $override ) { _deprecated_function( __METHOD__, '6.0.0', 'get_metadata_boolean' ); if ( is_bool( $override ) ) { return $override; } /* * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults. */ if ( is_array( $override ) ) { $value = _wp_array_get( $theme_json, array_merge( $path, $override ) ); if ( isset( $value ) ) { return ! $value; } // Search the top-level key if none was found for this node. $value = _wp_array_get( $theme_json, array_merge( array( 'settings' ), $override ) ); if ( isset( $value ) ) { return ! $value; } return true; } } /** * Returns the default slugs for all the presets in an associative array * whose keys are the preset paths and the leaves is the list of slugs. * * For example: * * array( * 'color' => array( * 'palette' => array( 'slug-1', 'slug-2' ), * 'gradients' => array( 'slug-3', 'slug-4' ), * ), * ) * * @since 5.9.0 * * @param array $data A theme.json like structure. * @param array $node_path The path to inspect. It's 'settings' by default. * @return array */ protected static function get_default_slugs( $data, $node_path ) { $slugs = array(); foreach ( static::PRESETS_METADATA as $metadata ) { $path = $node_path; foreach ( $metadata['path'] as $leaf ) { $path[] = $leaf; } $path[] = 'default'; $preset = _wp_array_get( $data, $path, null ); if ( ! isset( $preset ) ) { continue; } $slugs_for_preset = array(); foreach ( $preset as $item ) { if ( isset( $item['slug'] ) ) { $slugs_for_preset[] = $item['slug']; } } _wp_array_set( $slugs, $metadata['path'], $slugs_for_preset ); } return $slugs; } /** * Gets a `default`'s preset name by a provided slug. * * @since 5.9.0 * * @param string $slug The slug we want to find a match from default presets. * @param array $base_path The path to inspect. It's 'settings' by default. * @return string|null */ protected function get_name_from_defaults( $slug, $base_path ) { $path = $base_path; $path[] = 'default'; $default_content = _wp_array_get( $this->theme_json, $path, null ); if ( ! $default_content ) { return null; } foreach ( $default_content as $item ) { if ( $slug === $item['slug'] ) { return $item['name']; } } return null; } /** * Removes the preset values whose slug is equal to any of given slugs. * * @since 5.9.0 * * @param array $node The node with the presets to validate. * @param array $slugs The slugs that should not be overridden. * @return array The new node. */ protected static function filter_slugs( $node, $slugs ) { if ( empty( $slugs ) ) { return $node; } $new_node = array(); foreach ( $node as $value ) { if ( isset( $value['slug'] ) && ! in_array( $value['slug'], $slugs, true ) ) { $new_node[] = $value; } } return $new_node; } /** * Removes insecure data from theme.json. * * @since 5.9.0 * @since 6.3.2 Preserves global styles block variations when securing styles. * @since 6.6.0 Updated to allow variation element styles and $origin parameter. * * @param array $theme_json Structure to sanitize. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. * @return array Sanitized structure. */ public static function remove_insecure_properties( $theme_json, $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $sanitized = array(); $theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $theme_json = static::sanitize( $theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $blocks_metadata = static::get_blocks_metadata(); $style_options = array( 'include_block_style_variations' => true ); // Allow variations data. $style_nodes = static::get_style_nodes( $theme_json, $blocks_metadata, $style_options ); foreach ( $style_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } // The global styles custom CSS is not sanitized, but can only be edited by users with 'edit_css' capability. if ( isset( $input['css'] ) && current_user_can( 'edit_css' ) ) { $output = $input; } else { $output = static::remove_insecure_styles( $input ); } /* * Get a reference to element name from path. * $metadata['path'] = array( 'styles', 'elements', 'link' ); */ $current_element = $metadata['path'][ count( $metadata['path'] ) - 1 ]; /* * $output is stripped of pseudo selectors. Re-add and process them * or insecure styles here. */ if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] as $pseudo_selector ) { if ( isset( $input[ $pseudo_selector ] ) ) { $output[ $pseudo_selector ] = static::remove_insecure_styles( $input[ $pseudo_selector ] ); } } } if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } if ( isset( $metadata['variations'] ) ) { foreach ( $metadata['variations'] as $variation ) { $variation_input = _wp_array_get( $theme_json, $variation['path'], array() ); if ( empty( $variation_input ) ) { continue; } $variation_output = static::remove_insecure_styles( $variation_input ); if ( isset( $variation_input['blocks'] ) ) { $variation_output['blocks'] = static::remove_insecure_inner_block_styles( $variation_input['blocks'] ); } if ( isset( $variation_input['elements'] ) ) { $variation_output['elements'] = static::remove_insecure_element_styles( $variation_input['elements'] ); } if ( ! empty( $variation_output ) ) { _wp_array_set( $sanitized, $variation['path'], $variation_output ); } } } } $setting_nodes = static::get_setting_nodes( $theme_json ); foreach ( $setting_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } $output = static::remove_insecure_settings( $input ); if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } } if ( empty( $sanitized['styles'] ) ) { unset( $theme_json['styles'] ); } else { $theme_json['styles'] = $sanitized['styles']; } if ( empty( $sanitized['settings'] ) ) { unset( $theme_json['settings'] ); } else { $theme_json['settings'] = $sanitized['settings']; } return $theme_json; } /** * Remove insecure element styles within a variation or block. * * @since 6.8.0 * * @param array $elements The elements to process. * @return array The sanitized elements styles. */ protected static function remove_insecure_element_styles( $elements ) { $sanitized = array(); $valid_element_names = array_keys( static::ELEMENTS ); foreach ( $valid_element_names as $element_name ) { $element_input = $elements[ $element_name ] ?? null; if ( $element_input ) { $element_output = static::remove_insecure_styles( $element_input ); if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] as $pseudo_selector ) { if ( isset( $element_input[ $pseudo_selector ] ) ) { $element_output[ $pseudo_selector ] = static::remove_insecure_styles( $element_input[ $pseudo_selector ] ); } } } $sanitized[ $element_name ] = $element_output; } } return $sanitized; } /** * Remove insecure styles from inner blocks and their elements. * * @since 6.8.0 * * @param array $blocks The block styles to process. * @return array Sanitized block type styles. */ protected static function remove_insecure_inner_block_styles( $blocks ) { $sanitized = array(); foreach ( $blocks as $block_type => $block_input ) { $block_output = static::remove_insecure_styles( $block_input ); if ( isset( $block_input['elements'] ) ) { $block_output['elements'] = static::remove_insecure_element_styles( $block_input['elements'] ); } $sanitized[ $block_type ] = $block_output; } return $sanitized; } /** * Processes a setting node and returns the same node * without the insecure settings. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_settings( $input ) { $output = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { foreach ( static::VALID_ORIGINS as $origin ) { $path_with_origin = $preset_metadata['path']; $path_with_origin[] = $origin; $presets = _wp_array_get( $input, $path_with_origin, null ); if ( null === $presets ) { continue; } $escaped_preset = array(); foreach ( $presets as $preset ) { if ( esc_attr( esc_html( $preset['name'] ) ) === $preset['name'] && sanitize_html_class( $preset['slug'] ) === $preset['slug'] ) { $value = null; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value = $preset[ $preset_metadata['value_key'] ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value = call_user_func( $preset_metadata['value_func'], $preset ); } $preset_is_valid = true; foreach ( $preset_metadata['properties'] as $property ) { if ( ! static::is_safe_css_declaration( $property, $value ) ) { $preset_is_valid = false; break; } } if ( $preset_is_valid ) { $escaped_preset[] = $preset; } } } if ( ! empty( $escaped_preset ) ) { _wp_array_set( $output, $path_with_origin, $escaped_preset ); } } } // Ensure indirect properties not included in any `PRESETS_METADATA` value are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Processes a style node and returns the same node * without the insecure styles. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_styles( $input ) { $output = array(); $declarations = static::compute_style_properties( $input ); foreach ( $declarations as $declaration ) { if ( static::is_safe_css_declaration( $declaration['name'], $declaration['value'] ) ) { $path = static::PROPERTIES_METADATA[ $declaration['name'] ]; /* * Check the value isn't an array before adding so as to not * double up shorthand and longhand styles. */ $value = _wp_array_get( $input, $path, array() ); if ( ! is_array( $value ) ) { _wp_array_set( $output, $path, $value ); } } } // Ensure indirect properties not handled by `compute_style_properties` are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Checks that a declaration provided by the user is safe. * * @since 5.9.0 * * @param string $property_name Property name in a CSS declaration, i.e. the `color` in `color: red`. * @param string $property_value Value in a CSS declaration, i.e. the `red` in `color: red`. * @return bool */ protected static function is_safe_css_declaration( $property_name, $property_value ) { $style_to_validate = $property_name . ': ' . $property_value; $filtered = esc_html( safecss_filter_attr( $style_to_validate ) ); return ! empty( trim( $filtered ) ); } /** * Removes indirect properties from the given input node and * sets in the given output node. * * @since 6.2.0 * * @param array $input Node to process. * @param array $output The processed node. Passed by reference. */ private static function remove_indirect_properties( $input, &$output ) { foreach ( static::INDIRECT_PROPERTIES_METADATA as $property => $paths ) { foreach ( $paths as $path ) { $value = _wp_array_get( $input, $path ); if ( is_string( $value ) && static::is_safe_css_declaration( $property, $value ) ) { _wp_array_set( $output, $path, $value ); } } } } /** * Returns the raw data. * * @since 5.8.0 * * @return array Raw data. */ public function get_raw_data() { return $this->theme_json; } /** * Transforms the given editor settings according the * add_theme_support format to the theme.json format. * * @since 5.8.0 * * @param array $settings Existing editor settings. * @return array Config that adheres to the theme.json schema. */ public static function get_from_editor_settings( $settings ) { $theme_settings = array( 'version' => static::LATEST_SCHEMA, 'settings' => array(), ); // Deprecated theme supports. if ( isset( $settings['disableCustomColors'] ) ) { $theme_settings['settings']['color']['custom'] = ! $settings['disableCustomColors']; } if ( isset( $settings['disableCustomGradients'] ) ) { $theme_settings['settings']['color']['customGradient'] = ! $settings['disableCustomGradients']; } if ( isset( $settings['disableCustomFontSizes'] ) ) { $theme_settings['settings']['typography']['customFontSize'] = ! $settings['disableCustomFontSizes']; } if ( isset( $settings['enableCustomLineHeight'] ) ) { $theme_settings['settings']['typography']['lineHeight'] = $settings['enableCustomLineHeight']; } if ( isset( $settings['enableCustomUnits'] ) ) { $theme_settings['settings']['spacing']['units'] = ( true === $settings['enableCustomUnits'] ) ? array( 'px', 'em', 'rem', 'vh', 'vw', '%' ) : $settings['enableCustomUnits']; } if ( isset( $settings['colors'] ) ) { $theme_settings['settings']['color']['palette'] = $settings['colors']; } if ( isset( $settings['gradients'] ) ) { $theme_settings['settings']['color']['gradients'] = $settings['gradients']; } if ( isset( $settings['fontSizes'] ) ) { $font_sizes = $settings['fontSizes']; // Back-compatibility for presets without units. foreach ( $font_sizes as $key => $font_size ) { if ( is_numeric( $font_size['size'] ) ) { $font_sizes[ $key ]['size'] = $font_size['size'] . 'px'; } } $theme_settings['settings']['typography']['fontSizes'] = $font_sizes; } if ( isset( $settings['enableCustomSpacing'] ) ) { $theme_settings['settings']['spacing']['padding'] = $settings['enableCustomSpacing']; } if ( isset( $settings['spacingSizes'] ) ) { $theme_settings['settings']['spacing']['spacingSizes'] = $settings['spacingSizes']; } return $theme_settings; } /** * Returns the current theme's wanted patterns(slugs) to be * registered from Pattern Directory. * * @since 6.0.0 * * @return string[] */ public function get_patterns() { if ( isset( $this->theme_json['patterns'] ) && is_array( $this->theme_json['patterns'] ) ) { return $this->theme_json['patterns']; } return array(); } /** * Returns a valid theme.json as provided by a theme. * * Unlike get_raw_data() this returns the presets flattened, as provided by a theme. * This also uses appearanceTools instead of their opt-ins if all of them are true. * * @since 6.0.0 * * @return array */ public function get_data() { $output = $this->theme_json; $nodes = static::get_setting_nodes( $output ); /** * Flatten the theme & custom origins into a single one. * * For example, the following: * * { * "settings": { * "color": { * "palette": { * "theme": [ {} ], * "custom": [ {} ] * } * } * } * } * * will be converted to: * * { * "settings": { * "color": { * "palette": [ {} ] * } * } * } */ foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $preset_metadata_path ) { $path[] = $preset_metadata_path; } $preset = _wp_array_get( $output, $path, null ); if ( null === $preset ) { continue; } $items = array(); if ( isset( $preset['theme'] ) ) { foreach ( $preset['theme'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } if ( isset( $preset['custom'] ) ) { foreach ( $preset['custom'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } $flattened_preset = array(); foreach ( $items as $slug => $value ) { $flattened_preset[] = array_merge( array( 'slug' => (string) $slug ), $value ); } _wp_array_set( $output, $path, $flattened_preset ); } } /* * If all of the static::APPEARANCE_TOOLS_OPT_INS are true, * this code unsets them and sets 'appearanceTools' instead. */ foreach ( $nodes as $node ) { $all_opt_ins_are_set = true; foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( 'unset prop' === $opt_in_value ) { $all_opt_ins_are_set = false; break; } } if ( $all_opt_ins_are_set ) { $node_path_with_appearance_tools = $node['path']; $node_path_with_appearance_tools[] = 'appearanceTools'; _wp_array_set( $output, $node_path_with_appearance_tools, true ); foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( true !== $opt_in_value ) { continue; } /* * The following could be improved to be path independent. * At the moment it relies on a couple of assumptions: * * - all opt-ins having a path of size 2. * - there's two sources of settings: the top-level and the block-level. */ if ( ( 1 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) ) { // Top-level settings. unset( $output['settings'][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings'][ $opt_in_path[0] ] ) ) { unset( $output['settings'][ $opt_in_path[0] ] ); } } elseif ( ( 3 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) && ( 'blocks' === $node['path'][1] ) ) { // Block-level settings. $block_name = $node['path'][2]; unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ) ) { unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ); } } } } } wp_recursive_ksort( $output ); return $output; } /** * Sets the spacingSizes array based on the spacingScale values from theme.json. * * @since 6.1.0 * @deprecated 6.6.0 No longer used as the spacingSizes are automatically * generated in the constructor and merge methods instead * of manually after instantiation. * * @return null|void */ public function set_spacing_sizes() { _deprecated_function( __METHOD__, '6.6.0' ); $spacing_scale = isset( $this->theme_json['settings']['spacing']['spacingScale'] ) ? $this->theme_json['settings']['spacing']['spacingScale'] : array(); if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || ! isset( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) ) { if ( ! empty( $spacing_scale ) ) { wp_trigger_error( __METHOD__, sprintf( /* translators: 1: theme.json, 2: settings.spacing.spacingScale */ __( 'Some of the %1$s %2$s values are invalid' ), 'theme.json', 'settings.spacing.spacingScale' ), E_USER_NOTICE ); } return null; } // If theme authors want to prevent the generation of the core spacing scale they can set their theme.json spacingScale.steps to 0. if ( 0 === $spacing_scale['steps'] ) { return null; } $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); // If there are 7 or fewer steps in the scale revert to numbers for labels instead of t-shirt sizes. if ( $spacing_scale['steps'] <= 7 ) { for ( $spacing_sizes_count = 0; $spacing_sizes_count < count( $spacing_sizes ); $spacing_sizes_count++ ) { $spacing_sizes[ $spacing_sizes_count ]['name'] = (string) ( $spacing_sizes_count + 1 ); } } _wp_array_set( $this->theme_json, array( 'settings', 'spacing', 'spacingSizes', 'default' ), $spacing_sizes ); } /** * Merges two sets of spacing size presets. * * @since 6.6.0 * * @param array $base The base set of spacing sizes. * @param array $incoming The set of spacing sizes to merge with the base. Duplicate slugs will override the base values. * @return array The merged set of spacing sizes. */ private static function merge_spacing_sizes( $base, $incoming ) { // Preserve the order if there are no base (spacingScale) values. if ( empty( $base ) ) { return $incoming; } $merged = array(); foreach ( $base as $item ) { $merged[ $item['slug'] ] = $item; } foreach ( $incoming as $item ) { $merged[ $item['slug'] ] = $item; } ksort( $merged, SORT_NUMERIC ); return array_values( $merged ); } /** * Generates a set of spacing sizes by starting with a medium size and * applying an operator with an increment value to generate the rest of the * sizes outward from the medium size. The medium slug is '50' with the rest * of the slugs being 10 apart. The generated names use t-shirt sizing. * * Example: * * $spacing_scale = array( * 'steps' => 4, * 'mediumStep' => 16, * 'unit' => 'px', * 'operator' => '+', * 'increment' => 2, * ); * $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); * // -> array( * // array( 'name' => 'Small', 'slug' => '40', 'size' => '14px' ), * // array( 'name' => 'Medium', 'slug' => '50', 'size' => '16px' ), * // array( 'name' => 'Large', 'slug' => '60', 'size' => '18px' ), * // array( 'name' => 'X-Large', 'slug' => '70', 'size' => '20px' ), * // ) * * @since 6.6.0 * * @param array $spacing_scale { * The spacing scale values. All are required. * * @type int $steps The number of steps in the scale. (up to 10 steps are supported.) * @type float $mediumStep The middle value that gets the slug '50'. (For even number of steps, this becomes the first middle value.) * @type string $unit The CSS unit to use for the sizes. * @type string $operator The mathematical operator to apply to generate the other sizes. Either '+' or '*'. * @type float $increment The value used with the operator to generate the other sizes. * } * @return array The spacing sizes presets or an empty array if some spacing scale values are missing or invalid. */ private static function compute_spacing_sizes( $spacing_scale ) { /* * This condition is intentionally missing some checks on ranges for the values in order to * keep backwards compatibility with the previous implementation. */ if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || 0 === $spacing_scale['steps'] || ! isset( $spacing_scale['mediumStep'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['increment'] ) ) { return array(); } $unit = '%' === $spacing_scale['unit'] ? '%' : sanitize_title( $spacing_scale['unit'] ); $current_step = $spacing_scale['mediumStep']; $steps_mid_point = round( $spacing_scale['steps'] / 2, 0 ); $x_small_count = null; $below_sizes = array(); $slug = 40; $remainder = 0; for ( $below_midpoint_count = $steps_mid_point - 1; $spacing_scale['steps'] > 1 && $slug > 0 && $below_midpoint_count > 0; $below_midpoint_count-- ) { if ( '+' === $spacing_scale['operator'] ) { $current_step -= $spacing_scale['increment']; } elseif ( $spacing_scale['increment'] > 1 ) { $current_step /= $spacing_scale['increment']; } else { $current_step *= $spacing_scale['increment']; } if ( $current_step <= 0 ) { $remainder = $below_midpoint_count; break; } $below_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Small. */ 'name' => $below_midpoint_count === $steps_mid_point - 1 ? __( 'Small' ) : sprintf( __( '%sX-Small' ), (string) $x_small_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( $below_midpoint_count === $steps_mid_point - 2 ) { $x_small_count = 2; } if ( $below_midpoint_count < $steps_mid_point - 2 ) { ++$x_small_count; } $slug -= 10; } $below_sizes = array_reverse( $below_sizes ); $below_sizes[] = array( 'name' => __( 'Medium' ), 'slug' => '50', 'size' => $spacing_scale['mediumStep'] . $unit, ); $current_step = $spacing_scale['mediumStep']; $x_large_count = null; $above_sizes = array(); $slug = 60; $steps_above = ( $spacing_scale['steps'] - $steps_mid_point ) + $remainder; for ( $above_midpoint_count = 0; $above_midpoint_count < $steps_above; $above_midpoint_count++ ) { $current_step = '+' === $spacing_scale['operator'] ? $current_step + $spacing_scale['increment'] : ( $spacing_scale['increment'] >= 1 ? $current_step * $spacing_scale['increment'] : $current_step / $spacing_scale['increment'] ); $above_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Large. */ 'name' => 0 === $above_midpoint_count ? __( 'Large' ) : sprintf( __( '%sX-Large' ), (string) $x_large_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( 1 === $above_midpoint_count ) { $x_large_count = 2; } if ( $above_midpoint_count > 1 ) { ++$x_large_count; } $slug += 10; } $spacing_sizes = $below_sizes; foreach ( $above_sizes as $above_sizes_item ) { $spacing_sizes[] = $above_sizes_item; } return $spacing_sizes; } /** * This is used to convert the internal representation of variables to the CSS representation. * For example, `var:preset|color|vivid-green-cyan` becomes `var(--wp--preset--color--vivid-green-cyan)`. * * @since 6.3.0 * * @param string $value The variable such as var:preset|color|vivid-green-cyan to convert. * @return string The converted variable. */ private static function convert_custom_properties( $value ) { $prefix = 'var:'; $prefix_len = strlen( $prefix ); $token_in = '|'; $token_out = '--'; if ( str_starts_with( $value, $prefix ) ) { $unwrapped_name = str_replace( $token_in, $token_out, substr( $value, $prefix_len ) ); $value = "var(--wp--$unwrapped_name)"; } return $value; } /** * Given a tree, converts the internal representation of variables to the CSS representation. * It is recursive and modifies the input in-place. * * @since 6.3.0 * * @param array $tree Input to process. * @return array The modified $tree. */ private static function resolve_custom_css_format( $tree ) { $prefix = 'var:'; foreach ( $tree as $key => $data ) { if ( is_string( $data ) && str_starts_with( $data, $prefix ) ) { $tree[ $key ] = self::convert_custom_properties( $data ); } elseif ( is_array( $data ) ) { $tree[ $key ] = self::resolve_custom_css_format( $data ); } } return $tree; } /** * Returns the selectors metadata for a block. * * @since 6.3.0 * * @param object $block_type The block type. * @param string $root_selector The block's root selector. * @return array The custom selectors set by the block. */ protected static function get_block_selectors( $block_type, $root_selector ) { if ( ! empty( $block_type->selectors ) ) { return $block_type->selectors; } $selectors = array( 'root' => $root_selector ); foreach ( static::BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS as $key => $feature ) { $feature_selector = wp_get_block_css_selector( $block_type, $key ); if ( null !== $feature_selector ) { $selectors[ $feature ] = array( 'root' => $feature_selector ); } } return $selectors; } /** * Generates all the element selectors for a block. * * @since 6.3.0 * * @param string $root_selector The block's root CSS selector. * @return array The block's element selectors. */ protected static function get_block_element_selectors( $root_selector ) { /* * Assign defaults, then override those that the block sets by itself. * If the block selector is compounded, will append the element to each * individual block selector. */ $block_selectors = explode( ',', $root_selector ); $element_selectors = array(); foreach ( static::ELEMENTS as $el_name => $el_selector ) { $element_selector = array(); foreach ( $block_selectors as $selector ) { if ( $selector === $el_selector ) { $element_selector = array( $el_selector ); break; } $element_selector[] = static::prepend_to_selector( $el_selector, $selector . ' ' ); } $element_selectors[ $el_name ] = implode( ',', $element_selector ); } return $element_selectors; } /** * Generates style declarations for a node's features e.g., color, border, * typography etc. that have custom selectors in their related block's * metadata. * * @since 6.3.0 * * @param object $metadata The related block metadata containing selectors. * @param object $node A merged theme.json node for block or variation. * @return array The style declarations for the node's features with custom * selectors. */ protected function get_feature_declarations_for_node( $metadata, &$node ) { $declarations = array(); if ( ! isset( $metadata['selectors'] ) ) { return $declarations; } $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); foreach ( $metadata['selectors'] as $feature => $feature_selectors ) { /* * Skip if this is the block's root selector or the block doesn't * have any styles for the feature. */ if ( 'root' === $feature || empty( $node[ $feature ] ) ) { continue; } if ( is_array( $feature_selectors ) ) { foreach ( $feature_selectors as $subfeature => $subfeature_selector ) { if ( 'root' === $subfeature || empty( $node[ $feature ][ $subfeature ] ) ) { continue; } /* * Create temporary node containing only the subfeature data * to leverage existing `compute_style_properties` function. */ $subfeature_node = array( $feature => array( $subfeature => $node[ $feature ][ $subfeature ], ), ); // Generate style declarations. $new_declarations = static::compute_style_properties( $subfeature_node, $settings, null, $this->theme_json ); // Merge subfeature declarations into feature declarations. if ( isset( $declarations[ $subfeature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $subfeature_selector ][] = $new_declaration; } } else { $declarations[ $subfeature_selector ] = $new_declarations; } /* * Remove the subfeature from the block's node now its * styles will be included under its own selector not the * block's. */ unset( $node[ $feature ][ $subfeature ] ); } } /* * Now subfeatures have been processed and removed we can process * feature root selector or simple string selector. */ if ( is_string( $feature_selectors ) || ( isset( $feature_selectors['root'] ) && $feature_selectors['root'] ) ) { $feature_selector = is_string( $feature_selectors ) ? $feature_selectors : $feature_selectors['root']; /* * Create temporary node containing only the feature data * to leverage existing `compute_style_properties` function. */ $feature_node = array( $feature => $node[ $feature ] ); // Generate the style declarations. $new_declarations = static::compute_style_properties( $feature_node, $settings, null, $this->theme_json ); /* * Merge new declarations with any that already exist for * the feature selector. This may occur when multiple block * support features use the same custom selector. */ if ( isset( $declarations[ $feature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $feature_selector ][] = $new_declaration; } } else { $declarations[ $feature_selector ] = $new_declarations; } /* * Remove the feature from the block's node now its styles * will be included under its own selector not the block's. */ unset( $node[ $feature ] ); } } return $declarations; } /** * Replaces CSS variables with their values in place. * * @since 6.3.0 * @since 6.5.0 Check for empty style before processing its value. * * @param array $styles CSS declarations to convert. * @param array $values key => value pairs to use for replacement. * @return array */ private static function convert_variables_to_value( $styles, $values ) { foreach ( $styles as $key => $style ) { if ( empty( $style ) ) { continue; } if ( is_array( $style ) ) { $styles[ $key ] = self::convert_variables_to_value( $style, $values ); continue; } if ( 0 <= strpos( $style, 'var(' ) ) { // find all the variables in the string in the form of var(--variable-name, fallback), with fallback in the second capture group. $has_matches = preg_match_all( '/var\(([^),]+)?,?\s?(\S+)?\)/', $style, $var_parts ); if ( $has_matches ) { $resolved_style = $styles[ $key ]; foreach ( $var_parts[1] as $index => $var_part ) { $key_in_values = 'var(' . $var_part . ')'; $rule_to_replace = $var_parts[0][ $index ]; // the css rule to replace e.g. var(--wp--preset--color--vivid-green-cyan). $fallback = $var_parts[2][ $index ]; // the fallback value. $resolved_style = str_replace( array( $rule_to_replace, $fallback, ), array( isset( $values[ $key_in_values ] ) ? $values[ $key_in_values ] : $rule_to_replace, isset( $values[ $fallback ] ) ? $values[ $fallback ] : $fallback, ), $resolved_style ); } $styles[ $key ] = $resolved_style; } } } return $styles; } /** * Resolves the values of CSS variables in the given styles. * * @since 6.3.0 * * @param WP_Theme_JSON $theme_json The theme json resolver. * @return WP_Theme_JSON The $theme_json with resolved variables. */ public static function resolve_variables( $theme_json ) { $settings = $theme_json->get_settings(); $styles = $theme_json->get_raw_data()['styles']; $preset_vars = static::compute_preset_vars( $settings, static::VALID_ORIGINS ); $theme_vars = static::compute_theme_vars( $settings ); $vars = array_reduce( array_merge( $preset_vars, $theme_vars ), function ( $carry, $item ) { $name = $item['name']; $carry[ "var({$name})" ] = $item['value']; return $carry; }, array() ); $theme_json->theme_json['styles'] = self::convert_variables_to_value( $styles, $vars ); return $theme_json; } /** * Generates a selector for a block style variation. * * @since 6.5.0 * * @param string $variation_name Name of the block style variation. * @param string $block_selector CSS selector for the block. * @return string Block selector with block style variation selector added to it. */ protected static function get_block_style_variation_selector( $variation_name, $block_selector ) { $variation_class = ".is-style-$variation_name"; if ( ! $block_selector ) { return $variation_class; } $limit = 1; $selector_parts = explode( ',', $block_selector ); $result = array(); foreach ( $selector_parts as $part ) { $result[] = preg_replace_callback( '/((?::\([^)]+\))?\s*)([^\s:]+)/', function ( $matches ) use ( $variation_class ) { return $matches[1] . $matches[2] . $variation_class; }, $part, $limit ); } return implode( ',', $result ); } /** * Collects valid block style variations keyed by block type. * * @since 6.6.0 * @since 6.8.0 Added the `$blocks_metadata` parameter. * * @param array $blocks_metadata Optional. List of metadata per block. Default is the metadata for all blocks. * @return array Valid block style variations by block type. */ protected static function get_valid_block_style_variations( $blocks_metadata = array() ) { $valid_variations = array(); $blocks_metadata = empty( $blocks_metadata ) ? static::get_blocks_metadata() : $blocks_metadata; foreach ( $blocks_metadata as $block_name => $block_meta ) { if ( ! isset( $block_meta['styleVariations'] ) ) { continue; } $valid_variations[ $block_name ] = array_keys( $block_meta['styleVariations'] ); } return $valid_variations; } } HTTP/https-detection-20260605221903.php 0000666 00000013341 15226703613 0012550 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605212936-20260607161930.php 0000666 00000013341 15226703613 0014146 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606092458.php 0000666 00000013341 15226703613 0012564 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605160218-20260610053450.php 0000666 00000013341 15226703613 0014130 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606102911.php 0000666 00000013341 15226703613 0012546 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605211618-20260606065255.php 0000666 00000011205 15226703613 0014154 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605183407.php 0000666 00000011205 15226703613 0012566 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606183054.php 0000666 00000011205 15226703613 0012565 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605080418-20260615095508.php 0000666 00000013341 15226703613 0014152 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605172034-20260610014226.php 0000666 00000011205 15226703613 0014135 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605183311-20260609204638.php 0000666 00000011205 15226703613 0014155 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260607003229-20260609061535.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606132041.php 0000666 00000013341 15226703613 0012543 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606054002.php 0000666 00000013341 15226703613 0012543 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606064430-20260608113414.php 0000666 00000013341 15226703613 0014134 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606085143.php 0000666 00000011205 15226703613 0012565 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606092011-20260607151705.php 0000666 00000011205 15226703613 0014144 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/cache-20260605104454.php 0000666 00000032256 15226703613 0010504 0 ustar 00 <?php /** * Object Cache API * * @link https://developer.wordpress.org/reference/classes/wp_object_cache/ * * @package WordPress * @subpackage Cache */ /** WP_Object_Cache class */ require_once ABSPATH . WPINC . '/class-wp-object-cache.php'; /** * Sets up Object Cache Global and assigns it. * * @since 2.0.0 * * @global WP_Object_Cache $wp_object_cache */ function wp_cache_init() { $GLOBALS['wp_object_cache'] = new WP_Object_Cache(); } /** * Adds data to the cache, if the cache key doesn't already exist. * * @since 2.0.0 * * @see WP_Object_Cache::add() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The data to add to the cache. * @param string $group Optional. The group to add the cache to. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When the cache data should expire, in seconds. * Default 0 (no expiration). * @return bool True on success, false if cache key and group already exist. */ function wp_cache_add( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add( $key, $data, $group, (int) $expire ); } /** * Adds multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::add_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if cache key and group already exist. */ function wp_cache_add_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add_multiple( $data, $group, (int) $expire ); } /** * Replaces the contents of the cache with new data. * * @since 2.0.0 * * @see WP_Object_Cache::replace() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache data that should be replaced. * @param mixed $data The new data to store in the cache. * @param string $group Optional. The group for the cache data that should be replaced. * Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True if contents were replaced, false if original value does not exist. */ function wp_cache_replace( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->replace( $key, $data, $group, (int) $expire ); } /** * Saves the data to the cache. * * Differs from wp_cache_add() and wp_cache_replace() in that it will always write data. * * @since 2.0.0 * * @see WP_Object_Cache::set() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The contents to store in the cache. * @param string $group Optional. Where to group the cache contents. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True on success, false on failure. */ function wp_cache_set( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set( $key, $data, $group, (int) $expire ); } /** * Sets multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::set_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false on failure. */ function wp_cache_set_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set_multiple( $data, $group, (int) $expire ); } /** * Retrieves the cache contents from the cache by key and group. * * @since 2.0.0 * * @see WP_Object_Cache::get() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @param bool|null $found Optional. Whether the key was found in the cache (passed by reference). * Disambiguates a return of false, a storable value. Default null. * @return mixed|false The cache contents on success, false on failure to retrieve contents. */ function wp_cache_get( $key, $group = '', $force = false, &$found = null ) { global $wp_object_cache; return $wp_object_cache->get( $key, $group, $force, $found ); } /** * Retrieves multiple values from the cache in one call. * * @since 5.5.0 * * @see WP_Object_Cache::get_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @return array Array of return values, grouped by key. Each value is either * the cache contents on success, or false on failure. */ function wp_cache_get_multiple( $keys, $group = '', $force = false ) { global $wp_object_cache; return $wp_object_cache->get_multiple( $keys, $group, $force ); } /** * Removes the cache contents matching key and group. * * @since 2.0.0 * * @see WP_Object_Cache::delete() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key What the contents in the cache are called. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool True on successful removal, false on failure. */ function wp_cache_delete( $key, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete( $key, $group ); } /** * Deletes multiple values from the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::delete_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache to deleted. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if the contents were not deleted. */ function wp_cache_delete_multiple( array $keys, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete_multiple( $keys, $group ); } /** * Increments numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::incr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache contents that should be incremented. * @param int $offset Optional. The amount by which to increment the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_incr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->incr( $key, $offset, $group ); } /** * Decrements numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::decr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to decrement. * @param int $offset Optional. The amount by which to decrement the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_decr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->decr( $key, $offset, $group ); } /** * Removes all cache items. * * @since 2.0.0 * * @see WP_Object_Cache::flush() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @return bool True on success, false on failure. */ function wp_cache_flush() { global $wp_object_cache; return $wp_object_cache->flush(); } /** * Removes all cache items from the in-memory runtime cache. * * @since 6.0.0 * * @see WP_Object_Cache::flush() * * @return bool True on success, false on failure. */ function wp_cache_flush_runtime() { return wp_cache_flush(); } /** * Removes all cache items in a group, if the object cache implementation supports it. * * Before calling this function, always check for group flushing support using the * `wp_cache_supports( 'flush_group' )` function. * * @since 6.1.0 * * @see WP_Object_Cache::flush_group() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string $group Name of group to remove from cache. * @return bool True if group was flushed, false otherwise. */ function wp_cache_flush_group( $group ) { global $wp_object_cache; return $wp_object_cache->flush_group( $group ); } /** * Determines whether the object cache implementation supports a particular feature. * * @since 6.1.0 * * @param string $feature Name of the feature to check for. Possible values include: * 'add_multiple', 'set_multiple', 'get_multiple', 'delete_multiple', * 'flush_runtime', 'flush_group'. * @return bool True if the feature is supported, false otherwise. */ function wp_cache_supports( $feature ) { switch ( $feature ) { case 'add_multiple': case 'set_multiple': case 'get_multiple': case 'delete_multiple': case 'flush_runtime': case 'flush_group': return true; default: return false; } } /** * Closes the cache. * * This function has ceased to do anything since WordPress 2.5. The * functionality was removed along with the rest of the persistent cache. * * This does not mean that plugins can't implement this function when they need * to make sure that the cache is cleaned up after WordPress no longer needs it. * * @since 2.0.0 * * @return true Always returns true. */ function wp_cache_close() { return true; } /** * Adds a group or set of groups to the list of global groups. * * @since 2.6.0 * * @see WP_Object_Cache::add_global_groups() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_global_groups( $groups ) { global $wp_object_cache; $wp_object_cache->add_global_groups( $groups ); } /** * Adds a group or set of groups to the list of non-persistent groups. * * @since 2.6.0 * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_non_persistent_groups( $groups ) { // Default cache doesn't persist so nothing to do here. } /** * Switches the internal blog ID. * * This changes the blog id used to create keys in blog specific groups. * * @since 3.5.0 * * @see WP_Object_Cache::switch_to_blog() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int $blog_id Site ID. */ function wp_cache_switch_to_blog( $blog_id ) { global $wp_object_cache; $wp_object_cache->switch_to_blog( $blog_id ); } /** * Resets internal cache keys and structures. * * If the cache back end uses global blog or site IDs as part of its cache keys, * this function instructs the back end to reset those keys and perform any cleanup * since blog or site IDs have changed since cache init. * * This function is deprecated. Use wp_cache_switch_to_blog() instead of this * function when preparing the cache for a blog switch. For clearing the cache * during unit tests, consider using wp_cache_init(). wp_cache_init() is not * recommended outside of unit tests as the performance penalty for using it is high. * * @since 3.0.0 * @deprecated 3.5.0 Use wp_cache_switch_to_blog() * @see WP_Object_Cache::reset() * * @global WP_Object_Cache $wp_object_cache Object cache global instance. */ function wp_cache_reset() { _deprecated_function( __FUNCTION__, '3.5.0', 'wp_cache_switch_to_blog()' ); global $wp_object_cache; $wp_object_cache->reset(); } HTTP/http.php 0000666 00000062426 15226703613 0007036 0 ustar 00 <?php /** * Core HTTP Request API * * Standardizes the HTTP requests for WordPress. Handles cookies, gzip encoding and decoding, chunk * decoding, if HTTP 1.1 and various other difficult HTTP protocol implementations. * * @package WordPress * @subpackage HTTP */ /** * Returns the initialized WP_Http Object * * @since 2.7.0 * @access private * * @return WP_Http HTTP Transport object. */ function _wp_http_get_object() { static $http = null; if ( is_null( $http ) ) { $http = new WP_Http(); } return $http; } /** * Retrieves the raw response from a safe HTTP request. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_request( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->request( $url, $args ); } /** * Retrieves the raw response from a safe HTTP request using the GET method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_get( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->get( $url, $args ); } /** * Retrieves the raw response from a safe HTTP request using the POST method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_post( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->post( $url, $args ); } /** * Retrieves the raw response from a safe HTTP request using the HEAD method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_head( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->head( $url, $args ); } /** * Performs an HTTP request and returns its response. * * There are other API functions available which abstract away the HTTP method: * * - Default 'GET' for wp_remote_get() * - Default 'POST' for wp_remote_post() * - Default 'HEAD' for wp_remote_head() * * Important: If the URL is user-controlled, use `wp_safe_remote_request()` instead. * * @since 2.7.0 * * @see WP_Http::request() For information on default arguments. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response array or a WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_request( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->request( $url, $args ); } /** * Performs an HTTP request using the GET method and returns its response. * * Important: If the URL is user-controlled, use `wp_safe_remote_get()` instead. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_get( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->get( $url, $args ); } /** * Performs an HTTP request using the POST method and returns its response. * * Important: If the URL is user-controlled, use `wp_safe_remote_post()` instead. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_post( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->post( $url, $args ); } /** * Performs an HTTP request using the HEAD method and returns its response. * * Important: If the URL is user-controlled, use `wp_safe_remote_head()` instead. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_head( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->head( $url, $args ); } /** * Retrieves only the headers from the raw response. * * @since 2.7.0 * @since 4.6.0 Return value changed from an array to an WpOrg\Requests\Utility\CaseInsensitiveDictionary instance. * * @see \WpOrg\Requests\Utility\CaseInsensitiveDictionary * * @param array|WP_Error $response HTTP response. * @return \WpOrg\Requests\Utility\CaseInsensitiveDictionary|array The headers of the response, or empty array * if incorrect parameter given. */ function wp_remote_retrieve_headers( $response ) { if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return array(); } return $response['headers']; } /** * Retrieves a single header by name from the raw response. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @param string $header Header name to retrieve value from. * @return array|string The header(s) value(s). Array if multiple headers with the same name are retrieved. * Empty string if incorrect parameter given, or if the header doesn't exist. */ function wp_remote_retrieve_header( $response, $header ) { if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return ''; } if ( isset( $response['headers'][ $header ] ) ) { return $response['headers'][ $header ]; } return ''; } /** * Retrieves only the response code from the raw response. * * Will return an empty string if incorrect parameter value is given. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @return int|string The response code as an integer. Empty string if incorrect parameter given. */ function wp_remote_retrieve_response_code( $response ) { if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { return ''; } return $response['response']['code']; } /** * Retrieves only the response message from the raw response. * * Will return an empty string if incorrect parameter value is given. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @return string The response message. Empty string if incorrect parameter given. */ function wp_remote_retrieve_response_message( $response ) { if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { return ''; } return $response['response']['message']; } /** * Retrieves only the body from the raw response. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @return string The body of the response. Empty string if no body or incorrect parameter given. */ function wp_remote_retrieve_body( $response ) { if ( is_wp_error( $response ) || ! isset( $response['body'] ) ) { return ''; } return $response['body']; } /** * Retrieves only the cookies from the raw response. * * @since 4.4.0 * * @param array|WP_Error $response HTTP response. * @return WP_Http_Cookie[] An array of `WP_Http_Cookie` objects from the response. * Empty array if there are none, or the response is a WP_Error. */ function wp_remote_retrieve_cookies( $response ) { if ( is_wp_error( $response ) || empty( $response['cookies'] ) ) { return array(); } return $response['cookies']; } /** * Retrieves a single cookie by name from the raw response. * * @since 4.4.0 * * @param array|WP_Error $response HTTP response. * @param string $name The name of the cookie to retrieve. * @return WP_Http_Cookie|string The `WP_Http_Cookie` object, or empty string * if the cookie is not present in the response. */ function wp_remote_retrieve_cookie( $response, $name ) { $cookies = wp_remote_retrieve_cookies( $response ); if ( empty( $cookies ) ) { return ''; } foreach ( $cookies as $cookie ) { if ( $cookie->name === $name ) { return $cookie; } } return ''; } /** * Retrieves a single cookie's value by name from the raw response. * * @since 4.4.0 * * @param array|WP_Error $response HTTP response. * @param string $name The name of the cookie to retrieve. * @return string The value of the cookie, or empty string * if the cookie is not present in the response. */ function wp_remote_retrieve_cookie_value( $response, $name ) { $cookie = wp_remote_retrieve_cookie( $response, $name ); if ( ! ( $cookie instanceof WP_Http_Cookie ) ) { return ''; } return $cookie->value; } /** * Determines if there is an HTTP Transport that can process this request. * * @since 3.2.0 * * @param array $capabilities Array of capabilities to test or a wp_remote_request() $args array. * @param string $url Optional. If given, will check if the URL requires SSL and adds * that requirement to the capabilities array. * * @return bool */ function wp_http_supports( $capabilities = array(), $url = null ) { $capabilities = wp_parse_args( $capabilities ); $count = count( $capabilities ); // If we have a numeric $capabilities array, spoof a wp_remote_request() associative $args array. if ( $count && count( array_filter( array_keys( $capabilities ), 'is_numeric' ) ) === $count ) { $capabilities = array_combine( array_values( $capabilities ), array_fill( 0, $count, true ) ); } if ( $url && ! isset( $capabilities['ssl'] ) ) { $scheme = parse_url( $url, PHP_URL_SCHEME ); if ( 'https' === $scheme || 'ssl' === $scheme ) { $capabilities['ssl'] = true; } } return WpOrg\Requests\Requests::has_capabilities( $capabilities ); } /** * Gets the HTTP Origin of the current request. * * @since 3.4.0 * * @return string URL of the origin. Empty string if no origin. */ function get_http_origin() { $origin = ''; if ( ! empty( $_SERVER['HTTP_ORIGIN'] ) ) { $origin = $_SERVER['HTTP_ORIGIN']; } /** * Changes the origin of an HTTP request. * * @since 3.4.0 * * @param string $origin The HTTP origin for the request. */ return apply_filters( 'http_origin', $origin ); } /** * Retrieves list of allowed HTTP origins. * * @since 3.4.0 * * @return string[] Array of origin URLs. */ function get_allowed_http_origins() { $admin_origin = parse_url( admin_url() ); $home_origin = parse_url( home_url() ); // @todo Preserve port? $allowed_origins = array_unique( array( 'http://' . $admin_origin['host'], 'https://' . $admin_origin['host'], 'http://' . $home_origin['host'], 'https://' . $home_origin['host'], ) ); /** * Changes the origin types allowed for HTTP requests. * * @since 3.4.0 * * @param string[] $allowed_origins Array of allowed HTTP origins. */ return apply_filters( 'allowed_http_origins', $allowed_origins ); } /** * Determines if the HTTP origin is an authorized one. * * @since 3.4.0 * * @param string|null $origin Origin URL. If not provided, the value of get_http_origin() is used. * @return string Origin URL if allowed, empty string if not. */ function is_allowed_http_origin( $origin = null ) { $origin_arg = $origin; if ( null === $origin ) { $origin = get_http_origin(); } if ( $origin && ! in_array( $origin, get_allowed_http_origins(), true ) ) { $origin = ''; } /** * Changes the allowed HTTP origin result. * * @since 3.4.0 * * @param string $origin Origin URL if allowed, empty string if not. * @param string $origin_arg Original origin string passed into is_allowed_http_origin function. */ return apply_filters( 'allowed_http_origin', $origin, $origin_arg ); } /** * Sends Access-Control-Allow-Origin and related headers if the current request * is from an allowed origin. * * If the request is an OPTIONS request, the script exits with either access * control headers sent, or a 403 response if the origin is not allowed. For * other request methods, you will receive a return value. * * @since 3.4.0 * * @return string|false Returns the origin URL if headers are sent. Returns false * if headers are not sent. */ function send_origin_headers() { $origin = get_http_origin(); if ( is_allowed_http_origin( $origin ) ) { header( 'Access-Control-Allow-Origin: ' . $origin ); header( 'Access-Control-Allow-Credentials: true' ); if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { exit; } return $origin; } if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { status_header( 403 ); exit; } return false; } /** * Validates a URL as safe for use in the HTTP API. * * The only supported protocols are `http` and `https`. * * Examples of URLs that are considered unsafe: * * - `ftp://example.com/caniload.php` - Invalid protocol - only http and https are allowed. * - `http:///example.com/caniload.php` - Malformed URL. * - `http://user:pass@example.com/caniload.php` - Login information. * - `http://example.invalid/caniload.php` - Invalid hostname, as the IP cannot be looked up in DNS. * * Examples of URLs that are considered unsafe by default but can be allowed with filters: * * - `http://192.168.0.1/caniload.php` - IP address from LAN network. * This can be changed with the {@see 'http_request_host_is_external'} filter. * - `http://198.143.164.252:81/caniload.php` - By default, only ports 80, 443, and 8080 are allowed. * This can be changed with the {@see 'http_allowed_safe_ports'} filter. * * @since 3.5.2 * * @param string $url Request URL. * @return string|false Returns false if the URL is not safe, or the original URL if it is safe. */ function wp_http_validate_url( $url ) { if ( ! is_string( $url ) || '' === $url || is_numeric( $url ) ) { return false; } $original_url = $url; $url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) ); if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) ) { return false; } $parsed_url = parse_url( $url ); if ( ! $parsed_url || empty( $parsed_url['host'] ) ) { return false; } if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) ) { return false; } if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) ) { return false; } $parsed_home = parse_url( get_option( 'home' ) ); $same_host = isset( $parsed_home['host'] ) && strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ); $host = trim( $parsed_url['host'], '.' ); if ( ! $same_host ) { if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) { $ip = $host; } else { $ip = gethostbyname( $host ); if ( $ip === $host ) { // Error condition for gethostbyname(). return false; } } if ( $ip ) { $parts = array_map( 'intval', explode( '.', $ip ) ); if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0] || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) || ( 192 === $parts[0] && 168 === $parts[1] ) ) { // If host appears local, reject unless specifically allowed. /** * Checks if HTTP request is external or not. * * Allows to change and allow external requests for the HTTP request. * * @since 3.6.0 * * @param bool $external Whether HTTP request is external or not. * @param string $host Host name of the requested URL. * @param string $url Requested URL. */ if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) { return false; } } } } if ( empty( $parsed_url['port'] ) ) { return $url; } $port = $parsed_url['port']; /** * Controls the list of ports considered safe in HTTP API. * * Allows to change and allow external requests for the HTTP request. * * @since 5.9.0 * * @param int[] $allowed_ports Array of integers for valid ports. Default allowed ports * are 80, 443, and 8080. * @param string $host Host name of the requested URL. * @param string $url Requested URL. */ $allowed_ports = apply_filters( 'http_allowed_safe_ports', array( 80, 443, 8080 ), $host, $url ); if ( is_array( $allowed_ports ) && in_array( $port, $allowed_ports, true ) ) { return $url; } if ( $parsed_home && $same_host && isset( $parsed_home['port'] ) && $parsed_home['port'] === $port ) { return $url; } return false; } /** * Marks allowed redirect hosts safe for HTTP requests as well. * * Attached to the {@see 'http_request_host_is_external'} filter. * * @since 3.6.0 * * @param bool $is_external * @param string $host * @return bool */ function allowed_http_request_hosts( $is_external, $host ) { if ( ! $is_external && wp_validate_redirect( 'http://' . $host ) ) { $is_external = true; } return $is_external; } /** * Adds any domain in a multisite installation for safe HTTP requests to the * allowed list. * * Attached to the {@see 'http_request_host_is_external'} filter. * * @since 3.6.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param bool $is_external * @param string $host * @return bool */ function ms_allowed_http_request_hosts( $is_external, $host ) { global $wpdb; static $queried = array(); if ( $is_external ) { return $is_external; } if ( get_network()->domain === $host ) { return true; } if ( isset( $queried[ $host ] ) ) { return $queried[ $host ]; } $queried[ $host ] = (bool) $wpdb->get_var( $wpdb->prepare( "SELECT domain FROM $wpdb->blogs WHERE domain = %s LIMIT 1", $host ) ); return $queried[ $host ]; } /** * A wrapper for PHP's parse_url() function that handles consistency in the return values * across PHP versions. * * Across various PHP versions, schemeless URLs containing a ":" in the query * are being handled inconsistently. This function works around those differences. * * @since 4.4.0 * @since 4.7.0 The `$component` parameter was added for parity with PHP's `parse_url()`. * * @link https://www.php.net/manual/en/function.parse-url.php * * @param string $url The URL to parse. * @param int $component The specific component to retrieve. Use one of the PHP * predefined constants to specify which one. * Defaults to -1 (= return all parts as an array). * @return mixed False on parse failure; Array of URL components on success; * When a specific component has been requested: null if the component * doesn't exist in the given URL; a string or - in the case of * PHP_URL_PORT - integer when it does. See parse_url()'s return values. */ function wp_parse_url( $url, $component = -1 ) { $to_unset = array(); $url = (string) $url; if ( str_starts_with( $url, '//' ) ) { $to_unset[] = 'scheme'; $url = 'placeholder:' . $url; } elseif ( str_starts_with( $url, '/' ) ) { $to_unset[] = 'scheme'; $to_unset[] = 'host'; $url = 'placeholder://placeholder' . $url; } $parts = parse_url( $url ); if ( false === $parts ) { // Parsing failure. return $parts; } // Remove the placeholder values. foreach ( $to_unset as $key ) { unset( $parts[ $key ] ); } return _get_component_from_parsed_url_array( $parts, $component ); } /** * Retrieves a specific component from a parsed URL array. * * @internal * * @since 4.7.0 * @access private * * @link https://www.php.net/manual/en/function.parse-url.php * * @param array|false $url_parts The parsed URL. Can be false if the URL failed to parse. * @param int $component The specific component to retrieve. Use one of the PHP * predefined constants to specify which one. * Defaults to -1 (= return all parts as an array). * @return mixed False on parse failure; Array of URL components on success; * When a specific component has been requested: null if the component * doesn't exist in the given URL; a string or - in the case of * PHP_URL_PORT - integer when it does. See parse_url()'s return values. */ function _get_component_from_parsed_url_array( $url_parts, $component = -1 ) { if ( -1 === $component ) { return $url_parts; } $key = _wp_translate_php_url_constant_to_key( $component ); if ( false !== $key && is_array( $url_parts ) && isset( $url_parts[ $key ] ) ) { return $url_parts[ $key ]; } else { return null; } } /** * Translates a PHP_URL_* constant to the named array keys PHP uses. * * @internal * * @since 4.7.0 * @access private * * @link https://www.php.net/manual/en/url.constants.php * * @param int $constant PHP_URL_* constant. * @return string|false The named key or false. */ function _wp_translate_php_url_constant_to_key( $constant ) { $translation = array( PHP_URL_SCHEME => 'scheme', PHP_URL_HOST => 'host', PHP_URL_PORT => 'port', PHP_URL_USER => 'user', PHP_URL_PASS => 'pass', PHP_URL_PATH => 'path', PHP_URL_QUERY => 'query', PHP_URL_FRAGMENT => 'fragment', ); if ( isset( $translation[ $constant ] ) ) { return $translation[ $constant ]; } else { return false; } } HTTP/https-detection-20260605034026-20260606104816.php 0000666 00000013341 15226703613 0014135 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605114100.php 0000666 00000011205 15226703613 0012546 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605144200.php 0000666 00000011205 15226703613 0012552 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606224027-20260610134342.php 0000666 00000013341 15226703613 0014130 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605034026-20260605193431.php 0000666 00000013341 15226703613 0014135 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606050704-20260609013918.php 0000666 00000013341 15226703613 0014144 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/script-loader-react-refresh-runtime.min-20260605112716.php 0000666 00000000124 15226703613 0017171 0 ustar 00 <?php return array('dependencies' => array(), 'version' => '8f1acdfb845f670b0ef2'); HTTP/https-detection-20260606074218.php 0000666 00000013341 15226703613 0012556 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605092322.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606062352-20260610154606.php 0000666 00000013341 15226703613 0014136 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606035847-20260606163943.php 0000666 00000011205 15226703613 0014170 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605125727-20260609073407.php 0000666 00000011205 15226703613 0014162 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606092011-20260608045235.php 0000666 00000011205 15226703613 0014145 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605164841-20260607225952.php 0000666 00000013341 15226703613 0014154 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605090746-20260606031856.php 0000666 00000013341 15226703613 0014153 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/string-20260610144142.php 0000666 00000020233 15226703613 0010731 0 ustar 00 <?php /** * Parses unified or context diffs output from eg. the diff utility. * * Example: * <code> * $patch = file_get_contents('example.patch'); * $diff = new Text_Diff('string', array($patch)); * $renderer = new Text_Diff_Renderer_inline(); * echo $renderer->render($diff); * </code> * * Copyright 2005 Örjan Persson <o@42mm.org> * Copyright 2005-2010 The Horde Project (http://www.horde.org/) * * See the enclosed file COPYING for license information (LGPL). If you did * not receive this file, see https://opensource.org/license/lgpl-2-1/. * * @author Örjan Persson <o@42mm.org> * @package Text_Diff * @since 0.2.0 */ class Text_Diff_Engine_string { /** * Parses a unified or context diff. * * First param contains the whole diff and the second can be used to force * a specific diff type. If the second parameter is 'autodetect', the * diff will be examined to find out which type of diff this is. * * @param string $diff The diff content. * @param string $mode The diff mode of the content in $diff. One of * 'context', 'unified', or 'autodetect'. * * @return array List of all diff operations. */ function diff($diff, $mode = 'autodetect') { // Detect line breaks. $lnbr = "\n"; if (strpos($diff, "\r\n") !== false) { $lnbr = "\r\n"; } elseif (strpos($diff, "\r") !== false) { $lnbr = "\r"; } // Make sure we have a line break at the EOF. if (substr($diff, -strlen($lnbr)) != $lnbr) { $diff .= $lnbr; } if ($mode != 'autodetect' && $mode != 'context' && $mode != 'unified') { return PEAR::raiseError('Type of diff is unsupported'); } if ($mode == 'autodetect') { $context = strpos($diff, '***'); $unified = strpos($diff, '---'); if ($context === $unified) { return PEAR::raiseError('Type of diff could not be detected'); } elseif ($context === false || $unified === false) { $mode = $context !== false ? 'context' : 'unified'; } else { $mode = $context < $unified ? 'context' : 'unified'; } } // Split by new line and remove the diff header, if there is one. $diff = explode($lnbr, $diff); if (($mode == 'context' && strpos($diff[0], '***') === 0) || ($mode == 'unified' && strpos($diff[0], '---') === 0)) { array_shift($diff); array_shift($diff); } if ($mode == 'context') { return $this->parseContextDiff($diff); } else { return $this->parseUnifiedDiff($diff); } } /** * Parses an array containing the unified diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseUnifiedDiff($diff) { $edits = array(); $end = count($diff) - 1; for ($i = 0; $i < $end;) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case ' ': do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == ' '); $edits[] = new Text_Diff_Op_copy($diff1); break; case '+': // get all new lines do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': // get changed or removed lines $diff2 = array(); do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '-'); while ($i < $end && substr($diff[$i], 0, 1) == '+') { $diff2[] = substr($diff[$i++], 1); } if (count($diff2) == 0) { $edits[] = new Text_Diff_Op_delete($diff1); } else { $edits[] = new Text_Diff_Op_change($diff1, $diff2); } break; default: $i++; break; } } return $edits; } /** * Parses an array containing the context diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseContextDiff(&$diff) { $edits = array(); $i = $max_i = $j = $max_j = 0; $end = count($diff) - 1; while ($i < $end && $j < $end) { while ($i >= $max_i && $j >= $max_j) { // Find the boundaries of the diff output of the two files for ($i = $j; $i < $end && substr($diff[$i], 0, 3) == '***'; $i++); for ($max_i = $i; $max_i < $end && substr($diff[$max_i], 0, 3) != '---'; $max_i++); for ($j = $max_i; $j < $end && substr($diff[$j], 0, 3) == '---'; $j++); for ($max_j = $j; $max_j < $end && substr($diff[$max_j], 0, 3) != '***'; $max_j++); } // find what hasn't been changed $array = array(); while ($i < $max_i && $j < $max_j && strcmp($diff[$i], $diff[$j]) == 0) { $array[] = substr($diff[$i], 2); $i++; $j++; } while ($i < $max_i && ($max_j-$j) <= 1) { if ($diff[$i] != '' && substr($diff[$i], 0, 1) != ' ') { break; } $array[] = substr($diff[$i++], 2); } while ($j < $max_j && ($max_i-$i) <= 1) { if ($diff[$j] != '' && substr($diff[$j], 0, 1) != ' ') { break; } $array[] = substr($diff[$j++], 2); } if (count($array) > 0) { $edits[] = new Text_Diff_Op_copy($array); } if ($i < $max_i) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case '!': $diff2 = array(); do { $diff1[] = substr($diff[$i], 2); if ($j < $max_j && substr($diff[$j], 0, 1) == '!') { $diff2[] = substr($diff[$j++], 2); } } while (++$i < $max_i && substr($diff[$i], 0, 1) == '!'); $edits[] = new Text_Diff_Op_change($diff1, $diff2); break; case '+': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff1); break; } } if ($j < $max_j) { $diff2 = array(); switch (substr($diff[$j], 0, 1)) { case '+': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff2); break; case '-': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff2); break; } } } return $edits; } } HTTP/https-migration-20260606072831-20260609051053.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-oembed-20260605060127.php 0000666 00000075666 15226703613 0012435 0 ustar 00 <?php /** * API for fetching the HTML to embed remote content based on a provided URL * * Used internally by the WP_Embed class, but is designed to be generic. * * @link https://developer.wordpress.org/advanced-administration/wordpress/oembed/ * @link http://oembed.com/ * * @package WordPress * @subpackage oEmbed */ /** * Core class used to implement oEmbed functionality. * * @since 2.9.0 */ #[AllowDynamicProperties] class WP_oEmbed { /** * A list of oEmbed providers. * * @since 2.9.0 * @var array */ public $providers = array(); /** * A list of an early oEmbed providers. * * @since 4.0.0 * @var array */ public static $early_providers = array(); /** * A list of private/protected methods, used for backward compatibility. * * @since 4.2.0 * @var array */ private $compat_methods = array( '_fetch_with_format', '_parse_json', '_parse_xml', '_parse_xml_body' ); /** * Constructor. * * @since 2.9.0 */ public function __construct() { $host = urlencode( home_url() ); $providers = array( '#https?://((m|www)\.)?youtube\.com/watch.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/playlist.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/shorts/*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/live/*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://youtu\.be/.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://(.+\.)?vimeo\.com/.*#i' => array( 'https://vimeo.com/api/oembed.{format}', true ), '#https?://(www\.)?dailymotion\.com/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://dai\.ly/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://(www\.)?flickr\.com/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://flic\.kr/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://(.+\.)?smugmug\.com/.*#i' => array( 'https://api.smugmug.com/services/oembed/', true ), '#https?://(www\.)?scribd\.com/(doc|document)/.*#i' => array( 'https://www.scribd.com/services/oembed', true ), '#https?://wordpress\.tv/.*#i' => array( 'https://wordpress.tv/oembed/', true ), '#https?://(.+\.)?crowdsignal\.net/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(.+\.)?polldaddy\.com/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://poll\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(.+\.)?survey\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/status(es)?/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/likes$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/lists/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/timelines/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/i/moments/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?soundcloud\.com/.*#i' => array( 'https://soundcloud.com/oembed', true ), '#https?://(open|play)\.spotify\.com/.*#i' => array( 'https://embed.spotify.com/oembed/', true ), '#https?://(.+\.)?imgur\.com/.*#i' => array( 'https://api.imgur.com/oembed', true ), '#https?://(www\.)?issuu\.com/.+/docs/.+#i' => array( 'https://issuu.com/oembed_wp', true ), '#https?://(www\.)?mixcloud\.com/.*#i' => array( 'https://app.mixcloud.com/oembed/', true ), '#https?://(www\.|embed\.)?ted\.com/talks/.*#i' => array( 'https://www.ted.com/services/v1/oembed.{format}', true ), '#https?://(www\.)?(animoto|video214)\.com/play/.*#i' => array( 'https://animoto.com/oembeds/create', true ), '#https?://(.+)\.tumblr\.com/.*#i' => array( 'https://www.tumblr.com/oembed/1.0', true ), '#https?://(www\.)?kickstarter\.com/projects/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://kck\.st/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://cloudup\.com/.*#i' => array( 'https://cloudup.com/oembed', true ), '#https?://(www\.)?reverbnation\.com/.*#i' => array( 'https://www.reverbnation.com/oembed', true ), '#https?://videopress\.com/v/.*#' => array( 'https://public-api.wordpress.com/oembed/?for=' . $host, true ), '#https?://(www\.)?reddit\.com/r/[^/]+/comments/.*#i' => array( 'https://www.reddit.com/oembed', true ), '#https?://(www\.)?speakerdeck\.com/.*#i' => array( 'https://speakerdeck.com/oembed.{format}', true ), '#https?://([a-z0-9-]+\.)?amazon\.(com|com\.mx|com\.br|ca)/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.uk|de|fr|it|es|in|nl|ru)/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.jp|com\.au)/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://(www\.)?a\.co/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.to/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.eu/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://(www\.)?amzn\.in/.*#i' => array( 'https://read.amazon.in/kp/api/oembed', true ), '#https?://(www\.)?amzn\.asia/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://(www\.)?z\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://www\.someecards\.com/.+-cards/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://www\.someecards\.com/usercards/viewcard/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://some\.ly\/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://(www\.)?tiktok\.com/.*/video/.*#i' => array( 'https://www.tiktok.com/oembed', true ), '#https?://(www\.)?tiktok\.com/@.*#i' => array( 'https://www.tiktok.com/oembed', true ), '#https?://([a-z]{2}|www)\.pinterest\.com(\.(au|mx))?/.*#i' => array( 'https://www.pinterest.com/oembed.json', true ), '#https?://(www\.)?wolframcloud\.com/obj/.+#i' => array( 'https://www.wolframcloud.com/oembed', true ), '#https?://pca\.st/.+#i' => array( 'https://pca.st/oembed.json', true ), '#https?://((play|www)\.)?anghami\.com/.*#i' => array( 'https://api.anghami.com/rest/v1/oembed.view', true ), '#https?://bsky.app/profile/.*/post/.*#i' => array( 'https://embed.bsky.app/oembed', true ), '#https?://(www\.)?canva\.com/design/.*/view.*#i' => array( 'https://canva.com/_oembed', true ), ); if ( ! empty( self::$early_providers['add'] ) ) { foreach ( self::$early_providers['add'] as $format => $data ) { $providers[ $format ] = $data; } } if ( ! empty( self::$early_providers['remove'] ) ) { foreach ( self::$early_providers['remove'] as $format ) { unset( $providers[ $format ] ); } } self::$early_providers = array(); /** * Filters the list of sanctioned oEmbed providers. * * Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized * iframes. The providers in this list are sanctioned, meaning they are trusted and allowed to * embed any content, such as iframes, videos, JavaScript, and arbitrary HTML. * * Supported providers: * * | Provider | Flavor | Since | * | ------------ | ----------------------------------------- | ------- | * | Dailymotion | dailymotion.com | 2.9.0 | * | Flickr | flickr.com | 2.9.0 | * | Scribd | scribd.com | 2.9.0 | * | Vimeo | vimeo.com | 2.9.0 | * | WordPress.tv | wordpress.tv | 2.9.0 | * | YouTube | youtube.com/watch | 2.9.0 | * | Crowdsignal | polldaddy.com | 3.0.0 | * | SmugMug | smugmug.com | 3.0.0 | * | YouTube | youtu.be | 3.0.0 | * | Twitter | twitter.com | 3.4.0 | * | SoundCloud | soundcloud.com | 3.5.0 | * | Dailymotion | dai.ly | 3.6.0 | * | Flickr | flic.kr | 3.6.0 | * | Spotify | spotify.com | 3.6.0 | * | Imgur | imgur.com | 3.9.0 | * | Animoto | animoto.com | 4.0.0 | * | Animoto | video214.com | 4.0.0 | * | Issuu | issuu.com | 4.0.0 | * | Mixcloud | mixcloud.com | 4.0.0 | * | Crowdsignal | poll.fm | 4.0.0 | * | TED | ted.com | 4.0.0 | * | YouTube | youtube.com/playlist | 4.0.0 | * | Tumblr | tumblr.com | 4.2.0 | * | Kickstarter | kickstarter.com | 4.2.0 | * | Kickstarter | kck.st | 4.2.0 | * | Cloudup | cloudup.com | 4.3.0 | * | ReverbNation | reverbnation.com | 4.4.0 | * | VideoPress | videopress.com | 4.4.0 | * | Reddit | reddit.com | 4.4.0 | * | Speaker Deck | speakerdeck.com | 4.4.0 | * | Twitter | twitter.com/timelines | 4.5.0 | * | Twitter | twitter.com/moments | 4.5.0 | * | Twitter | twitter.com/user | 4.7.0 | * | Twitter | twitter.com/likes | 4.7.0 | * | Twitter | twitter.com/lists | 4.7.0 | * | Screencast | screencast.com | 4.8.0 | * | Amazon | amazon.com (com.mx, com.br, ca) | 4.9.0 | * | Amazon | amazon.de (fr, it, es, in, nl, ru, co.uk) | 4.9.0 | * | Amazon | amazon.co.jp (com.au) | 4.9.0 | * | Amazon | amazon.cn | 4.9.0 | * | Amazon | a.co | 4.9.0 | * | Amazon | amzn.to (eu, in, asia) | 4.9.0 | * | Amazon | z.cn | 4.9.0 | * | Someecards | someecards.com | 4.9.0 | * | Someecards | some.ly | 4.9.0 | * | Crowdsignal | survey.fm | 5.1.0 | * | TikTok | tiktok.com | 5.4.0 | * | Pinterest | pinterest.com | 5.9.0 | * | WolframCloud | wolframcloud.com | 5.9.0 | * | Pocket Casts | pocketcasts.com | 6.1.0 | * | Crowdsignal | crowdsignal.net | 6.2.0 | * | Anghami | anghami.com | 6.3.0 | * | Bluesky | bsky.app | 6.6.0 | * | Canva | canva.com | 6.8.0 | * * No longer supported providers: * * | Provider | Flavor | Since | Removed | * | ------------ | -------------------- | --------- | --------- | * | Qik | qik.com | 2.9.0 | 3.9.0 | * | Viddler | viddler.com | 2.9.0 | 4.0.0 | * | Revision3 | revision3.com | 2.9.0 | 4.2.0 | * | Blip | blip.tv | 2.9.0 | 4.4.0 | * | Rdio | rdio.com | 3.6.0 | 4.4.1 | * | Rdio | rd.io | 3.6.0 | 4.4.1 | * | Vine | vine.co | 4.1.0 | 4.9.0 | * | Photobucket | photobucket.com | 2.9.0 | 5.1.0 | * | Funny or Die | funnyordie.com | 3.0.0 | 5.1.0 | * | CollegeHumor | collegehumor.com | 4.0.0 | 5.3.1 | * | Hulu | hulu.com | 2.9.0 | 5.5.0 | * | Instagram | instagram.com | 3.5.0 | 5.5.2 | * | Instagram | instagr.am | 3.5.0 | 5.5.2 | * | Instagram TV | instagram.com | 5.1.0 | 5.5.2 | * | Instagram TV | instagr.am | 5.1.0 | 5.5.2 | * | Facebook | facebook.com | 4.7.0 | 5.5.2 | * | Meetup.com | meetup.com | 3.9.0 | 6.0.1 | * | Meetup.com | meetu.ps | 3.9.0 | 6.0.1 | * | SlideShare | slideshare.net | 3.5.0 | 6.6.0 | * | Screencast | screencast.com | 4.8.0 | 6.8.2 | * * @see wp_oembed_add_provider() * * @since 2.9.0 * * @param array[] $providers An array of arrays containing data about popular oEmbed providers. */ $this->providers = apply_filters( 'oembed_providers', $providers ); // Fix any embeds that contain new lines in the middle of the HTML which breaks wpautop(). add_filter( 'oembed_dataparse', array( $this, '_strip_newlines' ), 10, 3 ); } /** * Exposes private/protected methods for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( in_array( $name, $this->compat_methods, true ) ) { return $this->$name( ...$arguments ); } return false; } /** * Takes a URL and returns the corresponding oEmbed provider's URL, if there is one. * * @since 4.0.0 * * @see WP_oEmbed::discover() * * @param string $url The URL to the content. * @param string|array $args { * Optional. Additional provider arguments. Default empty. * * @type bool $discover Optional. Determines whether to attempt to discover link tags * at the given URL for an oEmbed provider when the provider URL * is not found in the built-in providers list. Default true. * } * @return string|false The oEmbed provider URL on success, false on failure. */ public function get_provider( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = false; if ( ! isset( $args['discover'] ) ) { $args['discover'] = true; } foreach ( $this->providers as $matchmask => $data ) { list( $providerurl, $regex ) = $data; // Turn the asterisk-type provider URLs into regex. if ( ! $regex ) { $matchmask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $matchmask ), '#' ) ) . '#i'; $matchmask = preg_replace( '|^#http\\\://|', '#https?\://', $matchmask ); } if ( preg_match( $matchmask, $url ) ) { $provider = str_replace( '{format}', 'json', $providerurl ); // JSON is easier to deal with than XML. break; } } if ( ! $provider && $args['discover'] ) { $provider = $this->discover( $url ); } return $provider; } /** * Adds an oEmbed provider. * * The provider is added just-in-time when wp_oembed_add_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time addition is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_add_provider() * * @param string $format Format of URL that this provider can handle. You can use * asterisks as wildcards. * @param string $provider The URL to the oEmbed provider.. * @param bool $regex Optional. Whether the $format parameter is in a regex format. * Default false. */ public static function _add_provider_early( $format, $provider, $regex = false ) { if ( empty( self::$early_providers['add'] ) ) { self::$early_providers['add'] = array(); } self::$early_providers['add'][ $format ] = array( $provider, $regex ); } /** * Removes an oEmbed provider. * * The provider is removed just-in-time when wp_oembed_remove_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time removal is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_remove_provider() * * @param string $format The format of URL that this provider can handle. You can use * asterisks as wildcards. */ public static function _remove_provider_early( $format ) { if ( empty( self::$early_providers['remove'] ) ) { self::$early_providers['remove'] = array(); } self::$early_providers['remove'][] = $format; } /** * Takes a URL and attempts to return the oEmbed data. * * @see WP_oEmbed::fetch() * * @since 4.8.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function get_data( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = $this->get_provider( $url, $args ); if ( ! $provider ) { return false; } $data = $this->fetch( $provider, $url, $args ); if ( false === $data ) { return false; } return $data; } /** * The do-it-all function that takes a URL and attempts to return the HTML. * * @see WP_oEmbed::fetch() * @see WP_oEmbed::data2html() * * @since 2.9.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return string|false The UNSANITIZED (and potentially unsafe) HTML that should be used to embed * on success, false on failure. */ public function get_html( $url, $args = '' ) { /** * Filters the oEmbed result before any HTTP requests are made. * * This allows one to short-circuit the default logic, perhaps by * replacing it with a routine that is more optimal for your setup. * * Returning a non-null value from the filter will effectively short-circuit retrieval * and return the passed value instead. * * @since 4.5.3 * * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. * Default null to continue retrieving the result. * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ $pre = apply_filters( 'pre_oembed_result', null, $url, $args ); if ( null !== $pre ) { return $pre; } $data = $this->get_data( $url, $args ); if ( false === $data ) { return false; } /** * Filters the HTML returned by the oEmbed provider. * * @since 2.9.0 * * @param string|false $data The returned oEmbed HTML (false if unsafe). * @param string $url URL of the content to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ return apply_filters( 'oembed_result', $this->data2html( $data, $url ), $url, $args ); } /** * Attempts to discover link tags at the given URL for an oEmbed provider. * * @since 2.9.0 * * @param string $url The URL that should be inspected for discovery `<link>` tags. * @return string|false The oEmbed provider URL on success, false on failure. */ public function discover( $url ) { $providers = array(); $args = array( 'limit_response_size' => 153600, // 150 KB ); /** * Filters oEmbed remote get arguments. * * @since 4.0.0 * * @see WP_Http::request() * * @param array $args oEmbed remote get arguments. * @param string $url URL to be inspected. */ $args = apply_filters( 'oembed_remote_get_args', $args, $url ); // Fetch URL content. $request = wp_safe_remote_get( $url, $args ); $html = wp_remote_retrieve_body( $request ); if ( $html ) { /** * Filters the link types that contain oEmbed provider URLs. * * @since 2.9.0 * * @param string[] $format Array of oEmbed link types. Accepts 'application/json+oembed', * 'text/xml+oembed', and 'application/xml+oembed' (incorrect, * used by at least Vimeo). */ $linktypes = apply_filters( 'oembed_linktypes', array( 'application/json+oembed' => 'json', 'text/xml+oembed' => 'xml', 'application/xml+oembed' => 'xml', ) ); // Strip <body>. $html_head_end = stripos( $html, '</head>' ); if ( $html_head_end ) { $html = substr( $html, 0, $html_head_end ); } // Do a quick check. $tagfound = false; foreach ( $linktypes as $linktype => $format ) { if ( stripos( $html, $linktype ) ) { $tagfound = true; break; } } if ( $tagfound && preg_match_all( '#<link([^<>]+)/?>#iU', $html, $links ) ) { foreach ( $links[1] as $link ) { $atts = shortcode_parse_atts( $link ); if ( ! empty( $atts['type'] ) && ! empty( $linktypes[ $atts['type'] ] ) && ! empty( $atts['href'] ) ) { $providers[ $linktypes[ $atts['type'] ] ] = htmlspecialchars_decode( $atts['href'] ); // Stop here if it's JSON (that's all we need). if ( 'json' === $linktypes[ $atts['type'] ] ) { break; } } } } } // JSON is preferred to XML. if ( ! empty( $providers['json'] ) ) { return $providers['json']; } elseif ( ! empty( $providers['xml'] ) ) { return $providers['xml']; } else { return false; } } /** * Connects to an oEmbed provider and returns the result. * * @since 2.9.0 * * @param string $provider The URL to the oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function fetch( $provider, $url, $args = '' ) { $args = wp_parse_args( $args, wp_embed_defaults( $url ) ); $provider = add_query_arg( 'maxwidth', (int) $args['width'], $provider ); $provider = add_query_arg( 'maxheight', (int) $args['height'], $provider ); $provider = add_query_arg( 'url', urlencode( $url ), $provider ); $provider = add_query_arg( 'dnt', 1, $provider ); /** * Filters the oEmbed URL to be fetched. * * @since 2.9.0 * @since 4.9.0 The `dnt` (Do Not Track) query parameter was added to all oEmbed provider URLs. * * @param string $provider URL of the oEmbed provider. * @param string $url URL of the content to be embedded. * @param array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ $provider = apply_filters( 'oembed_fetch_url', $provider, $url, $args ); foreach ( array( 'json', 'xml' ) as $format ) { $result = $this->_fetch_with_format( $provider, $format ); if ( is_wp_error( $result ) && 'not-implemented' === $result->get_error_code() ) { continue; } return ( $result && ! is_wp_error( $result ) ) ? $result : false; } return false; } /** * Fetches result from an oEmbed provider for a specific format and complete provider URL * * @since 3.0.0 * * @param string $provider_url_with_args URL to the provider with full arguments list (url, maxheight, etc.) * @param string $format Format to use. * @return object|false|WP_Error The result in the form of an object on success, false on failure. */ private function _fetch_with_format( $provider_url_with_args, $format ) { $provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args ); /** This filter is documented in wp-includes/class-wp-oembed.php */ $args = apply_filters( 'oembed_remote_get_args', array(), $provider_url_with_args ); $response = wp_safe_remote_get( $provider_url_with_args, $args ); if ( 501 === wp_remote_retrieve_response_code( $response ) ) { return new WP_Error( 'not-implemented' ); } $body = wp_remote_retrieve_body( $response ); if ( ! $body ) { return false; } $parse_method = "_parse_$format"; return $this->$parse_method( $body ); } /** * Parses a json response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_json( $response_body ) { $data = json_decode( trim( $response_body ) ); return ( $data && is_object( $data ) ) ? $data : false; } /** * Parses an XML response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_xml( $response_body ) { if ( ! function_exists( 'libxml_disable_entity_loader' ) ) { return false; } if ( PHP_VERSION_ID < 80000 ) { /* * This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading * is disabled by default, so this function is no longer needed to protect against XXE attacks. */ $loader = libxml_disable_entity_loader( true ); } $errors = libxml_use_internal_errors( true ); $return = $this->_parse_xml_body( $response_body ); libxml_use_internal_errors( $errors ); if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) { // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated libxml_disable_entity_loader( $loader ); } return $return; } /** * Serves as a helper function for parsing an XML response body. * * @since 3.6.0 * * @param string $response_body * @return stdClass|false */ private function _parse_xml_body( $response_body ) { if ( ! function_exists( 'simplexml_import_dom' ) || ! class_exists( 'DOMDocument', false ) ) { return false; } $dom = new DOMDocument(); $success = $dom->loadXML( $response_body ); if ( ! $success ) { return false; } if ( isset( $dom->doctype ) ) { return false; } foreach ( $dom->childNodes as $child ) { if ( XML_DOCUMENT_TYPE_NODE === $child->nodeType ) { return false; } } $xml = simplexml_import_dom( $dom ); if ( ! $xml ) { return false; } $return = new stdClass(); foreach ( $xml as $key => $value ) { $return->$key = (string) $value; } return $return; } /** * Converts a data object from WP_oEmbed::fetch() and returns the HTML. * * @since 2.9.0 * * @param object $data A data object result from an oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @return string|false The HTML needed to embed on success, false on failure. */ public function data2html( $data, $url ) { if ( ! is_object( $data ) || empty( $data->type ) ) { return false; } $return = false; switch ( $data->type ) { case 'photo': if ( empty( $data->url ) || empty( $data->width ) || empty( $data->height ) ) { break; } if ( ! is_string( $data->url ) || ! is_numeric( $data->width ) || ! is_numeric( $data->height ) ) { break; } $title = ! empty( $data->title ) && is_string( $data->title ) ? $data->title : ''; $return = '<a href="' . esc_url( $url ) . '"><img src="' . esc_url( $data->url ) . '" alt="' . esc_attr( $title ) . '" width="' . esc_attr( $data->width ) . '" height="' . esc_attr( $data->height ) . '" /></a>'; break; case 'video': case 'rich': if ( ! empty( $data->html ) && is_string( $data->html ) ) { $return = $data->html; } break; case 'link': if ( ! empty( $data->title ) && is_string( $data->title ) ) { $return = '<a href="' . esc_url( $url ) . '">' . esc_html( $data->title ) . '</a>'; } break; default: $return = false; } /** * Filters the returned oEmbed HTML. * * Use this filter to add support for custom data types, or to filter the result. * * @since 2.9.0 * * @param string|false $return The returned oEmbed HTML, or false on failure. * @param object $data A data object result from an oEmbed provider. * @param string $url The URL of the content to be embedded. */ return apply_filters( 'oembed_dataparse', $return, $data, $url ); } /** * Strips any new lines from the HTML. * * @since 2.9.0 as strip_scribd_newlines() * @since 3.0.0 * * @param string|false $html Existing HTML. * @param object $data Data object from WP_oEmbed::data2html() * @param string $url The original URL passed to oEmbed. * @return string|false Possibly modified $html. */ public function _strip_newlines( $html, $data, $url ) { if ( ! str_contains( $html, "\n" ) ) { return $html; } $count = 1; $found = array(); $token = '__PRE__'; $search = array( "\t", "\n", "\r", ' ' ); $replace = array( '__TAB__', '__NL__', '__CR__', '__SPACE__' ); $tokenized = str_replace( $search, $replace, $html ); preg_match_all( '#(<pre[^>]*>.+?</pre>)#i', $tokenized, $matches, PREG_SET_ORDER ); foreach ( $matches as $i => $match ) { $tag_html = str_replace( $replace, $search, $match[0] ); $tag_token = $token . $i; $found[ $tag_token ] = $tag_html; $html = str_replace( $tag_html, $tag_token, $html, $count ); } $replaced = str_replace( $replace, $search, $html ); $stripped = str_replace( array( "\r\n", "\n" ), '', $replaced ); $pre = array_values( $found ); $tokens = array_keys( $found ); return str_replace( $tokens, $pre, $stripped ); } } HTTP/https-detection-20260606165331.php 0000666 00000013341 15226703613 0012553 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/script-loader-20260605092054.php 0000666 00000465210 15226703613 0012213 0 ustar 00 <?php /** * WordPress scripts and styles default loader. * * Several constants are used to manage the loading, concatenating and compression of scripts and CSS: * define('SCRIPT_DEBUG', true); loads the development (non-minified) versions of all scripts and CSS, and disables compression and concatenation, * define('CONCATENATE_SCRIPTS', false); disables compression and concatenation of scripts and CSS, * define('COMPRESS_SCRIPTS', false); disables compression of scripts, * define('COMPRESS_CSS', false); disables compression of CSS, * define('ENFORCE_GZIP', true); forces gzip for compression (default is deflate). * * The globals $concatenate_scripts, $compress_scripts and $compress_css can be set by plugins * to temporarily override the above settings. Also a compression test is run once and the result is saved * as option 'can_compress_scripts' (0/1). The test will run again if that option is deleted. * * @package WordPress */ /** WordPress Dependency Class */ require ABSPATH . WPINC . '/class-wp-dependency.php'; /** WordPress Dependencies Class */ require ABSPATH . WPINC . '/class-wp-dependencies.php'; /** WordPress Scripts Class */ require ABSPATH . WPINC . '/class-wp-scripts.php'; /** WordPress Scripts Functions */ require ABSPATH . WPINC . '/functions.wp-scripts.php'; /** WordPress Styles Class */ require ABSPATH . WPINC . '/class-wp-styles.php'; /** WordPress Styles Functions */ require ABSPATH . WPINC . '/functions.wp-styles.php'; /** * Registers TinyMCE scripts. * * @since 5.0.0 * * @global string $tinymce_version * @global bool $concatenate_scripts * @global bool $compress_scripts * * @param WP_Scripts $scripts WP_Scripts object. * @param bool $force_uncompressed Whether to forcibly prevent gzip compression. Default false. */ function wp_register_tinymce_scripts( $scripts, $force_uncompressed = false ) { global $tinymce_version, $concatenate_scripts, $compress_scripts; $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); script_concat_settings(); $compressed = $compress_scripts && $concatenate_scripts && ! $force_uncompressed; /* * Load tinymce.js when running from /src, otherwise load wp-tinymce.js (in production) * or tinymce.min.js (when SCRIPT_DEBUG is true). */ if ( $compressed ) { $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . 'wp-tinymce.js', array(), $tinymce_version ); } else { $scripts->add( 'wp-tinymce-root', includes_url( 'js/tinymce/' ) . "tinymce$dev_suffix.js", array(), $tinymce_version ); $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . "plugins/compat3x/plugin$dev_suffix.js", array( 'wp-tinymce-root' ), $tinymce_version ); } $scripts->add( 'wp-tinymce-lists', includes_url( "js/tinymce/plugins/lists/plugin$suffix.js" ), array( 'wp-tinymce' ), $tinymce_version ); } /** * Registers all the WordPress vendor scripts that are in the standardized * `js/dist/vendor/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @global WP_Locale $wp_locale WordPress date and time locale object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_vendor( $scripts ) { global $wp_locale; $suffix = wp_scripts_get_suffix(); $vendor_scripts = array( 'react', 'react-dom' => array( 'react' ), 'react-jsx-runtime' => array( 'react' ), 'regenerator-runtime', 'moment', 'lodash', 'wp-polyfill-fetch', 'wp-polyfill-formdata', 'wp-polyfill-node-contains', 'wp-polyfill-url', 'wp-polyfill-dom-rect', 'wp-polyfill-element-closest', 'wp-polyfill-object-fit', 'wp-polyfill-inert', 'wp-polyfill', ); $vendor_scripts_versions = array( 'react' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-dom' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-jsx-runtime' => '18.3.1', 'regenerator-runtime' => '0.14.1', 'moment' => '2.30.1', 'lodash' => '4.17.21', 'wp-polyfill-fetch' => '3.6.20', 'wp-polyfill-formdata' => '4.0.10', 'wp-polyfill-node-contains' => '4.8.0', 'wp-polyfill-url' => '3.6.4', 'wp-polyfill-dom-rect' => '4.8.0', 'wp-polyfill-element-closest' => '3.0.2', 'wp-polyfill-object-fit' => '2.3.5', 'wp-polyfill-inert' => '3.1.3', 'wp-polyfill' => '3.15.0', ); foreach ( $vendor_scripts as $handle => $dependencies ) { if ( is_string( $dependencies ) ) { $handle = $dependencies; $dependencies = array(); } $path = "/wp-includes/js/dist/vendor/$handle$suffix.js"; $version = $vendor_scripts_versions[ $handle ]; $scripts->add( $handle, $path, $dependencies, $version, 1 ); } did_action( 'init' ) && $scripts->add_inline_script( 'lodash', 'window.lodash = _.noConflict();' ); did_action( 'init' ) && $scripts->add_inline_script( 'moment', sprintf( "moment.updateLocale( '%s', %s );", esc_js( get_user_locale() ), wp_json_encode( array( 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'week' => array( 'dow' => (int) get_option( 'start_of_week', 0 ), ), 'longDateFormat' => array( 'LT' => get_option( 'time_format', __( 'g:i a' ) ), 'LTS' => null, 'L' => null, 'LL' => get_option( 'date_format', __( 'F j, Y' ) ), 'LLL' => __( 'F j, Y g:i a' ), 'LLLL' => null, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Returns contents of an inline script used in appending polyfill scripts for * browsers which fail the provided tests. The provided array is a mapping from * a condition to verify feature support to its polyfill script handle. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. * @param string[] $tests Features to detect. * @return string Conditional polyfill inline script. */ function wp_get_script_polyfill( $scripts, $tests ) { $polyfill = ''; foreach ( $tests as $test => $handle ) { if ( ! array_key_exists( $handle, $scripts->registered ) ) { continue; } $src = $scripts->registered[ $handle ]->src; $ver = $scripts->registered[ $handle ]->ver; if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $scripts->content_url && str_starts_with( $src, $scripts->content_url ) ) ) { $src = $scripts->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** This filter is documented in wp-includes/class-wp-scripts.php */ $src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) ); if ( ! $src ) { continue; } $polyfill .= ( // Test presence of feature... '( ' . $test . ' ) || ' . /* * ...appending polyfill on any failures. Cautious viewers may balk * at the `document.write`. Its caveat of synchronous mid-stream * blocking write is exactly the behavior we need though. */ 'document.write( \'<script src="' . $src . '"></scr\' + \'ipt>\' );' ); } return $polyfill; } /** * Registers development scripts that integrate with `@wordpress/scripts`. * * @see https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#start * * @since 6.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_register_development_scripts( $scripts ) { if ( ! defined( 'SCRIPT_DEBUG' ) || ! SCRIPT_DEBUG || empty( $scripts->registered['react'] ) || defined( 'WP_RUN_CORE_TESTS' ) ) { return; } $development_scripts = array( 'react-refresh-entry', 'react-refresh-runtime', ); foreach ( $development_scripts as $script_name ) { $assets = include ABSPATH . WPINC . '/assets/script-loader-' . $script_name . '.php'; if ( ! is_array( $assets ) ) { return; } $scripts->add( 'wp-' . $script_name, '/wp-includes/js/dist/development/' . $script_name . '.js', $assets['dependencies'], $assets['version'] ); } // See https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#externalising-react. $scripts->registered['react']->deps[] = 'wp-react-refresh-entry'; } /** * Registers all the WordPress packages scripts that are in the standardized * `js/dist/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_scripts( $scripts ) { $suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix(); /* * Expects multidimensional array like: * * 'a11y.js' => array('dependencies' => array(...), 'version' => '...'), * 'annotations.js' => array('dependencies' => array(...), 'version' => '...'), * 'api-fetch.js' => array(... */ $assets = include ABSPATH . WPINC . "/assets/script-loader-packages{$suffix}.php"; foreach ( $assets as $file_name => $package_data ) { $basename = str_replace( $suffix . '.js', '', basename( $file_name ) ); $handle = 'wp-' . $basename; $path = "/wp-includes/js/dist/{$basename}{$suffix}.js"; if ( ! empty( $package_data['dependencies'] ) ) { $dependencies = $package_data['dependencies']; } else { $dependencies = array(); } // Add dependencies that cannot be detected and generated by build tools. switch ( $handle ) { case 'wp-block-library': array_push( $dependencies, 'editor' ); break; case 'wp-edit-post': array_push( $dependencies, 'media-models', 'media-views', 'postbox', 'wp-dom-ready' ); break; case 'wp-preferences': array_push( $dependencies, 'wp-preferences-persistence' ); break; } $scripts->add( $handle, $path, $dependencies, $package_data['version'], 1 ); if ( in_array( 'wp-i18n', $dependencies, true ) ) { $scripts->set_translations( $handle ); } /* * Manually set the text direction localization after wp-i18n is printed. * This ensures that wp.i18n.isRTL() returns true in RTL languages. * We cannot use $scripts->set_translations( 'wp-i18n' ) to do this * because WordPress prints a script's translations *before* the script, * which means, in the case of wp-i18n, that wp.i18n.setLocaleData() * is called before wp.i18n is defined. */ if ( 'wp-i18n' === $handle ) { $ltr = _x( 'ltr', 'text direction' ); $script = sprintf( "wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ '%s' ] } );", $ltr ); $scripts->add_inline_script( $handle, $script, 'after' ); } } } /** * Adds inline scripts required for the WordPress JavaScript packages. * * @since 5.0.0 * @since 6.4.0 Added relative time strings for the `wp-date` inline script output. * * @global WP_Locale $wp_locale WordPress date and time locale object. * @global wpdb $wpdb WordPress database abstraction object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_inline_scripts( $scripts ) { global $wp_locale, $wpdb; if ( isset( $scripts->registered['wp-api-fetch'] ) ) { $scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks'; } $scripts->add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );', sanitize_url( get_rest_url() ) ), 'after' ); $scripts->add_inline_script( 'wp-api-fetch', implode( "\n", array( sprintf( 'wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );', wp_installing() ? '' : wp_create_nonce( 'wp_rest' ) ), 'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );', 'wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );', sprintf( 'wp.apiFetch.nonceEndpoint = "%s";', admin_url( 'admin-ajax.php?action=rest-nonce' ) ), ) ), 'after' ); $meta_key = $wpdb->get_blog_prefix() . 'persisted_preferences'; $user_id = get_current_user_id(); $preload_data = get_user_meta( $user_id, $meta_key, true ); $scripts->add_inline_script( 'wp-preferences', sprintf( '( function() { var serverData = %s; var userId = "%d"; var persistenceLayer = wp.preferencesPersistence.__unstableCreatePersistenceLayer( serverData, userId ); var preferencesStore = wp.preferences.store; wp.data.dispatch( preferencesStore ).setPersistenceLayer( persistenceLayer ); } ) ();', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), $user_id ) ); // Backwards compatibility - configure the old wp-data persistence system. $scripts->add_inline_script( 'wp-data', implode( "\n", array( '( function() {', ' var userId = ' . get_current_user_id() . ';', ' var storageKey = "WP_DATA_USER_" + userId;', ' wp.data', ' .use( wp.data.plugins.persistence, { storageKey: storageKey } );', '} )();', ) ) ); // Calculate the timezone abbr (EDT, PST) if possible. $timezone_string = get_option( 'timezone_string', 'UTC' ); $timezone_abbr = ''; if ( ! empty( $timezone_string ) ) { $timezone_date = new DateTime( 'now', new DateTimeZone( $timezone_string ) ); $timezone_abbr = $timezone_date->format( 'T' ); } $gmt_offset = get_option( 'gmt_offset', 0 ); $scripts->add_inline_script( 'wp-date', sprintf( 'wp.date.setSettings( %s );', wp_json_encode( array( 'l10n' => array( 'locale' => get_user_locale(), 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'meridiem' => (object) $wp_locale->meridiem, 'relative' => array( /* translators: %s: Duration. */ 'future' => __( '%s from now' ), /* translators: %s: Duration. */ 'past' => __( '%s ago' ), /* translators: One second from or to a particular datetime, e.g., "a second ago" or "a second from now". */ 's' => __( 'a second' ), /* translators: %d: Duration in seconds from or to a particular datetime, e.g., "4 seconds ago" or "4 seconds from now". */ 'ss' => __( '%d seconds' ), /* translators: One minute from or to a particular datetime, e.g., "a minute ago" or "a minute from now". */ 'm' => __( 'a minute' ), /* translators: %d: Duration in minutes from or to a particular datetime, e.g., "4 minutes ago" or "4 minutes from now". */ 'mm' => __( '%d minutes' ), /* translators: One hour from or to a particular datetime, e.g., "an hour ago" or "an hour from now". */ 'h' => __( 'an hour' ), /* translators: %d: Duration in hours from or to a particular datetime, e.g., "4 hours ago" or "4 hours from now". */ 'hh' => __( '%d hours' ), /* translators: One day from or to a particular datetime, e.g., "a day ago" or "a day from now". */ 'd' => __( 'a day' ), /* translators: %d: Duration in days from or to a particular datetime, e.g., "4 days ago" or "4 days from now". */ 'dd' => __( '%d days' ), /* translators: One month from or to a particular datetime, e.g., "a month ago" or "a month from now". */ 'M' => __( 'a month' ), /* translators: %d: Duration in months from or to a particular datetime, e.g., "4 months ago" or "4 months from now". */ 'MM' => __( '%d months' ), /* translators: One year from or to a particular datetime, e.g., "a year ago" or "a year from now". */ 'y' => __( 'a year' ), /* translators: %d: Duration in years from or to a particular datetime, e.g., "4 years ago" or "4 years from now". */ 'yy' => __( '%d years' ), ), 'startOfWeek' => (int) get_option( 'start_of_week', 0 ), ), 'formats' => array( /* translators: Time format, see https://www.php.net/manual/datetime.format.php */ 'time' => get_option( 'time_format', __( 'g:i a' ) ), /* translators: Date format, see https://www.php.net/manual/datetime.format.php */ 'date' => get_option( 'date_format', __( 'F j, Y' ) ), /* translators: Date/Time format, see https://www.php.net/manual/datetime.format.php */ 'datetime' => __( 'F j, Y g:i a' ), /* translators: Abbreviated date/time format, see https://www.php.net/manual/datetime.format.php */ 'datetimeAbbreviated' => __( 'M j, Y g:i a' ), ), 'timezone' => array( 'offset' => (float) $gmt_offset, 'offsetFormatted' => str_replace( array( '.25', '.5', '.75' ), array( ':15', ':30', ':45' ), (string) $gmt_offset ), 'string' => $timezone_string, 'abbr' => $timezone_abbr, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); // Loading the old editor and its config to ensure the classic block works as expected. $scripts->add_inline_script( 'editor', 'window.wp.oldEditor = window.wp.editor;', 'after' ); /* * wp-editor module is exposed as window.wp.editor. * Problem: there is quite some code expecting window.wp.oldEditor object available under window.wp.editor. * Solution: fuse the two objects together to maintain backward compatibility. * For more context, see https://github.com/WordPress/gutenberg/issues/33203. */ $scripts->add_inline_script( 'wp-editor', 'Object.assign( window.wp.editor, window.wp.oldEditor );', 'after' ); } /** * Adds inline scripts required for the TinyMCE in the block editor. * * These TinyMCE init settings are used to extend and override the default settings * from `_WP_Editors::default_settings()` for the Classic block. * * @since 5.0.0 * * @global WP_Scripts $wp_scripts */ function wp_tinymce_inline_scripts() { global $wp_scripts; /** This filter is documented in wp-includes/class-wp-editor.php */ $editor_settings = apply_filters( 'wp_editor_settings', array( 'tinymce' => true ), 'classic-block' ); $tinymce_plugins = array( 'charmap', 'colorpicker', 'hr', 'lists', 'media', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wpdialogs', 'wptextpattern', 'wpview', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_plugins = apply_filters( 'tiny_mce_plugins', $tinymce_plugins, 'classic-block' ); $tinymce_plugins = array_unique( $tinymce_plugins ); $disable_captions = false; // Runs after `tiny_mce_plugins` but before `mce_buttons`. /** This filter is documented in wp-admin/includes/media.php */ if ( apply_filters( 'disable_captions', '' ) ) { $disable_captions = true; } $toolbar1 = array( 'formatselect', 'bold', 'italic', 'bullist', 'numlist', 'blockquote', 'alignleft', 'aligncenter', 'alignright', 'link', 'unlink', 'wp_more', 'spellchecker', 'wp_add_media', 'wp_adv', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar1 = apply_filters( 'mce_buttons', $toolbar1, 'classic-block' ); $toolbar2 = array( 'strikethrough', 'hr', 'forecolor', 'pastetext', 'removeformat', 'charmap', 'outdent', 'indent', 'undo', 'redo', 'wp_help', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar2 = apply_filters( 'mce_buttons_2', $toolbar2, 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar3 = apply_filters( 'mce_buttons_3', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar4 = apply_filters( 'mce_buttons_4', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $external_plugins = apply_filters( 'mce_external_plugins', array(), 'classic-block' ); $tinymce_settings = array( 'plugins' => implode( ',', $tinymce_plugins ), 'toolbar1' => implode( ',', $toolbar1 ), 'toolbar2' => implode( ',', $toolbar2 ), 'toolbar3' => implode( ',', $toolbar3 ), 'toolbar4' => implode( ',', $toolbar4 ), 'external_plugins' => wp_json_encode( $external_plugins ), 'classic_block_editor' => true, ); if ( $disable_captions ) { $tinymce_settings['wpeditimage_disable_captions'] = true; } if ( ! empty( $editor_settings['tinymce'] ) && is_array( $editor_settings['tinymce'] ) ) { $tinymce_settings = array_merge( $tinymce_settings, $editor_settings['tinymce'] ); } /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_settings = apply_filters( 'tiny_mce_before_init', $tinymce_settings, 'classic-block' ); /* * Do "by hand" translation from PHP array to js object. * Prevents breakage in some custom settings. */ $init_obj = ''; foreach ( $tinymce_settings as $key => $value ) { if ( is_bool( $value ) ) { $val = $value ? 'true' : 'false'; $init_obj .= $key . ':' . $val . ','; continue; } elseif ( ! empty( $value ) && is_string( $value ) && ( ( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) || ( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) || preg_match( '/^\(?function ?\(/', $value ) ) ) { $init_obj .= $key . ':' . $value . ','; continue; } $init_obj .= $key . ':"' . $value . '",'; } $init_obj = '{' . trim( $init_obj, ' ,' ) . '}'; $script = 'window.wpEditorL10n = { tinymce: { baseURL: ' . wp_json_encode( includes_url( 'js/tinymce' ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ', suffix: ' . ( SCRIPT_DEBUG ? '""' : '".min"' ) . ', settings: ' . $init_obj . ', } }'; $wp_scripts->add_inline_script( 'wp-block-library', $script, 'before' ); } /** * Registers all the WordPress packages scripts. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages( $scripts ) { wp_default_packages_vendor( $scripts ); wp_register_development_scripts( $scripts ); wp_register_tinymce_scripts( $scripts ); wp_default_packages_scripts( $scripts ); if ( did_action( 'init' ) ) { wp_default_packages_inline_scripts( $scripts ); } } /** * Returns the suffix that can be used for the scripts. * * There are two suffix types, the normal one and the dev suffix. * * @since 5.0.0 * * @param string $type The type of suffix to retrieve. * @return string The script suffix. */ function wp_scripts_get_suffix( $type = '' ) { static $suffixes; if ( null === $suffixes ) { /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ $develop_src = false !== strpos( $wp_version, '-src' ); if ( ! defined( 'SCRIPT_DEBUG' ) ) { define( 'SCRIPT_DEBUG', $develop_src ); } $suffix = SCRIPT_DEBUG ? '' : '.min'; $dev_suffix = $develop_src ? '' : '.min'; $suffixes = array( 'suffix' => $suffix, 'dev_suffix' => $dev_suffix, ); } if ( 'dev' === $type ) { return $suffixes['dev_suffix']; } return $suffixes['suffix']; } /** * Registers all WordPress scripts. * * Localizes some of them. * args order: `$scripts->add( 'handle', 'url', 'dependencies', 'query-string', 1 );` * when last arg === 1 queues the script for the footer * * @since 2.6.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_scripts( $scripts ) { $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); $guessurl = site_url(); if ( ! $guessurl ) { $guessed_url = true; $guessurl = wp_guess_url(); } $scripts->base_url = $guessurl; $scripts->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $scripts->default_version = get_bloginfo( 'version' ); $scripts->default_dirs = array( '/wp-admin/js/', '/wp-includes/js/' ); $scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" ); did_action( 'init' ) && $scripts->localize( 'utils', 'userSettings', array( 'url' => (string) SITECOOKIEPATH, 'uid' => (string) get_current_user_id(), 'time' => (string) time(), 'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ), ) ); $scripts->add( 'common', "/wp-admin/js/common$suffix.js", array( 'jquery', 'hoverIntent', 'utils', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'common' ); $bulk_action_observer_ids = array( 'bulk_action' => 'action', 'changeit' => 'new_role', ); did_action( 'init' ) && $scripts->localize( 'common', 'bulkActionObserverIds', /** * Filters the array of field name attributes for bulk actions. * * @since 6.8.1 * * @param array $bulk_action_observer_ids { * An array of field name attributes for bulk actions. * * @type string $bulk_action The bulk action field name. Default 'action'. * @type string $changeit The new role field name. Default 'new_role'. * } */ apply_filters( 'bulk_action_observer_ids', $bulk_action_observer_ids ) ); $scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array(), false, 1 ); $scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 ); $scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->localize( 'quicktags', 'quicktagsL10n', array( 'closeAllOpenTags' => __( 'Close all open tags' ), 'closeTags' => __( 'close tags' ), 'enterURL' => __( 'Enter the URL' ), 'enterImageURL' => __( 'Enter the URL of the image' ), 'enterImageDescription' => __( 'Enter a description of the image' ), 'textdirection' => __( 'text direction' ), 'toggleTextdirection' => __( 'Toggle Editor Text Direction' ), 'dfw' => __( 'Distraction-free writing mode' ), 'strong' => __( 'Bold' ), 'strongClose' => __( 'Close bold tag' ), 'em' => __( 'Italic' ), 'emClose' => __( 'Close italic tag' ), 'link' => __( 'Insert link' ), 'blockquote' => __( 'Blockquote' ), 'blockquoteClose' => __( 'Close blockquote tag' ), 'del' => __( 'Deleted text (strikethrough)' ), 'delClose' => __( 'Close deleted text tag' ), 'ins' => __( 'Inserted text' ), 'insClose' => __( 'Close inserted text tag' ), 'image' => __( 'Insert image' ), 'ul' => __( 'Bulleted list' ), 'ulClose' => __( 'Close bulleted list tag' ), 'ol' => __( 'Numbered list' ), 'olClose' => __( 'Close numbered list tag' ), 'li' => __( 'List item' ), 'liClose' => __( 'Close list item tag' ), 'code' => __( 'Code' ), 'codeClose' => __( 'Close code tag' ), 'more' => __( 'Insert Read More tag' ), ) ); $scripts->add( 'colorpicker', "/wp-includes/js/colorpicker$suffix.js", array( 'prototype' ), '3517m' ); $scripts->add( 'editor', "/wp-admin/js/editor$suffix.js", array( 'utils', 'jquery' ), false, 1 ); $scripts->add( 'clipboard', "/wp-includes/js/clipboard$suffix.js", array(), '2.0.11', 1 ); $scripts->add( 'wp-ajax-response', "/wp-includes/js/wp-ajax-response$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-ajax-response', 'wpAjax', array( 'noPerm' => __( 'Sorry, you are not allowed to do that.' ), 'broken' => __( 'An error occurred while processing your request. Please try again later.' ), ) ); $scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 ); // `wpApiSettings` is also used by `wp-api`, which depends on this script. did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array( 'root' => sanitize_url( get_rest_url() ), 'nonce' => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ), 'versionString' => 'wp/v2/', ) ); $scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-core' ), false, 1 ); $scripts->set_translations( 'wp-pointer' ); $scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'heartbeat', 'heartbeatSettings', /** * Filters the Heartbeat settings. * * @since 3.6.0 * * @param array $settings Heartbeat settings array. */ apply_filters( 'heartbeat_settings', array() ) ); $scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->set_translations( 'wp-auth-check' ); $scripts->add( 'wp-lists', "/wp-includes/js/wp-lists$suffix.js", array( 'wp-ajax-response', 'jquery-color' ), false, 1 ); $scripts->add( 'site-icon', '/wp-admin/js/site-icon.js', array( 'jquery' ), false, 1 ); $scripts->set_translations( 'site-icon' ); // WordPress no longer uses or bundles Prototype or script.aculo.us. These are now pulled from an external source. $scripts->add( 'prototype', 'https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js', array(), '1.7.1' ); $scripts->add( 'scriptaculous-root', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js', array( 'prototype' ), '1.9.0' ); $scripts->add( 'scriptaculous-builder', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/builder.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-dragdrop', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/dragdrop.js', array( 'scriptaculous-builder', 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-effects', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/effects.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-slider', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/slider.js', array( 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-sound', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/sound.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-controls', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/controls.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous', false, array( 'scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls' ) ); // Not used in core, replaced by Jcrop.js. $scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array( 'scriptaculous-dragdrop' ) ); /* * jQuery. * The unminified jquery.js and jquery-migrate.js are included to facilitate debugging. */ $scripts->add( 'jquery', false, array( 'jquery-core', 'jquery-migrate' ), '3.7.1' ); $scripts->add( 'jquery-core', "/wp-includes/js/jquery/jquery$suffix.js", array(), '3.7.1' ); $scripts->add( 'jquery-migrate', "/wp-includes/js/jquery/jquery-migrate$suffix.js", array(), '3.4.1' ); /* * Full jQuery UI. * The build process in 1.12.1 has changed significantly. * In order to keep backwards compatibility, and to keep the optimized loading, * the source files were flattened and included with some modifications for AMD loading. * A notable change is that 'jquery-ui-core' now contains 'jquery-ui-position' and 'jquery-ui-widget'. */ $scripts->add( 'jquery-ui-core', "/wp-includes/js/jquery/ui/core$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-core', "/wp-includes/js/jquery/ui/effect$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-blind', "/wp-includes/js/jquery/ui/effect-blind$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-bounce', "/wp-includes/js/jquery/ui/effect-bounce$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-clip', "/wp-includes/js/jquery/ui/effect-clip$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-drop', "/wp-includes/js/jquery/ui/effect-drop$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-explode', "/wp-includes/js/jquery/ui/effect-explode$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fade', "/wp-includes/js/jquery/ui/effect-fade$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fold', "/wp-includes/js/jquery/ui/effect-fold$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-highlight', "/wp-includes/js/jquery/ui/effect-highlight$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$suffix.js", array( 'jquery-effects-core', 'jquery-effects-scale' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-pulsate', "/wp-includes/js/jquery/ui/effect-pulsate$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$suffix.js", array( 'jquery-effects-core', 'jquery-effects-size' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-shake', "/wp-includes/js/jquery/ui/effect-shake$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-size', "/wp-includes/js/jquery/ui/effect-size$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-slide', "/wp-includes/js/jquery/ui/effect-slide$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-transfer', "/wp-includes/js/jquery/ui/effect-transfer$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); // Widgets $scripts->add( 'jquery-ui-accordion', "/wp-includes/js/jquery/ui/accordion$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-autocomplete', "/wp-includes/js/jquery/ui/autocomplete$suffix.js", array( 'jquery-ui-menu', 'wp-a11y' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-button', "/wp-includes/js/jquery/ui/button$suffix.js", array( 'jquery-ui-core', 'jquery-ui-controlgroup', 'jquery-ui-checkboxradio' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-datepicker', "/wp-includes/js/jquery/ui/datepicker$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-dialog', "/wp-includes/js/jquery/ui/dialog$suffix.js", array( 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-menu', "/wp-includes/js/jquery/ui/menu$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-mouse', "/wp-includes/js/jquery/ui/mouse$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-progressbar', "/wp-includes/js/jquery/ui/progressbar$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectmenu', "/wp-includes/js/jquery/ui/selectmenu$suffix.js", array( 'jquery-ui-menu' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-slider', "/wp-includes/js/jquery/ui/slider$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-spinner', "/wp-includes/js/jquery/ui/spinner$suffix.js", array( 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tabs', "/wp-includes/js/jquery/ui/tabs$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tooltip', "/wp-includes/js/jquery/ui/tooltip$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // New in 1.12.1 $scripts->add( 'jquery-ui-checkboxradio', "/wp-includes/js/jquery/ui/checkboxradio$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-controlgroup', "/wp-includes/js/jquery/ui/controlgroup$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // Interactions $scripts->add( 'jquery-ui-draggable', "/wp-includes/js/jquery/ui/draggable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-droppable', "/wp-includes/js/jquery/ui/droppable$suffix.js", array( 'jquery-ui-draggable' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-resizable', "/wp-includes/js/jquery/ui/resizable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectable', "/wp-includes/js/jquery/ui/selectable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-sortable', "/wp-includes/js/jquery/ui/sortable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); /* * As of 1.12.1 `jquery-ui-position` and `jquery-ui-widget` are part of `jquery-ui-core`. * Listed here for back-compat. */ $scripts->add( 'jquery-ui-position', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-widget', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); // Deprecated, not used in core, most functionality is included in jQuery 1.3. $scripts->add( 'jquery-form', "/wp-includes/js/jquery/jquery.form$suffix.js", array( 'jquery' ), '4.3.0', 1 ); // jQuery plugins. $scripts->add( 'jquery-color', '/wp-includes/js/jquery/jquery.color.min.js', array( 'jquery' ), '3.0.0', 1 ); $scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array( 'jquery' ), '20m', 1 ); $scripts->add( 'jquery-query', '/wp-includes/js/jquery/jquery.query.js', array( 'jquery' ), '2.2.3', 1 ); $scripts->add( 'jquery-serialize-object', '/wp-includes/js/jquery/jquery.serialize-object.js', array( 'jquery' ), '0.2-wp', 1 ); $scripts->add( 'jquery-hotkeys', "/wp-includes/js/jquery/jquery.hotkeys$suffix.js", array( 'jquery' ), '0.0.2m', 1 ); $scripts->add( 'jquery-table-hotkeys', "/wp-includes/js/jquery/jquery.table-hotkeys$suffix.js", array( 'jquery', 'jquery-hotkeys' ), false, 1 ); $scripts->add( 'jquery-touch-punch', '/wp-includes/js/jquery/jquery.ui.touch-punch.js', array( 'jquery-ui-core', 'jquery-ui-mouse' ), '0.2.2', 1 ); // Not used any more, registered for backward compatibility. $scripts->add( 'suggest', "/wp-includes/js/jquery/suggest$suffix.js", array( 'jquery' ), '1.1-20110113', 1 ); /* * Masonry v2 depended on jQuery. v3 does not. The older jquery-masonry handle is a shiv. * It sets jQuery as a dependency, as the theme may have been implicitly loading it this way. */ $scripts->add( 'imagesloaded', '/wp-includes/js/imagesloaded.min.js', array(), '5.0.0', 1 ); $scripts->add( 'masonry', '/wp-includes/js/masonry.min.js', array( 'imagesloaded' ), '4.2.2', 1 ); $scripts->add( 'jquery-masonry', '/wp-includes/js/jquery/jquery.masonry.min.js', array( 'jquery', 'masonry' ), '3.1.2b', 1 ); $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array( 'jquery' ), '3.1-20121105', 1 ); did_action( 'init' ) && $scripts->localize( 'thickbox', 'thickboxL10n', array( 'next' => __( 'Next >' ), 'prev' => __( '< Prev' ), 'image' => __( 'Image' ), 'of' => __( 'of' ), 'close' => __( 'Close' ), 'noiframes' => __( 'This feature requires inline frames. You have iframes disabled or your browser does not support them.' ), 'loadingAnimation' => includes_url( 'js/thickbox/loadingAnimation.gif' ), ) ); // Not used in core, replaced by imgAreaSelect. $scripts->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.js', array( 'jquery' ), '0.9.15' ); // Error messages for Plupload. $uploader_l10n = array( 'queue_limit_exceeded' => __( 'You have attempted to queue too many files.' ), /* translators: %s: File name. */ 'file_exceeds_size_limit' => __( '%s exceeds the maximum upload size for this site.' ), 'zero_byte_file' => __( 'This file is empty. Please try another.' ), 'invalid_filetype' => __( 'This file cannot be processed by the web server.' ), 'not_an_image' => __( 'This file is not an image. Please try another.' ), 'image_memory_exceeded' => __( 'Memory exceeded. Please try another smaller file.' ), 'image_dimensions_exceeded' => __( 'This is larger than the maximum size. Please try another.' ), 'default_error' => __( 'An error occurred in the upload. Please try again later.' ), 'missing_upload_url' => __( 'There was a configuration error. Please contact the server administrator.' ), 'upload_limit_exceeded' => __( 'You may only upload 1 file.' ), 'http_error' => __( 'Unexpected response from the server. The file may have been uploaded successfully. Check in the Media Library or reload the page.' ), 'http_error_image' => __( 'The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2560 pixels.' ), 'upload_failed' => __( 'Upload failed.' ), /* translators: 1: Opening link tag, 2: Closing link tag. */ 'big_upload_failed' => __( 'Please try uploading this file with the %1$sbrowser uploader%2$s.' ), /* translators: %s: File name. */ 'big_upload_queued' => __( '%s exceeds the maximum upload size for the multi-file uploader when used in your browser.' ), 'io_error' => __( 'IO error.' ), 'security_error' => __( 'Security error.' ), 'file_cancelled' => __( 'File canceled.' ), 'upload_stopped' => __( 'Upload stopped.' ), 'dismiss' => __( 'Dismiss' ), 'crunching' => __( 'Crunching…' ), 'deleted' => __( 'moved to the Trash.' ), /* translators: %s: File name. */ 'error_uploading' => __( '“%s” has failed to upload.' ), 'unsupported_image' => __( 'This image cannot be displayed in a web browser. For best results convert it to JPEG before uploading.' ), 'noneditable_image' => __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ), 'file_url_copied' => __( 'The file URL has been copied to your clipboard' ), ); $scripts->add( 'moxiejs', "/wp-includes/js/plupload/moxie$suffix.js", array(), '1.3.5.1' ); $scripts->add( 'plupload', "/wp-includes/js/plupload/plupload$suffix.js", array( 'moxiejs' ), '2.1.9' ); // Back compat handles: foreach ( array( 'all', 'html5', 'flash', 'silverlight', 'html4' ) as $handle ) { $scripts->add( "plupload-$handle", false, array( 'plupload' ), '2.1.1' ); } $scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array( 'clipboard', 'jquery', 'plupload', 'underscore', 'wp-a11y', 'wp-i18n' ) ); did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'media-models' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 ); if ( did_action( 'init' ) ) { $scripts->add_data( 'comment-reply', 'strategy', 'async' ); $scripts->add_data( 'comment-reply', 'fetchpriority', 'low' ); // In Chrome this is automatically low due to the async strategy, but in Firefox and Safari the priority is normal/medium. } // Not used in core, obsolete. Registered for backward compatibility. $scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' ); did_action( 'init' ) && $scripts->add_data( 'json2', 'conditional', '_required-conditional-dependency_' ); $scripts->add( 'underscore', "/wp-includes/js/underscore$dev_suffix.js", array(), '1.13.7', 1 ); $scripts->add( 'backbone', "/wp-includes/js/backbone$dev_suffix.js", array( 'underscore', 'jquery' ), '1.6.0', 1 ); $scripts->add( 'wp-util', "/wp-includes/js/wp-util$suffix.js", array( 'underscore', 'jquery' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-util', '_wpUtilSettings', array( 'ajax' => array( 'url' => admin_url( 'admin-ajax.php', 'relative' ), ), ) ); $scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array( 'backbone', 'wp-util' ), false, 1 ); $scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 ); $scripts->add( 'imgareaselect', "/wp-includes/js/imgareaselect/jquery.imgareaselect$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'mediaelement', false, array( 'jquery', 'mediaelement-core', 'mediaelement-migrate' ), '4.2.17', 1 ); $scripts->add( 'mediaelement-core', "/wp-includes/js/mediaelement/mediaelement-and-player$suffix.js", array(), '4.2.17', 1 ); $scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->add_inline_script( 'mediaelement-core', sprintf( 'var mejsL10n = %s;', wp_json_encode( array( 'language' => strtolower( strtok( determine_locale(), '_-' ) ), 'strings' => array( 'mejs.download-file' => __( 'Download File' ), 'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ), 'mejs.fullscreen' => __( 'Fullscreen' ), 'mejs.play' => __( 'Play' ), 'mejs.pause' => __( 'Pause' ), 'mejs.time-slider' => __( 'Time Slider' ), 'mejs.time-help-text' => __( 'Use Left/Right Arrow keys to advance one second, Up/Down arrows to advance ten seconds.' ), 'mejs.live-broadcast' => __( 'Live Broadcast' ), 'mejs.volume-help-text' => __( 'Use Up/Down Arrow keys to increase or decrease volume.' ), 'mejs.unmute' => __( 'Unmute' ), 'mejs.mute' => __( 'Mute' ), 'mejs.volume-slider' => __( 'Volume Slider' ), 'mejs.video-player' => __( 'Video Player' ), 'mejs.audio-player' => __( 'Audio Player' ), 'mejs.captions-subtitles' => __( 'Captions/Subtitles' ), 'mejs.captions-chapters' => __( 'Chapters' ), 'mejs.none' => __( 'None' ), 'mejs.afrikaans' => __( 'Afrikaans' ), 'mejs.albanian' => __( 'Albanian' ), 'mejs.arabic' => __( 'Arabic' ), 'mejs.belarusian' => __( 'Belarusian' ), 'mejs.bulgarian' => __( 'Bulgarian' ), 'mejs.catalan' => __( 'Catalan' ), 'mejs.chinese' => __( 'Chinese' ), 'mejs.chinese-simplified' => __( 'Chinese (Simplified)' ), 'mejs.chinese-traditional' => __( 'Chinese (Traditional)' ), 'mejs.croatian' => __( 'Croatian' ), 'mejs.czech' => __( 'Czech' ), 'mejs.danish' => __( 'Danish' ), 'mejs.dutch' => __( 'Dutch' ), 'mejs.english' => __( 'English' ), 'mejs.estonian' => __( 'Estonian' ), 'mejs.filipino' => __( 'Filipino' ), 'mejs.finnish' => __( 'Finnish' ), 'mejs.french' => __( 'French' ), 'mejs.galician' => __( 'Galician' ), 'mejs.german' => __( 'German' ), 'mejs.greek' => __( 'Greek' ), 'mejs.haitian-creole' => __( 'Haitian Creole' ), 'mejs.hebrew' => __( 'Hebrew' ), 'mejs.hindi' => __( 'Hindi' ), 'mejs.hungarian' => __( 'Hungarian' ), 'mejs.icelandic' => __( 'Icelandic' ), 'mejs.indonesian' => __( 'Indonesian' ), 'mejs.irish' => __( 'Irish' ), 'mejs.italian' => __( 'Italian' ), 'mejs.japanese' => __( 'Japanese' ), 'mejs.korean' => __( 'Korean' ), 'mejs.latvian' => __( 'Latvian' ), 'mejs.lithuanian' => __( 'Lithuanian' ), 'mejs.macedonian' => __( 'Macedonian' ), 'mejs.malay' => __( 'Malay' ), 'mejs.maltese' => __( 'Maltese' ), 'mejs.norwegian' => __( 'Norwegian' ), 'mejs.persian' => __( 'Persian' ), 'mejs.polish' => __( 'Polish' ), 'mejs.portuguese' => __( 'Portuguese' ), 'mejs.romanian' => __( 'Romanian' ), 'mejs.russian' => __( 'Russian' ), 'mejs.serbian' => __( 'Serbian' ), 'mejs.slovak' => __( 'Slovak' ), 'mejs.slovenian' => __( 'Slovenian' ), 'mejs.spanish' => __( 'Spanish' ), 'mejs.swahili' => __( 'Swahili' ), 'mejs.swedish' => __( 'Swedish' ), 'mejs.tagalog' => __( 'Tagalog' ), 'mejs.thai' => __( 'Thai' ), 'mejs.turkish' => __( 'Turkish' ), 'mejs.ukrainian' => __( 'Ukrainian' ), 'mejs.vietnamese' => __( 'Vietnamese' ), 'mejs.welsh' => __( 'Welsh' ), 'mejs.yiddish' => __( 'Yiddish' ), ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'before' ); $scripts->add( 'mediaelement-vimeo', '/wp-includes/js/mediaelement/renderers/vimeo.min.js', array( 'mediaelement' ), '4.2.17', 1 ); $scripts->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.js", array( 'mediaelement' ), false, 1 ); $mejs_settings = array( 'pluginPath' => includes_url( 'js/mediaelement/', 'relative' ), 'classPrefix' => 'mejs-', 'stretching' => 'responsive', /** This filter is documented in wp-includes/media.php */ 'audioShortcodeLibrary' => apply_filters( 'wp_audio_shortcode_library', 'mediaelement' ), /** This filter is documented in wp-includes/media.php */ 'videoShortcodeLibrary' => apply_filters( 'wp_video_shortcode_library', 'mediaelement' ), ); did_action( 'init' ) && $scripts->localize( 'mediaelement', '_wpmejsSettings', /** * Filters the MediaElement configuration settings. * * @since 4.4.0 * * @param array $mejs_settings MediaElement settings array. */ apply_filters( 'mejs_settings', $mejs_settings ) ); $scripts->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.js', array(), '5.29.1-alpha-ee20357' ); $scripts->add( 'csslint', '/wp-includes/js/codemirror/csslint.js', array(), '1.0.5' ); $scripts->add( 'esprima', '/wp-includes/js/codemirror/esprima.js', array(), '4.0.0' ); $scripts->add( 'jshint', '/wp-includes/js/codemirror/fakejshint.js', array( 'esprima' ), '2.9.5' ); $scripts->add( 'jsonlint', '/wp-includes/js/codemirror/jsonlint.js', array(), '1.6.2' ); $scripts->add( 'htmlhint', '/wp-includes/js/codemirror/htmlhint.js', array(), '0.9.14-xwp' ); $scripts->add( 'htmlhint-kses', '/wp-includes/js/codemirror/htmlhint-kses.js', array( 'htmlhint' ) ); $scripts->add( 'code-editor', "/wp-admin/js/code-editor$suffix.js", array( 'jquery', 'wp-codemirror', 'underscore' ) ); $scripts->add( 'wp-theme-plugin-editor', "/wp-admin/js/theme-plugin-editor$suffix.js", array( 'common', 'wp-util', 'wp-sanitize', 'jquery', 'jquery-ui-core', 'wp-a11y', 'underscore' ), false, 1 ); $scripts->set_translations( 'wp-theme-plugin-editor' ); $scripts->add( 'wp-playlist', "/wp-includes/js/mediaelement/wp-playlist$suffix.js", array( 'wp-util', 'backbone', 'mediaelement' ), false, 1 ); $scripts->add( 'zxcvbn-async', "/wp-includes/js/zxcvbn-async$suffix.js", array(), '1.0' ); did_action( 'init' ) && $scripts->localize( 'zxcvbn-async', '_zxcvbnSettings', array( 'src' => empty( $guessed_url ) ? includes_url( '/js/zxcvbn.min.js' ) : $scripts->base_url . '/wp-includes/js/zxcvbn.min.js', ) ); $scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'password-strength-meter', 'pwsL10n', array( 'unknown' => _x( 'Password strength unknown', 'password strength' ), 'short' => _x( 'Very weak', 'password strength' ), 'bad' => _x( 'Weak', 'password strength' ), 'good' => _x( 'Medium', 'password strength' ), 'strong' => _x( 'Strong', 'password strength' ), 'mismatch' => _x( 'Mismatch', 'password mismatch' ), ) ); $scripts->set_translations( 'password-strength-meter' ); $scripts->add( 'password-toggle', "/wp-admin/js/password-toggle$suffix.js", array(), false, 1 ); $scripts->set_translations( 'password-toggle' ); $scripts->add( 'application-passwords', "/wp-admin/js/application-passwords$suffix.js", array( 'jquery', 'wp-util', 'wp-api-request', 'wp-date', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'application-passwords' ); $scripts->add( 'auth-app', "/wp-admin/js/auth-app$suffix.js", array( 'jquery', 'wp-api-request', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'auth-app' ); $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'clipboard', 'jquery', 'password-strength-meter', 'wp-util', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'user-profile' ); $user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0; did_action( 'init' ) && $scripts->localize( 'user-profile', 'userProfileL10n', array( 'user_id' => $user_id, 'nonce' => wp_installing() ? '' : wp_create_nonce( 'reset-password-for-' . $user_id ), ) ); $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'user-suggest', "/wp-admin/js/user-suggest$suffix.js", array( 'jquery-ui-autocomplete' ), false, 1 ); $scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", array( 'hoverintent-js' ), false, 1 ); $scripts->add( 'wplink', "/wp-includes/js/wplink$suffix.js", array( 'common', 'jquery', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'wplink' ); did_action( 'init' ) && $scripts->localize( 'wplink', 'wpLinkL10n', array( 'title' => __( 'Insert/edit link' ), 'update' => __( 'Update' ), 'save' => __( 'Add Link' ), 'noTitle' => __( '(no title)' ), 'noMatchesFound' => __( 'No results found.' ), 'linkSelected' => __( 'Link selected.' ), 'linkInserted' => __( 'Link inserted.' ), /* translators: Minimum input length in characters to start searching posts in the "Insert/edit link" modal. */ 'minInputLength' => (int) _x( '3', 'minimum input length for searching post links' ), ) ); $scripts->add( 'wpdialogs', "/wp-includes/js/wpdialog$suffix.js", array( 'jquery-ui-dialog' ), false, 1 ); $scripts->add( 'word-count', "/wp-admin/js/word-count$suffix.js", array(), false, 1 ); $scripts->add( 'media-upload', "/wp-admin/js/media-upload$suffix.js", array( 'thickbox', 'shortcode' ), false, 1 ); $scripts->add( 'hoverIntent', "/wp-includes/js/hoverIntent$suffix.js", array( 'jquery' ), '1.10.2', 1 ); // JS-only version of hoverintent (no dependencies). $scripts->add( 'hoverintent-js', '/wp-includes/js/hoverintent-js.min.js', array(), '2.2.1', 1 ); $scripts->add( 'customize-base', "/wp-includes/js/customize-base$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'customize-loader', "/wp-includes/js/customize-loader$suffix.js", array( 'customize-base' ), false, 1 ); $scripts->add( 'customize-preview', "/wp-includes/js/customize-preview$suffix.js", array( 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'customize-models', '/wp-includes/js/customize-models.js', array( 'underscore', 'backbone' ), false, 1 ); $scripts->add( 'customize-views', '/wp-includes/js/customize-views.js', array( 'jquery', 'underscore', 'imgareaselect', 'customize-models', 'media-editor', 'media-views' ), false, 1 ); $scripts->add( 'customize-controls', "/wp-admin/js/customize-controls$suffix.js", array( 'customize-base', 'wp-a11y', 'wp-util', 'jquery-ui-core' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'customize-controls', '_wpCustomizeControlsL10n', array( 'activate' => __( 'Activate & Publish' ), 'save' => __( 'Save & Publish' ), // @todo Remove as not required. 'publish' => __( 'Publish' ), 'published' => __( 'Published' ), 'saveDraft' => __( 'Save Draft' ), 'draftSaved' => __( 'Draft Saved' ), 'updating' => __( 'Updating' ), 'schedule' => _x( 'Schedule', 'customizer changeset action/button label' ), 'scheduled' => _x( 'Scheduled', 'customizer changeset status' ), 'invalid' => __( 'Invalid' ), 'saveBeforeShare' => __( 'Please save your changes in order to share the preview.' ), 'futureDateError' => __( 'You must supply a future date to schedule.' ), 'saveAlert' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'saved' => __( 'Saved' ), 'cancel' => __( 'Cancel' ), 'close' => __( 'Close' ), 'action' => __( 'Action' ), 'discardChanges' => __( 'Discard changes' ), 'cheatin' => __( 'An error occurred. Please try again later.' ), 'notAllowedHeading' => __( 'You need a higher level of permission.' ), 'notAllowed' => __( 'Sorry, you are not allowed to customize this site.' ), 'previewIframeTitle' => __( 'Site Preview' ), 'loginIframeTitle' => __( 'Session expired' ), 'collapseSidebar' => _x( 'Hide Controls', 'label for hide controls button without length constraints' ), 'expandSidebar' => _x( 'Show Controls', 'label for hide controls button without length constraints' ), 'untitledBlogName' => __( '(Untitled)' ), 'unknownRequestFail' => __( 'Looks like something’s gone wrong. Wait a couple seconds, and then try again.' ), 'themeDownloading' => __( 'Downloading your new theme…' ), 'themePreviewWait' => __( 'Setting up your live preview. This may take a bit.' ), 'revertingChanges' => __( 'Reverting unpublished changes…' ), 'trashConfirm' => __( 'Are you sure you want to discard your unpublished changes?' ), /* translators: %s: Display name of the user who has taken over the changeset in customizer. */ 'takenOverMessage' => __( '%s has taken over and is currently customizing.' ), /* translators: %s: URL to the Customizer to load the autosaved version. */ 'autosaveNotice' => __( 'There is a more recent autosave of your changes than the one you are previewing. <a href="%s">Restore the autosave</a>' ), 'videoHeaderNotice' => __( 'This theme does not support video headers on this page. Navigate to the front page or another page that supports video headers.' ), // Used for overriding the file types allowed in Plupload. 'allowedFiles' => __( 'Allowed Files' ), 'customCssError' => array( /* translators: %d: Error count. */ 'singular' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 1 ), /* translators: %d: Error count. */ 'plural' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'pageOnFrontError' => __( 'Homepage and posts page must be different.' ), 'saveBlockedError' => array( /* translators: %s: Number of invalid settings. */ 'singular' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 1 ), /* translators: %s: Number of invalid settings. */ 'plural' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'scheduleDescription' => __( 'Schedule your customization changes to publish ("go live") at a future date.' ), 'themePreviewUnavailable' => __( 'Sorry, you cannot preview new themes when you have changes scheduled or saved as a draft. Please publish your changes, or wait until they publish to preview new themes.' ), 'themeInstallUnavailable' => sprintf( /* translators: %s: URL to Add Themes admin screen. */ __( 'You will not be able to install new themes from here yet since your install requires SFTP credentials. For now, please <a href="%s">add themes in the admin</a>.' ), esc_url( admin_url( 'theme-install.php' ) ) ), 'publishSettings' => __( 'Publish Settings' ), 'invalidDate' => __( 'Invalid date.' ), 'invalidValue' => __( 'Invalid value.' ), 'blockThemeNotification' => sprintf( /* translators: 1: Link to Site Editor documentation on HelpHub, 2: HTML button. */ __( 'Hurray! Your theme supports site editing with blocks. <a href="%1$s">Tell me more</a>. %2$s' ), __( 'https://wordpress.org/documentation/article/site-editor/' ), sprintf( '<button type="button" data-action="%1$s" class="button switch-to-editor">%2$s</button>', esc_url( admin_url( 'site-editor.php' ) ), __( 'Use Site Editor' ) ) ), ) ); $scripts->add( 'customize-selective-refresh', "/wp-includes/js/customize-selective-refresh$suffix.js", array( 'jquery', 'wp-util', 'customize-preview' ), false, 1 ); $scripts->add( 'customize-widgets', "/wp-admin/js/customize-widgets$suffix.js", array( 'jquery', 'jquery-ui-sortable', 'jquery-ui-droppable', 'wp-backbone', 'customize-controls' ), false, 1 ); $scripts->add( 'customize-preview-widgets', "/wp-includes/js/customize-preview-widgets$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu', 'wp-sanitize' ), false, 1 ); $scripts->add( 'customize-preview-nav-menus', "/wp-includes/js/customize-preview-nav-menus$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'wp-custom-header', "/wp-includes/js/wp-custom-header$suffix.js", array( 'wp-a11y' ), false, 1 ); $scripts->add( 'accordion', "/wp-admin/js/accordion$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'shortcode', "/wp-includes/js/shortcode$suffix.js", array( 'underscore' ), false, 1 ); $scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'wp-backbone' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array( 'settings' => array( 'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ), 'post' => array( 'id' => 0 ), ), ) ); $scripts->add( 'wp-embed', "/wp-includes/js/wp-embed$suffix.js" ); did_action( 'init' ) && $scripts->add_data( 'wp-embed', 'strategy', 'defer' ); /* * To enqueue media-views or media-editor, call wp_enqueue_media(). * Both rely on numerous settings, styles, and templates to operate correctly. */ $scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request', 'wp-a11y', 'clipboard' ), false, 1 ); $scripts->set_translations( 'media-views' ); $scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 ); $scripts->set_translations( 'media-editor' ); $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 ); $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 ); if ( is_admin() ) { $scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 ); $scripts->set_translations( 'admin-tags' ); $scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array( 'wp-lists', 'quicktags', 'jquery-query', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-comments' ); did_action( 'init' ) && $scripts->localize( 'admin-comments', 'adminCommentsSettings', array( 'hotkeys_highlight_first' => isset( $_GET['hotkeys_highlight_first'] ), 'hotkeys_highlight_last' => isset( $_GET['hotkeys_highlight_last'] ), ) ); $scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array( 'jquery-ui-sortable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'postbox' ); $scripts->add( 'tags-box', "/wp-admin/js/tags-box$suffix.js", array( 'jquery', 'tags-suggest' ), false, 1 ); $scripts->set_translations( 'tags-box' ); $scripts->add( 'tags-suggest', "/wp-admin/js/tags-suggest$suffix.js", array( 'common', 'jquery-ui-autocomplete', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'tags-suggest' ); $scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y', 'wp-sanitize', 'clipboard' ), false, 1 ); $scripts->set_translations( 'post' ); $scripts->add( 'editor-expand', "/wp-admin/js/editor-expand$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'link', "/wp-admin/js/link$suffix.js", array( 'wp-lists', 'postbox' ), false, 1 ); $scripts->add( 'comment', "/wp-admin/js/comment$suffix.js", array( 'jquery', 'postbox' ), false, 1 ); $scripts->set_translations( 'comment' ); $scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) ); $scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-widgets' ); $scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) ); $scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' ); $scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) ); $scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-gallery-widget', "/wp-admin/js/widgets/media-gallery-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) ); $scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) ); $scripts->add( 'custom-html-widgets', "/wp-admin/js/widgets/custom-html-widgets$suffix.js", array( 'jquery', 'backbone', 'wp-util', 'jquery-ui-core', 'wp-a11y' ) ); $scripts->add( 'theme', "/wp-admin/js/theme$suffix.js", array( 'wp-backbone', 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'inline-edit-post', "/wp-admin/js/inline-edit-post$suffix.js", array( 'jquery', 'tags-suggest', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-post' ); $scripts->add( 'inline-edit-tax', "/wp-admin/js/inline-edit-tax$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-tax' ); $scripts->add( 'plugin-install', "/wp-admin/js/plugin-install$suffix.js", array( 'jquery', 'jquery-ui-core', 'thickbox' ), false, 1 ); $scripts->set_translations( 'plugin-install' ); $scripts->add( 'site-health', "/wp-admin/js/site-health$suffix.js", array( 'clipboard', 'jquery', 'wp-util', 'wp-a11y', 'wp-api-request', 'wp-url', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'site-health' ); $scripts->add( 'privacy-tools', "/wp-admin/js/privacy-tools$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'privacy-tools' ); $scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'common', 'jquery', 'wp-util', 'wp-a11y', 'wp-sanitize', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'updates' ); did_action( 'init' ) && $scripts->localize( 'updates', '_wpUpdatesSettings', array( 'ajax_nonce' => wp_installing() ? '' : wp_create_nonce( 'updates' ), ) ); $scripts->add( 'farbtastic', '/wp-admin/js/farbtastic.js', array( 'jquery' ), '1.2' ); $scripts->add( 'iris', '/wp-admin/js/iris.min.js', array( 'jquery-ui-draggable', 'jquery-ui-slider', 'jquery-touch-punch' ), '1.1.1', 1 ); $scripts->add( 'wp-color-picker', "/wp-admin/js/color-picker$suffix.js", array( 'iris' ), false, 1 ); $scripts->set_translations( 'wp-color-picker' ); $scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'common', 'jquery', 'admin-comments', 'postbox', 'wp-util', 'wp-a11y', 'wp-date' ), false, 1 ); $scripts->set_translations( 'dashboard' ); $scripts->add( 'list-revisions', "/wp-includes/js/wp-list-revisions$suffix.js" ); $scripts->add( 'media-grid', "/wp-includes/js/media-grid$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'media', "/wp-admin/js/media$suffix.js", array( 'jquery', 'clipboard', 'wp-i18n', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'media' ); $scripts->add( 'image-edit', "/wp-admin/js/image-edit$suffix.js", array( 'jquery', 'jquery-ui-core', 'imgareaselect', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'image-edit' ); $scripts->add( 'set-post-thumbnail', "/wp-admin/js/set-post-thumbnail$suffix.js", array( 'jquery' ), false, 1 ); $scripts->set_translations( 'set-post-thumbnail' ); /* * Navigation Menus: Adding underscore as a dependency to utilize _.debounce * see https://core.trac.wordpress.org/ticket/42321 */ $scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-lists', 'postbox', 'underscore' ) ); $scripts->set_translations( 'nav-menu' ); $scripts->add( 'custom-header', '/wp-admin/js/custom-header.js', array( 'jquery-masonry' ), false, 1 ); $scripts->add( 'custom-background', "/wp-admin/js/custom-background$suffix.js", array( 'wp-color-picker', 'media-views' ), false, 1 ); $scripts->add( 'media-gallery', "/wp-admin/js/media-gallery$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'svg-painter', '/wp-admin/js/svg-painter.js', array( 'jquery' ), false, 1 ); } } /** * Assigns default styles to $styles object. * * Nothing is returned, because the $styles parameter is passed by reference. * Meaning that whatever object is passed will be updated without having to * reassign the variable that was passed back to the same value. This saves * memory. * * Adding default styles is not the only task, it also assigns the base_url * property, the default version, and text direction for the object. * * @since 2.6.0 * * @global array $editor_styles * * @param WP_Styles $styles */ function wp_default_styles( $styles ) { global $editor_styles; /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; if ( ! defined( 'SCRIPT_DEBUG' ) ) { /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ define( 'SCRIPT_DEBUG', false !== strpos( $wp_version, '-src' ) ); } $guessurl = site_url(); if ( ! $guessurl ) { $guessurl = wp_guess_url(); } $styles->base_url = $guessurl; $styles->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $styles->default_version = get_bloginfo( 'version' ); $styles->text_direction = function_exists( 'is_rtl' ) && is_rtl() ? 'rtl' : 'ltr'; $styles->default_dirs = array( '/wp-admin/', '/wp-includes/css/' ); // Open Sans is no longer used by core, but may be relied upon by themes and plugins. $open_sans_font_url = ''; /* * translators: If there are characters in your language that are not supported * by Open Sans, translate this to 'off'. Do not translate into your own language. */ if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) { $subsets = 'latin,latin-ext'; /* * translators: To add an additional Open Sans character subset specific to your language, * translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language. */ $subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' ); if ( 'cyrillic' === $subset ) { $subsets .= ',cyrillic,cyrillic-ext'; } elseif ( 'greek' === $subset ) { $subsets .= ',greek,greek-ext'; } elseif ( 'vietnamese' === $subset ) { $subsets .= ',vietnamese'; } // Hotlink Open Sans, for now. $open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets&display=fallback"; } // Register a stylesheet for the selected admin color scheme. $styles->add( 'colors', true, array( 'wp-admin', 'buttons' ) ); $suffix = SCRIPT_DEBUG ? '' : '.min'; // Admin CSS. $styles->add( 'common', "/wp-admin/css/common$suffix.css" ); $styles->add( 'forms', "/wp-admin/css/forms$suffix.css" ); $styles->add( 'admin-menu', "/wp-admin/css/admin-menu$suffix.css" ); $styles->add( 'dashboard', "/wp-admin/css/dashboard$suffix.css" ); $styles->add( 'list-tables', "/wp-admin/css/list-tables$suffix.css" ); $styles->add( 'edit', "/wp-admin/css/edit$suffix.css" ); $styles->add( 'revisions', "/wp-admin/css/revisions$suffix.css" ); $styles->add( 'media', "/wp-admin/css/media$suffix.css" ); $styles->add( 'themes', "/wp-admin/css/themes$suffix.css" ); $styles->add( 'about', "/wp-admin/css/about$suffix.css" ); $styles->add( 'nav-menus', "/wp-admin/css/nav-menus$suffix.css" ); $styles->add( 'widgets', "/wp-admin/css/widgets$suffix.css", array( 'wp-pointer' ) ); $styles->add( 'site-icon', "/wp-admin/css/site-icon$suffix.css" ); $styles->add( 'l10n', "/wp-admin/css/l10n$suffix.css" ); $styles->add( 'code-editor', "/wp-admin/css/code-editor$suffix.css", array( 'wp-codemirror' ) ); $styles->add( 'site-health', "/wp-admin/css/site-health$suffix.css" ); $styles->add( 'wp-admin', false, array( 'dashicons', 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n' ) ); $styles->add( 'login', "/wp-admin/css/login$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'install', "/wp-admin/css/install$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'wp-color-picker', "/wp-admin/css/color-picker$suffix.css" ); $styles->add( 'customize-controls', "/wp-admin/css/customize-controls$suffix.css", array( 'wp-admin', 'colors', 'imgareaselect' ) ); $styles->add( 'customize-widgets', "/wp-admin/css/customize-widgets$suffix.css", array( 'wp-admin', 'colors' ) ); $styles->add( 'customize-nav-menus', "/wp-admin/css/customize-nav-menus$suffix.css", array( 'wp-admin', 'colors' ) ); // Common dependencies. $styles->add( 'buttons', "/wp-includes/css/buttons$suffix.css" ); $styles->add( 'dashicons', "/wp-includes/css/dashicons$suffix.css" ); // Includes CSS. $styles->add( 'admin-bar', "/wp-includes/css/admin-bar$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-auth-check', "/wp-includes/css/wp-auth-check$suffix.css", array( 'dashicons' ) ); $styles->add( 'editor-buttons', "/wp-includes/css/editor$suffix.css", array( 'dashicons' ) ); $styles->add( 'media-views', "/wp-includes/css/media-views$suffix.css", array( 'buttons', 'dashicons', 'wp-mediaelement' ) ); $styles->add( 'wp-pointer', "/wp-includes/css/wp-pointer$suffix.css", array( 'dashicons' ) ); $styles->add( 'customize-preview', "/wp-includes/css/customize-preview$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-empty-template-alert', "/wp-includes/css/wp-empty-template-alert$suffix.css" ); // External libraries and friends. $styles->add( 'imgareaselect', '/wp-includes/js/imgareaselect/imgareaselect.css', array(), '0.9.8' ); $styles->add( 'wp-jquery-ui-dialog', "/wp-includes/css/jquery-ui-dialog$suffix.css", array( 'dashicons' ) ); $styles->add( 'mediaelement', '/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css', array(), '4.2.17' ); $styles->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.css", array( 'mediaelement' ) ); $styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ) ); $styles->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.css', array(), '5.29.1-alpha-ee20357' ); // Deprecated CSS. $styles->add( 'deprecated-media', "/wp-admin/css/deprecated-media$suffix.css" ); $styles->add( 'farbtastic', "/wp-admin/css/farbtastic$suffix.css", array(), '1.3u1' ); $styles->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.css', array(), '0.9.15' ); $styles->add( 'colors-fresh', false, array( 'wp-admin', 'buttons' ) ); // Old handle. $styles->add( 'open-sans', $open_sans_font_url ); // No longer used in core as of 4.6. $styles->add( 'wp-embed-template-ie', false ); $styles->add_data( 'wp-embed-template-ie', 'conditional', '_required-conditional-dependency_' ); // Noto Serif is no longer used by core, but may be relied upon by themes and plugins. $fonts_url = ''; /* * translators: Use this to specify the proper Google Font name and variants * to load that is supported by your language. Do not translate. * Set to 'off' to disable loading. */ $font_family = _x( 'Noto Serif:400,400i,700,700i', 'Google Font Name and Variants' ); if ( 'off' !== $font_family ) { $fonts_url = 'https://fonts.googleapis.com/css?family=' . urlencode( $font_family ); } $styles->add( 'wp-editor-font', $fonts_url ); // No longer used in core as of 5.7. $block_library_theme_path = WPINC . "/css/dist/block-library/theme$suffix.css"; $styles->add( 'wp-block-library-theme', "/$block_library_theme_path" ); $styles->add_data( 'wp-block-library-theme', 'path', ABSPATH . $block_library_theme_path ); $classic_theme_styles_path = WPINC . "/css/classic-themes$suffix.css"; $styles->add( 'classic-theme-styles', "/$classic_theme_styles_path" ); $styles->add_data( 'classic-theme-styles', 'path', ABSPATH . $classic_theme_styles_path ); $styles->add( 'wp-reset-editor-styles', "/wp-includes/css/dist/block-library/reset$suffix.css", array( 'common', 'forms' ) // Make sure the reset is loaded after the default WP Admin styles. ); $styles->add( 'wp-editor-classic-layout-styles', "/wp-includes/css/dist/edit-post/classic$suffix.css", array() ); $styles->add( 'wp-block-editor-content', "/wp-includes/css/dist/block-editor/content$suffix.css", array( 'wp-components' ) ); // Only add CONTENT styles here that should be enqueued in the iframe! $wp_edit_blocks_dependencies = array( 'wp-components', /* * This needs to be added before the block library styles, * The block library styles override the "reset" styles. */ 'wp-reset-editor-styles', 'wp-block-library', 'wp-block-editor-content', ); // Only load the default layout and margin styles for themes without theme.json file. if ( ! wp_theme_has_theme_json() ) { $wp_edit_blocks_dependencies[] = 'wp-editor-classic-layout-styles'; } if ( current_theme_supports( 'wp-block-styles' ) && ( ! is_array( $editor_styles ) || count( $editor_styles ) === 0 ) ) { /* * Include opinionated block styles if the theme supports block styles and * no $editor_styles are declared, so the editor never appears broken. */ $wp_edit_blocks_dependencies[] = 'wp-block-library-theme'; } $styles->add( 'wp-edit-blocks', "/wp-includes/css/dist/block-library/editor$suffix.css", $wp_edit_blocks_dependencies ); $package_styles = array( 'block-editor' => array( 'wp-components', 'wp-preferences' ), 'block-library' => array(), 'block-directory' => array(), 'components' => array(), 'commands' => array( 'wp-components' ), 'edit-post' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-commands', 'wp-preferences', ), 'editor' => array( 'wp-components', 'wp-block-editor', 'wp-reusable-blocks', 'wp-patterns', 'wp-preferences', ), 'format-library' => array(), 'list-reusable-blocks' => array( 'wp-components' ), 'reusable-blocks' => array( 'wp-components' ), 'patterns' => array( 'wp-components' ), 'preferences' => array( 'wp-components' ), 'nux' => array( 'wp-components' ), 'widgets' => array( 'wp-components', ), 'edit-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'customize-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'edit-site' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-commands', 'wp-preferences', ), ); foreach ( $package_styles as $package => $dependencies ) { $handle = 'wp-' . $package; $path = "/wp-includes/css/dist/$package/style$suffix.css"; if ( 'block-library' === $package && wp_should_load_separate_core_block_assets() ) { $path = "/wp-includes/css/dist/$package/common$suffix.css"; } $styles->add( $handle, $path, $dependencies ); $styles->add_data( $handle, 'path', ABSPATH . $path ); } // RTL CSS. $rtl_styles = array( // Admin CSS. 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n', 'install', 'wp-color-picker', 'customize-controls', 'customize-widgets', 'customize-nav-menus', 'customize-preview', 'login', 'site-health', 'wp-empty-template-alert', // Includes CSS. 'buttons', 'admin-bar', 'wp-auth-check', 'editor-buttons', 'media-views', 'wp-pointer', 'wp-jquery-ui-dialog', // Package styles. 'wp-reset-editor-styles', 'wp-editor-classic-layout-styles', 'wp-block-library-theme', 'wp-edit-blocks', 'wp-block-editor', 'wp-block-library', 'wp-block-directory', 'wp-commands', 'wp-components', 'wp-customize-widgets', 'wp-edit-post', 'wp-edit-site', 'wp-edit-widgets', 'wp-editor', 'wp-format-library', 'wp-list-reusable-blocks', 'wp-reusable-blocks', 'wp-patterns', 'wp-nux', 'wp-widgets', // Deprecated CSS. 'deprecated-media', 'farbtastic', ); foreach ( $rtl_styles as $rtl_style ) { $styles->add_data( $rtl_style, 'rtl', 'replace' ); if ( $suffix ) { $styles->add_data( $rtl_style, 'suffix', $suffix ); } } } /** * Reorders JavaScript scripts array to place prototype before jQuery. * * @since 2.3.1 * * @param string[] $js_array JavaScript scripts array * @return string[] Reordered array, if needed. */ function wp_prototype_before_jquery( $js_array ) { $prototype = array_search( 'prototype', $js_array, true ); if ( false === $prototype ) { return $js_array; } $jquery = array_search( 'jquery', $js_array, true ); if ( false === $jquery ) { return $js_array; } if ( $prototype < $jquery ) { return $js_array; } unset( $js_array[ $prototype ] ); array_splice( $js_array, $jquery, 0, 'prototype' ); return $js_array; } /** * Loads localized data on print rather than initialization. * * These localizations require information that may not be loaded even by init. * * @since 2.5.0 * * @global array $shortcode_tags */ function wp_just_in_time_script_localization() { wp_localize_script( 'autosave', 'autosaveL10n', array( 'autosaveInterval' => AUTOSAVE_INTERVAL, 'blog_id' => get_current_blog_id(), ) ); wp_localize_script( 'mce-view', 'mceViewL10n', array( 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); wp_localize_script( 'word-count', 'wordCountL10n', array( 'type' => wp_get_word_count_type(), 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); } /** * Localizes the jQuery UI datepicker. * * @since 4.6.0 * * @link https://api.jqueryui.com/datepicker/#options * * @global WP_Locale $wp_locale WordPress date and time locale object. */ function wp_localize_jquery_ui_datepicker() { global $wp_locale; if ( ! wp_script_is( 'jquery-ui-datepicker', 'enqueued' ) ) { return; } // Convert the PHP date format into jQuery UI's format. $datepicker_date_format = str_replace( array( 'd', 'j', 'l', 'z', // Day. 'F', 'M', 'n', 'm', // Month. 'Y', 'y', // Year. ), array( 'dd', 'd', 'DD', 'o', 'MM', 'M', 'm', 'mm', 'yy', 'y', ), get_option( 'date_format' ) ); $datepicker_defaults = wp_json_encode( array( 'closeText' => __( 'Close' ), 'currentText' => __( 'Today' ), 'monthNames' => array_values( $wp_locale->month ), 'monthNamesShort' => array_values( $wp_locale->month_abbrev ), 'nextText' => __( 'Next' ), 'prevText' => __( 'Previous' ), 'dayNames' => array_values( $wp_locale->weekday ), 'dayNamesShort' => array_values( $wp_locale->weekday_abbrev ), 'dayNamesMin' => array_values( $wp_locale->weekday_initial ), 'dateFormat' => $datepicker_date_format, 'firstDay' => absint( get_option( 'start_of_week' ) ), 'isRTL' => $wp_locale->is_rtl(), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); wp_add_inline_script( 'jquery-ui-datepicker', "jQuery(function(jQuery){jQuery.datepicker.setDefaults({$datepicker_defaults});});" ); } /** * Localizes community events data that needs to be passed to dashboard.js. * * @since 4.8.0 */ function wp_localize_community_events() { if ( ! wp_script_is( 'dashboard' ) ) { return; } require_once ABSPATH . 'wp-admin/includes/class-wp-community-events.php'; $user_id = get_current_user_id(); $saved_location = get_user_option( 'community-events-location', $user_id ); $saved_ip_address = isset( $saved_location['ip'] ) ? $saved_location['ip'] : false; $current_ip_address = WP_Community_Events::get_unsafe_client_ip(); /* * If the user's location is based on their IP address, then update their * location when their IP address changes. This allows them to see events * in their current city when travelling. Otherwise, they would always be * shown events in the city where they were when they first loaded the * Dashboard, which could have been months or years ago. */ if ( $saved_ip_address && $current_ip_address && $current_ip_address !== $saved_ip_address ) { $saved_location['ip'] = $current_ip_address; update_user_meta( $user_id, 'community-events-location', $saved_location ); } $events_client = new WP_Community_Events( $user_id, $saved_location ); wp_localize_script( 'dashboard', 'communityEventsData', array( 'nonce' => wp_create_nonce( 'community_events' ), 'cache' => $events_client->get_cached_events(), 'time_format' => get_option( 'time_format' ), ) ); } /** * Administration Screen CSS for changing the styles. * * If installing the 'wp-admin/' directory will be replaced with './'. * * The $_wp_admin_css_colors global manages the Administration Screens CSS * stylesheet that is loaded. The option that is set is 'admin_color' and is the * color and key for the array. The value for the color key is an object with * a 'url' parameter that has the URL path to the CSS file. * * The query from $src parameter will be appended to the URL that is given from * the $_wp_admin_css_colors array value URL. * * @since 2.6.0 * * @global array $_wp_admin_css_colors * * @param string $src Source URL. * @param string $handle Either 'colors' or 'colors-rtl'. * @return string|false URL path to CSS stylesheet for Administration Screens. */ function wp_style_loader_src( $src, $handle ) { global $_wp_admin_css_colors; if ( wp_installing() ) { return preg_replace( '#^wp-admin/#', './', $src ); } if ( 'colors' === $handle ) { $color = get_user_option( 'admin_color' ); if ( empty( $color ) || ! isset( $_wp_admin_css_colors[ $color ] ) ) { $color = 'fresh'; } $color = $_wp_admin_css_colors[ $color ]; $url = $color->url; if ( ! $url ) { return false; } $parsed = parse_url( $src ); if ( isset( $parsed['query'] ) && $parsed['query'] ) { wp_parse_str( $parsed['query'], $qv ); $url = add_query_arg( $qv, $url ); } return $url; } return $src; } /** * Prints the script queue in the HTML head on admin pages. * * Postpones the scripts that were queued for the footer. * print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @see wp_print_scripts() * * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_head_scripts() { global $concatenate_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } $wp_scripts = wp_scripts(); script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_head_items(); /** * Filters whether to print the head scripts. * * @since 2.8.0 * * @param bool $print Whether to print the head scripts. Default true. */ if ( apply_filters( 'print_head_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints the scripts that were queued for the footer or too late for the HTML head. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_footer_scripts() { global $wp_scripts, $concatenate_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if not instantiated. } script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_footer_items(); /** * Filters whether to print the footer scripts. * * @since 2.8.0 * * @param bool $print Whether to print the footer scripts. Default true. */ if ( apply_filters( 'print_footer_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints scripts (internal use only) * * @since 2.8.0 * * @ignore * * @global WP_Scripts $wp_scripts * @global bool $compress_scripts */ function _print_scripts() { global $wp_scripts, $compress_scripts; $zip = $compress_scripts ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_scripts->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'script' ) ? '' : " type='text/javascript'"; if ( $concat ) { if ( ! empty( $wp_scripts->print_code ) ) { echo "\n<script{$type_attr}>\n"; echo "/* <![CDATA[ */\n"; // Not needed in HTML 5. echo $wp_scripts->print_code; echo sprintf( "\n//# sourceURL=%s\n", rawurlencode( 'js-inline-concat-' . $concat ) ); echo "/* ]]> */\n"; echo "</script>\n"; } $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version; echo "<script{$type_attr} src='" . esc_attr( $src ) . "'></script>\n"; } if ( ! empty( $wp_scripts->print_html ) ) { echo $wp_scripts->print_html; } } /** * Prints the script queue in the HTML head on the front end. * * Postpones the scripts that were queued for the footer. * wp_print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * * @return string[] Handles of the scripts that were printed. */ function wp_print_head_scripts() { global $wp_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if nothing is queued. } return print_head_scripts(); } /** * Private, for use in *_footer_scripts hooks * * In classic themes, when block styles are loaded on demand via wp_load_classic_theme_block_styles_on_demand(), * this function is replaced by a closure in wp_hoist_late_printed_styles() which will capture the printing of * two sets of "late" styles to be hoisted to the HEAD by means of the template enhancement output buffer: * * 1. Styles related to blocks are inserted right after the wp-block-library stylesheet. * 2. All other styles are appended to the end of the HEAD. * * The closure calls print_footer_scripts() to print scripts in the footer as usual. * * @since 3.3.0 */ function _wp_footer_scripts() { print_late_styles(); print_footer_scripts(); } /** * Hooks to print the scripts and styles in the footer. * * @since 2.8.0 */ function wp_print_footer_scripts() { /** * Fires when footer scripts are printed. * * @since 2.8.0 */ do_action( 'wp_print_footer_scripts' ); } /** * Wrapper for do_action( 'wp_enqueue_scripts' ). * * Allows plugins to queue scripts for the front end using wp_enqueue_script(). * Runs first in wp_head() where all is_home(), is_page(), etc. functions are available. * * @since 2.8.0 */ function wp_enqueue_scripts() { /** * Fires when scripts and styles are enqueued. * * @since 2.8.0 */ do_action( 'wp_enqueue_scripts' ); } /** * Prints the styles queue in the HTML head on admin pages. * * @since 2.8.0 * * @global bool $concatenate_scripts * * @return string[] Handles of the styles that were printed. */ function print_admin_styles() { global $concatenate_scripts; $wp_styles = wp_styles(); script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_items( false ); /** * Filters whether to print the admin styles. * * @since 2.8.0 * * @param bool $print Whether to print the admin styles. Default true. */ if ( apply_filters( 'print_admin_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints the styles that were queued too late for the HTML head. * * @since 3.3.0 * * @global WP_Styles $wp_styles * @global bool $concatenate_scripts * * @return array|void */ function print_late_styles() { global $wp_styles, $concatenate_scripts; if ( ! ( $wp_styles instanceof WP_Styles ) ) { return; } script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_footer_items(); /** * Filters whether to print the styles queued too late for the HTML head. * * @since 3.3.0 * * @param bool $print Whether to print the 'late' styles. Default true. */ if ( apply_filters( 'print_late_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints styles (internal use only). * * @ignore * @since 3.3.0 * * @global bool $compress_css */ function _print_styles() { global $compress_css; $wp_styles = wp_styles(); $zip = $compress_css ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_styles->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; if ( $concat ) { $dir = $wp_styles->text_direction; $ver = $wp_styles->default_version; $concat_source_url = 'css-inline-concat-' . $concat; $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver; echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "'{$type_attr} media='all' />\n"; if ( ! empty( $wp_styles->print_code ) ) { echo "<style{$type_attr}>\n"; echo $wp_styles->print_code; echo sprintf( "\n/*# sourceURL=%s */", rawurlencode( $concat_source_url ) ); echo "\n</style>\n"; } } if ( ! empty( $wp_styles->print_html ) ) { echo $wp_styles->print_html; } } /** * Determines the concatenation and compression settings for scripts and styles. * * @since 2.8.0 * * @global bool $concatenate_scripts * @global bool $compress_scripts * @global bool $compress_css */ function script_concat_settings() { global $concatenate_scripts, $compress_scripts, $compress_css; $compressed_output = ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' === ini_get( 'output_handler' ) ); $can_compress_scripts = ! wp_installing() && get_site_option( 'can_compress_scripts' ); if ( ! isset( $concatenate_scripts ) ) { $concatenate_scripts = defined( 'CONCATENATE_SCRIPTS' ) ? CONCATENATE_SCRIPTS : true; if ( ( ! is_admin() && ! did_action( 'login_init' ) ) || ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ) { $concatenate_scripts = false; } } if ( ! isset( $compress_scripts ) ) { $compress_scripts = defined( 'COMPRESS_SCRIPTS' ) ? COMPRESS_SCRIPTS : true; if ( $compress_scripts && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_scripts = false; } } if ( ! isset( $compress_css ) ) { $compress_css = defined( 'COMPRESS_CSS' ) ? COMPRESS_CSS : true; if ( $compress_css && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_css = false; } } } /** * Handles the enqueueing of block scripts and styles that are common to both * the editor and the front-end. * * @since 5.0.0 */ function wp_common_block_scripts_and_styles() { if ( is_admin() && ! wp_should_load_block_editor_scripts_and_styles() ) { return; } wp_enqueue_style( 'wp-block-library' ); if ( current_theme_supports( 'wp-block-styles' ) && ! wp_should_load_separate_core_block_assets() ) { wp_enqueue_style( 'wp-block-library-theme' ); } /** * Fires after enqueuing block assets for both editor and front-end. * * Call `add_action` on any hook before 'wp_enqueue_scripts'. * * In the function call you supply, simply use `wp_enqueue_script` and * `wp_enqueue_style` to add your functionality to the Gutenberg editor. * * @since 5.0.0 */ do_action( 'enqueue_block_assets' ); } /** * Applies a filter to the list of style nodes that comes from WP_Theme_JSON::get_style_nodes(). * * This particular filter removes all of the blocks from the array. * * We want WP_Theme_JSON to be ignorant of the implementation details of how the CSS is being used. * This filter allows us to modify the output of WP_Theme_JSON depending on whether or not we are * loading separate assets, without making the class aware of that detail. * * @since 6.1.0 * * @param array $nodes The nodes to filter. * @return array A filtered array of style nodes. */ function wp_filter_out_block_nodes( $nodes ) { return array_filter( $nodes, static function ( $node ) { return ! in_array( 'blocks', $node['path'], true ); }, ARRAY_FILTER_USE_BOTH ); } /** * Enqueues the global styles defined via theme.json. * * @since 5.8.0 */ function wp_enqueue_global_styles() { $assets_on_demand = wp_should_load_block_assets_on_demand(); $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * Global styles should be printed in the head for block themes, or for classic themes when loading assets on * demand is disabled, which is the default. * The footer should only be used for classic themes when loading assets on demand is enabled. * * See https://core.trac.wordpress.org/ticket/53494 and https://core.trac.wordpress.org/ticket/61965. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_footer' ) && ! $assets_on_demand ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) && $assets_on_demand ) ) { return; } /* * If loading the CSS for each block separately, then load the theme.json CSS conditionally. * This removes the CSS from the global-styles stylesheet and adds it to the inline CSS for each block. * This filter must be registered before calling wp_get_global_stylesheet(); */ add_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' ); $stylesheet = wp_get_global_stylesheet(); if ( $is_block_theme ) { /* * Dequeue the Customizer's custom CSS * and add it before the global styles custom CSS. */ remove_action( 'wp_head', 'wp_custom_css_cb', 101 ); /* * Get the custom CSS from the Customizer and add it to the global stylesheet. * Always do this in Customizer preview for the sake of live preview since it be empty. */ $custom_css = trim( wp_get_custom_css() ); if ( $custom_css || is_customize_preview() ) { if ( is_customize_preview() ) { /* * When in the Customizer preview, wrap the Custom CSS in milestone comments to allow customize-preview.js * to locate the CSS to replace for live previewing. Make sure that the milestone comments are omitted from * the stored Custom CSS if by chance someone tried to add them, which would be highly unlikely, but it * would break live previewing. */ $before_milestone = '/*BEGIN_CUSTOMIZER_CUSTOM_CSS*/'; $after_milestone = '/*END_CUSTOMIZER_CUSTOM_CSS*/'; $custom_css = str_replace( array( $before_milestone, $after_milestone ), '', $custom_css ); $custom_css = $before_milestone . "\n" . $custom_css . "\n" . $after_milestone; } $custom_css = "\n" . $custom_css; } $stylesheet .= $custom_css; // Add the global styles custom CSS at the end. $stylesheet .= wp_get_global_stylesheet( array( 'custom-css' ) ); } if ( empty( $stylesheet ) ) { return; } wp_register_style( 'global-styles', false ); wp_add_inline_style( 'global-styles', $stylesheet ); wp_enqueue_style( 'global-styles' ); // Add each block as an inline css. wp_add_global_styles_for_blocks(); } /** * Checks if the editor scripts and styles for all registered block types * should be enqueued on the current screen. * * @since 5.6.0 * * @global WP_Screen $current_screen WordPress current screen object. * * @return bool Whether scripts and styles should be enqueued. */ function wp_should_load_block_editor_scripts_and_styles() { global $current_screen; $is_block_editor_screen = ( $current_screen instanceof WP_Screen ) && $current_screen->is_block_editor(); /** * Filters the flag that decides whether or not block editor scripts and styles * are going to be enqueued on the current screen. * * @since 5.6.0 * * @param bool $is_block_editor_screen Current value of the flag. */ return apply_filters( 'should_load_block_editor_scripts_and_styles', $is_block_editor_screen ); } /** * Checks whether separate styles should be loaded for core blocks. * * When this function returns true, other functions ensure that core blocks use their own separate stylesheets. * When this function returns false, all core blocks will use the single combined 'wp-block-library' stylesheet. * * As a side effect, the return value will by default result in block assets to be loaded on demand, via the * {@see wp_should_load_block_assets_on_demand()} function. This behavior can be separately altered via that function. * * This only affects front end and not the block editor screens. * * @since 5.8.0 * @see @see wp_should_load_block_assets_on_demand() * @see wp_enqueue_registered_block_scripts_and_styles() * @see register_block_style_handle() * * @return bool Whether separate core block assets will be loaded. */ function wp_should_load_separate_core_block_assets() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /** * Filters whether block styles should be loaded separately. * * Returning false loads all core block assets, regardless of whether they are rendered * in a page or not. Returning true loads core block assets only when they are rendered. * * @since 5.8.0 * * @param bool $load_separate_assets Whether separate assets will be loaded. * Default false (all block assets are loaded, even when not used). */ return apply_filters( 'should_load_separate_core_block_assets', false ); } /** * Checks whether block styles should be loaded only on-render. * * When this function returns true, other functions ensure that blocks only load their assets on-render. * When this function returns false, all block assets are loaded regardless of whether they are rendered in a page. * * The default return value depends on the result of {@see wp_should_load_separate_core_block_assets()}, which controls * whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' stylesheet. * * This only affects front end and not the block editor screens. * * @since 6.8.0 * @see wp_should_load_separate_core_block_assets() * * @return bool Whether to load block assets only when they are rendered. */ function wp_should_load_block_assets_on_demand() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /* * For backward compatibility, the default return value for this function is based on the return value of * `wp_should_load_separate_core_block_assets()`. Initially, this function used to control both of these concerns. */ $load_assets_on_demand = wp_should_load_separate_core_block_assets(); /** * Filters whether block styles should be loaded on demand. * * Returning false loads all block assets, regardless of whether they are rendered in a page or not. * Returning true loads block assets only when they are rendered. * * The default value of the filter depends on the result of {@see wp_should_load_separate_core_block_assets()}, * which controls whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' * stylesheet. * * @since 6.8.0 * * @param bool $load_assets_on_demand Whether to load block assets only when they are rendered. */ return apply_filters( 'should_load_block_assets_on_demand', $load_assets_on_demand ); } /** * Enqueues registered block scripts and styles, depending on current rendered * context (only enqueuing editor scripts while in context of the editor). * * @since 5.0.0 */ function wp_enqueue_registered_block_scripts_and_styles() { if ( wp_should_load_block_assets_on_demand() ) { return; } $load_editor_scripts_and_styles = is_admin() && wp_should_load_block_editor_scripts_and_styles(); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Block styles are only enqueued if they're registered. For core blocks, this is only the case if * `wp_should_load_separate_core_block_assets()` returns true. Otherwise they use the single combined * 'wp-block-library` stylesheet. See also `register_core_block_style_handles()`. * Since `wp_enqueue_style()` does not trigger warnings if the style is not registered, it is okay to not cater for * this behavior here and simply call `wp_enqueue_style()` unconditionally. */ foreach ( $block_registry->get_all_registered() as $block_name => $block_type ) { // Front-end and editor styles. foreach ( $block_type->style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } // Front-end and editor scripts. foreach ( $block_type->script_handles as $script_handle ) { wp_enqueue_script( $script_handle ); } if ( $load_editor_scripts_and_styles ) { // Editor styles. foreach ( $block_type->editor_style_handles as $editor_style_handle ) { wp_enqueue_style( $editor_style_handle ); } // Editor scripts. foreach ( $block_type->editor_script_handles as $editor_script_handle ) { wp_enqueue_script( $editor_script_handle ); } } } } /** * Function responsible for enqueuing the styles required for block styles functionality on the editor and on the frontend. * * @since 5.3.0 * * @global WP_Styles $wp_styles */ function enqueue_block_styles_assets() { global $wp_styles; $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { if ( isset( $style_properties['style_handle'] ) ) { // If the site loads block styles on demand, enqueue the stylesheet on render. if ( wp_should_load_block_assets_on_demand() ) { add_filter( 'render_block', static function ( $html, $block ) use ( $block_name, $style_properties ) { if ( $block['blockName'] === $block_name ) { wp_enqueue_style( $style_properties['style_handle'] ); } return $html; }, 10, 2 ); } else { wp_enqueue_style( $style_properties['style_handle'] ); } } if ( isset( $style_properties['inline_style'] ) ) { // Default to "wp-block-library". $handle = 'wp-block-library'; // If the site loads block styles on demand, check if the block has a stylesheet registered. if ( wp_should_load_block_assets_on_demand() ) { $block_stylesheet_handle = generate_block_asset_handle( $block_name, 'style' ); if ( isset( $wp_styles->registered[ $block_stylesheet_handle ] ) ) { $handle = $block_stylesheet_handle; } } // Add inline styles to the calculated handle. wp_add_inline_style( $handle, $style_properties['inline_style'] ); } } } } /** * Function responsible for enqueuing the assets required for block styles functionality on the editor. * * @since 5.3.0 */ function enqueue_editor_block_styles_assets() { $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); $register_script_lines = array( '( function() {' ); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { $block_style = array( 'name' => $style_properties['name'], 'label' => $style_properties['label'], ); if ( isset( $style_properties['is_default'] ) ) { $block_style['isDefault'] = $style_properties['is_default']; } $register_script_lines[] = sprintf( ' wp.blocks.registerBlockStyle( \'%s\', %s );', $block_name, wp_json_encode( $block_style, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); } } $register_script_lines[] = '} )();'; $inline_script = implode( "\n", $register_script_lines ); wp_register_script( 'wp-block-styles', false, array( 'wp-blocks' ), true, array( 'in_footer' => true ) ); wp_add_inline_script( 'wp-block-styles', $inline_script ); wp_enqueue_script( 'wp-block-styles' ); } /** * Enqueues the assets required for the block directory within the block editor. * * @since 5.5.0 */ function wp_enqueue_editor_block_directory_assets() { wp_enqueue_script( 'wp-block-directory' ); wp_enqueue_style( 'wp-block-directory' ); } /** * Enqueues the assets required for the format library within the block editor. * * @since 5.8.0 */ function wp_enqueue_editor_format_library_assets() { wp_enqueue_script( 'wp-format-library' ); wp_enqueue_style( 'wp-format-library' ); } /** * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag. * * Automatically injects type attribute if needed. * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String made of sanitized `<script>` tag attributes. */ function wp_sanitize_script_attributes( $attributes ) { $html5_script_support = is_admin() || current_theme_supports( 'html5', 'script' ); $attributes_string = ''; /* * If HTML5 script tag is supported, only the attribute name is added * to $attributes_string for entries with a boolean value, and that are true. */ foreach ( $attributes as $attribute_name => $attribute_value ) { if ( is_bool( $attribute_value ) ) { if ( $attribute_value ) { $attributes_string .= $html5_script_support ? ' ' . esc_attr( $attribute_name ) : sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ); } } else { $attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) ); } } return $attributes_string; } /** * Formats `<script>` loader tags. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String containing `<script>` opening and closing tags. */ function wp_get_script_tag( $attributes ) { if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. */ $attributes = apply_filters( 'wp_script_attributes', $attributes ); return sprintf( "<script%s></script>\n", wp_sanitize_script_attributes( $attributes ) ); } /** * Prints formatted `<script>` loader tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. */ function wp_print_script_tag( $attributes ) { echo wp_get_script_tag( $attributes ); } /** * Constructs an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. * @return string String containing inline JavaScript code wrapped around `<script>` tag. */ function wp_get_inline_script_tag( $data, $attributes = array() ) { $is_html5 = current_theme_supports( 'html5', 'script' ) || is_admin(); if ( ! isset( $attributes['type'] ) && ! $is_html5 ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /* * XHTML extracts the contents of the SCRIPT element and then the XML parser * decodes character references and other syntax elements. This can lead to * misinterpretation of the script contents or invalid XHTML documents. * * Wrapping the contents in a CDATA section instructs the XML parser not to * transform the contents of the SCRIPT element before passing them to the * JavaScript engine. * * Example: * * <script>console.log('…');</script> * * In an HTML document this would print "…" to the console, * but in an XHTML document it would print "…" to the console. * * <script>console.log('An image is <img> in HTML');</script> * * In an HTML document this would print "An image is <img> in HTML", * but it's an invalid XHTML document because it interprets the `<img>` * as an empty tag missing its closing `/`. * * @see https://www.w3.org/TR/xhtml1/#h-4.8 */ if ( ! $is_html5 && ( ! isset( $attributes['type'] ) || 'module' === $attributes['type'] || str_contains( $attributes['type'], 'javascript' ) || str_contains( $attributes['type'], 'ecmascript' ) || str_contains( $attributes['type'], 'jscript' ) || str_contains( $attributes['type'], 'livescript' ) ) ) { /* * If the string `]]>` exists within the JavaScript it would break * out of any wrapping CDATA section added here, so to start, it's * necessary to escape that sequence which requires splitting the * content into two CDATA sections wherever it's found. * * Note: it's only necessary to escape the closing `]]>` because * an additional `<![CDATA[` leaves the contents unchanged. */ $data = str_replace( ']]>', ']]]]><![CDATA[>', $data ); // Wrap the entire escaped script inside a CDATA section. $data = sprintf( "/* <![CDATA[ */\n%s\n/* ]]> */", $data ); } $data = "\n" . trim( $data, "\n\r " ) . "\n"; /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. * @param string $data Inline data. */ $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $data ); } /** * Prints an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. */ function wp_print_inline_script_tag( $data, $attributes = array() ) { echo wp_get_inline_script_tag( $data, $attributes ); } /** * Allows small styles to be inlined. * * This improves performance and sustainability, and is opt-in. Stylesheets can opt in * by adding `path` data using `wp_style_add_data`, and defining the file's absolute path: * * wp_style_add_data( $style_handle, 'path', $file_path ); * * @since 5.8.0 * * @global WP_Styles $wp_styles */ function wp_maybe_inline_styles() { global $wp_styles; $total_inline_limit = 40000; /** * The maximum size of inlined styles in bytes. * * @since 5.8.0 * @since 6.9.0 The default limit increased from 20K to 40K. * * @param int $total_inline_limit The file-size threshold, in bytes. Default 40000. */ $total_inline_limit = apply_filters( 'styles_inline_size_limit', $total_inline_limit ); $styles = array(); // Build an array of styles that have a path defined. foreach ( $wp_styles->queue as $handle ) { if ( ! isset( $wp_styles->registered[ $handle ] ) ) { continue; } $src = $wp_styles->registered[ $handle ]->src; $path = $wp_styles->get_data( $handle, 'path' ); if ( $path && $src ) { $size = wp_filesize( $path ); if ( ! $size ) { continue; } $styles[] = array( 'handle' => $handle, 'src' => $src, 'path' => $path, 'size' => $size, ); } } if ( ! empty( $styles ) ) { // Reorder styles array based on size. usort( $styles, static function ( $a, $b ) { return ( $a['size'] <= $b['size'] ) ? -1 : 1; } ); /* * The total inlined size. * * On each iteration of the loop, if a style gets added inline the value of this var increases * to reflect the total size of inlined styles. */ $total_inline_size = 0; // Loop styles. foreach ( $styles as $style ) { // Size check. Since styles are ordered by size, we can break the loop. if ( $total_inline_size + $style['size'] > $total_inline_limit ) { break; } // Get the styles if we don't already have them. $style['css'] = file_get_contents( $style['path'] ); /* * Check if the style contains relative URLs that need to be modified. * URLs relative to the stylesheet's path should be converted to relative to the site's root. */ $style['css'] = _wp_normalize_relative_css_links( $style['css'], $style['src'] ); // Keep track of the original `src` for the style that was inlined so that the `sourceURL` comment can be added. $wp_styles->add_data( $style['handle'], 'inlined_src', $style['src'] ); // Set `src` to `false` and add styles inline. $wp_styles->registered[ $style['handle'] ]->src = false; if ( empty( $wp_styles->registered[ $style['handle'] ]->extra['after'] ) ) { $wp_styles->registered[ $style['handle'] ]->extra['after'] = array(); } array_unshift( $wp_styles->registered[ $style['handle'] ]->extra['after'], $style['css'] ); // Add the styles size to the $total_inline_size var. $total_inline_size += (int) $style['size']; } } } /** * Makes URLs relative to the WordPress installation. * * @since 5.9.0 * @access private * * @param string $css The CSS to make URLs relative to the WordPress installation. * @param string $stylesheet_url The URL to the stylesheet. * * @return string The CSS with URLs made relative to the WordPress installation. */ function _wp_normalize_relative_css_links( $css, $stylesheet_url ) { return preg_replace_callback( '#(url\s*\(\s*[\'"]?\s*)([^\'"\)]+)#', static function ( $matches ) use ( $stylesheet_url ) { list( , $prefix, $url ) = $matches; // Short-circuit if the URL does not require normalization. if ( str_starts_with( $url, 'http:' ) || str_starts_with( $url, 'https:' ) || str_starts_with( $url, '/' ) || str_starts_with( $url, '#' ) || str_starts_with( $url, 'data:' ) ) { return $matches[0]; } // Build the absolute URL. $absolute_url = dirname( $stylesheet_url ) . '/' . $url; $absolute_url = str_replace( '/./', '/', $absolute_url ); // Convert to URL related to the site root. $url = wp_make_link_relative( $absolute_url ); return $prefix . $url; }, $css ); } /** * Function that enqueues the CSS Custom Properties coming from theme.json. * * @since 5.9.0 */ function wp_enqueue_global_styles_css_custom_properties() { wp_register_style( 'global-styles-css-custom-properties', false ); wp_add_inline_style( 'global-styles-css-custom-properties', wp_get_global_stylesheet( array( 'variables' ) ) ); wp_enqueue_style( 'global-styles-css-custom-properties' ); } /** * Hooks inline styles in the proper place, depending on the active theme. * * @since 5.9.1 * @since 6.1.0 Added the `$priority` parameter. * * For block themes, styles are loaded in the head. * For classic ones, styles are loaded in the body because the wp_head action happens before render_block. * * @link https://core.trac.wordpress.org/ticket/53494. * * @param string $style String containing the CSS styles to be added. * @param int $priority To set the priority for the add_action. */ function wp_enqueue_block_support_styles( $style, $priority = 10 ) { $action_hook_name = 'wp_footer'; if ( wp_is_block_theme() ) { $action_hook_name = 'wp_head'; } add_action( $action_hook_name, static function () use ( $style ) { echo "<style>$style</style>\n"; }, $priority ); } /** * Fetches, processes and compiles stored core styles, then combines and renders them to the page. * Styles are stored via the style engine API. * * @link https://developer.wordpress.org/block-editor/reference-guides/packages/packages-style-engine/ * * @since 6.1.0 * * @param array $options { * Optional. An array of options to pass to wp_style_engine_get_stylesheet_from_context(). * Default empty array. * * @type bool $optimize Whether to optimize the CSS output, e.g., combine rules. * Default false. * @type bool $prettify Whether to add new lines and indents to output. * Default to whether the `SCRIPT_DEBUG` constant is defined. * } */ function wp_enqueue_stored_styles( $options = array() ) { // Note: Styles printed at wp_footer for classic themes may still end up in the head due to wp_load_classic_theme_block_styles_on_demand(). $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * For block themes, this function prints stored styles in the header. * For classic themes, in the footer. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) ) ) { return; } $core_styles_keys = array( 'block-supports' ); $compiled_core_stylesheet = ''; $style_tag_id = 'core'; // Adds comment if code is prettified to identify core styles sections in debugging. $should_prettify = isset( $options['prettify'] ) ? true === $options['prettify'] : defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG; foreach ( $core_styles_keys as $style_key ) { if ( $should_prettify ) { $compiled_core_stylesheet .= "/**\n * Core styles: $style_key\n */\n"; } // Chains core store ids to signify what the styles contain. $style_tag_id .= '-' . $style_key; $compiled_core_stylesheet .= wp_style_engine_get_stylesheet_from_context( $style_key, $options ); } // Combines Core styles. if ( ! empty( $compiled_core_stylesheet ) ) { wp_register_style( $style_tag_id, false ); wp_add_inline_style( $style_tag_id, $compiled_core_stylesheet ); wp_enqueue_style( $style_tag_id ); } // Prints out any other stores registered by themes or otherwise. $additional_stores = WP_Style_Engine_CSS_Rules_Store::get_stores(); foreach ( array_keys( $additional_stores ) as $store_name ) { if ( in_array( $store_name, $core_styles_keys, true ) ) { continue; } $styles = wp_style_engine_get_stylesheet_from_context( $store_name, $options ); if ( ! empty( $styles ) ) { $key = "wp-style-engine-$store_name"; wp_register_style( $key, false ); wp_add_inline_style( $key, $styles ); wp_enqueue_style( $key ); } } } /** * Enqueues a stylesheet for a specific block. * * If the theme has opted-in to load block styles on demand, * then the stylesheet will be enqueued on-render, * otherwise when the block inits. * * @since 5.9.0 * * @param string $block_name The block-name, including namespace. * @param array $args { * An array of arguments. See wp_register_style() for full information about each argument. * * @type string $handle The handle for the stylesheet. * @type string|false $src The source URL of the stylesheet. * @type string[] $deps Array of registered stylesheet handles this stylesheet depends on. * @type string|bool|null $ver Stylesheet version number. * @type string $media The media for which this stylesheet has been defined. * @type string|null $path Absolute path to the stylesheet, so that it can potentially be inlined. * } */ function wp_enqueue_block_style( $block_name, $args ) { $args = wp_parse_args( $args, array( 'handle' => '', 'src' => '', 'deps' => array(), 'ver' => false, 'media' => 'all', ) ); /** * Callback function to register and enqueue styles. * * @param string $content When the callback is used for the render_block filter, * the content needs to be returned so the function parameter * is to ensure the content exists. * @return string Block content. */ $callback = static function ( $content ) use ( $args ) { // Register the stylesheet. if ( ! empty( $args['src'] ) ) { wp_register_style( $args['handle'], $args['src'], $args['deps'], $args['ver'], $args['media'] ); } // Add `path` data if provided. if ( isset( $args['path'] ) ) { wp_style_add_data( $args['handle'], 'path', $args['path'] ); // Get the RTL file path. $rtl_file_path = str_replace( '.css', '-rtl.css', $args['path'] ); // Add RTL stylesheet. if ( file_exists( $rtl_file_path ) ) { wp_style_add_data( $args['handle'], 'rtl', 'replace' ); if ( is_rtl() ) { wp_style_add_data( $args['handle'], 'path', $rtl_file_path ); } } } // Enqueue the stylesheet. wp_enqueue_style( $args['handle'] ); return $content; }; $hook = did_action( 'wp_enqueue_scripts' ) ? 'wp_footer' : 'wp_enqueue_scripts'; if ( wp_should_load_block_assets_on_demand() ) { /** * Callback function to register and enqueue styles. * * @param string $content The block content. * @param array $block The full block, including name and attributes. * @return string Block content. */ $callback_separate = static function ( $content, $block ) use ( $block_name, $callback ) { if ( ! empty( $block['blockName'] ) && $block_name === $block['blockName'] ) { return $callback( $content ); } return $content; }; /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( 'render_block', $callback_separate, 10, 2 ); return; } /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( $hook, $callback ); // Enqueue assets in the editor. add_action( 'enqueue_block_assets', $callback ); } /** * Loads classic theme styles on classic themes in the frontend. * * This is used for backwards compatibility for Button and File blocks specifically. * * @since 6.1.0 * @since 6.2.0 Added File block styles. * @since 6.8.0 Moved stylesheet registration outside of this function. */ function wp_enqueue_classic_theme_styles() { if ( ! wp_theme_has_theme_json() ) { wp_enqueue_style( 'classic-theme-styles' ); } } /** * Enqueues the assets required for the Command Palette. * * @since 6.9.0 * * @global array $menu * @global array $submenu */ function wp_enqueue_command_palette_assets() { global $menu, $submenu; $command_palette_settings = array( 'is_network_admin' => is_network_admin(), ); if ( $menu ) { $menu_commands = array(); foreach ( $menu as $menu_item ) { if ( empty( $menu_item[0] ) || ! empty( $menu_item[1] ) && ! current_user_can( $menu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $menu_label = $menu_item[0]; while ( preg_match( '/<[^>]*>/', $menu_label ) ) { $menu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $menu_label ); } $menu_label = trim( $menu_label ); $menu_url = ''; $menu_slug = $menu_item[2]; if ( preg_match( '/\.php($|\?)/', $menu_slug ) || wp_http_validate_url( $menu_slug ) ) { $menu_url = $menu_slug; } elseif ( ! empty( menu_page_url( $menu_slug, false ) ) ) { $menu_url = html_entity_decode( menu_page_url( $menu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $menu_url ) { $menu_commands[] = array( 'label' => $menu_label, 'url' => $menu_url, 'name' => $menu_slug, ); } if ( array_key_exists( $menu_slug, $submenu ) ) { foreach ( $submenu[ $menu_slug ] as $submenu_item ) { if ( empty( $submenu_item[0] ) || ! empty( $submenu_item[1] ) && ! current_user_can( $submenu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $submenu_label = $submenu_item[0]; while ( preg_match( '/<[^>]*>/', $submenu_label ) ) { $submenu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $submenu_label ); } $submenu_label = trim( $submenu_label ); $submenu_url = ''; $submenu_slug = $submenu_item[2]; if ( preg_match( '/\.php($|\?)/', $submenu_slug ) || wp_http_validate_url( $submenu_slug ) ) { $submenu_url = $submenu_slug; } elseif ( ! empty( menu_page_url( $submenu_slug, false ) ) ) { $submenu_url = html_entity_decode( menu_page_url( $submenu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $submenu_url ) { $menu_commands[] = array( 'label' => sprintf( /* translators: 1: Menu label, 2: Submenu label. */ __( '%1$s > %2$s' ), $menu_label, $submenu_label ), 'url' => $submenu_url, 'name' => $menu_slug . '-' . $submenu_item[2], ); } } } } $command_palette_settings['menu_commands'] = $menu_commands; } wp_enqueue_script( 'wp-commands' ); wp_enqueue_style( 'wp-commands' ); wp_enqueue_script( 'wp-core-commands' ); wp_add_inline_script( 'wp-core-commands', sprintf( 'wp.coreCommands.initializeCommandPalette( %s );', wp_json_encode( $command_palette_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); } /** * Removes leading and trailing _empty_ script tags. * * This is a helper meant to be used for literal script tag construction * within `wp_get_inline_script_tag()` or `wp_print_inline_script_tag()`. * It removes the literal values of "<script>" and "</script>" from * around an inline script after trimming whitespace. Typically this * is used in conjunction with output buffering, where `ob_get_clean()` * is passed as the `$contents` argument. * * Example: * * // Strips exact literal empty SCRIPT tags. * $js = '<script>sayHello();</script>; * 'sayHello();' === wp_remove_surrounding_empty_script_tags( $js ); * * // Otherwise if anything is different it warns in the JS console. * $js = '<script type="text/javascript">console.log( "hi" );</script>'; * 'console.error( ... )' === wp_remove_surrounding_empty_script_tags( $js ); * * @since 6.4.0 * @access private * * @see wp_print_inline_script_tag() * @see wp_get_inline_script_tag() * * @param string $contents Script body with manually created SCRIPT tag literals. * @return string Script body without surrounding script tag literals, or * original contents if both exact literals aren't present. */ function wp_remove_surrounding_empty_script_tags( $contents ) { $contents = trim( $contents ); $opener = '<SCRIPT>'; $closer = '</SCRIPT>'; if ( strlen( $contents ) > strlen( $opener ) + strlen( $closer ) && strtoupper( substr( $contents, 0, strlen( $opener ) ) ) === $opener && strtoupper( substr( $contents, -strlen( $closer ) ) ) === $closer ) { return substr( $contents, strlen( $opener ), -strlen( $closer ) ); } else { $error_message = __( 'Expected string to start with script tag (without attributes) and end with script tag, with optional whitespace.' ); _doing_it_wrong( __FUNCTION__, $error_message, '6.4' ); return sprintf( 'console.error(%s)', wp_json_encode( sprintf( /* translators: %s: wp_remove_surrounding_empty_script_tags() */ __( 'Function %s used incorrectly in PHP.' ), 'wp_remove_surrounding_empty_script_tags()' ) . ' ' . $error_message ) ); } } /** * Adds hooks to load block styles on demand in classic themes. * * @since 6.9.0 * * @see _add_default_theme_supports() */ function wp_load_classic_theme_block_styles_on_demand() { // This is not relevant to block themes, as they are opted in to loading separate styles on demand via _add_default_theme_supports(). if ( wp_is_block_theme() ) { return; } /* * Make sure that wp_should_output_buffer_template_for_enhancement() returns true even if there aren't any * `wp_template_enhancement_output_buffer` filters added, but do so at priority zero so that applications which * wish to stream responses can more easily turn this off. */ add_filter( 'wp_should_output_buffer_template_for_enhancement', '__return_true', 0 ); // If a site has opted out of the template enhancement output buffer, then bail. if ( ! wp_should_output_buffer_template_for_enhancement() ) { return; } // The following two filters are added by default for block themes in _add_default_theme_supports(). /* * Load separate block styles so that the large block-library stylesheet is not enqueued unconditionally, and so * that block-specific styles will only be enqueued when they are used on the page. A priority of zero allows for * this to be easily overridden by themes which wish to opt out. If a site has explicitly opted out of loading * separate block styles, then abort. */ add_filter( 'should_load_separate_core_block_assets', '__return_true', 0 ); if ( ! wp_should_load_separate_core_block_assets() ) { return; } /* * Also ensure that block assets are loaded on demand (although the default value is from should_load_separate_core_block_assets). * As above, a priority of zero allows for this to be easily overridden by themes which wish to opt out. If a site * has explicitly opted out of loading block styles on demand, then abort. */ add_filter( 'should_load_block_assets_on_demand', '__return_true', 0 ); if ( ! wp_should_load_block_assets_on_demand() ) { return; } // Add hooks which require the presence of the output buffer. Ideally the above two filters could be added here, but they run too early. add_action( 'wp_template_enhancement_output_buffer_started', 'wp_hoist_late_printed_styles' ); } /** * Adds the hooks needed for CSS output to be delayed until after the content of the page has been established. * * @since 6.9.0 * * @see wp_load_classic_theme_block_styles_on_demand() * @see _wp_footer_scripts() */ function wp_hoist_late_printed_styles() { // Skip the embed template on-demand styles aren't relevant, and there is no wp_head action. if ( is_embed() ) { return; } // Capture the styles enqueued at the enqueue_block_assets action, so that non-core block styles and global styles can be inserted afterwards during hoisting. $style_handles_at_enqueue_block_assets = array(); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = wp_styles()->queue; }, PHP_INT_MIN ); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = array_values( array_diff( wp_styles()->queue, $style_handles_at_enqueue_block_assets ) ); }, PHP_INT_MAX ); /* * Add a placeholder comment into the inline styles for wp-block-library, after which the late block styles * can be hoisted from the footer to be printed in the header by means of a filter below on the template enhancement * output buffer. The `wp_print_styles` action is used to ensure that if the inline style gets replaced at * `enqueue_block_assets` or `wp_enqueue_scripts` that the placeholder will be sure to be present. */ $placeholder = sprintf( '/*%s*/', uniqid( 'wp_block_styles_on_demand_placeholder:' ) ); add_action( 'wp_print_styles', static function () use ( $placeholder ) { wp_add_inline_style( 'wp-block-library', $placeholder ); } ); /* * Create a substitute for `print_late_styles()` which is aware of block styles. This substitute does not print * the styles, but it captures what would be printed for block styles and non-block styles so that they can be * later hoisted to the HEAD in the template enhancement output buffer. This will run at `wp_print_footer_scripts` * before `print_footer_scripts()` is called. */ $printed_core_block_styles = ''; $printed_other_block_styles = ''; $printed_global_styles = ''; $printed_late_styles = ''; $capture_late_styles = static function () use ( &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Gather the styles related to on-demand block enqueues. $all_core_block_style_handles = array(); $all_other_block_style_handles = array(); foreach ( WP_Block_Type_Registry::get_instance()->get_all_registered() as $block_type ) { if ( str_starts_with( $block_type->name, 'core/' ) ) { foreach ( $block_type->style_handles as $style_handle ) { $all_core_block_style_handles[] = $style_handle; } } else { foreach ( $block_type->style_handles as $style_handle ) { $all_other_block_style_handles[] = $style_handle; } } } /* * First print all styles related to blocks which should be inserted right after the wp-block-library stylesheet * to preserve the CSS cascade. The logic in this `if` statement is derived from `wp_print_styles()`. */ $enqueued_core_block_styles = array_values( array_intersect( $all_core_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_core_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_core_block_styles ); $printed_core_block_styles = ob_get_clean(); } // Non-core block styles get printed after the classic-theme-styles stylesheet. $enqueued_other_block_styles = array_values( array_intersect( $all_other_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_other_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_other_block_styles ); $printed_other_block_styles = ob_get_clean(); } // Capture the global-styles so that it can be printed separately after classic-theme-styles and other styles enqueued at enqueue_block_assets. if ( wp_style_is( 'global-styles' ) ) { ob_start(); wp_styles()->do_items( array( 'global-styles' ) ); $printed_global_styles = ob_get_clean(); } /* * Print all remaining styles not related to blocks. This contains a subset of the logic from * `print_late_styles()`, without admin-specific logic and the `print_late_styles` filter to control whether * late styles are printed (since they are being hoisted anyway). */ ob_start(); wp_styles()->do_footer_items(); $printed_late_styles = ob_get_clean(); }; /* * If `_wp_footer_scripts()` was unhooked from the `wp_print_footer_scripts` action, or if `wp_print_footer_scripts()` * was unhooked from running at the `wp_footer` action, then only add a callback to `wp_footer` which will capture the * late-printed styles. * * Otherwise, in the normal case where `_wp_footer_scripts()` will run at the `wp_print_footer_scripts` action, then * swap out `_wp_footer_scripts()` with an alternative which captures the printed styles (for hoisting to HEAD) before * proceeding with printing the footer scripts. */ $wp_print_footer_scripts_priority = has_action( 'wp_print_footer_scripts', '_wp_footer_scripts' ); if ( false === $wp_print_footer_scripts_priority || false === has_action( 'wp_footer', 'wp_print_footer_scripts' ) ) { // The normal priority for wp_print_footer_scripts() is to run at 20. add_action( 'wp_footer', $capture_late_styles, 20 ); } else { remove_action( 'wp_print_footer_scripts', '_wp_footer_scripts', $wp_print_footer_scripts_priority ); add_action( 'wp_print_footer_scripts', static function () use ( $capture_late_styles ) { $capture_late_styles(); print_footer_scripts(); }, $wp_print_footer_scripts_priority ); } // Replace placeholder with the captured late styles. add_filter( 'wp_template_enhancement_output_buffer', static function ( $buffer ) use ( $placeholder, &$style_handles_at_enqueue_block_assets, &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Anonymous subclass of WP_HTML_Tag_Processor which exposes underlying bookmark spans. $processor = new class( $buffer ) extends WP_HTML_Tag_Processor { /** * Gets the span for the current token. * * @return WP_HTML_Span Current token span. */ private function get_span(): WP_HTML_Span { // Note: This call will never fail according to the usage of this class, given it is always called after ::next_tag() is true. $this->set_bookmark( 'here' ); return $this->bookmarks['here']; } /** * Inserts text before the current token. * * @param string $text Text to insert. */ public function insert_before( string $text ) { $this->lexical_updates[] = new WP_HTML_Text_Replacement( $this->get_span()->start, 0, $text ); } /** * Inserts text after the current token. * * @param string $text Text to insert. */ public function insert_after( string $text ) { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start + $span->length, 0, $text ); } /** * Removes the current token. */ public function remove() { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start, $span->length, '' ); } }; // Locate the insertion points in the HEAD. while ( $processor->next_tag( array( 'tag_closers' => 'visit' ) ) ) { if ( 'STYLE' === $processor->get_tag() && 'wp-block-library-inline-css' === $processor->get_attribute( 'id' ) ) { $processor->set_bookmark( 'wp_block_library' ); } elseif ( 'HEAD' === $processor->get_tag() && $processor->is_tag_closer() ) { $processor->set_bookmark( 'head_end' ); break; } elseif ( ( 'STYLE' === $processor->get_tag() || 'LINK' === $processor->get_tag() ) && $processor->get_attribute( 'id' ) ) { $id = $processor->get_attribute( 'id' ); $handle = null; if ( 'STYLE' === $processor->get_tag() ) { if ( preg_match( '/^(.+)-inline-css$/', $id, $matches ) ) { $handle = $matches[1]; } } elseif ( preg_match( '/^(.+)-css$/', $id, $matches ) ) { $handle = $matches[1]; } if ( 'classic-theme-styles' === $handle ) { $processor->set_bookmark( 'classic_theme_styles' ); } if ( $handle && in_array( $handle, $style_handles_at_enqueue_block_assets, true ) ) { if ( ! $processor->has_bookmark( 'first_style_at_enqueue_block_assets' ) ) { $processor->set_bookmark( 'first_style_at_enqueue_block_assets' ); } $processor->set_bookmark( 'last_style_at_enqueue_block_assets' ); } } } /* * Insert block styles right after wp-block-library (if it is present). The placeholder CSS comment will * always be added to the wp-block-library inline style since it gets printed at `wp_head` before the blocks * are rendered. This means that there may not actually be any block styles to hoist from the footer to * insert after this inline style. The placeholder CSS comment needs to be added so that the inline style * gets printed, but if the resulting inline style is empty after the placeholder is removed, then the * inline style is removed. */ if ( $processor->has_bookmark( 'wp_block_library' ) ) { $processor->seek( 'wp_block_library' ); $css_text = $processor->get_modifiable_text(); /* * A placeholder CSS comment is added to the inline style in order to force an inline STYLE tag to * be printed. Now that we've located the inline style, the placeholder comment can be removed. If * there is no CSS left in the STYLE tag after removing the placeholder (aside from the sourceURL * comment), then remove the STYLE entirely. */ $css_text = str_replace( $placeholder, '', $css_text ); if ( preg_match( ':^/\*# sourceURL=\S+? \*/$:', trim( $css_text ) ) ) { $processor->remove(); } else { $processor->set_modifiable_text( $css_text ); } $inserted_after = $printed_core_block_styles; $printed_core_block_styles = ''; // If the classic-theme-styles is absent, then the third-party block styles cannot be inserted after it, so they get inserted here. if ( ! $processor->has_bookmark( 'classic_theme_styles' ) ) { if ( '' !== $printed_other_block_styles ) { $inserted_after .= $printed_other_block_styles; } $printed_other_block_styles = ''; // If there aren't any other styles printed at enqueue_block_assets either, then the global styles need to also be printed here. if ( ! $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { if ( '' !== $printed_global_styles ) { $inserted_after .= $printed_global_styles; } $printed_global_styles = ''; } } if ( '' !== $inserted_after ) { $processor->insert_after( "\n" . $inserted_after ); } } // Insert global-styles after the styles enqueued at enqueue_block_assets. if ( '' !== $printed_global_styles && $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { $processor->seek( 'last_style_at_enqueue_block_assets' ); $processor->insert_after( "\n" . $printed_global_styles ); $printed_global_styles = ''; if ( ! $processor->has_bookmark( 'classic_theme_styles' ) && '' !== $printed_other_block_styles ) { $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } } // Insert third-party block styles right after the classic-theme-styles. if ( '' !== $printed_other_block_styles && $processor->has_bookmark( 'classic_theme_styles' ) ) { $processor->seek( 'classic_theme_styles' ); $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } // Print all remaining styles. $remaining_styles = $printed_core_block_styles . $printed_other_block_styles . $printed_global_styles . $printed_late_styles; if ( $remaining_styles && $processor->has_bookmark( 'head_end' ) ) { $processor->seek( 'head_end' ); $processor->insert_before( $remaining_styles . "\n" ); } return $processor->get_updated_html(); } ); } /** * Return the corresponding JavaScript `dataset` name for an attribute * if it represents a custom data attribute, or `null` if not. * * Custom data attributes appear in an element's `dataset` property in a * browser, but there's a specific way the names are translated from HTML * into JavaScript. This function indicates how the name would appear in * JavaScript if a browser would recognize it as a custom data attribute. * * Example: * * // Dash-letter pairs turn into capital letters. * 'postId' === wp_js_dataset_name( 'data-post-id' ); * 'Before' === wp_js_dataset_name( 'data--before' ); * '-One--Two---' === wp_js_dataset_name( 'data---one---two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_js_dataset_name( 'post-id' ); * null === wp_js_dataset_name( 'data' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * '' === wp_js_dataset_name( 'data-' ); * 0 === strlen( wp_js_dataset_name( 'data-' ) ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_html_custom_data_attribute_name() * * @param string $html_attribute_name Raw attribute name as found in the source HTML. * @return string|null Transformed `dataset` name, if interpretable as a custom data attribute, else `null`. */ function wp_js_dataset_name( string $html_attribute_name ): ?string { if ( 0 !== substr_compare( $html_attribute_name, 'data-', 0, 5, true ) ) { return null; } $end = strlen( $html_attribute_name ); /* * If it contains characters which would end the attribute name parsing then * something else is wrong and this contains more than just an attribute name. */ if ( ( $end - 5 ) !== strcspn( $html_attribute_name, "=/> \t\f\r\n", 5 ) ) { return null; } /** * > For each name in list, for each U+002D HYPHEN-MINUS character (-) * > in the name that is followed by an ASCII lower alpha, remove the * > U+002D HYPHEN-MINUS character (-) and replace the character that * > followed it by the same character converted to ASCII uppercase. * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs */ $custom_name = ''; $at = 5; $was_at = $at; while ( $at < $end ) { $next_dash_at = strpos( $html_attribute_name, '-', $at ); if ( false === $next_dash_at || $next_dash_at === $end - 1 ) { break; } // Transform `-a` to `A`, for example. $c = $html_attribute_name[ $next_dash_at + 1 ]; if ( ( $c >= 'A' && $c <= 'Z' ) || ( $c >= 'a' && $c <= 'z' ) ) { $prefix = substr( $html_attribute_name, $was_at, $next_dash_at - $was_at ); $custom_name .= strtolower( $prefix ); $custom_name .= strtoupper( $c ); $at = $next_dash_at + 2; $was_at = $at; continue; } $at = $next_dash_at + 1; } // If nothing has been added it means there are no dash-letter pairs; return the name as-is. return '' === $custom_name ? strtolower( substr( $html_attribute_name, 5 ) ) : ( $custom_name . strtolower( substr( $html_attribute_name, $was_at ) ) ); } /** * Returns a corresponding HTML attribute name for the given name, * if that name were found in a JS element’s `dataset` property. * * Example: * * 'data-post-id' === wp_html_custom_data_attribute_name( 'postId' ); * 'data--before' === wp_html_custom_data_attribute_name( 'Before' ); * 'data---one---two---' === wp_html_custom_data_attribute_name( '-One--Two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_html_custom_data_attribute_name( '/not-an-attribute/' ); * null === wp_html_custom_data_attribute_name( 'no spaces' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * 'data-' === wp_html_custom_data_attribute_name( '' ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_js_dataset_name() * * @param string $js_dataset_name Name of JS `dataset` property to transform. * @return string|null Corresponding name of an HTML custom data attribute for the given dataset name, * if possible to represent in HTML, otherwise `null`. */ function wp_html_custom_data_attribute_name( string $js_dataset_name ): ?string { $end = strlen( $js_dataset_name ); if ( 0 === $end ) { return 'data-'; } /* * If it contains characters which would end the attribute name parsing then * something it’s not possible to represent this in HTML. */ if ( strcspn( $js_dataset_name, "=/> \t\f\r\n" ) !== $end ) { return null; } $html_name = 'data-'; $at = 0; $was_at = $at; while ( $at < $end ) { $next_upper_after = strcspn( $js_dataset_name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', $at ); $next_upper_at = $at + $next_upper_after; if ( $next_upper_at >= $end ) { break; } $prefix = substr( $js_dataset_name, $was_at, $next_upper_at - $was_at ); $html_name .= strtolower( $prefix ); $html_name .= '-' . strtolower( $js_dataset_name[ $next_upper_at ] ); $at = $next_upper_at + 1; $was_at = $at; } if ( $was_at < $end ) { $html_name .= strtolower( substr( $js_dataset_name, $was_at ) ); } return $html_name; } HTTP/class-wp-customize-setting.php 0000666 00000072412 15226703613 0013277 0 ustar 00 <?php /** * WordPress Customize Setting classes * * @package WordPress * @subpackage Customize * @since 3.4.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } /** * Customize Setting class. * * Handles saving and sanitizing of settings. * * @since 3.4.0 * * @see WP_Customize_Manager * @link https://developer.wordpress.org/themes/customize-api */ #[AllowDynamicProperties] class WP_Customize_Setting { /** * Customizer bootstrap instance. * * @since 3.4.0 * @var WP_Customize_Manager */ public $manager; /** * Unique string identifier for the setting. * * @since 3.4.0 * @var string */ public $id; /** * Type of customize settings. * * @since 3.4.0 * @var string */ public $type = 'theme_mod'; /** * Capability required to edit this setting. * * @since 3.4.0 * @var string|array */ public $capability = 'edit_theme_options'; /** * Theme features required to support the setting. * * @since 3.4.0 * @var string|string[] */ public $theme_supports = ''; /** * The default value for the setting. * * @since 3.4.0 * @var string */ public $default = ''; /** * Options for rendering the live preview of changes in Customizer. * * Set this value to 'postMessage' to enable a custom JavaScript handler to render changes to this setting * as opposed to reloading the whole page. * * @since 3.4.0 * @var string */ public $transport = 'refresh'; /** * Server-side validation callback for the setting's value. * * @since 4.6.0 * @var callable */ public $validate_callback = ''; /** * Callback to filter a Customize setting value in un-slashed form. * * @since 3.4.0 * @var callable */ public $sanitize_callback = ''; /** * Callback to convert a Customize PHP setting value to a value that is JSON serializable. * * @since 3.4.0 * @var callable */ public $sanitize_js_callback = ''; /** * Whether or not the setting is initially dirty when created. * * This is used to ensure that a setting will be sent from the pane to the * preview when loading the Customizer. Normally a setting only is synced to * the preview if it has been changed. This allows the setting to be sent * from the start. * * @since 4.2.0 * @var bool */ public $dirty = false; /** * ID Data. * * @since 3.4.0 * @var array */ protected $id_data = array(); /** * Whether or not preview() was called. * * @since 4.4.0 * @var bool */ protected $is_previewed = false; /** * Cache of multidimensional values to improve performance. * * @since 4.4.0 * @var array */ protected static $aggregated_multidimensionals = array(); /** * Whether the multidimensional setting is aggregated. * * @since 4.4.0 * @var bool */ protected $is_multidimensional_aggregated = false; /** * Constructor. * * Any supplied $args override class property defaults. * * @since 3.4.0 * * @param WP_Customize_Manager $manager Customizer bootstrap instance. * @param string $id A specific ID of the setting. * Can be a theme mod or option name. * @param array $args { * Optional. Array of properties for the new Setting object. Default empty array. * * @type string $type Type of the setting. Default 'theme_mod'. * @type string $capability Capability required for the setting. Default 'edit_theme_options' * @type string|string[] $theme_supports Theme features required to support the panel. Default is none. * @type string $default Default value for the setting. Default is empty string. * @type string $transport Options for rendering the live preview of changes in Customizer. * Using 'refresh' makes the change visible by reloading the whole preview. * Using 'postMessage' allows a custom JavaScript to handle live changes. * Default is 'refresh'. * @type callable $validate_callback Server-side validation callback for the setting's value. * @type callable $sanitize_callback Callback to filter a Customize setting value in un-slashed form. * @type callable $sanitize_js_callback Callback to convert a Customize PHP setting value to a value that is * JSON serializable. * @type bool $dirty Whether or not the setting is initially dirty when created. * } */ public function __construct( $manager, $id, $args = array() ) { $keys = array_keys( get_object_vars( $this ) ); foreach ( $keys as $key ) { if ( isset( $args[ $key ] ) ) { $this->$key = $args[ $key ]; } } $this->manager = $manager; $this->id = $id; // Parse the ID for array keys. $this->id_data['keys'] = preg_split( '/\[/', str_replace( ']', '', $this->id ) ); $this->id_data['base'] = array_shift( $this->id_data['keys'] ); // Rebuild the ID. $this->id = $this->id_data['base']; if ( ! empty( $this->id_data['keys'] ) ) { $this->id .= '[' . implode( '][', $this->id_data['keys'] ) . ']'; } if ( $this->validate_callback ) { add_filter( "customize_validate_{$this->id}", $this->validate_callback, 10, 3 ); } if ( $this->sanitize_callback ) { add_filter( "customize_sanitize_{$this->id}", $this->sanitize_callback, 10, 2 ); } if ( $this->sanitize_js_callback ) { add_filter( "customize_sanitize_js_{$this->id}", $this->sanitize_js_callback, 10, 2 ); } if ( 'option' === $this->type || 'theme_mod' === $this->type ) { // Other setting types can opt-in to aggregate multidimensional explicitly. $this->aggregate_multidimensional(); // Allow option settings to indicate whether they should be autoloaded. if ( 'option' === $this->type && isset( $args['autoload'] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] = $args['autoload']; } } } /** * Get parsed ID data for multidimensional setting. * * @since 4.4.0 * * @return array { * ID data for multidimensional setting. * * @type string $base ID base * @type array $keys Keys for multidimensional array. * } */ final public function id_data() { return $this->id_data; } /** * Set up the setting for aggregated multidimensional values. * * When a multidimensional setting gets aggregated, all of its preview and update * calls get combined into one call, greatly improving performance. * * @since 4.4.0 */ protected function aggregate_multidimensional() { $id_base = $this->id_data['base']; if ( ! isset( self::$aggregated_multidimensionals[ $this->type ] ) ) { self::$aggregated_multidimensionals[ $this->type ] = array(); } if ( ! isset( self::$aggregated_multidimensionals[ $this->type ][ $id_base ] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $id_base ] = array( 'previewed_instances' => array(), // Calling preview() will add the $setting to the array. 'preview_applied_instances' => array(), // Flags for which settings have had their values applied. 'root_value' => $this->get_root_value( array() ), // Root value for initial state, manipulated by preview and update calls. ); } if ( ! empty( $this->id_data['keys'] ) ) { // Note the preview-applied flag is cleared at priority 9 to ensure it is cleared before a deferred-preview runs. add_action( "customize_post_value_set_{$this->id}", array( $this, '_clear_aggregated_multidimensional_preview_applied_flag' ), 9 ); $this->is_multidimensional_aggregated = true; } } /** * Reset `$aggregated_multidimensionals` static variable. * * This is intended only for use by unit tests. * * @since 4.5.0 * @ignore */ public static function reset_aggregated_multidimensionals() { self::$aggregated_multidimensionals = array(); } /** * The ID for the current site when the preview() method was called. * * @since 4.2.0 * @var int */ protected $_previewed_blog_id; /** * Return true if the current site is not the same as the previewed site. * * @since 4.2.0 * * @return bool If preview() has been called. */ public function is_current_blog_previewed() { if ( ! isset( $this->_previewed_blog_id ) ) { return false; } return ( get_current_blog_id() === $this->_previewed_blog_id ); } /** * Original non-previewed value stored by the preview method. * * @see WP_Customize_Setting::preview() * @since 4.1.1 * @var mixed */ protected $_original_value; /** * Add filters to supply the setting's value when accessed. * * If the setting already has a pre-existing value and there is no incoming * post value for the setting, then this method will short-circuit since * there is no change to preview. * * @since 3.4.0 * @since 4.4.0 Added boolean return value. * * @return bool False when preview short-circuits due no change needing to be previewed. */ public function preview() { if ( ! isset( $this->_previewed_blog_id ) ) { $this->_previewed_blog_id = get_current_blog_id(); } // Prevent re-previewing an already-previewed setting. if ( $this->is_previewed ) { return true; } $id_base = $this->id_data['base']; $is_multidimensional = ! empty( $this->id_data['keys'] ); $multidimensional_filter = array( $this, '_multidimensional_preview_filter' ); /* * Check if the setting has a pre-existing value (an isset check), * and if doesn't have any incoming post value. If both checks are true, * then the preview short-circuits because there is nothing that needs * to be previewed. */ $undefined = new stdClass(); $needs_preview = ( $undefined !== $this->post_value( $undefined ) ); $value = null; // Since no post value was defined, check if we have an initial value set. if ( ! $needs_preview ) { if ( $this->is_multidimensional_aggregated ) { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root, $this->id_data['keys'], $undefined ); } else { $default = $this->default; $this->default = $undefined; // Temporarily set default to undefined so we can detect if existing value is set. $value = $this->value(); $this->default = $default; } $needs_preview = ( $undefined === $value ); // Because the default needs to be supplied. } // If the setting does not need previewing now, defer to when it has a value to preview. if ( ! $needs_preview ) { if ( ! has_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ) ) { add_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ); } return false; } switch ( $this->type ) { case 'theme_mod': if ( ! $is_multidimensional ) { add_filter( "theme_mod_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add this filter once for this ID base. add_filter( "theme_mod_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; case 'option': if ( ! $is_multidimensional ) { add_filter( "pre_option_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add these filters once for this ID base. add_filter( "option_{$id_base}", $multidimensional_filter ); add_filter( "default_option_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; default: /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->id}", $this ); /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the setting type. * * @since 4.1.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->type}", $this ); } $this->is_previewed = true; return true; } /** * Clear out the previewed-applied flag for a multidimensional-aggregated value whenever its post value is updated. * * This ensures that the new value will get sanitized and used the next time * that `WP_Customize_Setting::_multidimensional_preview_filter()` * is called for this setting. * * @since 4.4.0 * * @see WP_Customize_Manager::set_post_value() * @see WP_Customize_Setting::_multidimensional_preview_filter() */ final public function _clear_aggregated_multidimensional_preview_applied_flag() { unset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['preview_applied_instances'][ $this->id ] ); } /** * Callback function to filter non-multidimensional theme mods and options. * * If switch_to_blog() was called after the preview() method, and the current * site is now not the same site, then this method does a no-op and returns * the original value. * * @since 3.4.0 * * @param mixed $original Old value. * @return mixed New or old value. */ public function _preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $undefined = new stdClass(); // Symbol hack. $post_value = $this->post_value( $undefined ); if ( $undefined !== $post_value ) { $value = $post_value; } else { /* * Note that we don't use $original here because preview() will * not add the filter in the first place if it has an initial value * and there is no post value. */ $value = $this->default; } return $value; } /** * Callback function to filter multidimensional theme mods and options. * * For all multidimensional settings of a given type, the preview filter for * the first setting previewed will be used to apply the values for the others. * * @since 4.4.0 * * @see WP_Customize_Setting::$aggregated_multidimensionals * @param mixed $original Original root value. * @return mixed New or old value. */ final public function _multidimensional_preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $id_base = $this->id_data['base']; // If no settings have been previewed yet (which should not be the case, since $this is), just pass through the original value. if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { return $original; } foreach ( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] as $previewed_setting ) { // Skip applying previewed value for any settings that have already been applied. if ( ! empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] ) ) { continue; } // Do the replacements of the posted/default sub value into the root value. $value = $previewed_setting->post_value( $previewed_setting->default ); $root = self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value']; $root = $previewed_setting->multidimensional_replace( $root, $previewed_setting->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value'] = $root; // Mark this setting having been applied so that it will be skipped when the filter is called again. self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] = true; } return self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; } /** * Checks user capabilities and theme supports, and then saves * the value of the setting. * * @since 3.4.0 * * @return void|false Void on success, false if cap check fails * or value isn't set or is invalid. */ final public function save() { $value = $this->post_value(); if ( ! $this->check_capabilities() || ! isset( $value ) ) { return false; } $id_base = $this->id_data['base']; /** * Fires when the WP_Customize_Setting::save() method is called. * * The dynamic portion of the hook name, `$id_base` refers to * the base slug of the setting name. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_save_{$id_base}", $this ); $this->update( $value ); } /** * Fetch and sanitize the $_POST value for the setting. * * During a save request prior to save, post_value() provides the new value while value() does not. * * @since 3.4.0 * * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The default value on failure, otherwise the sanitized and validated value. */ final public function post_value( $default_value = null ) { return $this->manager->post_value( $this, $default_value ); } /** * Sanitize an input. * * @since 3.4.0 * * @param string|array $value The value to sanitize. * @return string|array|null|WP_Error Sanitized value, or `null`/`WP_Error` if invalid. */ public function sanitize( $value ) { /** * Filters a Customize setting value in un-slashed form. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ return apply_filters( "customize_sanitize_{$this->id}", $value, $this ); } /** * Validates an input. * * @since 4.6.0 * * @see WP_REST_Request::has_valid_params() * * @param mixed $value Value to validate. * @return true|WP_Error True if the input was validated, otherwise WP_Error. */ public function validate( $value ) { if ( is_wp_error( $value ) ) { return $value; } if ( is_null( $value ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value.' ) ); } $validity = new WP_Error(); /** * Validates a Customize setting value. * * Plugins should amend the `$validity` object via its `WP_Error::add()` method. * * The dynamic portion of the hook name, `$this->ID`, refers to the setting ID. * * @since 4.6.0 * * @param WP_Error $validity Filtered from `true` to `WP_Error` when invalid. * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $validity = apply_filters( "customize_validate_{$this->id}", $validity, $value, $this ); if ( is_wp_error( $validity ) && ! $validity->has_errors() ) { $validity = true; } return $validity; } /** * Get the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $default_value Value to return if root does not exist. * @return mixed */ protected function get_root_value( $default_value = null ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { return get_option( $id_base, $default_value ); } elseif ( 'theme_mod' === $this->type ) { return get_theme_mod( $id_base, $default_value ); } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return $default_value; } } /** * Set the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $value Value to set as root of multidimensional setting. * @return bool Whether the multidimensional root was updated successfully. */ protected function set_root_value( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { $autoload = true; if ( isset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] ) ) { $autoload = self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload']; } return update_option( $id_base, $value, $autoload ); } elseif ( 'theme_mod' === $this->type ) { set_theme_mod( $id_base, $value ); return true; } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return false; } } /** * Save the value of the setting, using the related API. * * @since 3.4.0 * * @param mixed $value The value to update. * @return bool The result of saving the value. */ protected function update( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type || 'theme_mod' === $this->type ) { if ( ! $this->is_multidimensional_aggregated ) { return $this->set_root_value( $value ); } else { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $root = $this->multidimensional_replace( $root, $this->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value'] = $root; return $this->set_root_value( $root ); } } else { /** * Fires when the WP_Customize_Setting::update() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the type of setting. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_update_{$this->type}", $value, $this ); return has_action( "customize_update_{$this->type}" ); } } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_theme_mod() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_option() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Fetch the value of the setting. * * @since 3.4.0 * * @return mixed The value. */ public function value() { $id_base = $this->id_data['base']; $is_core_type = ( 'option' === $this->type || 'theme_mod' === $this->type ); if ( ! $is_core_type && ! $this->is_multidimensional_aggregated ) { // Use post value if previewed and a post value is present. if ( $this->is_previewed ) { $value = $this->post_value( null ); if ( null !== $value ) { return $value; } } $value = $this->get_root_value( $this->default ); /** * Filters a Customize setting value not handled as a theme_mod or option. * * The dynamic portion of the hook name, `$id_base`, refers to * the base slug of the setting name, initialized from `$this->id_data['base']`. * * For settings handled as theme_mods or options, see those corresponding * functions for available hooks. * * @since 3.4.0 * @since 4.6.0 Added the `$this` setting instance as the second parameter. * * @param mixed $default_value The setting default value. Default empty. * @param WP_Customize_Setting $setting The setting instance. */ $value = apply_filters( "customize_value_{$id_base}", $value, $this ); } elseif ( $this->is_multidimensional_aggregated ) { $root_value = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root_value, $this->id_data['keys'], $this->default ); // Ensure that the post value is used if the setting is previewed, since preview filters aren't applying on cached $root_value. if ( $this->is_previewed ) { $value = $this->post_value( $value ); } } else { $value = $this->get_root_value( $this->default ); } return $value; } /** * Sanitize the setting's value for use in JavaScript. * * @since 3.4.0 * * @return mixed The requested escaped value. */ public function js_value() { /** * Filters a Customize setting value for use in JavaScript. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param mixed $value The setting value. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $value = apply_filters( "customize_sanitize_js_{$this->id}", $this->value(), $this ); if ( is_string( $value ) ) { return html_entity_decode( $value, ENT_QUOTES, 'UTF-8' ); } return $value; } /** * Retrieves the data to export to the client via JSON. * * @since 4.6.0 * * @return array Array of parameters passed to JavaScript. */ public function json() { return array( 'value' => $this->js_value(), 'transport' => $this->transport, 'dirty' => $this->dirty, 'type' => $this->type, ); } /** * Validate user capabilities whether the theme supports the setting. * * @since 3.4.0 * * @return bool False if theme doesn't support the setting or user can't change setting, otherwise true. */ final public function check_capabilities() { if ( $this->capability && ! current_user_can( $this->capability ) ) { return false; } if ( $this->theme_supports && ! current_theme_supports( ...(array) $this->theme_supports ) ) { return false; } return true; } /** * Multidimensional helper function. * * @since 3.4.0 * * @param array $root * @param array $keys * @param bool $create Default false. * @return array|void Keys are 'root', 'node', and 'key'. */ final protected function multidimensional( &$root, $keys, $create = false ) { if ( $create && empty( $root ) ) { $root = array(); } if ( ! isset( $root ) || empty( $keys ) ) { return; } $last = array_pop( $keys ); $node = &$root; foreach ( $keys as $key ) { if ( $create && ! isset( $node[ $key ] ) ) { $node[ $key ] = array(); } if ( ! is_array( $node ) || ! isset( $node[ $key ] ) ) { return; } $node = &$node[ $key ]; } if ( $create ) { if ( ! is_array( $node ) ) { // Account for an array overriding a string or object value. $node = array(); } if ( ! isset( $node[ $last ] ) ) { $node[ $last ] = array(); } } if ( ! isset( $node[ $last ] ) ) { return; } return array( 'root' => &$root, 'node' => &$node, 'key' => $last, ); } /** * Will attempt to replace a specific value in a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $value The value to update. * @return mixed */ final protected function multidimensional_replace( $root, $keys, $value ) { if ( ! isset( $value ) ) { return $root; } elseif ( empty( $keys ) ) { // If there are no keys, we're replacing the root. return $value; } $result = $this->multidimensional( $root, $keys, true ); if ( isset( $result ) ) { $result['node'][ $result['key'] ] = $value; } return $root; } /** * Will attempt to fetch a specific value from a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The requested value or the default value. */ final protected function multidimensional_get( $root, $keys, $default_value = null ) { if ( empty( $keys ) ) { // If there are no keys, test the root. return isset( $root ) ? $root : $default_value; } $result = $this->multidimensional( $root, $keys ); return isset( $result ) ? $result['node'][ $result['key'] ] : $default_value; } /** * Will attempt to check if a specific value in a multidimensional array is set. * * @since 3.4.0 * * @param array $root * @param array $keys * @return bool True if value is set, false if not. */ final protected function multidimensional_isset( $root, $keys ) { $result = $this->multidimensional_get( $root, $keys ); return isset( $result ); } } /** * WP_Customize_Filter_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-filter-setting.php'; /** * WP_Customize_Header_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-setting.php'; /** * WP_Customize_Background_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-setting.php'; /** * WP_Customize_Nav_Menu_Item_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-setting.php'; /** * WP_Customize_Nav_Menu_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-setting.php'; HTTP/https-detection-20260605174608-20260607095849.php 0000666 00000013341 15226703613 0014170 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606092326-20260609073838.php 0000666 00000013341 15226703613 0014161 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605091018.php 0000666 00000013341 15226703613 0012552 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605134451-20260608101926.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605133523.php 0000666 00000013341 15226703613 0012550 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605092359.php 0000666 00000011205 15226703613 0012573 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605070331-20260615081003.php 0000666 00000011205 15226703613 0014134 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605172137.php 0000666 00000011205 15226703613 0012564 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606015806-20260607002144.php 0000666 00000011205 15226703613 0014143 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-20260605083950.php 0000666 00000121142 15226703613 0012147 0 ustar 00 <?php /** * HTTP API: WP_Http class * * @package WordPress * @subpackage HTTP * @since 2.7.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) { require ABSPATH . WPINC . '/Requests/src/Autoload.php'; WpOrg\Requests\Autoload::register(); WpOrg\Requests\Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' ); } /** * Core class used for managing HTTP transports and making HTTP requests. * * This class is used to consistently make outgoing HTTP requests easy for developers * while still being compatible with the many PHP configurations under which * WordPress runs. * * Debugging includes several actions, which pass different variables for debugging the HTTP API. * * @since 2.7.0 */ #[AllowDynamicProperties] class WP_Http { // Aliases for HTTP response codes. const HTTP_CONTINUE = 100; const SWITCHING_PROTOCOLS = 101; const PROCESSING = 102; const EARLY_HINTS = 103; const OK = 200; const CREATED = 201; const ACCEPTED = 202; const NON_AUTHORITATIVE_INFORMATION = 203; const NO_CONTENT = 204; const RESET_CONTENT = 205; const PARTIAL_CONTENT = 206; const MULTI_STATUS = 207; const IM_USED = 226; const MULTIPLE_CHOICES = 300; const MOVED_PERMANENTLY = 301; const FOUND = 302; const SEE_OTHER = 303; const NOT_MODIFIED = 304; const USE_PROXY = 305; const RESERVED = 306; const TEMPORARY_REDIRECT = 307; const PERMANENT_REDIRECT = 308; const BAD_REQUEST = 400; const UNAUTHORIZED = 401; const PAYMENT_REQUIRED = 402; const FORBIDDEN = 403; const NOT_FOUND = 404; const METHOD_NOT_ALLOWED = 405; const NOT_ACCEPTABLE = 406; const PROXY_AUTHENTICATION_REQUIRED = 407; const REQUEST_TIMEOUT = 408; const CONFLICT = 409; const GONE = 410; const LENGTH_REQUIRED = 411; const PRECONDITION_FAILED = 412; const REQUEST_ENTITY_TOO_LARGE = 413; const REQUEST_URI_TOO_LONG = 414; const UNSUPPORTED_MEDIA_TYPE = 415; const REQUESTED_RANGE_NOT_SATISFIABLE = 416; const EXPECTATION_FAILED = 417; const IM_A_TEAPOT = 418; const MISDIRECTED_REQUEST = 421; const UNPROCESSABLE_ENTITY = 422; const LOCKED = 423; const FAILED_DEPENDENCY = 424; const TOO_EARLY = 425; const UPGRADE_REQUIRED = 426; const PRECONDITION_REQUIRED = 428; const TOO_MANY_REQUESTS = 429; const REQUEST_HEADER_FIELDS_TOO_LARGE = 431; const UNAVAILABLE_FOR_LEGAL_REASONS = 451; const INTERNAL_SERVER_ERROR = 500; const NOT_IMPLEMENTED = 501; const BAD_GATEWAY = 502; const SERVICE_UNAVAILABLE = 503; const GATEWAY_TIMEOUT = 504; const HTTP_VERSION_NOT_SUPPORTED = 505; const VARIANT_ALSO_NEGOTIATES = 506; const INSUFFICIENT_STORAGE = 507; const NOT_EXTENDED = 510; const NETWORK_AUTHENTICATION_REQUIRED = 511; /** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', 'PUT', 'DELETE', * 'TRACE', 'OPTIONS', or 'PATCH'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type float $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports. * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through wp_http_validate_url(). * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string $sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be dropped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error { * Array of response data, or a WP_Error instance upon error. * * @type \WpOrg\Requests\Utility\CaseInsensitiveDictionary $headers Response headers keyed by name. * @type string $body Response body. * @type array $response { * Array of HTTP response data. * * @type int|false $code HTTP response status code. * @type string|false $message HTTP response message. * } * @type WP_HTTP_Cookie[] $cookies Array of cookies set by the server. * @type string|null $filename Optional. Filename of the response. * @type WP_HTTP_Requests_Response|null $http_response Response object. * } */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', /** * Filters the timeout value for an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param float $timeout_value Time in seconds until a request times out. Default 5. * @param string $url The request URL. */ 'timeout' => apply_filters( 'http_request_timeout', 5, $url ), /** * Filters the number of redirects allowed during an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param int $redirect_count Number of redirects allowed. Default 5. * @param string $url The request URL. */ 'redirection' => apply_filters( 'http_request_redirection_count', 5, $url ), /** * Filters the version of the HTTP protocol used in a request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $version Version of HTTP used. Accepts '1.0' and '1.1'. Default '1.0'. * @param string $url The request URL. */ 'httpversion' => apply_filters( 'http_request_version', '1.0', $url ), /** * Filters the user agent value sent with an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $user_agent WordPress user agent string. * @param string $url The request URL. */ 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $url ), /** * Filters whether to pass URLs through wp_http_validate_url() in an HTTP request. * * @since 3.6.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $pass_url Whether to pass URLs through wp_http_validate_url(). Default false. * @param string $url The request URL. */ 'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false, $url ), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null, ); // Pre-parse for the HEAD checks. $args = wp_parse_args( $args ); // By default, HEAD requests do not cause redirections. if ( isset( $args['method'] ) && 'HEAD' === $args['method'] ) { $defaults['redirection'] = 0; } $parsed_args = wp_parse_args( $args, $defaults ); /** * Filters the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $parsed_args An array of HTTP request arguments. * @param string $url The request URL. */ $parsed_args = apply_filters( 'http_request_args', $parsed_args, $url ); // The transports decrement this, store a copy of the original value for loop purposes. if ( ! isset( $parsed_args['_redirection'] ) ) { $parsed_args['_redirection'] = $parsed_args['redirection']; } /** * Filters the preemptive return value of an HTTP request. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return one of: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - Boolean false to avoid short-circuiting the response * * Returning any other value may result in unexpected behavior. * * @since 2.9.0 * * @param false|array|WP_Error $response A preemptive return value of an HTTP request. Default false. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters( 'pre_http_request', false, $parsed_args, $url ); if ( false !== $pre ) { return $pre; } if ( function_exists( 'wp_kses_bad_protocol' ) ) { if ( $parsed_args['reject_unsafe_urls'] ) { $url = wp_http_validate_url( $url ); } if ( $url ) { $url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) ); } } $parsed_url = parse_url( $url ); if ( empty( $url ) || empty( $parsed_url['scheme'] ) ) { $response = new WP_Error( 'http_request_failed', __( 'A valid URL was not provided.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } if ( $this->block_request( $url ) ) { $response = new WP_Error( 'http_request_not_executed', __( 'User has blocked requests through HTTP.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } // If we are streaming to a file but no filename was given drop it in the WP temp dir // and pick its name using the basename of the $url. if ( $parsed_args['stream'] ) { if ( empty( $parsed_args['filename'] ) ) { $parsed_args['filename'] = get_temp_dir() . basename( $url ); } // Force some settings if we are streaming to a file and check for existence // and perms of destination directory. $parsed_args['blocking'] = true; if ( ! wp_is_writable( dirname( $parsed_args['filename'] ) ) ) { $response = new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } } if ( is_null( $parsed_args['headers'] ) ) { $parsed_args['headers'] = array(); } // WP allows passing in headers as a string, weirdly. if ( ! is_array( $parsed_args['headers'] ) ) { $processed_headers = self::processHeaders( $parsed_args['headers'] ); $parsed_args['headers'] = $processed_headers['headers']; } // Setup arguments. $headers = $parsed_args['headers']; $data = $parsed_args['body']; $type = $parsed_args['method']; $options = array( 'timeout' => $parsed_args['timeout'], 'useragent' => $parsed_args['user-agent'], 'blocking' => $parsed_args['blocking'], 'hooks' => new WP_HTTP_Requests_Hooks( $url, $parsed_args ), ); // Ensure redirects follow browser behavior. $options['hooks']->register( 'requests.before_redirect', array( static::class, 'browser_redirect_compatibility' ) ); // Validate redirected URLs. if ( function_exists( 'wp_kses_bad_protocol' ) && $parsed_args['reject_unsafe_urls'] ) { $options['hooks']->register( 'requests.before_redirect', array( static::class, 'validate_redirects' ) ); } if ( $parsed_args['stream'] ) { $options['filename'] = $parsed_args['filename']; } if ( empty( $parsed_args['redirection'] ) ) { $options['follow_redirects'] = false; } else { $options['redirects'] = $parsed_args['redirection']; } // Use byte limit, if we can. if ( isset( $parsed_args['limit_response_size'] ) ) { $options['max_bytes'] = $parsed_args['limit_response_size']; } // If we've got cookies, use and convert them to WpOrg\Requests\Cookie. if ( ! empty( $parsed_args['cookies'] ) ) { $options['cookies'] = self::normalize_cookies( $parsed_args['cookies'] ); } // SSL certificate handling. if ( ! $parsed_args['sslverify'] ) { $options['verify'] = false; $options['verifyname'] = false; } else { $options['verify'] = $parsed_args['sslcertificates']; } // All non-GET/HEAD requests should put the arguments in the form body. if ( 'HEAD' !== $type && 'GET' !== $type ) { $options['data_format'] = 'body'; } /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection * or path to an SSL certificate. * @param string $url The request URL. */ $options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'], $url ); // Check for proxies. $proxy = new WP_HTTP_Proxy(); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $options['proxy'] = new WpOrg\Requests\Proxy\Http( $proxy->host() . ':' . $proxy->port() ); if ( $proxy->use_authentication() ) { $options['proxy']->use_authentication = true; $options['proxy']->user = $proxy->username(); $options['proxy']->pass = $proxy->password(); } } // Avoid issues where mbstring.func_overload is enabled. mbstring_binary_safe_encoding(); try { $requests_response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options ); // Convert the response into an array. $http_response = new WP_HTTP_Requests_Response( $requests_response, $parsed_args['filename'] ); $response = $http_response->to_array(); // Add the original object to the array. $response['http_response'] = $http_response; } catch ( WpOrg\Requests\Exception $e ) { $response = new WP_Error( 'http_request_failed', $e->getMessage() ); } reset_mbstring_encoding(); /** * Fires after an HTTP API response is received and before the response is returned. * * @since 2.8.0 * * @param array|WP_Error $response HTTP response or WP_Error object. * @param string $context Context under which the hook is fired. * @param string $class HTTP transport used. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); if ( is_wp_error( $response ) ) { return $response; } if ( ! $parsed_args['blocking'] ) { return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), 'http_response' => null, ); } /** * Filters a successful HTTP API response immediately before the response is returned. * * @since 2.9.0 * * @param array $response HTTP response. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ return apply_filters( 'http_response', $response, $parsed_args, $url ); } /** * Normalizes cookies for using in Requests. * * @since 4.6.0 * * @param array $cookies Array of cookies to send with the request. * @return WpOrg\Requests\Cookie\Jar Cookie holder object. */ public static function normalize_cookies( $cookies ) { $cookie_jar = new WpOrg\Requests\Cookie\Jar(); foreach ( $cookies as $name => $value ) { if ( $value instanceof WP_Http_Cookie ) { $attributes = array_filter( $value->get_attributes(), static function ( $attr ) { return null !== $attr; } ); $cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) ); } elseif ( is_scalar( $value ) ) { $cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value ); } } return $cookie_jar; } /** * Match redirect behavior to browser handling. * * Changes 302 redirects from POST to GET to match browser handling. Per * RFC 7231, user agents can deviate from the strict reading of the * specification for compatibility purposes. * * @since 4.6.0 * * @param string $location URL to redirect to. * @param array $headers Headers for the redirect. * @param string|array $data Body to send with the request. * @param array $options Redirect request options. * @param WpOrg\Requests\Response $original Response object. */ public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) { // Browser compatibility. if ( 302 === $original->status_code ) { $options['type'] = WpOrg\Requests\Requests::GET; } } /** * Validate redirected URLs. * * @since 4.7.5 * * @throws WpOrg\Requests\Exception On unsuccessful URL validation. * @param string $location URL to redirect to. */ public static function validate_redirects( $location ) { if ( ! wp_http_validate_url( $location ) ) { throw new WpOrg\Requests\Exception( __( 'A valid URL was not provided.' ), 'wp_http.redirect_failed_validation' ); } } /** * Tests which transports are capable of supporting the request. * * @since 3.2.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * @see WpOrg\Requests\Requests::get_transport_class() * * @param array $args Request arguments. * @param string $url URL to request. * @return string|false Class name for the first transport that claims to support the request. * False if no transport claims to support the request. */ public function _get_first_available_transport( $args, $url = null ) { $transports = array( 'curl', 'streams' ); /** * Filters which HTTP transports are available and in what order. * * @since 3.7.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * * @param string[] $transports Array of HTTP transports to check. Default array contains * 'curl' and 'streams', in that order. * @param array $args HTTP request arguments. * @param string $url The URL to request. */ $request_order = apply_filters_deprecated( 'http_api_transports', array( $transports, $args, $url ), '6.4.0' ); // Loop over each transport on each HTTP request looking for one which will serve this request's needs. foreach ( $request_order as $transport ) { if ( in_array( $transport, $transports, true ) ) { $transport = ucfirst( $transport ); } $class = 'WP_Http_' . $transport; // Check to see if this transport is a possibility, calls the transport statically. if ( ! call_user_func( array( $class, 'test' ), $args, $url ) ) { continue; } return $class; } return false; } /** * Dispatches a HTTP request to a supporting transport. * * Tests each transport in order to find a transport which matches the request arguments. * Also caches the transport instance to be used later. * * The order for requests is cURL, and then PHP Streams. * * @since 3.2.0 * @deprecated 5.1.0 Use WP_Http::request() * @see WP_Http::request() * * @param string $url URL to request. * @param array $args Request arguments. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ private function _dispatch_request( $url, $args ) { static $transports = array(); $class = $this->_get_first_available_transport( $args, $url ); if ( ! $class ) { return new WP_Error( 'http_failure', __( 'There are no HTTP transports available which can complete the requested request.' ) ); } // Transport claims to support request, instantiate it and give it a whirl. if ( empty( $transports[ $class ] ) ) { $transports[ $class ] = new $class(); } $response = $transports[ $class ]->request( $url, $args ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', $class, $args, $url ); if ( is_wp_error( $response ) ) { return $response; } /** This filter is documented in wp-includes/class-wp-http.php */ return apply_filters( 'http_response', $response, $args, $url ); } /** * Uses the POST HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function post( $url, $args = array() ) { $defaults = array( 'method' => 'POST' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the GET HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function get( $url, $args = array() ) { $defaults = array( 'method' => 'GET' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the HEAD HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function head( $url, $args = array() ) { $defaults = array( 'method' => 'HEAD' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Parses the responses and splits the parts into headers and body. * * @since 2.7.0 * * @param string $response The full response string. * @return array { * Array with response headers and body. * * @type string $headers HTTP response headers. * @type string $body HTTP response body. * } */ public static function processResponse( $response ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid $response = explode( "\r\n\r\n", $response, 2 ); return array( 'headers' => $response[0], 'body' => isset( $response[1] ) ? $response[1] : '', ); } /** * Transforms header string into an array. * * @since 2.7.0 * * @param string|array $headers The original headers. If a string is passed, it will be converted * to an array. If an array is passed, then it is assumed to be * raw header data with numeric keys with the headers as the values. * No headers must be passed that were already processed. * @param string $url Optional. The URL that was requested. Default empty. * @return array { * Processed string headers. If duplicate headers are encountered, * then a numbered array is returned as the value of that header-key. * * @type array $response { * @type int $code The response status code. Default 0. * @type string $message The response message. Default empty. * } * @type array $newheaders The processed header data as a multidimensional array. * @type WP_Http_Cookie[] $cookies If the original headers contain the 'Set-Cookie' key, * an array containing `WP_Http_Cookie` objects is returned. * } */ public static function processHeaders( $headers, $url = '' ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // Split headers, one per array element. if ( is_string( $headers ) ) { // Tolerate line terminator: CRLF = LF (RFC 2616 19.3). $headers = str_replace( "\r\n", "\n", $headers ); /* * Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>, * <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2). */ $headers = preg_replace( '/\n[ \t]/', ' ', $headers ); // Create the headers array. $headers = explode( "\n", $headers ); } $response = array( 'code' => 0, 'message' => '', ); /* * If a redirection has taken place, The headers for each page request may have been passed. * In this case, determine the final HTTP header and parse from there. */ for ( $i = count( $headers ) - 1; $i >= 0; $i-- ) { if ( ! empty( $headers[ $i ] ) && ! str_contains( $headers[ $i ], ':' ) ) { $headers = array_splice( $headers, $i ); break; } } $cookies = array(); $newheaders = array(); foreach ( (array) $headers as $tempheader ) { if ( empty( $tempheader ) ) { continue; } if ( ! str_contains( $tempheader, ':' ) ) { $stack = explode( ' ', $tempheader, 3 ); $stack[] = ''; list( , $response['code'], $response['message']) = $stack; continue; } list($key, $value) = explode( ':', $tempheader, 2 ); $key = strtolower( $key ); $value = trim( $value ); if ( isset( $newheaders[ $key ] ) ) { if ( ! is_array( $newheaders[ $key ] ) ) { $newheaders[ $key ] = array( $newheaders[ $key ] ); } $newheaders[ $key ][] = $value; } else { $newheaders[ $key ] = $value; } if ( 'set-cookie' === $key ) { $cookies[] = new WP_Http_Cookie( $value, $url ); } } // Cast the Response Code to an int. $response['code'] = (int) $response['code']; return array( 'response' => $response, 'headers' => $newheaders, 'cookies' => $cookies, ); } /** * Takes the arguments for a ::request() and checks for the cookie array. * * If it's found, then it upgrades any basic name => value pairs to WP_Http_Cookie instances, * which are each parsed into strings and added to the Cookie: header (within the arguments array). * Edits the array by reference. * * @since 2.8.0 * * @param array $r Full array of args passed into ::request() */ public static function buildCookieHeader( &$r ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! empty( $r['cookies'] ) ) { // Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances. foreach ( $r['cookies'] as $name => $value ) { if ( ! is_object( $value ) ) { $r['cookies'][ $name ] = new WP_Http_Cookie( array( 'name' => $name, 'value' => $value, ) ); } } $cookies_header = ''; foreach ( (array) $r['cookies'] as $cookie ) { $cookies_header .= $cookie->getHeaderValue() . '; '; } $cookies_header = substr( $cookies_header, 0, -2 ); $r['headers']['cookie'] = $cookies_header; } } /** * Decodes chunk transfer-encoding, based off the HTTP 1.1 specification. * * Based off the HTTP http_encoding_dechunk function. * * @link https://tools.ietf.org/html/rfc2616#section-19.4.6 Process for chunked decoding. * * @since 2.7.0 * * @param string $body Body content. * @return string Chunked decoded body on success or raw body on failure. */ public static function chunkTransferDecode( $body ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // The body is not chunked encoded or is malformed. if ( ! preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', trim( $body ) ) ) { return $body; } $parsed_body = ''; // We'll be altering $body, so need a backup in case of error. $body_original = $body; while ( true ) { $has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match ); if ( ! $has_chunk || empty( $match[1] ) ) { return $body_original; } $length = hexdec( $match[1] ); $chunk_length = strlen( $match[0] ); // Parse out the chunk of data. $parsed_body .= substr( $body, $chunk_length, $length ); // Remove the chunk from the raw data. $body = substr( $body, $length + $chunk_length ); // End of the document. if ( '0' === trim( $body ) ) { return $parsed_body; } } } /** * Determines whether an HTTP API request to the given URL should be blocked. * * Those who are behind a proxy and want to prevent access to certain hosts may do so. This will * prevent plugins from working and core functionality, if you don't include `api.wordpress.org`. * * You block external URL requests by defining `WP_HTTP_BLOCK_EXTERNAL` as true in your `wp-config.php` * file and this will only allow localhost and your site to make requests. The constant * `WP_ACCESSIBLE_HOSTS` will allow additional hosts to go through for requests. The format of the * `WP_ACCESSIBLE_HOSTS` constant is a comma separated list of hostnames to allow, wildcard domains * are supported, eg `*.wordpress.org` will allow for all subdomains of `wordpress.org` to be contacted. * * @since 2.8.0 * * @link https://core.trac.wordpress.org/ticket/8927 Allow preventing external requests. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_ACCESSIBLE_HOSTS * * @param string $uri URI of url. * @return bool True to block, false to allow. */ public function block_request( $uri ) { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) { return false; } $check = parse_url( $uri ); if ( ! $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * * A local request is one to `localhost` or to the same host as the site itself. * * @since 2.8.0 * * @param bool $block Whether to block local requests. Default false. */ return apply_filters( 'block_local_requests', false ); } if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) { return true; } static $accessible_hosts = null; static $wildcard_regex = array(); if ( null === $accessible_hosts ) { $accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS ); if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $accessible_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it. } } /** * Used as a wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7. * * @deprecated 4.4.0 Use wp_parse_url() * @see wp_parse_url() * * @param string $url The URL to parse. * @return bool|array False on failure; Array of URL components on success; * See parse_url()'s return values. */ protected static function parse_url( $url ) { _deprecated_function( __METHOD__, '4.4.0', 'wp_parse_url()' ); return wp_parse_url( $url ); } /** * Converts a relative URL to an absolute URL relative to a given URL. * * If an Absolute URL is provided, no processing of that URL is done. * * @since 3.4.0 * * @param string $maybe_relative_path The URL which might be relative. * @param string $url The URL which $maybe_relative_path is relative to. * @return string An Absolute URL, in a failure condition where the URL cannot be parsed, the relative URL will be returned. */ public static function make_absolute_url( $maybe_relative_path, $url ) { if ( empty( $url ) ) { return $maybe_relative_path; } $url_parts = wp_parse_url( $url ); if ( ! $url_parts ) { return $maybe_relative_path; } $relative_url_parts = wp_parse_url( $maybe_relative_path ); if ( ! $relative_url_parts ) { return $maybe_relative_path; } // Check for a scheme on the 'relative' URL. if ( ! empty( $relative_url_parts['scheme'] ) ) { return $maybe_relative_path; } $absolute_path = $url_parts['scheme'] . '://'; // Schemeless URLs will make it this far, so we check for a host in the relative URL // and convert it to a protocol-URL. if ( isset( $relative_url_parts['host'] ) ) { $absolute_path .= $relative_url_parts['host']; if ( isset( $relative_url_parts['port'] ) ) { $absolute_path .= ':' . $relative_url_parts['port']; } } else { $absolute_path .= $url_parts['host']; if ( isset( $url_parts['port'] ) ) { $absolute_path .= ':' . $url_parts['port']; } } // Start off with the absolute URL path. $path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/'; // If it's a root-relative path, then great. if ( ! empty( $relative_url_parts['path'] ) && '/' === $relative_url_parts['path'][0] ) { $path = $relative_url_parts['path']; // Else it's a relative path. } elseif ( ! empty( $relative_url_parts['path'] ) ) { // Strip off any file components from the absolute path. $path = substr( $path, 0, strrpos( $path, '/' ) + 1 ); // Build the new path. $path .= $relative_url_parts['path']; // Strip all /path/../ out of the path. while ( strpos( $path, '../' ) > 1 ) { $path = preg_replace( '![^/]+/\.\./!', '', $path ); } // Strip any final leading ../ from the path. $path = preg_replace( '!^/(\.\./)+!', '', $path ); } // Add the query string. if ( ! empty( $relative_url_parts['query'] ) ) { $path .= '?' . $relative_url_parts['query']; } // Add the fragment. if ( ! empty( $relative_url_parts['fragment'] ) ) { $path .= '#' . $relative_url_parts['fragment']; } return $absolute_path . '/' . ltrim( $path, '/' ); } /** * Handles an HTTP redirect and follows it if appropriate. * * @since 3.7.0 * * @param string $url The URL which was requested. * @param array $args The arguments which were used to make the request. * @param array $response The response of the HTTP request. * @return array|false|WP_Error An HTTP API response array if the redirect is successfully followed, * false if no redirect is present, or a WP_Error object if there's an error. */ public static function handle_redirects( $url, $args, $response ) { // If no redirects are present, or, redirects were not requested, perform no action. if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) { return false; } // Only perform redirections on redirection http codes. if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) { return false; } // Don't redirect if we've run out of redirects. if ( $args['redirection']-- <= 0 ) { return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) ); } $redirect_location = $response['headers']['location']; // If there were multiple Location headers, use the last header specified. if ( is_array( $redirect_location ) ) { $redirect_location = array_pop( $redirect_location ); } $redirect_location = self::make_absolute_url( $redirect_location, $url ); // POST requests should not POST to a redirected location. if ( 'POST' === $args['method'] ) { if ( in_array( $response['response']['code'], array( 302, 303 ), true ) ) { $args['method'] = 'GET'; } } // Include valid cookies in the redirect process. if ( ! empty( $response['cookies'] ) ) { foreach ( $response['cookies'] as $cookie ) { if ( $cookie->test( $redirect_location ) ) { $args['cookies'][] = $cookie; } } } return wp_remote_request( $redirect_location, $args ); } /** * Determines if a specified string represents an IP address or not. * * This function also detects the type of the IP address, returning either * '4' or '6' to represent an IPv4 and IPv6 address respectively. * This does not verify if the IP is a valid IP, only that it appears to be * an IP address. * * @link http://home.deds.nl/~aeron/regex/ for IPv6 regex. * * @since 3.7.0 * * @param string $maybe_ip A suspected IP address. * @return int|false Upon success, '4' or '6' to represent an IPv4 or IPv6 address, false upon failure. */ public static function is_ip_address( $maybe_ip ) { if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $maybe_ip ) ) { return 4; } if ( str_contains( $maybe_ip, ':' ) && preg_match( '/^(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})$/i', trim( $maybe_ip, ' []' ) ) ) { return 6; } return false; } } HTTP/script-loader-20260605081945.php 0000666 00000465210 15226703613 0012222 0 ustar 00 <?php /** * WordPress scripts and styles default loader. * * Several constants are used to manage the loading, concatenating and compression of scripts and CSS: * define('SCRIPT_DEBUG', true); loads the development (non-minified) versions of all scripts and CSS, and disables compression and concatenation, * define('CONCATENATE_SCRIPTS', false); disables compression and concatenation of scripts and CSS, * define('COMPRESS_SCRIPTS', false); disables compression of scripts, * define('COMPRESS_CSS', false); disables compression of CSS, * define('ENFORCE_GZIP', true); forces gzip for compression (default is deflate). * * The globals $concatenate_scripts, $compress_scripts and $compress_css can be set by plugins * to temporarily override the above settings. Also a compression test is run once and the result is saved * as option 'can_compress_scripts' (0/1). The test will run again if that option is deleted. * * @package WordPress */ /** WordPress Dependency Class */ require ABSPATH . WPINC . '/class-wp-dependency.php'; /** WordPress Dependencies Class */ require ABSPATH . WPINC . '/class-wp-dependencies.php'; /** WordPress Scripts Class */ require ABSPATH . WPINC . '/class-wp-scripts.php'; /** WordPress Scripts Functions */ require ABSPATH . WPINC . '/functions.wp-scripts.php'; /** WordPress Styles Class */ require ABSPATH . WPINC . '/class-wp-styles.php'; /** WordPress Styles Functions */ require ABSPATH . WPINC . '/functions.wp-styles.php'; /** * Registers TinyMCE scripts. * * @since 5.0.0 * * @global string $tinymce_version * @global bool $concatenate_scripts * @global bool $compress_scripts * * @param WP_Scripts $scripts WP_Scripts object. * @param bool $force_uncompressed Whether to forcibly prevent gzip compression. Default false. */ function wp_register_tinymce_scripts( $scripts, $force_uncompressed = false ) { global $tinymce_version, $concatenate_scripts, $compress_scripts; $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); script_concat_settings(); $compressed = $compress_scripts && $concatenate_scripts && ! $force_uncompressed; /* * Load tinymce.js when running from /src, otherwise load wp-tinymce.js (in production) * or tinymce.min.js (when SCRIPT_DEBUG is true). */ if ( $compressed ) { $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . 'wp-tinymce.js', array(), $tinymce_version ); } else { $scripts->add( 'wp-tinymce-root', includes_url( 'js/tinymce/' ) . "tinymce$dev_suffix.js", array(), $tinymce_version ); $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . "plugins/compat3x/plugin$dev_suffix.js", array( 'wp-tinymce-root' ), $tinymce_version ); } $scripts->add( 'wp-tinymce-lists', includes_url( "js/tinymce/plugins/lists/plugin$suffix.js" ), array( 'wp-tinymce' ), $tinymce_version ); } /** * Registers all the WordPress vendor scripts that are in the standardized * `js/dist/vendor/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @global WP_Locale $wp_locale WordPress date and time locale object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_vendor( $scripts ) { global $wp_locale; $suffix = wp_scripts_get_suffix(); $vendor_scripts = array( 'react', 'react-dom' => array( 'react' ), 'react-jsx-runtime' => array( 'react' ), 'regenerator-runtime', 'moment', 'lodash', 'wp-polyfill-fetch', 'wp-polyfill-formdata', 'wp-polyfill-node-contains', 'wp-polyfill-url', 'wp-polyfill-dom-rect', 'wp-polyfill-element-closest', 'wp-polyfill-object-fit', 'wp-polyfill-inert', 'wp-polyfill', ); $vendor_scripts_versions = array( 'react' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-dom' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-jsx-runtime' => '18.3.1', 'regenerator-runtime' => '0.14.1', 'moment' => '2.30.1', 'lodash' => '4.17.21', 'wp-polyfill-fetch' => '3.6.20', 'wp-polyfill-formdata' => '4.0.10', 'wp-polyfill-node-contains' => '4.8.0', 'wp-polyfill-url' => '3.6.4', 'wp-polyfill-dom-rect' => '4.8.0', 'wp-polyfill-element-closest' => '3.0.2', 'wp-polyfill-object-fit' => '2.3.5', 'wp-polyfill-inert' => '3.1.3', 'wp-polyfill' => '3.15.0', ); foreach ( $vendor_scripts as $handle => $dependencies ) { if ( is_string( $dependencies ) ) { $handle = $dependencies; $dependencies = array(); } $path = "/wp-includes/js/dist/vendor/$handle$suffix.js"; $version = $vendor_scripts_versions[ $handle ]; $scripts->add( $handle, $path, $dependencies, $version, 1 ); } did_action( 'init' ) && $scripts->add_inline_script( 'lodash', 'window.lodash = _.noConflict();' ); did_action( 'init' ) && $scripts->add_inline_script( 'moment', sprintf( "moment.updateLocale( '%s', %s );", esc_js( get_user_locale() ), wp_json_encode( array( 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'week' => array( 'dow' => (int) get_option( 'start_of_week', 0 ), ), 'longDateFormat' => array( 'LT' => get_option( 'time_format', __( 'g:i a' ) ), 'LTS' => null, 'L' => null, 'LL' => get_option( 'date_format', __( 'F j, Y' ) ), 'LLL' => __( 'F j, Y g:i a' ), 'LLLL' => null, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Returns contents of an inline script used in appending polyfill scripts for * browsers which fail the provided tests. The provided array is a mapping from * a condition to verify feature support to its polyfill script handle. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. * @param string[] $tests Features to detect. * @return string Conditional polyfill inline script. */ function wp_get_script_polyfill( $scripts, $tests ) { $polyfill = ''; foreach ( $tests as $test => $handle ) { if ( ! array_key_exists( $handle, $scripts->registered ) ) { continue; } $src = $scripts->registered[ $handle ]->src; $ver = $scripts->registered[ $handle ]->ver; if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $scripts->content_url && str_starts_with( $src, $scripts->content_url ) ) ) { $src = $scripts->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** This filter is documented in wp-includes/class-wp-scripts.php */ $src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) ); if ( ! $src ) { continue; } $polyfill .= ( // Test presence of feature... '( ' . $test . ' ) || ' . /* * ...appending polyfill on any failures. Cautious viewers may balk * at the `document.write`. Its caveat of synchronous mid-stream * blocking write is exactly the behavior we need though. */ 'document.write( \'<script src="' . $src . '"></scr\' + \'ipt>\' );' ); } return $polyfill; } /** * Registers development scripts that integrate with `@wordpress/scripts`. * * @see https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#start * * @since 6.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_register_development_scripts( $scripts ) { if ( ! defined( 'SCRIPT_DEBUG' ) || ! SCRIPT_DEBUG || empty( $scripts->registered['react'] ) || defined( 'WP_RUN_CORE_TESTS' ) ) { return; } $development_scripts = array( 'react-refresh-entry', 'react-refresh-runtime', ); foreach ( $development_scripts as $script_name ) { $assets = include ABSPATH . WPINC . '/assets/script-loader-' . $script_name . '.php'; if ( ! is_array( $assets ) ) { return; } $scripts->add( 'wp-' . $script_name, '/wp-includes/js/dist/development/' . $script_name . '.js', $assets['dependencies'], $assets['version'] ); } // See https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#externalising-react. $scripts->registered['react']->deps[] = 'wp-react-refresh-entry'; } /** * Registers all the WordPress packages scripts that are in the standardized * `js/dist/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_scripts( $scripts ) { $suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix(); /* * Expects multidimensional array like: * * 'a11y.js' => array('dependencies' => array(...), 'version' => '...'), * 'annotations.js' => array('dependencies' => array(...), 'version' => '...'), * 'api-fetch.js' => array(... */ $assets = include ABSPATH . WPINC . "/assets/script-loader-packages{$suffix}.php"; foreach ( $assets as $file_name => $package_data ) { $basename = str_replace( $suffix . '.js', '', basename( $file_name ) ); $handle = 'wp-' . $basename; $path = "/wp-includes/js/dist/{$basename}{$suffix}.js"; if ( ! empty( $package_data['dependencies'] ) ) { $dependencies = $package_data['dependencies']; } else { $dependencies = array(); } // Add dependencies that cannot be detected and generated by build tools. switch ( $handle ) { case 'wp-block-library': array_push( $dependencies, 'editor' ); break; case 'wp-edit-post': array_push( $dependencies, 'media-models', 'media-views', 'postbox', 'wp-dom-ready' ); break; case 'wp-preferences': array_push( $dependencies, 'wp-preferences-persistence' ); break; } $scripts->add( $handle, $path, $dependencies, $package_data['version'], 1 ); if ( in_array( 'wp-i18n', $dependencies, true ) ) { $scripts->set_translations( $handle ); } /* * Manually set the text direction localization after wp-i18n is printed. * This ensures that wp.i18n.isRTL() returns true in RTL languages. * We cannot use $scripts->set_translations( 'wp-i18n' ) to do this * because WordPress prints a script's translations *before* the script, * which means, in the case of wp-i18n, that wp.i18n.setLocaleData() * is called before wp.i18n is defined. */ if ( 'wp-i18n' === $handle ) { $ltr = _x( 'ltr', 'text direction' ); $script = sprintf( "wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ '%s' ] } );", $ltr ); $scripts->add_inline_script( $handle, $script, 'after' ); } } } /** * Adds inline scripts required for the WordPress JavaScript packages. * * @since 5.0.0 * @since 6.4.0 Added relative time strings for the `wp-date` inline script output. * * @global WP_Locale $wp_locale WordPress date and time locale object. * @global wpdb $wpdb WordPress database abstraction object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_inline_scripts( $scripts ) { global $wp_locale, $wpdb; if ( isset( $scripts->registered['wp-api-fetch'] ) ) { $scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks'; } $scripts->add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );', sanitize_url( get_rest_url() ) ), 'after' ); $scripts->add_inline_script( 'wp-api-fetch', implode( "\n", array( sprintf( 'wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );', wp_installing() ? '' : wp_create_nonce( 'wp_rest' ) ), 'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );', 'wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );', sprintf( 'wp.apiFetch.nonceEndpoint = "%s";', admin_url( 'admin-ajax.php?action=rest-nonce' ) ), ) ), 'after' ); $meta_key = $wpdb->get_blog_prefix() . 'persisted_preferences'; $user_id = get_current_user_id(); $preload_data = get_user_meta( $user_id, $meta_key, true ); $scripts->add_inline_script( 'wp-preferences', sprintf( '( function() { var serverData = %s; var userId = "%d"; var persistenceLayer = wp.preferencesPersistence.__unstableCreatePersistenceLayer( serverData, userId ); var preferencesStore = wp.preferences.store; wp.data.dispatch( preferencesStore ).setPersistenceLayer( persistenceLayer ); } ) ();', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), $user_id ) ); // Backwards compatibility - configure the old wp-data persistence system. $scripts->add_inline_script( 'wp-data', implode( "\n", array( '( function() {', ' var userId = ' . get_current_user_id() . ';', ' var storageKey = "WP_DATA_USER_" + userId;', ' wp.data', ' .use( wp.data.plugins.persistence, { storageKey: storageKey } );', '} )();', ) ) ); // Calculate the timezone abbr (EDT, PST) if possible. $timezone_string = get_option( 'timezone_string', 'UTC' ); $timezone_abbr = ''; if ( ! empty( $timezone_string ) ) { $timezone_date = new DateTime( 'now', new DateTimeZone( $timezone_string ) ); $timezone_abbr = $timezone_date->format( 'T' ); } $gmt_offset = get_option( 'gmt_offset', 0 ); $scripts->add_inline_script( 'wp-date', sprintf( 'wp.date.setSettings( %s );', wp_json_encode( array( 'l10n' => array( 'locale' => get_user_locale(), 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'meridiem' => (object) $wp_locale->meridiem, 'relative' => array( /* translators: %s: Duration. */ 'future' => __( '%s from now' ), /* translators: %s: Duration. */ 'past' => __( '%s ago' ), /* translators: One second from or to a particular datetime, e.g., "a second ago" or "a second from now". */ 's' => __( 'a second' ), /* translators: %d: Duration in seconds from or to a particular datetime, e.g., "4 seconds ago" or "4 seconds from now". */ 'ss' => __( '%d seconds' ), /* translators: One minute from or to a particular datetime, e.g., "a minute ago" or "a minute from now". */ 'm' => __( 'a minute' ), /* translators: %d: Duration in minutes from or to a particular datetime, e.g., "4 minutes ago" or "4 minutes from now". */ 'mm' => __( '%d minutes' ), /* translators: One hour from or to a particular datetime, e.g., "an hour ago" or "an hour from now". */ 'h' => __( 'an hour' ), /* translators: %d: Duration in hours from or to a particular datetime, e.g., "4 hours ago" or "4 hours from now". */ 'hh' => __( '%d hours' ), /* translators: One day from or to a particular datetime, e.g., "a day ago" or "a day from now". */ 'd' => __( 'a day' ), /* translators: %d: Duration in days from or to a particular datetime, e.g., "4 days ago" or "4 days from now". */ 'dd' => __( '%d days' ), /* translators: One month from or to a particular datetime, e.g., "a month ago" or "a month from now". */ 'M' => __( 'a month' ), /* translators: %d: Duration in months from or to a particular datetime, e.g., "4 months ago" or "4 months from now". */ 'MM' => __( '%d months' ), /* translators: One year from or to a particular datetime, e.g., "a year ago" or "a year from now". */ 'y' => __( 'a year' ), /* translators: %d: Duration in years from or to a particular datetime, e.g., "4 years ago" or "4 years from now". */ 'yy' => __( '%d years' ), ), 'startOfWeek' => (int) get_option( 'start_of_week', 0 ), ), 'formats' => array( /* translators: Time format, see https://www.php.net/manual/datetime.format.php */ 'time' => get_option( 'time_format', __( 'g:i a' ) ), /* translators: Date format, see https://www.php.net/manual/datetime.format.php */ 'date' => get_option( 'date_format', __( 'F j, Y' ) ), /* translators: Date/Time format, see https://www.php.net/manual/datetime.format.php */ 'datetime' => __( 'F j, Y g:i a' ), /* translators: Abbreviated date/time format, see https://www.php.net/manual/datetime.format.php */ 'datetimeAbbreviated' => __( 'M j, Y g:i a' ), ), 'timezone' => array( 'offset' => (float) $gmt_offset, 'offsetFormatted' => str_replace( array( '.25', '.5', '.75' ), array( ':15', ':30', ':45' ), (string) $gmt_offset ), 'string' => $timezone_string, 'abbr' => $timezone_abbr, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); // Loading the old editor and its config to ensure the classic block works as expected. $scripts->add_inline_script( 'editor', 'window.wp.oldEditor = window.wp.editor;', 'after' ); /* * wp-editor module is exposed as window.wp.editor. * Problem: there is quite some code expecting window.wp.oldEditor object available under window.wp.editor. * Solution: fuse the two objects together to maintain backward compatibility. * For more context, see https://github.com/WordPress/gutenberg/issues/33203. */ $scripts->add_inline_script( 'wp-editor', 'Object.assign( window.wp.editor, window.wp.oldEditor );', 'after' ); } /** * Adds inline scripts required for the TinyMCE in the block editor. * * These TinyMCE init settings are used to extend and override the default settings * from `_WP_Editors::default_settings()` for the Classic block. * * @since 5.0.0 * * @global WP_Scripts $wp_scripts */ function wp_tinymce_inline_scripts() { global $wp_scripts; /** This filter is documented in wp-includes/class-wp-editor.php */ $editor_settings = apply_filters( 'wp_editor_settings', array( 'tinymce' => true ), 'classic-block' ); $tinymce_plugins = array( 'charmap', 'colorpicker', 'hr', 'lists', 'media', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wpdialogs', 'wptextpattern', 'wpview', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_plugins = apply_filters( 'tiny_mce_plugins', $tinymce_plugins, 'classic-block' ); $tinymce_plugins = array_unique( $tinymce_plugins ); $disable_captions = false; // Runs after `tiny_mce_plugins` but before `mce_buttons`. /** This filter is documented in wp-admin/includes/media.php */ if ( apply_filters( 'disable_captions', '' ) ) { $disable_captions = true; } $toolbar1 = array( 'formatselect', 'bold', 'italic', 'bullist', 'numlist', 'blockquote', 'alignleft', 'aligncenter', 'alignright', 'link', 'unlink', 'wp_more', 'spellchecker', 'wp_add_media', 'wp_adv', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar1 = apply_filters( 'mce_buttons', $toolbar1, 'classic-block' ); $toolbar2 = array( 'strikethrough', 'hr', 'forecolor', 'pastetext', 'removeformat', 'charmap', 'outdent', 'indent', 'undo', 'redo', 'wp_help', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar2 = apply_filters( 'mce_buttons_2', $toolbar2, 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar3 = apply_filters( 'mce_buttons_3', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar4 = apply_filters( 'mce_buttons_4', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $external_plugins = apply_filters( 'mce_external_plugins', array(), 'classic-block' ); $tinymce_settings = array( 'plugins' => implode( ',', $tinymce_plugins ), 'toolbar1' => implode( ',', $toolbar1 ), 'toolbar2' => implode( ',', $toolbar2 ), 'toolbar3' => implode( ',', $toolbar3 ), 'toolbar4' => implode( ',', $toolbar4 ), 'external_plugins' => wp_json_encode( $external_plugins ), 'classic_block_editor' => true, ); if ( $disable_captions ) { $tinymce_settings['wpeditimage_disable_captions'] = true; } if ( ! empty( $editor_settings['tinymce'] ) && is_array( $editor_settings['tinymce'] ) ) { $tinymce_settings = array_merge( $tinymce_settings, $editor_settings['tinymce'] ); } /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_settings = apply_filters( 'tiny_mce_before_init', $tinymce_settings, 'classic-block' ); /* * Do "by hand" translation from PHP array to js object. * Prevents breakage in some custom settings. */ $init_obj = ''; foreach ( $tinymce_settings as $key => $value ) { if ( is_bool( $value ) ) { $val = $value ? 'true' : 'false'; $init_obj .= $key . ':' . $val . ','; continue; } elseif ( ! empty( $value ) && is_string( $value ) && ( ( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) || ( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) || preg_match( '/^\(?function ?\(/', $value ) ) ) { $init_obj .= $key . ':' . $value . ','; continue; } $init_obj .= $key . ':"' . $value . '",'; } $init_obj = '{' . trim( $init_obj, ' ,' ) . '}'; $script = 'window.wpEditorL10n = { tinymce: { baseURL: ' . wp_json_encode( includes_url( 'js/tinymce' ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ', suffix: ' . ( SCRIPT_DEBUG ? '""' : '".min"' ) . ', settings: ' . $init_obj . ', } }'; $wp_scripts->add_inline_script( 'wp-block-library', $script, 'before' ); } /** * Registers all the WordPress packages scripts. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages( $scripts ) { wp_default_packages_vendor( $scripts ); wp_register_development_scripts( $scripts ); wp_register_tinymce_scripts( $scripts ); wp_default_packages_scripts( $scripts ); if ( did_action( 'init' ) ) { wp_default_packages_inline_scripts( $scripts ); } } /** * Returns the suffix that can be used for the scripts. * * There are two suffix types, the normal one and the dev suffix. * * @since 5.0.0 * * @param string $type The type of suffix to retrieve. * @return string The script suffix. */ function wp_scripts_get_suffix( $type = '' ) { static $suffixes; if ( null === $suffixes ) { /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ $develop_src = false !== strpos( $wp_version, '-src' ); if ( ! defined( 'SCRIPT_DEBUG' ) ) { define( 'SCRIPT_DEBUG', $develop_src ); } $suffix = SCRIPT_DEBUG ? '' : '.min'; $dev_suffix = $develop_src ? '' : '.min'; $suffixes = array( 'suffix' => $suffix, 'dev_suffix' => $dev_suffix, ); } if ( 'dev' === $type ) { return $suffixes['dev_suffix']; } return $suffixes['suffix']; } /** * Registers all WordPress scripts. * * Localizes some of them. * args order: `$scripts->add( 'handle', 'url', 'dependencies', 'query-string', 1 );` * when last arg === 1 queues the script for the footer * * @since 2.6.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_scripts( $scripts ) { $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); $guessurl = site_url(); if ( ! $guessurl ) { $guessed_url = true; $guessurl = wp_guess_url(); } $scripts->base_url = $guessurl; $scripts->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $scripts->default_version = get_bloginfo( 'version' ); $scripts->default_dirs = array( '/wp-admin/js/', '/wp-includes/js/' ); $scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" ); did_action( 'init' ) && $scripts->localize( 'utils', 'userSettings', array( 'url' => (string) SITECOOKIEPATH, 'uid' => (string) get_current_user_id(), 'time' => (string) time(), 'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ), ) ); $scripts->add( 'common', "/wp-admin/js/common$suffix.js", array( 'jquery', 'hoverIntent', 'utils', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'common' ); $bulk_action_observer_ids = array( 'bulk_action' => 'action', 'changeit' => 'new_role', ); did_action( 'init' ) && $scripts->localize( 'common', 'bulkActionObserverIds', /** * Filters the array of field name attributes for bulk actions. * * @since 6.8.1 * * @param array $bulk_action_observer_ids { * An array of field name attributes for bulk actions. * * @type string $bulk_action The bulk action field name. Default 'action'. * @type string $changeit The new role field name. Default 'new_role'. * } */ apply_filters( 'bulk_action_observer_ids', $bulk_action_observer_ids ) ); $scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array(), false, 1 ); $scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 ); $scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->localize( 'quicktags', 'quicktagsL10n', array( 'closeAllOpenTags' => __( 'Close all open tags' ), 'closeTags' => __( 'close tags' ), 'enterURL' => __( 'Enter the URL' ), 'enterImageURL' => __( 'Enter the URL of the image' ), 'enterImageDescription' => __( 'Enter a description of the image' ), 'textdirection' => __( 'text direction' ), 'toggleTextdirection' => __( 'Toggle Editor Text Direction' ), 'dfw' => __( 'Distraction-free writing mode' ), 'strong' => __( 'Bold' ), 'strongClose' => __( 'Close bold tag' ), 'em' => __( 'Italic' ), 'emClose' => __( 'Close italic tag' ), 'link' => __( 'Insert link' ), 'blockquote' => __( 'Blockquote' ), 'blockquoteClose' => __( 'Close blockquote tag' ), 'del' => __( 'Deleted text (strikethrough)' ), 'delClose' => __( 'Close deleted text tag' ), 'ins' => __( 'Inserted text' ), 'insClose' => __( 'Close inserted text tag' ), 'image' => __( 'Insert image' ), 'ul' => __( 'Bulleted list' ), 'ulClose' => __( 'Close bulleted list tag' ), 'ol' => __( 'Numbered list' ), 'olClose' => __( 'Close numbered list tag' ), 'li' => __( 'List item' ), 'liClose' => __( 'Close list item tag' ), 'code' => __( 'Code' ), 'codeClose' => __( 'Close code tag' ), 'more' => __( 'Insert Read More tag' ), ) ); $scripts->add( 'colorpicker', "/wp-includes/js/colorpicker$suffix.js", array( 'prototype' ), '3517m' ); $scripts->add( 'editor', "/wp-admin/js/editor$suffix.js", array( 'utils', 'jquery' ), false, 1 ); $scripts->add( 'clipboard', "/wp-includes/js/clipboard$suffix.js", array(), '2.0.11', 1 ); $scripts->add( 'wp-ajax-response', "/wp-includes/js/wp-ajax-response$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-ajax-response', 'wpAjax', array( 'noPerm' => __( 'Sorry, you are not allowed to do that.' ), 'broken' => __( 'An error occurred while processing your request. Please try again later.' ), ) ); $scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 ); // `wpApiSettings` is also used by `wp-api`, which depends on this script. did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array( 'root' => sanitize_url( get_rest_url() ), 'nonce' => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ), 'versionString' => 'wp/v2/', ) ); $scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-core' ), false, 1 ); $scripts->set_translations( 'wp-pointer' ); $scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'heartbeat', 'heartbeatSettings', /** * Filters the Heartbeat settings. * * @since 3.6.0 * * @param array $settings Heartbeat settings array. */ apply_filters( 'heartbeat_settings', array() ) ); $scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->set_translations( 'wp-auth-check' ); $scripts->add( 'wp-lists', "/wp-includes/js/wp-lists$suffix.js", array( 'wp-ajax-response', 'jquery-color' ), false, 1 ); $scripts->add( 'site-icon', '/wp-admin/js/site-icon.js', array( 'jquery' ), false, 1 ); $scripts->set_translations( 'site-icon' ); // WordPress no longer uses or bundles Prototype or script.aculo.us. These are now pulled from an external source. $scripts->add( 'prototype', 'https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js', array(), '1.7.1' ); $scripts->add( 'scriptaculous-root', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js', array( 'prototype' ), '1.9.0' ); $scripts->add( 'scriptaculous-builder', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/builder.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-dragdrop', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/dragdrop.js', array( 'scriptaculous-builder', 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-effects', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/effects.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-slider', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/slider.js', array( 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-sound', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/sound.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-controls', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/controls.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous', false, array( 'scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls' ) ); // Not used in core, replaced by Jcrop.js. $scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array( 'scriptaculous-dragdrop' ) ); /* * jQuery. * The unminified jquery.js and jquery-migrate.js are included to facilitate debugging. */ $scripts->add( 'jquery', false, array( 'jquery-core', 'jquery-migrate' ), '3.7.1' ); $scripts->add( 'jquery-core', "/wp-includes/js/jquery/jquery$suffix.js", array(), '3.7.1' ); $scripts->add( 'jquery-migrate', "/wp-includes/js/jquery/jquery-migrate$suffix.js", array(), '3.4.1' ); /* * Full jQuery UI. * The build process in 1.12.1 has changed significantly. * In order to keep backwards compatibility, and to keep the optimized loading, * the source files were flattened and included with some modifications for AMD loading. * A notable change is that 'jquery-ui-core' now contains 'jquery-ui-position' and 'jquery-ui-widget'. */ $scripts->add( 'jquery-ui-core', "/wp-includes/js/jquery/ui/core$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-core', "/wp-includes/js/jquery/ui/effect$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-blind', "/wp-includes/js/jquery/ui/effect-blind$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-bounce', "/wp-includes/js/jquery/ui/effect-bounce$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-clip', "/wp-includes/js/jquery/ui/effect-clip$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-drop', "/wp-includes/js/jquery/ui/effect-drop$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-explode', "/wp-includes/js/jquery/ui/effect-explode$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fade', "/wp-includes/js/jquery/ui/effect-fade$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fold', "/wp-includes/js/jquery/ui/effect-fold$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-highlight', "/wp-includes/js/jquery/ui/effect-highlight$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$suffix.js", array( 'jquery-effects-core', 'jquery-effects-scale' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-pulsate', "/wp-includes/js/jquery/ui/effect-pulsate$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$suffix.js", array( 'jquery-effects-core', 'jquery-effects-size' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-shake', "/wp-includes/js/jquery/ui/effect-shake$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-size', "/wp-includes/js/jquery/ui/effect-size$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-slide', "/wp-includes/js/jquery/ui/effect-slide$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-transfer', "/wp-includes/js/jquery/ui/effect-transfer$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); // Widgets $scripts->add( 'jquery-ui-accordion', "/wp-includes/js/jquery/ui/accordion$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-autocomplete', "/wp-includes/js/jquery/ui/autocomplete$suffix.js", array( 'jquery-ui-menu', 'wp-a11y' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-button', "/wp-includes/js/jquery/ui/button$suffix.js", array( 'jquery-ui-core', 'jquery-ui-controlgroup', 'jquery-ui-checkboxradio' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-datepicker', "/wp-includes/js/jquery/ui/datepicker$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-dialog', "/wp-includes/js/jquery/ui/dialog$suffix.js", array( 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-menu', "/wp-includes/js/jquery/ui/menu$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-mouse', "/wp-includes/js/jquery/ui/mouse$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-progressbar', "/wp-includes/js/jquery/ui/progressbar$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectmenu', "/wp-includes/js/jquery/ui/selectmenu$suffix.js", array( 'jquery-ui-menu' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-slider', "/wp-includes/js/jquery/ui/slider$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-spinner', "/wp-includes/js/jquery/ui/spinner$suffix.js", array( 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tabs', "/wp-includes/js/jquery/ui/tabs$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tooltip', "/wp-includes/js/jquery/ui/tooltip$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // New in 1.12.1 $scripts->add( 'jquery-ui-checkboxradio', "/wp-includes/js/jquery/ui/checkboxradio$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-controlgroup', "/wp-includes/js/jquery/ui/controlgroup$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // Interactions $scripts->add( 'jquery-ui-draggable', "/wp-includes/js/jquery/ui/draggable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-droppable', "/wp-includes/js/jquery/ui/droppable$suffix.js", array( 'jquery-ui-draggable' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-resizable', "/wp-includes/js/jquery/ui/resizable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectable', "/wp-includes/js/jquery/ui/selectable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-sortable', "/wp-includes/js/jquery/ui/sortable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); /* * As of 1.12.1 `jquery-ui-position` and `jquery-ui-widget` are part of `jquery-ui-core`. * Listed here for back-compat. */ $scripts->add( 'jquery-ui-position', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-widget', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); // Deprecated, not used in core, most functionality is included in jQuery 1.3. $scripts->add( 'jquery-form', "/wp-includes/js/jquery/jquery.form$suffix.js", array( 'jquery' ), '4.3.0', 1 ); // jQuery plugins. $scripts->add( 'jquery-color', '/wp-includes/js/jquery/jquery.color.min.js', array( 'jquery' ), '3.0.0', 1 ); $scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array( 'jquery' ), '20m', 1 ); $scripts->add( 'jquery-query', '/wp-includes/js/jquery/jquery.query.js', array( 'jquery' ), '2.2.3', 1 ); $scripts->add( 'jquery-serialize-object', '/wp-includes/js/jquery/jquery.serialize-object.js', array( 'jquery' ), '0.2-wp', 1 ); $scripts->add( 'jquery-hotkeys', "/wp-includes/js/jquery/jquery.hotkeys$suffix.js", array( 'jquery' ), '0.0.2m', 1 ); $scripts->add( 'jquery-table-hotkeys', "/wp-includes/js/jquery/jquery.table-hotkeys$suffix.js", array( 'jquery', 'jquery-hotkeys' ), false, 1 ); $scripts->add( 'jquery-touch-punch', '/wp-includes/js/jquery/jquery.ui.touch-punch.js', array( 'jquery-ui-core', 'jquery-ui-mouse' ), '0.2.2', 1 ); // Not used any more, registered for backward compatibility. $scripts->add( 'suggest', "/wp-includes/js/jquery/suggest$suffix.js", array( 'jquery' ), '1.1-20110113', 1 ); /* * Masonry v2 depended on jQuery. v3 does not. The older jquery-masonry handle is a shiv. * It sets jQuery as a dependency, as the theme may have been implicitly loading it this way. */ $scripts->add( 'imagesloaded', '/wp-includes/js/imagesloaded.min.js', array(), '5.0.0', 1 ); $scripts->add( 'masonry', '/wp-includes/js/masonry.min.js', array( 'imagesloaded' ), '4.2.2', 1 ); $scripts->add( 'jquery-masonry', '/wp-includes/js/jquery/jquery.masonry.min.js', array( 'jquery', 'masonry' ), '3.1.2b', 1 ); $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array( 'jquery' ), '3.1-20121105', 1 ); did_action( 'init' ) && $scripts->localize( 'thickbox', 'thickboxL10n', array( 'next' => __( 'Next >' ), 'prev' => __( '< Prev' ), 'image' => __( 'Image' ), 'of' => __( 'of' ), 'close' => __( 'Close' ), 'noiframes' => __( 'This feature requires inline frames. You have iframes disabled or your browser does not support them.' ), 'loadingAnimation' => includes_url( 'js/thickbox/loadingAnimation.gif' ), ) ); // Not used in core, replaced by imgAreaSelect. $scripts->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.js', array( 'jquery' ), '0.9.15' ); // Error messages for Plupload. $uploader_l10n = array( 'queue_limit_exceeded' => __( 'You have attempted to queue too many files.' ), /* translators: %s: File name. */ 'file_exceeds_size_limit' => __( '%s exceeds the maximum upload size for this site.' ), 'zero_byte_file' => __( 'This file is empty. Please try another.' ), 'invalid_filetype' => __( 'This file cannot be processed by the web server.' ), 'not_an_image' => __( 'This file is not an image. Please try another.' ), 'image_memory_exceeded' => __( 'Memory exceeded. Please try another smaller file.' ), 'image_dimensions_exceeded' => __( 'This is larger than the maximum size. Please try another.' ), 'default_error' => __( 'An error occurred in the upload. Please try again later.' ), 'missing_upload_url' => __( 'There was a configuration error. Please contact the server administrator.' ), 'upload_limit_exceeded' => __( 'You may only upload 1 file.' ), 'http_error' => __( 'Unexpected response from the server. The file may have been uploaded successfully. Check in the Media Library or reload the page.' ), 'http_error_image' => __( 'The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2560 pixels.' ), 'upload_failed' => __( 'Upload failed.' ), /* translators: 1: Opening link tag, 2: Closing link tag. */ 'big_upload_failed' => __( 'Please try uploading this file with the %1$sbrowser uploader%2$s.' ), /* translators: %s: File name. */ 'big_upload_queued' => __( '%s exceeds the maximum upload size for the multi-file uploader when used in your browser.' ), 'io_error' => __( 'IO error.' ), 'security_error' => __( 'Security error.' ), 'file_cancelled' => __( 'File canceled.' ), 'upload_stopped' => __( 'Upload stopped.' ), 'dismiss' => __( 'Dismiss' ), 'crunching' => __( 'Crunching…' ), 'deleted' => __( 'moved to the Trash.' ), /* translators: %s: File name. */ 'error_uploading' => __( '“%s” has failed to upload.' ), 'unsupported_image' => __( 'This image cannot be displayed in a web browser. For best results convert it to JPEG before uploading.' ), 'noneditable_image' => __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ), 'file_url_copied' => __( 'The file URL has been copied to your clipboard' ), ); $scripts->add( 'moxiejs', "/wp-includes/js/plupload/moxie$suffix.js", array(), '1.3.5.1' ); $scripts->add( 'plupload', "/wp-includes/js/plupload/plupload$suffix.js", array( 'moxiejs' ), '2.1.9' ); // Back compat handles: foreach ( array( 'all', 'html5', 'flash', 'silverlight', 'html4' ) as $handle ) { $scripts->add( "plupload-$handle", false, array( 'plupload' ), '2.1.1' ); } $scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array( 'clipboard', 'jquery', 'plupload', 'underscore', 'wp-a11y', 'wp-i18n' ) ); did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'media-models' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 ); if ( did_action( 'init' ) ) { $scripts->add_data( 'comment-reply', 'strategy', 'async' ); $scripts->add_data( 'comment-reply', 'fetchpriority', 'low' ); // In Chrome this is automatically low due to the async strategy, but in Firefox and Safari the priority is normal/medium. } // Not used in core, obsolete. Registered for backward compatibility. $scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' ); did_action( 'init' ) && $scripts->add_data( 'json2', 'conditional', '_required-conditional-dependency_' ); $scripts->add( 'underscore', "/wp-includes/js/underscore$dev_suffix.js", array(), '1.13.7', 1 ); $scripts->add( 'backbone', "/wp-includes/js/backbone$dev_suffix.js", array( 'underscore', 'jquery' ), '1.6.0', 1 ); $scripts->add( 'wp-util', "/wp-includes/js/wp-util$suffix.js", array( 'underscore', 'jquery' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-util', '_wpUtilSettings', array( 'ajax' => array( 'url' => admin_url( 'admin-ajax.php', 'relative' ), ), ) ); $scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array( 'backbone', 'wp-util' ), false, 1 ); $scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 ); $scripts->add( 'imgareaselect', "/wp-includes/js/imgareaselect/jquery.imgareaselect$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'mediaelement', false, array( 'jquery', 'mediaelement-core', 'mediaelement-migrate' ), '4.2.17', 1 ); $scripts->add( 'mediaelement-core', "/wp-includes/js/mediaelement/mediaelement-and-player$suffix.js", array(), '4.2.17', 1 ); $scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->add_inline_script( 'mediaelement-core', sprintf( 'var mejsL10n = %s;', wp_json_encode( array( 'language' => strtolower( strtok( determine_locale(), '_-' ) ), 'strings' => array( 'mejs.download-file' => __( 'Download File' ), 'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ), 'mejs.fullscreen' => __( 'Fullscreen' ), 'mejs.play' => __( 'Play' ), 'mejs.pause' => __( 'Pause' ), 'mejs.time-slider' => __( 'Time Slider' ), 'mejs.time-help-text' => __( 'Use Left/Right Arrow keys to advance one second, Up/Down arrows to advance ten seconds.' ), 'mejs.live-broadcast' => __( 'Live Broadcast' ), 'mejs.volume-help-text' => __( 'Use Up/Down Arrow keys to increase or decrease volume.' ), 'mejs.unmute' => __( 'Unmute' ), 'mejs.mute' => __( 'Mute' ), 'mejs.volume-slider' => __( 'Volume Slider' ), 'mejs.video-player' => __( 'Video Player' ), 'mejs.audio-player' => __( 'Audio Player' ), 'mejs.captions-subtitles' => __( 'Captions/Subtitles' ), 'mejs.captions-chapters' => __( 'Chapters' ), 'mejs.none' => __( 'None' ), 'mejs.afrikaans' => __( 'Afrikaans' ), 'mejs.albanian' => __( 'Albanian' ), 'mejs.arabic' => __( 'Arabic' ), 'mejs.belarusian' => __( 'Belarusian' ), 'mejs.bulgarian' => __( 'Bulgarian' ), 'mejs.catalan' => __( 'Catalan' ), 'mejs.chinese' => __( 'Chinese' ), 'mejs.chinese-simplified' => __( 'Chinese (Simplified)' ), 'mejs.chinese-traditional' => __( 'Chinese (Traditional)' ), 'mejs.croatian' => __( 'Croatian' ), 'mejs.czech' => __( 'Czech' ), 'mejs.danish' => __( 'Danish' ), 'mejs.dutch' => __( 'Dutch' ), 'mejs.english' => __( 'English' ), 'mejs.estonian' => __( 'Estonian' ), 'mejs.filipino' => __( 'Filipino' ), 'mejs.finnish' => __( 'Finnish' ), 'mejs.french' => __( 'French' ), 'mejs.galician' => __( 'Galician' ), 'mejs.german' => __( 'German' ), 'mejs.greek' => __( 'Greek' ), 'mejs.haitian-creole' => __( 'Haitian Creole' ), 'mejs.hebrew' => __( 'Hebrew' ), 'mejs.hindi' => __( 'Hindi' ), 'mejs.hungarian' => __( 'Hungarian' ), 'mejs.icelandic' => __( 'Icelandic' ), 'mejs.indonesian' => __( 'Indonesian' ), 'mejs.irish' => __( 'Irish' ), 'mejs.italian' => __( 'Italian' ), 'mejs.japanese' => __( 'Japanese' ), 'mejs.korean' => __( 'Korean' ), 'mejs.latvian' => __( 'Latvian' ), 'mejs.lithuanian' => __( 'Lithuanian' ), 'mejs.macedonian' => __( 'Macedonian' ), 'mejs.malay' => __( 'Malay' ), 'mejs.maltese' => __( 'Maltese' ), 'mejs.norwegian' => __( 'Norwegian' ), 'mejs.persian' => __( 'Persian' ), 'mejs.polish' => __( 'Polish' ), 'mejs.portuguese' => __( 'Portuguese' ), 'mejs.romanian' => __( 'Romanian' ), 'mejs.russian' => __( 'Russian' ), 'mejs.serbian' => __( 'Serbian' ), 'mejs.slovak' => __( 'Slovak' ), 'mejs.slovenian' => __( 'Slovenian' ), 'mejs.spanish' => __( 'Spanish' ), 'mejs.swahili' => __( 'Swahili' ), 'mejs.swedish' => __( 'Swedish' ), 'mejs.tagalog' => __( 'Tagalog' ), 'mejs.thai' => __( 'Thai' ), 'mejs.turkish' => __( 'Turkish' ), 'mejs.ukrainian' => __( 'Ukrainian' ), 'mejs.vietnamese' => __( 'Vietnamese' ), 'mejs.welsh' => __( 'Welsh' ), 'mejs.yiddish' => __( 'Yiddish' ), ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'before' ); $scripts->add( 'mediaelement-vimeo', '/wp-includes/js/mediaelement/renderers/vimeo.min.js', array( 'mediaelement' ), '4.2.17', 1 ); $scripts->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.js", array( 'mediaelement' ), false, 1 ); $mejs_settings = array( 'pluginPath' => includes_url( 'js/mediaelement/', 'relative' ), 'classPrefix' => 'mejs-', 'stretching' => 'responsive', /** This filter is documented in wp-includes/media.php */ 'audioShortcodeLibrary' => apply_filters( 'wp_audio_shortcode_library', 'mediaelement' ), /** This filter is documented in wp-includes/media.php */ 'videoShortcodeLibrary' => apply_filters( 'wp_video_shortcode_library', 'mediaelement' ), ); did_action( 'init' ) && $scripts->localize( 'mediaelement', '_wpmejsSettings', /** * Filters the MediaElement configuration settings. * * @since 4.4.0 * * @param array $mejs_settings MediaElement settings array. */ apply_filters( 'mejs_settings', $mejs_settings ) ); $scripts->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.js', array(), '5.29.1-alpha-ee20357' ); $scripts->add( 'csslint', '/wp-includes/js/codemirror/csslint.js', array(), '1.0.5' ); $scripts->add( 'esprima', '/wp-includes/js/codemirror/esprima.js', array(), '4.0.0' ); $scripts->add( 'jshint', '/wp-includes/js/codemirror/fakejshint.js', array( 'esprima' ), '2.9.5' ); $scripts->add( 'jsonlint', '/wp-includes/js/codemirror/jsonlint.js', array(), '1.6.2' ); $scripts->add( 'htmlhint', '/wp-includes/js/codemirror/htmlhint.js', array(), '0.9.14-xwp' ); $scripts->add( 'htmlhint-kses', '/wp-includes/js/codemirror/htmlhint-kses.js', array( 'htmlhint' ) ); $scripts->add( 'code-editor', "/wp-admin/js/code-editor$suffix.js", array( 'jquery', 'wp-codemirror', 'underscore' ) ); $scripts->add( 'wp-theme-plugin-editor', "/wp-admin/js/theme-plugin-editor$suffix.js", array( 'common', 'wp-util', 'wp-sanitize', 'jquery', 'jquery-ui-core', 'wp-a11y', 'underscore' ), false, 1 ); $scripts->set_translations( 'wp-theme-plugin-editor' ); $scripts->add( 'wp-playlist', "/wp-includes/js/mediaelement/wp-playlist$suffix.js", array( 'wp-util', 'backbone', 'mediaelement' ), false, 1 ); $scripts->add( 'zxcvbn-async', "/wp-includes/js/zxcvbn-async$suffix.js", array(), '1.0' ); did_action( 'init' ) && $scripts->localize( 'zxcvbn-async', '_zxcvbnSettings', array( 'src' => empty( $guessed_url ) ? includes_url( '/js/zxcvbn.min.js' ) : $scripts->base_url . '/wp-includes/js/zxcvbn.min.js', ) ); $scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'password-strength-meter', 'pwsL10n', array( 'unknown' => _x( 'Password strength unknown', 'password strength' ), 'short' => _x( 'Very weak', 'password strength' ), 'bad' => _x( 'Weak', 'password strength' ), 'good' => _x( 'Medium', 'password strength' ), 'strong' => _x( 'Strong', 'password strength' ), 'mismatch' => _x( 'Mismatch', 'password mismatch' ), ) ); $scripts->set_translations( 'password-strength-meter' ); $scripts->add( 'password-toggle', "/wp-admin/js/password-toggle$suffix.js", array(), false, 1 ); $scripts->set_translations( 'password-toggle' ); $scripts->add( 'application-passwords', "/wp-admin/js/application-passwords$suffix.js", array( 'jquery', 'wp-util', 'wp-api-request', 'wp-date', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'application-passwords' ); $scripts->add( 'auth-app', "/wp-admin/js/auth-app$suffix.js", array( 'jquery', 'wp-api-request', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'auth-app' ); $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'clipboard', 'jquery', 'password-strength-meter', 'wp-util', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'user-profile' ); $user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0; did_action( 'init' ) && $scripts->localize( 'user-profile', 'userProfileL10n', array( 'user_id' => $user_id, 'nonce' => wp_installing() ? '' : wp_create_nonce( 'reset-password-for-' . $user_id ), ) ); $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'user-suggest', "/wp-admin/js/user-suggest$suffix.js", array( 'jquery-ui-autocomplete' ), false, 1 ); $scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", array( 'hoverintent-js' ), false, 1 ); $scripts->add( 'wplink', "/wp-includes/js/wplink$suffix.js", array( 'common', 'jquery', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'wplink' ); did_action( 'init' ) && $scripts->localize( 'wplink', 'wpLinkL10n', array( 'title' => __( 'Insert/edit link' ), 'update' => __( 'Update' ), 'save' => __( 'Add Link' ), 'noTitle' => __( '(no title)' ), 'noMatchesFound' => __( 'No results found.' ), 'linkSelected' => __( 'Link selected.' ), 'linkInserted' => __( 'Link inserted.' ), /* translators: Minimum input length in characters to start searching posts in the "Insert/edit link" modal. */ 'minInputLength' => (int) _x( '3', 'minimum input length for searching post links' ), ) ); $scripts->add( 'wpdialogs', "/wp-includes/js/wpdialog$suffix.js", array( 'jquery-ui-dialog' ), false, 1 ); $scripts->add( 'word-count', "/wp-admin/js/word-count$suffix.js", array(), false, 1 ); $scripts->add( 'media-upload', "/wp-admin/js/media-upload$suffix.js", array( 'thickbox', 'shortcode' ), false, 1 ); $scripts->add( 'hoverIntent', "/wp-includes/js/hoverIntent$suffix.js", array( 'jquery' ), '1.10.2', 1 ); // JS-only version of hoverintent (no dependencies). $scripts->add( 'hoverintent-js', '/wp-includes/js/hoverintent-js.min.js', array(), '2.2.1', 1 ); $scripts->add( 'customize-base', "/wp-includes/js/customize-base$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'customize-loader', "/wp-includes/js/customize-loader$suffix.js", array( 'customize-base' ), false, 1 ); $scripts->add( 'customize-preview', "/wp-includes/js/customize-preview$suffix.js", array( 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'customize-models', '/wp-includes/js/customize-models.js', array( 'underscore', 'backbone' ), false, 1 ); $scripts->add( 'customize-views', '/wp-includes/js/customize-views.js', array( 'jquery', 'underscore', 'imgareaselect', 'customize-models', 'media-editor', 'media-views' ), false, 1 ); $scripts->add( 'customize-controls', "/wp-admin/js/customize-controls$suffix.js", array( 'customize-base', 'wp-a11y', 'wp-util', 'jquery-ui-core' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'customize-controls', '_wpCustomizeControlsL10n', array( 'activate' => __( 'Activate & Publish' ), 'save' => __( 'Save & Publish' ), // @todo Remove as not required. 'publish' => __( 'Publish' ), 'published' => __( 'Published' ), 'saveDraft' => __( 'Save Draft' ), 'draftSaved' => __( 'Draft Saved' ), 'updating' => __( 'Updating' ), 'schedule' => _x( 'Schedule', 'customizer changeset action/button label' ), 'scheduled' => _x( 'Scheduled', 'customizer changeset status' ), 'invalid' => __( 'Invalid' ), 'saveBeforeShare' => __( 'Please save your changes in order to share the preview.' ), 'futureDateError' => __( 'You must supply a future date to schedule.' ), 'saveAlert' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'saved' => __( 'Saved' ), 'cancel' => __( 'Cancel' ), 'close' => __( 'Close' ), 'action' => __( 'Action' ), 'discardChanges' => __( 'Discard changes' ), 'cheatin' => __( 'An error occurred. Please try again later.' ), 'notAllowedHeading' => __( 'You need a higher level of permission.' ), 'notAllowed' => __( 'Sorry, you are not allowed to customize this site.' ), 'previewIframeTitle' => __( 'Site Preview' ), 'loginIframeTitle' => __( 'Session expired' ), 'collapseSidebar' => _x( 'Hide Controls', 'label for hide controls button without length constraints' ), 'expandSidebar' => _x( 'Show Controls', 'label for hide controls button without length constraints' ), 'untitledBlogName' => __( '(Untitled)' ), 'unknownRequestFail' => __( 'Looks like something’s gone wrong. Wait a couple seconds, and then try again.' ), 'themeDownloading' => __( 'Downloading your new theme…' ), 'themePreviewWait' => __( 'Setting up your live preview. This may take a bit.' ), 'revertingChanges' => __( 'Reverting unpublished changes…' ), 'trashConfirm' => __( 'Are you sure you want to discard your unpublished changes?' ), /* translators: %s: Display name of the user who has taken over the changeset in customizer. */ 'takenOverMessage' => __( '%s has taken over and is currently customizing.' ), /* translators: %s: URL to the Customizer to load the autosaved version. */ 'autosaveNotice' => __( 'There is a more recent autosave of your changes than the one you are previewing. <a href="%s">Restore the autosave</a>' ), 'videoHeaderNotice' => __( 'This theme does not support video headers on this page. Navigate to the front page or another page that supports video headers.' ), // Used for overriding the file types allowed in Plupload. 'allowedFiles' => __( 'Allowed Files' ), 'customCssError' => array( /* translators: %d: Error count. */ 'singular' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 1 ), /* translators: %d: Error count. */ 'plural' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'pageOnFrontError' => __( 'Homepage and posts page must be different.' ), 'saveBlockedError' => array( /* translators: %s: Number of invalid settings. */ 'singular' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 1 ), /* translators: %s: Number of invalid settings. */ 'plural' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'scheduleDescription' => __( 'Schedule your customization changes to publish ("go live") at a future date.' ), 'themePreviewUnavailable' => __( 'Sorry, you cannot preview new themes when you have changes scheduled or saved as a draft. Please publish your changes, or wait until they publish to preview new themes.' ), 'themeInstallUnavailable' => sprintf( /* translators: %s: URL to Add Themes admin screen. */ __( 'You will not be able to install new themes from here yet since your install requires SFTP credentials. For now, please <a href="%s">add themes in the admin</a>.' ), esc_url( admin_url( 'theme-install.php' ) ) ), 'publishSettings' => __( 'Publish Settings' ), 'invalidDate' => __( 'Invalid date.' ), 'invalidValue' => __( 'Invalid value.' ), 'blockThemeNotification' => sprintf( /* translators: 1: Link to Site Editor documentation on HelpHub, 2: HTML button. */ __( 'Hurray! Your theme supports site editing with blocks. <a href="%1$s">Tell me more</a>. %2$s' ), __( 'https://wordpress.org/documentation/article/site-editor/' ), sprintf( '<button type="button" data-action="%1$s" class="button switch-to-editor">%2$s</button>', esc_url( admin_url( 'site-editor.php' ) ), __( 'Use Site Editor' ) ) ), ) ); $scripts->add( 'customize-selective-refresh', "/wp-includes/js/customize-selective-refresh$suffix.js", array( 'jquery', 'wp-util', 'customize-preview' ), false, 1 ); $scripts->add( 'customize-widgets', "/wp-admin/js/customize-widgets$suffix.js", array( 'jquery', 'jquery-ui-sortable', 'jquery-ui-droppable', 'wp-backbone', 'customize-controls' ), false, 1 ); $scripts->add( 'customize-preview-widgets', "/wp-includes/js/customize-preview-widgets$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu', 'wp-sanitize' ), false, 1 ); $scripts->add( 'customize-preview-nav-menus', "/wp-includes/js/customize-preview-nav-menus$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'wp-custom-header', "/wp-includes/js/wp-custom-header$suffix.js", array( 'wp-a11y' ), false, 1 ); $scripts->add( 'accordion', "/wp-admin/js/accordion$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'shortcode', "/wp-includes/js/shortcode$suffix.js", array( 'underscore' ), false, 1 ); $scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'wp-backbone' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array( 'settings' => array( 'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ), 'post' => array( 'id' => 0 ), ), ) ); $scripts->add( 'wp-embed', "/wp-includes/js/wp-embed$suffix.js" ); did_action( 'init' ) && $scripts->add_data( 'wp-embed', 'strategy', 'defer' ); /* * To enqueue media-views or media-editor, call wp_enqueue_media(). * Both rely on numerous settings, styles, and templates to operate correctly. */ $scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request', 'wp-a11y', 'clipboard' ), false, 1 ); $scripts->set_translations( 'media-views' ); $scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 ); $scripts->set_translations( 'media-editor' ); $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 ); $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 ); if ( is_admin() ) { $scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 ); $scripts->set_translations( 'admin-tags' ); $scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array( 'wp-lists', 'quicktags', 'jquery-query', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-comments' ); did_action( 'init' ) && $scripts->localize( 'admin-comments', 'adminCommentsSettings', array( 'hotkeys_highlight_first' => isset( $_GET['hotkeys_highlight_first'] ), 'hotkeys_highlight_last' => isset( $_GET['hotkeys_highlight_last'] ), ) ); $scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array( 'jquery-ui-sortable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'postbox' ); $scripts->add( 'tags-box', "/wp-admin/js/tags-box$suffix.js", array( 'jquery', 'tags-suggest' ), false, 1 ); $scripts->set_translations( 'tags-box' ); $scripts->add( 'tags-suggest', "/wp-admin/js/tags-suggest$suffix.js", array( 'common', 'jquery-ui-autocomplete', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'tags-suggest' ); $scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y', 'wp-sanitize', 'clipboard' ), false, 1 ); $scripts->set_translations( 'post' ); $scripts->add( 'editor-expand', "/wp-admin/js/editor-expand$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'link', "/wp-admin/js/link$suffix.js", array( 'wp-lists', 'postbox' ), false, 1 ); $scripts->add( 'comment', "/wp-admin/js/comment$suffix.js", array( 'jquery', 'postbox' ), false, 1 ); $scripts->set_translations( 'comment' ); $scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) ); $scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-widgets' ); $scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) ); $scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' ); $scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) ); $scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-gallery-widget', "/wp-admin/js/widgets/media-gallery-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) ); $scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) ); $scripts->add( 'custom-html-widgets', "/wp-admin/js/widgets/custom-html-widgets$suffix.js", array( 'jquery', 'backbone', 'wp-util', 'jquery-ui-core', 'wp-a11y' ) ); $scripts->add( 'theme', "/wp-admin/js/theme$suffix.js", array( 'wp-backbone', 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'inline-edit-post', "/wp-admin/js/inline-edit-post$suffix.js", array( 'jquery', 'tags-suggest', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-post' ); $scripts->add( 'inline-edit-tax', "/wp-admin/js/inline-edit-tax$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-tax' ); $scripts->add( 'plugin-install', "/wp-admin/js/plugin-install$suffix.js", array( 'jquery', 'jquery-ui-core', 'thickbox' ), false, 1 ); $scripts->set_translations( 'plugin-install' ); $scripts->add( 'site-health', "/wp-admin/js/site-health$suffix.js", array( 'clipboard', 'jquery', 'wp-util', 'wp-a11y', 'wp-api-request', 'wp-url', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'site-health' ); $scripts->add( 'privacy-tools', "/wp-admin/js/privacy-tools$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'privacy-tools' ); $scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'common', 'jquery', 'wp-util', 'wp-a11y', 'wp-sanitize', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'updates' ); did_action( 'init' ) && $scripts->localize( 'updates', '_wpUpdatesSettings', array( 'ajax_nonce' => wp_installing() ? '' : wp_create_nonce( 'updates' ), ) ); $scripts->add( 'farbtastic', '/wp-admin/js/farbtastic.js', array( 'jquery' ), '1.2' ); $scripts->add( 'iris', '/wp-admin/js/iris.min.js', array( 'jquery-ui-draggable', 'jquery-ui-slider', 'jquery-touch-punch' ), '1.1.1', 1 ); $scripts->add( 'wp-color-picker', "/wp-admin/js/color-picker$suffix.js", array( 'iris' ), false, 1 ); $scripts->set_translations( 'wp-color-picker' ); $scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'common', 'jquery', 'admin-comments', 'postbox', 'wp-util', 'wp-a11y', 'wp-date' ), false, 1 ); $scripts->set_translations( 'dashboard' ); $scripts->add( 'list-revisions', "/wp-includes/js/wp-list-revisions$suffix.js" ); $scripts->add( 'media-grid', "/wp-includes/js/media-grid$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'media', "/wp-admin/js/media$suffix.js", array( 'jquery', 'clipboard', 'wp-i18n', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'media' ); $scripts->add( 'image-edit', "/wp-admin/js/image-edit$suffix.js", array( 'jquery', 'jquery-ui-core', 'imgareaselect', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'image-edit' ); $scripts->add( 'set-post-thumbnail', "/wp-admin/js/set-post-thumbnail$suffix.js", array( 'jquery' ), false, 1 ); $scripts->set_translations( 'set-post-thumbnail' ); /* * Navigation Menus: Adding underscore as a dependency to utilize _.debounce * see https://core.trac.wordpress.org/ticket/42321 */ $scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-lists', 'postbox', 'underscore' ) ); $scripts->set_translations( 'nav-menu' ); $scripts->add( 'custom-header', '/wp-admin/js/custom-header.js', array( 'jquery-masonry' ), false, 1 ); $scripts->add( 'custom-background', "/wp-admin/js/custom-background$suffix.js", array( 'wp-color-picker', 'media-views' ), false, 1 ); $scripts->add( 'media-gallery', "/wp-admin/js/media-gallery$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'svg-painter', '/wp-admin/js/svg-painter.js', array( 'jquery' ), false, 1 ); } } /** * Assigns default styles to $styles object. * * Nothing is returned, because the $styles parameter is passed by reference. * Meaning that whatever object is passed will be updated without having to * reassign the variable that was passed back to the same value. This saves * memory. * * Adding default styles is not the only task, it also assigns the base_url * property, the default version, and text direction for the object. * * @since 2.6.0 * * @global array $editor_styles * * @param WP_Styles $styles */ function wp_default_styles( $styles ) { global $editor_styles; /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; if ( ! defined( 'SCRIPT_DEBUG' ) ) { /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ define( 'SCRIPT_DEBUG', false !== strpos( $wp_version, '-src' ) ); } $guessurl = site_url(); if ( ! $guessurl ) { $guessurl = wp_guess_url(); } $styles->base_url = $guessurl; $styles->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $styles->default_version = get_bloginfo( 'version' ); $styles->text_direction = function_exists( 'is_rtl' ) && is_rtl() ? 'rtl' : 'ltr'; $styles->default_dirs = array( '/wp-admin/', '/wp-includes/css/' ); // Open Sans is no longer used by core, but may be relied upon by themes and plugins. $open_sans_font_url = ''; /* * translators: If there are characters in your language that are not supported * by Open Sans, translate this to 'off'. Do not translate into your own language. */ if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) { $subsets = 'latin,latin-ext'; /* * translators: To add an additional Open Sans character subset specific to your language, * translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language. */ $subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' ); if ( 'cyrillic' === $subset ) { $subsets .= ',cyrillic,cyrillic-ext'; } elseif ( 'greek' === $subset ) { $subsets .= ',greek,greek-ext'; } elseif ( 'vietnamese' === $subset ) { $subsets .= ',vietnamese'; } // Hotlink Open Sans, for now. $open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets&display=fallback"; } // Register a stylesheet for the selected admin color scheme. $styles->add( 'colors', true, array( 'wp-admin', 'buttons' ) ); $suffix = SCRIPT_DEBUG ? '' : '.min'; // Admin CSS. $styles->add( 'common', "/wp-admin/css/common$suffix.css" ); $styles->add( 'forms', "/wp-admin/css/forms$suffix.css" ); $styles->add( 'admin-menu', "/wp-admin/css/admin-menu$suffix.css" ); $styles->add( 'dashboard', "/wp-admin/css/dashboard$suffix.css" ); $styles->add( 'list-tables', "/wp-admin/css/list-tables$suffix.css" ); $styles->add( 'edit', "/wp-admin/css/edit$suffix.css" ); $styles->add( 'revisions', "/wp-admin/css/revisions$suffix.css" ); $styles->add( 'media', "/wp-admin/css/media$suffix.css" ); $styles->add( 'themes', "/wp-admin/css/themes$suffix.css" ); $styles->add( 'about', "/wp-admin/css/about$suffix.css" ); $styles->add( 'nav-menus', "/wp-admin/css/nav-menus$suffix.css" ); $styles->add( 'widgets', "/wp-admin/css/widgets$suffix.css", array( 'wp-pointer' ) ); $styles->add( 'site-icon', "/wp-admin/css/site-icon$suffix.css" ); $styles->add( 'l10n', "/wp-admin/css/l10n$suffix.css" ); $styles->add( 'code-editor', "/wp-admin/css/code-editor$suffix.css", array( 'wp-codemirror' ) ); $styles->add( 'site-health', "/wp-admin/css/site-health$suffix.css" ); $styles->add( 'wp-admin', false, array( 'dashicons', 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n' ) ); $styles->add( 'login', "/wp-admin/css/login$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'install', "/wp-admin/css/install$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'wp-color-picker', "/wp-admin/css/color-picker$suffix.css" ); $styles->add( 'customize-controls', "/wp-admin/css/customize-controls$suffix.css", array( 'wp-admin', 'colors', 'imgareaselect' ) ); $styles->add( 'customize-widgets', "/wp-admin/css/customize-widgets$suffix.css", array( 'wp-admin', 'colors' ) ); $styles->add( 'customize-nav-menus', "/wp-admin/css/customize-nav-menus$suffix.css", array( 'wp-admin', 'colors' ) ); // Common dependencies. $styles->add( 'buttons', "/wp-includes/css/buttons$suffix.css" ); $styles->add( 'dashicons', "/wp-includes/css/dashicons$suffix.css" ); // Includes CSS. $styles->add( 'admin-bar', "/wp-includes/css/admin-bar$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-auth-check', "/wp-includes/css/wp-auth-check$suffix.css", array( 'dashicons' ) ); $styles->add( 'editor-buttons', "/wp-includes/css/editor$suffix.css", array( 'dashicons' ) ); $styles->add( 'media-views', "/wp-includes/css/media-views$suffix.css", array( 'buttons', 'dashicons', 'wp-mediaelement' ) ); $styles->add( 'wp-pointer', "/wp-includes/css/wp-pointer$suffix.css", array( 'dashicons' ) ); $styles->add( 'customize-preview', "/wp-includes/css/customize-preview$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-empty-template-alert', "/wp-includes/css/wp-empty-template-alert$suffix.css" ); // External libraries and friends. $styles->add( 'imgareaselect', '/wp-includes/js/imgareaselect/imgareaselect.css', array(), '0.9.8' ); $styles->add( 'wp-jquery-ui-dialog', "/wp-includes/css/jquery-ui-dialog$suffix.css", array( 'dashicons' ) ); $styles->add( 'mediaelement', '/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css', array(), '4.2.17' ); $styles->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.css", array( 'mediaelement' ) ); $styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ) ); $styles->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.css', array(), '5.29.1-alpha-ee20357' ); // Deprecated CSS. $styles->add( 'deprecated-media', "/wp-admin/css/deprecated-media$suffix.css" ); $styles->add( 'farbtastic', "/wp-admin/css/farbtastic$suffix.css", array(), '1.3u1' ); $styles->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.css', array(), '0.9.15' ); $styles->add( 'colors-fresh', false, array( 'wp-admin', 'buttons' ) ); // Old handle. $styles->add( 'open-sans', $open_sans_font_url ); // No longer used in core as of 4.6. $styles->add( 'wp-embed-template-ie', false ); $styles->add_data( 'wp-embed-template-ie', 'conditional', '_required-conditional-dependency_' ); // Noto Serif is no longer used by core, but may be relied upon by themes and plugins. $fonts_url = ''; /* * translators: Use this to specify the proper Google Font name and variants * to load that is supported by your language. Do not translate. * Set to 'off' to disable loading. */ $font_family = _x( 'Noto Serif:400,400i,700,700i', 'Google Font Name and Variants' ); if ( 'off' !== $font_family ) { $fonts_url = 'https://fonts.googleapis.com/css?family=' . urlencode( $font_family ); } $styles->add( 'wp-editor-font', $fonts_url ); // No longer used in core as of 5.7. $block_library_theme_path = WPINC . "/css/dist/block-library/theme$suffix.css"; $styles->add( 'wp-block-library-theme', "/$block_library_theme_path" ); $styles->add_data( 'wp-block-library-theme', 'path', ABSPATH . $block_library_theme_path ); $classic_theme_styles_path = WPINC . "/css/classic-themes$suffix.css"; $styles->add( 'classic-theme-styles', "/$classic_theme_styles_path" ); $styles->add_data( 'classic-theme-styles', 'path', ABSPATH . $classic_theme_styles_path ); $styles->add( 'wp-reset-editor-styles', "/wp-includes/css/dist/block-library/reset$suffix.css", array( 'common', 'forms' ) // Make sure the reset is loaded after the default WP Admin styles. ); $styles->add( 'wp-editor-classic-layout-styles', "/wp-includes/css/dist/edit-post/classic$suffix.css", array() ); $styles->add( 'wp-block-editor-content', "/wp-includes/css/dist/block-editor/content$suffix.css", array( 'wp-components' ) ); // Only add CONTENT styles here that should be enqueued in the iframe! $wp_edit_blocks_dependencies = array( 'wp-components', /* * This needs to be added before the block library styles, * The block library styles override the "reset" styles. */ 'wp-reset-editor-styles', 'wp-block-library', 'wp-block-editor-content', ); // Only load the default layout and margin styles for themes without theme.json file. if ( ! wp_theme_has_theme_json() ) { $wp_edit_blocks_dependencies[] = 'wp-editor-classic-layout-styles'; } if ( current_theme_supports( 'wp-block-styles' ) && ( ! is_array( $editor_styles ) || count( $editor_styles ) === 0 ) ) { /* * Include opinionated block styles if the theme supports block styles and * no $editor_styles are declared, so the editor never appears broken. */ $wp_edit_blocks_dependencies[] = 'wp-block-library-theme'; } $styles->add( 'wp-edit-blocks', "/wp-includes/css/dist/block-library/editor$suffix.css", $wp_edit_blocks_dependencies ); $package_styles = array( 'block-editor' => array( 'wp-components', 'wp-preferences' ), 'block-library' => array(), 'block-directory' => array(), 'components' => array(), 'commands' => array( 'wp-components' ), 'edit-post' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-commands', 'wp-preferences', ), 'editor' => array( 'wp-components', 'wp-block-editor', 'wp-reusable-blocks', 'wp-patterns', 'wp-preferences', ), 'format-library' => array(), 'list-reusable-blocks' => array( 'wp-components' ), 'reusable-blocks' => array( 'wp-components' ), 'patterns' => array( 'wp-components' ), 'preferences' => array( 'wp-components' ), 'nux' => array( 'wp-components' ), 'widgets' => array( 'wp-components', ), 'edit-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'customize-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'edit-site' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-commands', 'wp-preferences', ), ); foreach ( $package_styles as $package => $dependencies ) { $handle = 'wp-' . $package; $path = "/wp-includes/css/dist/$package/style$suffix.css"; if ( 'block-library' === $package && wp_should_load_separate_core_block_assets() ) { $path = "/wp-includes/css/dist/$package/common$suffix.css"; } $styles->add( $handle, $path, $dependencies ); $styles->add_data( $handle, 'path', ABSPATH . $path ); } // RTL CSS. $rtl_styles = array( // Admin CSS. 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n', 'install', 'wp-color-picker', 'customize-controls', 'customize-widgets', 'customize-nav-menus', 'customize-preview', 'login', 'site-health', 'wp-empty-template-alert', // Includes CSS. 'buttons', 'admin-bar', 'wp-auth-check', 'editor-buttons', 'media-views', 'wp-pointer', 'wp-jquery-ui-dialog', // Package styles. 'wp-reset-editor-styles', 'wp-editor-classic-layout-styles', 'wp-block-library-theme', 'wp-edit-blocks', 'wp-block-editor', 'wp-block-library', 'wp-block-directory', 'wp-commands', 'wp-components', 'wp-customize-widgets', 'wp-edit-post', 'wp-edit-site', 'wp-edit-widgets', 'wp-editor', 'wp-format-library', 'wp-list-reusable-blocks', 'wp-reusable-blocks', 'wp-patterns', 'wp-nux', 'wp-widgets', // Deprecated CSS. 'deprecated-media', 'farbtastic', ); foreach ( $rtl_styles as $rtl_style ) { $styles->add_data( $rtl_style, 'rtl', 'replace' ); if ( $suffix ) { $styles->add_data( $rtl_style, 'suffix', $suffix ); } } } /** * Reorders JavaScript scripts array to place prototype before jQuery. * * @since 2.3.1 * * @param string[] $js_array JavaScript scripts array * @return string[] Reordered array, if needed. */ function wp_prototype_before_jquery( $js_array ) { $prototype = array_search( 'prototype', $js_array, true ); if ( false === $prototype ) { return $js_array; } $jquery = array_search( 'jquery', $js_array, true ); if ( false === $jquery ) { return $js_array; } if ( $prototype < $jquery ) { return $js_array; } unset( $js_array[ $prototype ] ); array_splice( $js_array, $jquery, 0, 'prototype' ); return $js_array; } /** * Loads localized data on print rather than initialization. * * These localizations require information that may not be loaded even by init. * * @since 2.5.0 * * @global array $shortcode_tags */ function wp_just_in_time_script_localization() { wp_localize_script( 'autosave', 'autosaveL10n', array( 'autosaveInterval' => AUTOSAVE_INTERVAL, 'blog_id' => get_current_blog_id(), ) ); wp_localize_script( 'mce-view', 'mceViewL10n', array( 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); wp_localize_script( 'word-count', 'wordCountL10n', array( 'type' => wp_get_word_count_type(), 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); } /** * Localizes the jQuery UI datepicker. * * @since 4.6.0 * * @link https://api.jqueryui.com/datepicker/#options * * @global WP_Locale $wp_locale WordPress date and time locale object. */ function wp_localize_jquery_ui_datepicker() { global $wp_locale; if ( ! wp_script_is( 'jquery-ui-datepicker', 'enqueued' ) ) { return; } // Convert the PHP date format into jQuery UI's format. $datepicker_date_format = str_replace( array( 'd', 'j', 'l', 'z', // Day. 'F', 'M', 'n', 'm', // Month. 'Y', 'y', // Year. ), array( 'dd', 'd', 'DD', 'o', 'MM', 'M', 'm', 'mm', 'yy', 'y', ), get_option( 'date_format' ) ); $datepicker_defaults = wp_json_encode( array( 'closeText' => __( 'Close' ), 'currentText' => __( 'Today' ), 'monthNames' => array_values( $wp_locale->month ), 'monthNamesShort' => array_values( $wp_locale->month_abbrev ), 'nextText' => __( 'Next' ), 'prevText' => __( 'Previous' ), 'dayNames' => array_values( $wp_locale->weekday ), 'dayNamesShort' => array_values( $wp_locale->weekday_abbrev ), 'dayNamesMin' => array_values( $wp_locale->weekday_initial ), 'dateFormat' => $datepicker_date_format, 'firstDay' => absint( get_option( 'start_of_week' ) ), 'isRTL' => $wp_locale->is_rtl(), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); wp_add_inline_script( 'jquery-ui-datepicker', "jQuery(function(jQuery){jQuery.datepicker.setDefaults({$datepicker_defaults});});" ); } /** * Localizes community events data that needs to be passed to dashboard.js. * * @since 4.8.0 */ function wp_localize_community_events() { if ( ! wp_script_is( 'dashboard' ) ) { return; } require_once ABSPATH . 'wp-admin/includes/class-wp-community-events.php'; $user_id = get_current_user_id(); $saved_location = get_user_option( 'community-events-location', $user_id ); $saved_ip_address = isset( $saved_location['ip'] ) ? $saved_location['ip'] : false; $current_ip_address = WP_Community_Events::get_unsafe_client_ip(); /* * If the user's location is based on their IP address, then update their * location when their IP address changes. This allows them to see events * in their current city when travelling. Otherwise, they would always be * shown events in the city where they were when they first loaded the * Dashboard, which could have been months or years ago. */ if ( $saved_ip_address && $current_ip_address && $current_ip_address !== $saved_ip_address ) { $saved_location['ip'] = $current_ip_address; update_user_meta( $user_id, 'community-events-location', $saved_location ); } $events_client = new WP_Community_Events( $user_id, $saved_location ); wp_localize_script( 'dashboard', 'communityEventsData', array( 'nonce' => wp_create_nonce( 'community_events' ), 'cache' => $events_client->get_cached_events(), 'time_format' => get_option( 'time_format' ), ) ); } /** * Administration Screen CSS for changing the styles. * * If installing the 'wp-admin/' directory will be replaced with './'. * * The $_wp_admin_css_colors global manages the Administration Screens CSS * stylesheet that is loaded. The option that is set is 'admin_color' and is the * color and key for the array. The value for the color key is an object with * a 'url' parameter that has the URL path to the CSS file. * * The query from $src parameter will be appended to the URL that is given from * the $_wp_admin_css_colors array value URL. * * @since 2.6.0 * * @global array $_wp_admin_css_colors * * @param string $src Source URL. * @param string $handle Either 'colors' or 'colors-rtl'. * @return string|false URL path to CSS stylesheet for Administration Screens. */ function wp_style_loader_src( $src, $handle ) { global $_wp_admin_css_colors; if ( wp_installing() ) { return preg_replace( '#^wp-admin/#', './', $src ); } if ( 'colors' === $handle ) { $color = get_user_option( 'admin_color' ); if ( empty( $color ) || ! isset( $_wp_admin_css_colors[ $color ] ) ) { $color = 'fresh'; } $color = $_wp_admin_css_colors[ $color ]; $url = $color->url; if ( ! $url ) { return false; } $parsed = parse_url( $src ); if ( isset( $parsed['query'] ) && $parsed['query'] ) { wp_parse_str( $parsed['query'], $qv ); $url = add_query_arg( $qv, $url ); } return $url; } return $src; } /** * Prints the script queue in the HTML head on admin pages. * * Postpones the scripts that were queued for the footer. * print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @see wp_print_scripts() * * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_head_scripts() { global $concatenate_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } $wp_scripts = wp_scripts(); script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_head_items(); /** * Filters whether to print the head scripts. * * @since 2.8.0 * * @param bool $print Whether to print the head scripts. Default true. */ if ( apply_filters( 'print_head_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints the scripts that were queued for the footer or too late for the HTML head. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_footer_scripts() { global $wp_scripts, $concatenate_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if not instantiated. } script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_footer_items(); /** * Filters whether to print the footer scripts. * * @since 2.8.0 * * @param bool $print Whether to print the footer scripts. Default true. */ if ( apply_filters( 'print_footer_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints scripts (internal use only) * * @since 2.8.0 * * @ignore * * @global WP_Scripts $wp_scripts * @global bool $compress_scripts */ function _print_scripts() { global $wp_scripts, $compress_scripts; $zip = $compress_scripts ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_scripts->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'script' ) ? '' : " type='text/javascript'"; if ( $concat ) { if ( ! empty( $wp_scripts->print_code ) ) { echo "\n<script{$type_attr}>\n"; echo "/* <![CDATA[ */\n"; // Not needed in HTML 5. echo $wp_scripts->print_code; echo sprintf( "\n//# sourceURL=%s\n", rawurlencode( 'js-inline-concat-' . $concat ) ); echo "/* ]]> */\n"; echo "</script>\n"; } $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version; echo "<script{$type_attr} src='" . esc_attr( $src ) . "'></script>\n"; } if ( ! empty( $wp_scripts->print_html ) ) { echo $wp_scripts->print_html; } } /** * Prints the script queue in the HTML head on the front end. * * Postpones the scripts that were queued for the footer. * wp_print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * * @return string[] Handles of the scripts that were printed. */ function wp_print_head_scripts() { global $wp_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if nothing is queued. } return print_head_scripts(); } /** * Private, for use in *_footer_scripts hooks * * In classic themes, when block styles are loaded on demand via wp_load_classic_theme_block_styles_on_demand(), * this function is replaced by a closure in wp_hoist_late_printed_styles() which will capture the printing of * two sets of "late" styles to be hoisted to the HEAD by means of the template enhancement output buffer: * * 1. Styles related to blocks are inserted right after the wp-block-library stylesheet. * 2. All other styles are appended to the end of the HEAD. * * The closure calls print_footer_scripts() to print scripts in the footer as usual. * * @since 3.3.0 */ function _wp_footer_scripts() { print_late_styles(); print_footer_scripts(); } /** * Hooks to print the scripts and styles in the footer. * * @since 2.8.0 */ function wp_print_footer_scripts() { /** * Fires when footer scripts are printed. * * @since 2.8.0 */ do_action( 'wp_print_footer_scripts' ); } /** * Wrapper for do_action( 'wp_enqueue_scripts' ). * * Allows plugins to queue scripts for the front end using wp_enqueue_script(). * Runs first in wp_head() where all is_home(), is_page(), etc. functions are available. * * @since 2.8.0 */ function wp_enqueue_scripts() { /** * Fires when scripts and styles are enqueued. * * @since 2.8.0 */ do_action( 'wp_enqueue_scripts' ); } /** * Prints the styles queue in the HTML head on admin pages. * * @since 2.8.0 * * @global bool $concatenate_scripts * * @return string[] Handles of the styles that were printed. */ function print_admin_styles() { global $concatenate_scripts; $wp_styles = wp_styles(); script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_items( false ); /** * Filters whether to print the admin styles. * * @since 2.8.0 * * @param bool $print Whether to print the admin styles. Default true. */ if ( apply_filters( 'print_admin_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints the styles that were queued too late for the HTML head. * * @since 3.3.0 * * @global WP_Styles $wp_styles * @global bool $concatenate_scripts * * @return array|void */ function print_late_styles() { global $wp_styles, $concatenate_scripts; if ( ! ( $wp_styles instanceof WP_Styles ) ) { return; } script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_footer_items(); /** * Filters whether to print the styles queued too late for the HTML head. * * @since 3.3.0 * * @param bool $print Whether to print the 'late' styles. Default true. */ if ( apply_filters( 'print_late_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints styles (internal use only). * * @ignore * @since 3.3.0 * * @global bool $compress_css */ function _print_styles() { global $compress_css; $wp_styles = wp_styles(); $zip = $compress_css ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_styles->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; if ( $concat ) { $dir = $wp_styles->text_direction; $ver = $wp_styles->default_version; $concat_source_url = 'css-inline-concat-' . $concat; $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver; echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "'{$type_attr} media='all' />\n"; if ( ! empty( $wp_styles->print_code ) ) { echo "<style{$type_attr}>\n"; echo $wp_styles->print_code; echo sprintf( "\n/*# sourceURL=%s */", rawurlencode( $concat_source_url ) ); echo "\n</style>\n"; } } if ( ! empty( $wp_styles->print_html ) ) { echo $wp_styles->print_html; } } /** * Determines the concatenation and compression settings for scripts and styles. * * @since 2.8.0 * * @global bool $concatenate_scripts * @global bool $compress_scripts * @global bool $compress_css */ function script_concat_settings() { global $concatenate_scripts, $compress_scripts, $compress_css; $compressed_output = ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' === ini_get( 'output_handler' ) ); $can_compress_scripts = ! wp_installing() && get_site_option( 'can_compress_scripts' ); if ( ! isset( $concatenate_scripts ) ) { $concatenate_scripts = defined( 'CONCATENATE_SCRIPTS' ) ? CONCATENATE_SCRIPTS : true; if ( ( ! is_admin() && ! did_action( 'login_init' ) ) || ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ) { $concatenate_scripts = false; } } if ( ! isset( $compress_scripts ) ) { $compress_scripts = defined( 'COMPRESS_SCRIPTS' ) ? COMPRESS_SCRIPTS : true; if ( $compress_scripts && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_scripts = false; } } if ( ! isset( $compress_css ) ) { $compress_css = defined( 'COMPRESS_CSS' ) ? COMPRESS_CSS : true; if ( $compress_css && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_css = false; } } } /** * Handles the enqueueing of block scripts and styles that are common to both * the editor and the front-end. * * @since 5.0.0 */ function wp_common_block_scripts_and_styles() { if ( is_admin() && ! wp_should_load_block_editor_scripts_and_styles() ) { return; } wp_enqueue_style( 'wp-block-library' ); if ( current_theme_supports( 'wp-block-styles' ) && ! wp_should_load_separate_core_block_assets() ) { wp_enqueue_style( 'wp-block-library-theme' ); } /** * Fires after enqueuing block assets for both editor and front-end. * * Call `add_action` on any hook before 'wp_enqueue_scripts'. * * In the function call you supply, simply use `wp_enqueue_script` and * `wp_enqueue_style` to add your functionality to the Gutenberg editor. * * @since 5.0.0 */ do_action( 'enqueue_block_assets' ); } /** * Applies a filter to the list of style nodes that comes from WP_Theme_JSON::get_style_nodes(). * * This particular filter removes all of the blocks from the array. * * We want WP_Theme_JSON to be ignorant of the implementation details of how the CSS is being used. * This filter allows us to modify the output of WP_Theme_JSON depending on whether or not we are * loading separate assets, without making the class aware of that detail. * * @since 6.1.0 * * @param array $nodes The nodes to filter. * @return array A filtered array of style nodes. */ function wp_filter_out_block_nodes( $nodes ) { return array_filter( $nodes, static function ( $node ) { return ! in_array( 'blocks', $node['path'], true ); }, ARRAY_FILTER_USE_BOTH ); } /** * Enqueues the global styles defined via theme.json. * * @since 5.8.0 */ function wp_enqueue_global_styles() { $assets_on_demand = wp_should_load_block_assets_on_demand(); $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * Global styles should be printed in the head for block themes, or for classic themes when loading assets on * demand is disabled, which is the default. * The footer should only be used for classic themes when loading assets on demand is enabled. * * See https://core.trac.wordpress.org/ticket/53494 and https://core.trac.wordpress.org/ticket/61965. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_footer' ) && ! $assets_on_demand ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) && $assets_on_demand ) ) { return; } /* * If loading the CSS for each block separately, then load the theme.json CSS conditionally. * This removes the CSS from the global-styles stylesheet and adds it to the inline CSS for each block. * This filter must be registered before calling wp_get_global_stylesheet(); */ add_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' ); $stylesheet = wp_get_global_stylesheet(); if ( $is_block_theme ) { /* * Dequeue the Customizer's custom CSS * and add it before the global styles custom CSS. */ remove_action( 'wp_head', 'wp_custom_css_cb', 101 ); /* * Get the custom CSS from the Customizer and add it to the global stylesheet. * Always do this in Customizer preview for the sake of live preview since it be empty. */ $custom_css = trim( wp_get_custom_css() ); if ( $custom_css || is_customize_preview() ) { if ( is_customize_preview() ) { /* * When in the Customizer preview, wrap the Custom CSS in milestone comments to allow customize-preview.js * to locate the CSS to replace for live previewing. Make sure that the milestone comments are omitted from * the stored Custom CSS if by chance someone tried to add them, which would be highly unlikely, but it * would break live previewing. */ $before_milestone = '/*BEGIN_CUSTOMIZER_CUSTOM_CSS*/'; $after_milestone = '/*END_CUSTOMIZER_CUSTOM_CSS*/'; $custom_css = str_replace( array( $before_milestone, $after_milestone ), '', $custom_css ); $custom_css = $before_milestone . "\n" . $custom_css . "\n" . $after_milestone; } $custom_css = "\n" . $custom_css; } $stylesheet .= $custom_css; // Add the global styles custom CSS at the end. $stylesheet .= wp_get_global_stylesheet( array( 'custom-css' ) ); } if ( empty( $stylesheet ) ) { return; } wp_register_style( 'global-styles', false ); wp_add_inline_style( 'global-styles', $stylesheet ); wp_enqueue_style( 'global-styles' ); // Add each block as an inline css. wp_add_global_styles_for_blocks(); } /** * Checks if the editor scripts and styles for all registered block types * should be enqueued on the current screen. * * @since 5.6.0 * * @global WP_Screen $current_screen WordPress current screen object. * * @return bool Whether scripts and styles should be enqueued. */ function wp_should_load_block_editor_scripts_and_styles() { global $current_screen; $is_block_editor_screen = ( $current_screen instanceof WP_Screen ) && $current_screen->is_block_editor(); /** * Filters the flag that decides whether or not block editor scripts and styles * are going to be enqueued on the current screen. * * @since 5.6.0 * * @param bool $is_block_editor_screen Current value of the flag. */ return apply_filters( 'should_load_block_editor_scripts_and_styles', $is_block_editor_screen ); } /** * Checks whether separate styles should be loaded for core blocks. * * When this function returns true, other functions ensure that core blocks use their own separate stylesheets. * When this function returns false, all core blocks will use the single combined 'wp-block-library' stylesheet. * * As a side effect, the return value will by default result in block assets to be loaded on demand, via the * {@see wp_should_load_block_assets_on_demand()} function. This behavior can be separately altered via that function. * * This only affects front end and not the block editor screens. * * @since 5.8.0 * @see @see wp_should_load_block_assets_on_demand() * @see wp_enqueue_registered_block_scripts_and_styles() * @see register_block_style_handle() * * @return bool Whether separate core block assets will be loaded. */ function wp_should_load_separate_core_block_assets() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /** * Filters whether block styles should be loaded separately. * * Returning false loads all core block assets, regardless of whether they are rendered * in a page or not. Returning true loads core block assets only when they are rendered. * * @since 5.8.0 * * @param bool $load_separate_assets Whether separate assets will be loaded. * Default false (all block assets are loaded, even when not used). */ return apply_filters( 'should_load_separate_core_block_assets', false ); } /** * Checks whether block styles should be loaded only on-render. * * When this function returns true, other functions ensure that blocks only load their assets on-render. * When this function returns false, all block assets are loaded regardless of whether they are rendered in a page. * * The default return value depends on the result of {@see wp_should_load_separate_core_block_assets()}, which controls * whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' stylesheet. * * This only affects front end and not the block editor screens. * * @since 6.8.0 * @see wp_should_load_separate_core_block_assets() * * @return bool Whether to load block assets only when they are rendered. */ function wp_should_load_block_assets_on_demand() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /* * For backward compatibility, the default return value for this function is based on the return value of * `wp_should_load_separate_core_block_assets()`. Initially, this function used to control both of these concerns. */ $load_assets_on_demand = wp_should_load_separate_core_block_assets(); /** * Filters whether block styles should be loaded on demand. * * Returning false loads all block assets, regardless of whether they are rendered in a page or not. * Returning true loads block assets only when they are rendered. * * The default value of the filter depends on the result of {@see wp_should_load_separate_core_block_assets()}, * which controls whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' * stylesheet. * * @since 6.8.0 * * @param bool $load_assets_on_demand Whether to load block assets only when they are rendered. */ return apply_filters( 'should_load_block_assets_on_demand', $load_assets_on_demand ); } /** * Enqueues registered block scripts and styles, depending on current rendered * context (only enqueuing editor scripts while in context of the editor). * * @since 5.0.0 */ function wp_enqueue_registered_block_scripts_and_styles() { if ( wp_should_load_block_assets_on_demand() ) { return; } $load_editor_scripts_and_styles = is_admin() && wp_should_load_block_editor_scripts_and_styles(); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Block styles are only enqueued if they're registered. For core blocks, this is only the case if * `wp_should_load_separate_core_block_assets()` returns true. Otherwise they use the single combined * 'wp-block-library` stylesheet. See also `register_core_block_style_handles()`. * Since `wp_enqueue_style()` does not trigger warnings if the style is not registered, it is okay to not cater for * this behavior here and simply call `wp_enqueue_style()` unconditionally. */ foreach ( $block_registry->get_all_registered() as $block_name => $block_type ) { // Front-end and editor styles. foreach ( $block_type->style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } // Front-end and editor scripts. foreach ( $block_type->script_handles as $script_handle ) { wp_enqueue_script( $script_handle ); } if ( $load_editor_scripts_and_styles ) { // Editor styles. foreach ( $block_type->editor_style_handles as $editor_style_handle ) { wp_enqueue_style( $editor_style_handle ); } // Editor scripts. foreach ( $block_type->editor_script_handles as $editor_script_handle ) { wp_enqueue_script( $editor_script_handle ); } } } } /** * Function responsible for enqueuing the styles required for block styles functionality on the editor and on the frontend. * * @since 5.3.0 * * @global WP_Styles $wp_styles */ function enqueue_block_styles_assets() { global $wp_styles; $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { if ( isset( $style_properties['style_handle'] ) ) { // If the site loads block styles on demand, enqueue the stylesheet on render. if ( wp_should_load_block_assets_on_demand() ) { add_filter( 'render_block', static function ( $html, $block ) use ( $block_name, $style_properties ) { if ( $block['blockName'] === $block_name ) { wp_enqueue_style( $style_properties['style_handle'] ); } return $html; }, 10, 2 ); } else { wp_enqueue_style( $style_properties['style_handle'] ); } } if ( isset( $style_properties['inline_style'] ) ) { // Default to "wp-block-library". $handle = 'wp-block-library'; // If the site loads block styles on demand, check if the block has a stylesheet registered. if ( wp_should_load_block_assets_on_demand() ) { $block_stylesheet_handle = generate_block_asset_handle( $block_name, 'style' ); if ( isset( $wp_styles->registered[ $block_stylesheet_handle ] ) ) { $handle = $block_stylesheet_handle; } } // Add inline styles to the calculated handle. wp_add_inline_style( $handle, $style_properties['inline_style'] ); } } } } /** * Function responsible for enqueuing the assets required for block styles functionality on the editor. * * @since 5.3.0 */ function enqueue_editor_block_styles_assets() { $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); $register_script_lines = array( '( function() {' ); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { $block_style = array( 'name' => $style_properties['name'], 'label' => $style_properties['label'], ); if ( isset( $style_properties['is_default'] ) ) { $block_style['isDefault'] = $style_properties['is_default']; } $register_script_lines[] = sprintf( ' wp.blocks.registerBlockStyle( \'%s\', %s );', $block_name, wp_json_encode( $block_style, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); } } $register_script_lines[] = '} )();'; $inline_script = implode( "\n", $register_script_lines ); wp_register_script( 'wp-block-styles', false, array( 'wp-blocks' ), true, array( 'in_footer' => true ) ); wp_add_inline_script( 'wp-block-styles', $inline_script ); wp_enqueue_script( 'wp-block-styles' ); } /** * Enqueues the assets required for the block directory within the block editor. * * @since 5.5.0 */ function wp_enqueue_editor_block_directory_assets() { wp_enqueue_script( 'wp-block-directory' ); wp_enqueue_style( 'wp-block-directory' ); } /** * Enqueues the assets required for the format library within the block editor. * * @since 5.8.0 */ function wp_enqueue_editor_format_library_assets() { wp_enqueue_script( 'wp-format-library' ); wp_enqueue_style( 'wp-format-library' ); } /** * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag. * * Automatically injects type attribute if needed. * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String made of sanitized `<script>` tag attributes. */ function wp_sanitize_script_attributes( $attributes ) { $html5_script_support = is_admin() || current_theme_supports( 'html5', 'script' ); $attributes_string = ''; /* * If HTML5 script tag is supported, only the attribute name is added * to $attributes_string for entries with a boolean value, and that are true. */ foreach ( $attributes as $attribute_name => $attribute_value ) { if ( is_bool( $attribute_value ) ) { if ( $attribute_value ) { $attributes_string .= $html5_script_support ? ' ' . esc_attr( $attribute_name ) : sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ); } } else { $attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) ); } } return $attributes_string; } /** * Formats `<script>` loader tags. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String containing `<script>` opening and closing tags. */ function wp_get_script_tag( $attributes ) { if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. */ $attributes = apply_filters( 'wp_script_attributes', $attributes ); return sprintf( "<script%s></script>\n", wp_sanitize_script_attributes( $attributes ) ); } /** * Prints formatted `<script>` loader tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. */ function wp_print_script_tag( $attributes ) { echo wp_get_script_tag( $attributes ); } /** * Constructs an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. * @return string String containing inline JavaScript code wrapped around `<script>` tag. */ function wp_get_inline_script_tag( $data, $attributes = array() ) { $is_html5 = current_theme_supports( 'html5', 'script' ) || is_admin(); if ( ! isset( $attributes['type'] ) && ! $is_html5 ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /* * XHTML extracts the contents of the SCRIPT element and then the XML parser * decodes character references and other syntax elements. This can lead to * misinterpretation of the script contents or invalid XHTML documents. * * Wrapping the contents in a CDATA section instructs the XML parser not to * transform the contents of the SCRIPT element before passing them to the * JavaScript engine. * * Example: * * <script>console.log('…');</script> * * In an HTML document this would print "…" to the console, * but in an XHTML document it would print "…" to the console. * * <script>console.log('An image is <img> in HTML');</script> * * In an HTML document this would print "An image is <img> in HTML", * but it's an invalid XHTML document because it interprets the `<img>` * as an empty tag missing its closing `/`. * * @see https://www.w3.org/TR/xhtml1/#h-4.8 */ if ( ! $is_html5 && ( ! isset( $attributes['type'] ) || 'module' === $attributes['type'] || str_contains( $attributes['type'], 'javascript' ) || str_contains( $attributes['type'], 'ecmascript' ) || str_contains( $attributes['type'], 'jscript' ) || str_contains( $attributes['type'], 'livescript' ) ) ) { /* * If the string `]]>` exists within the JavaScript it would break * out of any wrapping CDATA section added here, so to start, it's * necessary to escape that sequence which requires splitting the * content into two CDATA sections wherever it's found. * * Note: it's only necessary to escape the closing `]]>` because * an additional `<![CDATA[` leaves the contents unchanged. */ $data = str_replace( ']]>', ']]]]><![CDATA[>', $data ); // Wrap the entire escaped script inside a CDATA section. $data = sprintf( "/* <![CDATA[ */\n%s\n/* ]]> */", $data ); } $data = "\n" . trim( $data, "\n\r " ) . "\n"; /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. * @param string $data Inline data. */ $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $data ); } /** * Prints an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. */ function wp_print_inline_script_tag( $data, $attributes = array() ) { echo wp_get_inline_script_tag( $data, $attributes ); } /** * Allows small styles to be inlined. * * This improves performance and sustainability, and is opt-in. Stylesheets can opt in * by adding `path` data using `wp_style_add_data`, and defining the file's absolute path: * * wp_style_add_data( $style_handle, 'path', $file_path ); * * @since 5.8.0 * * @global WP_Styles $wp_styles */ function wp_maybe_inline_styles() { global $wp_styles; $total_inline_limit = 40000; /** * The maximum size of inlined styles in bytes. * * @since 5.8.0 * @since 6.9.0 The default limit increased from 20K to 40K. * * @param int $total_inline_limit The file-size threshold, in bytes. Default 40000. */ $total_inline_limit = apply_filters( 'styles_inline_size_limit', $total_inline_limit ); $styles = array(); // Build an array of styles that have a path defined. foreach ( $wp_styles->queue as $handle ) { if ( ! isset( $wp_styles->registered[ $handle ] ) ) { continue; } $src = $wp_styles->registered[ $handle ]->src; $path = $wp_styles->get_data( $handle, 'path' ); if ( $path && $src ) { $size = wp_filesize( $path ); if ( ! $size ) { continue; } $styles[] = array( 'handle' => $handle, 'src' => $src, 'path' => $path, 'size' => $size, ); } } if ( ! empty( $styles ) ) { // Reorder styles array based on size. usort( $styles, static function ( $a, $b ) { return ( $a['size'] <= $b['size'] ) ? -1 : 1; } ); /* * The total inlined size. * * On each iteration of the loop, if a style gets added inline the value of this var increases * to reflect the total size of inlined styles. */ $total_inline_size = 0; // Loop styles. foreach ( $styles as $style ) { // Size check. Since styles are ordered by size, we can break the loop. if ( $total_inline_size + $style['size'] > $total_inline_limit ) { break; } // Get the styles if we don't already have them. $style['css'] = file_get_contents( $style['path'] ); /* * Check if the style contains relative URLs that need to be modified. * URLs relative to the stylesheet's path should be converted to relative to the site's root. */ $style['css'] = _wp_normalize_relative_css_links( $style['css'], $style['src'] ); // Keep track of the original `src` for the style that was inlined so that the `sourceURL` comment can be added. $wp_styles->add_data( $style['handle'], 'inlined_src', $style['src'] ); // Set `src` to `false` and add styles inline. $wp_styles->registered[ $style['handle'] ]->src = false; if ( empty( $wp_styles->registered[ $style['handle'] ]->extra['after'] ) ) { $wp_styles->registered[ $style['handle'] ]->extra['after'] = array(); } array_unshift( $wp_styles->registered[ $style['handle'] ]->extra['after'], $style['css'] ); // Add the styles size to the $total_inline_size var. $total_inline_size += (int) $style['size']; } } } /** * Makes URLs relative to the WordPress installation. * * @since 5.9.0 * @access private * * @param string $css The CSS to make URLs relative to the WordPress installation. * @param string $stylesheet_url The URL to the stylesheet. * * @return string The CSS with URLs made relative to the WordPress installation. */ function _wp_normalize_relative_css_links( $css, $stylesheet_url ) { return preg_replace_callback( '#(url\s*\(\s*[\'"]?\s*)([^\'"\)]+)#', static function ( $matches ) use ( $stylesheet_url ) { list( , $prefix, $url ) = $matches; // Short-circuit if the URL does not require normalization. if ( str_starts_with( $url, 'http:' ) || str_starts_with( $url, 'https:' ) || str_starts_with( $url, '/' ) || str_starts_with( $url, '#' ) || str_starts_with( $url, 'data:' ) ) { return $matches[0]; } // Build the absolute URL. $absolute_url = dirname( $stylesheet_url ) . '/' . $url; $absolute_url = str_replace( '/./', '/', $absolute_url ); // Convert to URL related to the site root. $url = wp_make_link_relative( $absolute_url ); return $prefix . $url; }, $css ); } /** * Function that enqueues the CSS Custom Properties coming from theme.json. * * @since 5.9.0 */ function wp_enqueue_global_styles_css_custom_properties() { wp_register_style( 'global-styles-css-custom-properties', false ); wp_add_inline_style( 'global-styles-css-custom-properties', wp_get_global_stylesheet( array( 'variables' ) ) ); wp_enqueue_style( 'global-styles-css-custom-properties' ); } /** * Hooks inline styles in the proper place, depending on the active theme. * * @since 5.9.1 * @since 6.1.0 Added the `$priority` parameter. * * For block themes, styles are loaded in the head. * For classic ones, styles are loaded in the body because the wp_head action happens before render_block. * * @link https://core.trac.wordpress.org/ticket/53494. * * @param string $style String containing the CSS styles to be added. * @param int $priority To set the priority for the add_action. */ function wp_enqueue_block_support_styles( $style, $priority = 10 ) { $action_hook_name = 'wp_footer'; if ( wp_is_block_theme() ) { $action_hook_name = 'wp_head'; } add_action( $action_hook_name, static function () use ( $style ) { echo "<style>$style</style>\n"; }, $priority ); } /** * Fetches, processes and compiles stored core styles, then combines and renders them to the page. * Styles are stored via the style engine API. * * @link https://developer.wordpress.org/block-editor/reference-guides/packages/packages-style-engine/ * * @since 6.1.0 * * @param array $options { * Optional. An array of options to pass to wp_style_engine_get_stylesheet_from_context(). * Default empty array. * * @type bool $optimize Whether to optimize the CSS output, e.g., combine rules. * Default false. * @type bool $prettify Whether to add new lines and indents to output. * Default to whether the `SCRIPT_DEBUG` constant is defined. * } */ function wp_enqueue_stored_styles( $options = array() ) { // Note: Styles printed at wp_footer for classic themes may still end up in the head due to wp_load_classic_theme_block_styles_on_demand(). $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * For block themes, this function prints stored styles in the header. * For classic themes, in the footer. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) ) ) { return; } $core_styles_keys = array( 'block-supports' ); $compiled_core_stylesheet = ''; $style_tag_id = 'core'; // Adds comment if code is prettified to identify core styles sections in debugging. $should_prettify = isset( $options['prettify'] ) ? true === $options['prettify'] : defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG; foreach ( $core_styles_keys as $style_key ) { if ( $should_prettify ) { $compiled_core_stylesheet .= "/**\n * Core styles: $style_key\n */\n"; } // Chains core store ids to signify what the styles contain. $style_tag_id .= '-' . $style_key; $compiled_core_stylesheet .= wp_style_engine_get_stylesheet_from_context( $style_key, $options ); } // Combines Core styles. if ( ! empty( $compiled_core_stylesheet ) ) { wp_register_style( $style_tag_id, false ); wp_add_inline_style( $style_tag_id, $compiled_core_stylesheet ); wp_enqueue_style( $style_tag_id ); } // Prints out any other stores registered by themes or otherwise. $additional_stores = WP_Style_Engine_CSS_Rules_Store::get_stores(); foreach ( array_keys( $additional_stores ) as $store_name ) { if ( in_array( $store_name, $core_styles_keys, true ) ) { continue; } $styles = wp_style_engine_get_stylesheet_from_context( $store_name, $options ); if ( ! empty( $styles ) ) { $key = "wp-style-engine-$store_name"; wp_register_style( $key, false ); wp_add_inline_style( $key, $styles ); wp_enqueue_style( $key ); } } } /** * Enqueues a stylesheet for a specific block. * * If the theme has opted-in to load block styles on demand, * then the stylesheet will be enqueued on-render, * otherwise when the block inits. * * @since 5.9.0 * * @param string $block_name The block-name, including namespace. * @param array $args { * An array of arguments. See wp_register_style() for full information about each argument. * * @type string $handle The handle for the stylesheet. * @type string|false $src The source URL of the stylesheet. * @type string[] $deps Array of registered stylesheet handles this stylesheet depends on. * @type string|bool|null $ver Stylesheet version number. * @type string $media The media for which this stylesheet has been defined. * @type string|null $path Absolute path to the stylesheet, so that it can potentially be inlined. * } */ function wp_enqueue_block_style( $block_name, $args ) { $args = wp_parse_args( $args, array( 'handle' => '', 'src' => '', 'deps' => array(), 'ver' => false, 'media' => 'all', ) ); /** * Callback function to register and enqueue styles. * * @param string $content When the callback is used for the render_block filter, * the content needs to be returned so the function parameter * is to ensure the content exists. * @return string Block content. */ $callback = static function ( $content ) use ( $args ) { // Register the stylesheet. if ( ! empty( $args['src'] ) ) { wp_register_style( $args['handle'], $args['src'], $args['deps'], $args['ver'], $args['media'] ); } // Add `path` data if provided. if ( isset( $args['path'] ) ) { wp_style_add_data( $args['handle'], 'path', $args['path'] ); // Get the RTL file path. $rtl_file_path = str_replace( '.css', '-rtl.css', $args['path'] ); // Add RTL stylesheet. if ( file_exists( $rtl_file_path ) ) { wp_style_add_data( $args['handle'], 'rtl', 'replace' ); if ( is_rtl() ) { wp_style_add_data( $args['handle'], 'path', $rtl_file_path ); } } } // Enqueue the stylesheet. wp_enqueue_style( $args['handle'] ); return $content; }; $hook = did_action( 'wp_enqueue_scripts' ) ? 'wp_footer' : 'wp_enqueue_scripts'; if ( wp_should_load_block_assets_on_demand() ) { /** * Callback function to register and enqueue styles. * * @param string $content The block content. * @param array $block The full block, including name and attributes. * @return string Block content. */ $callback_separate = static function ( $content, $block ) use ( $block_name, $callback ) { if ( ! empty( $block['blockName'] ) && $block_name === $block['blockName'] ) { return $callback( $content ); } return $content; }; /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( 'render_block', $callback_separate, 10, 2 ); return; } /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( $hook, $callback ); // Enqueue assets in the editor. add_action( 'enqueue_block_assets', $callback ); } /** * Loads classic theme styles on classic themes in the frontend. * * This is used for backwards compatibility for Button and File blocks specifically. * * @since 6.1.0 * @since 6.2.0 Added File block styles. * @since 6.8.0 Moved stylesheet registration outside of this function. */ function wp_enqueue_classic_theme_styles() { if ( ! wp_theme_has_theme_json() ) { wp_enqueue_style( 'classic-theme-styles' ); } } /** * Enqueues the assets required for the Command Palette. * * @since 6.9.0 * * @global array $menu * @global array $submenu */ function wp_enqueue_command_palette_assets() { global $menu, $submenu; $command_palette_settings = array( 'is_network_admin' => is_network_admin(), ); if ( $menu ) { $menu_commands = array(); foreach ( $menu as $menu_item ) { if ( empty( $menu_item[0] ) || ! empty( $menu_item[1] ) && ! current_user_can( $menu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $menu_label = $menu_item[0]; while ( preg_match( '/<[^>]*>/', $menu_label ) ) { $menu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $menu_label ); } $menu_label = trim( $menu_label ); $menu_url = ''; $menu_slug = $menu_item[2]; if ( preg_match( '/\.php($|\?)/', $menu_slug ) || wp_http_validate_url( $menu_slug ) ) { $menu_url = $menu_slug; } elseif ( ! empty( menu_page_url( $menu_slug, false ) ) ) { $menu_url = html_entity_decode( menu_page_url( $menu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $menu_url ) { $menu_commands[] = array( 'label' => $menu_label, 'url' => $menu_url, 'name' => $menu_slug, ); } if ( array_key_exists( $menu_slug, $submenu ) ) { foreach ( $submenu[ $menu_slug ] as $submenu_item ) { if ( empty( $submenu_item[0] ) || ! empty( $submenu_item[1] ) && ! current_user_can( $submenu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $submenu_label = $submenu_item[0]; while ( preg_match( '/<[^>]*>/', $submenu_label ) ) { $submenu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $submenu_label ); } $submenu_label = trim( $submenu_label ); $submenu_url = ''; $submenu_slug = $submenu_item[2]; if ( preg_match( '/\.php($|\?)/', $submenu_slug ) || wp_http_validate_url( $submenu_slug ) ) { $submenu_url = $submenu_slug; } elseif ( ! empty( menu_page_url( $submenu_slug, false ) ) ) { $submenu_url = html_entity_decode( menu_page_url( $submenu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $submenu_url ) { $menu_commands[] = array( 'label' => sprintf( /* translators: 1: Menu label, 2: Submenu label. */ __( '%1$s > %2$s' ), $menu_label, $submenu_label ), 'url' => $submenu_url, 'name' => $menu_slug . '-' . $submenu_item[2], ); } } } } $command_palette_settings['menu_commands'] = $menu_commands; } wp_enqueue_script( 'wp-commands' ); wp_enqueue_style( 'wp-commands' ); wp_enqueue_script( 'wp-core-commands' ); wp_add_inline_script( 'wp-core-commands', sprintf( 'wp.coreCommands.initializeCommandPalette( %s );', wp_json_encode( $command_palette_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); } /** * Removes leading and trailing _empty_ script tags. * * This is a helper meant to be used for literal script tag construction * within `wp_get_inline_script_tag()` or `wp_print_inline_script_tag()`. * It removes the literal values of "<script>" and "</script>" from * around an inline script after trimming whitespace. Typically this * is used in conjunction with output buffering, where `ob_get_clean()` * is passed as the `$contents` argument. * * Example: * * // Strips exact literal empty SCRIPT tags. * $js = '<script>sayHello();</script>; * 'sayHello();' === wp_remove_surrounding_empty_script_tags( $js ); * * // Otherwise if anything is different it warns in the JS console. * $js = '<script type="text/javascript">console.log( "hi" );</script>'; * 'console.error( ... )' === wp_remove_surrounding_empty_script_tags( $js ); * * @since 6.4.0 * @access private * * @see wp_print_inline_script_tag() * @see wp_get_inline_script_tag() * * @param string $contents Script body with manually created SCRIPT tag literals. * @return string Script body without surrounding script tag literals, or * original contents if both exact literals aren't present. */ function wp_remove_surrounding_empty_script_tags( $contents ) { $contents = trim( $contents ); $opener = '<SCRIPT>'; $closer = '</SCRIPT>'; if ( strlen( $contents ) > strlen( $opener ) + strlen( $closer ) && strtoupper( substr( $contents, 0, strlen( $opener ) ) ) === $opener && strtoupper( substr( $contents, -strlen( $closer ) ) ) === $closer ) { return substr( $contents, strlen( $opener ), -strlen( $closer ) ); } else { $error_message = __( 'Expected string to start with script tag (without attributes) and end with script tag, with optional whitespace.' ); _doing_it_wrong( __FUNCTION__, $error_message, '6.4' ); return sprintf( 'console.error(%s)', wp_json_encode( sprintf( /* translators: %s: wp_remove_surrounding_empty_script_tags() */ __( 'Function %s used incorrectly in PHP.' ), 'wp_remove_surrounding_empty_script_tags()' ) . ' ' . $error_message ) ); } } /** * Adds hooks to load block styles on demand in classic themes. * * @since 6.9.0 * * @see _add_default_theme_supports() */ function wp_load_classic_theme_block_styles_on_demand() { // This is not relevant to block themes, as they are opted in to loading separate styles on demand via _add_default_theme_supports(). if ( wp_is_block_theme() ) { return; } /* * Make sure that wp_should_output_buffer_template_for_enhancement() returns true even if there aren't any * `wp_template_enhancement_output_buffer` filters added, but do so at priority zero so that applications which * wish to stream responses can more easily turn this off. */ add_filter( 'wp_should_output_buffer_template_for_enhancement', '__return_true', 0 ); // If a site has opted out of the template enhancement output buffer, then bail. if ( ! wp_should_output_buffer_template_for_enhancement() ) { return; } // The following two filters are added by default for block themes in _add_default_theme_supports(). /* * Load separate block styles so that the large block-library stylesheet is not enqueued unconditionally, and so * that block-specific styles will only be enqueued when they are used on the page. A priority of zero allows for * this to be easily overridden by themes which wish to opt out. If a site has explicitly opted out of loading * separate block styles, then abort. */ add_filter( 'should_load_separate_core_block_assets', '__return_true', 0 ); if ( ! wp_should_load_separate_core_block_assets() ) { return; } /* * Also ensure that block assets are loaded on demand (although the default value is from should_load_separate_core_block_assets). * As above, a priority of zero allows for this to be easily overridden by themes which wish to opt out. If a site * has explicitly opted out of loading block styles on demand, then abort. */ add_filter( 'should_load_block_assets_on_demand', '__return_true', 0 ); if ( ! wp_should_load_block_assets_on_demand() ) { return; } // Add hooks which require the presence of the output buffer. Ideally the above two filters could be added here, but they run too early. add_action( 'wp_template_enhancement_output_buffer_started', 'wp_hoist_late_printed_styles' ); } /** * Adds the hooks needed for CSS output to be delayed until after the content of the page has been established. * * @since 6.9.0 * * @see wp_load_classic_theme_block_styles_on_demand() * @see _wp_footer_scripts() */ function wp_hoist_late_printed_styles() { // Skip the embed template on-demand styles aren't relevant, and there is no wp_head action. if ( is_embed() ) { return; } // Capture the styles enqueued at the enqueue_block_assets action, so that non-core block styles and global styles can be inserted afterwards during hoisting. $style_handles_at_enqueue_block_assets = array(); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = wp_styles()->queue; }, PHP_INT_MIN ); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = array_values( array_diff( wp_styles()->queue, $style_handles_at_enqueue_block_assets ) ); }, PHP_INT_MAX ); /* * Add a placeholder comment into the inline styles for wp-block-library, after which the late block styles * can be hoisted from the footer to be printed in the header by means of a filter below on the template enhancement * output buffer. The `wp_print_styles` action is used to ensure that if the inline style gets replaced at * `enqueue_block_assets` or `wp_enqueue_scripts` that the placeholder will be sure to be present. */ $placeholder = sprintf( '/*%s*/', uniqid( 'wp_block_styles_on_demand_placeholder:' ) ); add_action( 'wp_print_styles', static function () use ( $placeholder ) { wp_add_inline_style( 'wp-block-library', $placeholder ); } ); /* * Create a substitute for `print_late_styles()` which is aware of block styles. This substitute does not print * the styles, but it captures what would be printed for block styles and non-block styles so that they can be * later hoisted to the HEAD in the template enhancement output buffer. This will run at `wp_print_footer_scripts` * before `print_footer_scripts()` is called. */ $printed_core_block_styles = ''; $printed_other_block_styles = ''; $printed_global_styles = ''; $printed_late_styles = ''; $capture_late_styles = static function () use ( &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Gather the styles related to on-demand block enqueues. $all_core_block_style_handles = array(); $all_other_block_style_handles = array(); foreach ( WP_Block_Type_Registry::get_instance()->get_all_registered() as $block_type ) { if ( str_starts_with( $block_type->name, 'core/' ) ) { foreach ( $block_type->style_handles as $style_handle ) { $all_core_block_style_handles[] = $style_handle; } } else { foreach ( $block_type->style_handles as $style_handle ) { $all_other_block_style_handles[] = $style_handle; } } } /* * First print all styles related to blocks which should be inserted right after the wp-block-library stylesheet * to preserve the CSS cascade. The logic in this `if` statement is derived from `wp_print_styles()`. */ $enqueued_core_block_styles = array_values( array_intersect( $all_core_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_core_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_core_block_styles ); $printed_core_block_styles = ob_get_clean(); } // Non-core block styles get printed after the classic-theme-styles stylesheet. $enqueued_other_block_styles = array_values( array_intersect( $all_other_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_other_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_other_block_styles ); $printed_other_block_styles = ob_get_clean(); } // Capture the global-styles so that it can be printed separately after classic-theme-styles and other styles enqueued at enqueue_block_assets. if ( wp_style_is( 'global-styles' ) ) { ob_start(); wp_styles()->do_items( array( 'global-styles' ) ); $printed_global_styles = ob_get_clean(); } /* * Print all remaining styles not related to blocks. This contains a subset of the logic from * `print_late_styles()`, without admin-specific logic and the `print_late_styles` filter to control whether * late styles are printed (since they are being hoisted anyway). */ ob_start(); wp_styles()->do_footer_items(); $printed_late_styles = ob_get_clean(); }; /* * If `_wp_footer_scripts()` was unhooked from the `wp_print_footer_scripts` action, or if `wp_print_footer_scripts()` * was unhooked from running at the `wp_footer` action, then only add a callback to `wp_footer` which will capture the * late-printed styles. * * Otherwise, in the normal case where `_wp_footer_scripts()` will run at the `wp_print_footer_scripts` action, then * swap out `_wp_footer_scripts()` with an alternative which captures the printed styles (for hoisting to HEAD) before * proceeding with printing the footer scripts. */ $wp_print_footer_scripts_priority = has_action( 'wp_print_footer_scripts', '_wp_footer_scripts' ); if ( false === $wp_print_footer_scripts_priority || false === has_action( 'wp_footer', 'wp_print_footer_scripts' ) ) { // The normal priority for wp_print_footer_scripts() is to run at 20. add_action( 'wp_footer', $capture_late_styles, 20 ); } else { remove_action( 'wp_print_footer_scripts', '_wp_footer_scripts', $wp_print_footer_scripts_priority ); add_action( 'wp_print_footer_scripts', static function () use ( $capture_late_styles ) { $capture_late_styles(); print_footer_scripts(); }, $wp_print_footer_scripts_priority ); } // Replace placeholder with the captured late styles. add_filter( 'wp_template_enhancement_output_buffer', static function ( $buffer ) use ( $placeholder, &$style_handles_at_enqueue_block_assets, &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Anonymous subclass of WP_HTML_Tag_Processor which exposes underlying bookmark spans. $processor = new class( $buffer ) extends WP_HTML_Tag_Processor { /** * Gets the span for the current token. * * @return WP_HTML_Span Current token span. */ private function get_span(): WP_HTML_Span { // Note: This call will never fail according to the usage of this class, given it is always called after ::next_tag() is true. $this->set_bookmark( 'here' ); return $this->bookmarks['here']; } /** * Inserts text before the current token. * * @param string $text Text to insert. */ public function insert_before( string $text ) { $this->lexical_updates[] = new WP_HTML_Text_Replacement( $this->get_span()->start, 0, $text ); } /** * Inserts text after the current token. * * @param string $text Text to insert. */ public function insert_after( string $text ) { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start + $span->length, 0, $text ); } /** * Removes the current token. */ public function remove() { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start, $span->length, '' ); } }; // Locate the insertion points in the HEAD. while ( $processor->next_tag( array( 'tag_closers' => 'visit' ) ) ) { if ( 'STYLE' === $processor->get_tag() && 'wp-block-library-inline-css' === $processor->get_attribute( 'id' ) ) { $processor->set_bookmark( 'wp_block_library' ); } elseif ( 'HEAD' === $processor->get_tag() && $processor->is_tag_closer() ) { $processor->set_bookmark( 'head_end' ); break; } elseif ( ( 'STYLE' === $processor->get_tag() || 'LINK' === $processor->get_tag() ) && $processor->get_attribute( 'id' ) ) { $id = $processor->get_attribute( 'id' ); $handle = null; if ( 'STYLE' === $processor->get_tag() ) { if ( preg_match( '/^(.+)-inline-css$/', $id, $matches ) ) { $handle = $matches[1]; } } elseif ( preg_match( '/^(.+)-css$/', $id, $matches ) ) { $handle = $matches[1]; } if ( 'classic-theme-styles' === $handle ) { $processor->set_bookmark( 'classic_theme_styles' ); } if ( $handle && in_array( $handle, $style_handles_at_enqueue_block_assets, true ) ) { if ( ! $processor->has_bookmark( 'first_style_at_enqueue_block_assets' ) ) { $processor->set_bookmark( 'first_style_at_enqueue_block_assets' ); } $processor->set_bookmark( 'last_style_at_enqueue_block_assets' ); } } } /* * Insert block styles right after wp-block-library (if it is present). The placeholder CSS comment will * always be added to the wp-block-library inline style since it gets printed at `wp_head` before the blocks * are rendered. This means that there may not actually be any block styles to hoist from the footer to * insert after this inline style. The placeholder CSS comment needs to be added so that the inline style * gets printed, but if the resulting inline style is empty after the placeholder is removed, then the * inline style is removed. */ if ( $processor->has_bookmark( 'wp_block_library' ) ) { $processor->seek( 'wp_block_library' ); $css_text = $processor->get_modifiable_text(); /* * A placeholder CSS comment is added to the inline style in order to force an inline STYLE tag to * be printed. Now that we've located the inline style, the placeholder comment can be removed. If * there is no CSS left in the STYLE tag after removing the placeholder (aside from the sourceURL * comment), then remove the STYLE entirely. */ $css_text = str_replace( $placeholder, '', $css_text ); if ( preg_match( ':^/\*# sourceURL=\S+? \*/$:', trim( $css_text ) ) ) { $processor->remove(); } else { $processor->set_modifiable_text( $css_text ); } $inserted_after = $printed_core_block_styles; $printed_core_block_styles = ''; // If the classic-theme-styles is absent, then the third-party block styles cannot be inserted after it, so they get inserted here. if ( ! $processor->has_bookmark( 'classic_theme_styles' ) ) { if ( '' !== $printed_other_block_styles ) { $inserted_after .= $printed_other_block_styles; } $printed_other_block_styles = ''; // If there aren't any other styles printed at enqueue_block_assets either, then the global styles need to also be printed here. if ( ! $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { if ( '' !== $printed_global_styles ) { $inserted_after .= $printed_global_styles; } $printed_global_styles = ''; } } if ( '' !== $inserted_after ) { $processor->insert_after( "\n" . $inserted_after ); } } // Insert global-styles after the styles enqueued at enqueue_block_assets. if ( '' !== $printed_global_styles && $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { $processor->seek( 'last_style_at_enqueue_block_assets' ); $processor->insert_after( "\n" . $printed_global_styles ); $printed_global_styles = ''; if ( ! $processor->has_bookmark( 'classic_theme_styles' ) && '' !== $printed_other_block_styles ) { $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } } // Insert third-party block styles right after the classic-theme-styles. if ( '' !== $printed_other_block_styles && $processor->has_bookmark( 'classic_theme_styles' ) ) { $processor->seek( 'classic_theme_styles' ); $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } // Print all remaining styles. $remaining_styles = $printed_core_block_styles . $printed_other_block_styles . $printed_global_styles . $printed_late_styles; if ( $remaining_styles && $processor->has_bookmark( 'head_end' ) ) { $processor->seek( 'head_end' ); $processor->insert_before( $remaining_styles . "\n" ); } return $processor->get_updated_html(); } ); } /** * Return the corresponding JavaScript `dataset` name for an attribute * if it represents a custom data attribute, or `null` if not. * * Custom data attributes appear in an element's `dataset` property in a * browser, but there's a specific way the names are translated from HTML * into JavaScript. This function indicates how the name would appear in * JavaScript if a browser would recognize it as a custom data attribute. * * Example: * * // Dash-letter pairs turn into capital letters. * 'postId' === wp_js_dataset_name( 'data-post-id' ); * 'Before' === wp_js_dataset_name( 'data--before' ); * '-One--Two---' === wp_js_dataset_name( 'data---one---two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_js_dataset_name( 'post-id' ); * null === wp_js_dataset_name( 'data' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * '' === wp_js_dataset_name( 'data-' ); * 0 === strlen( wp_js_dataset_name( 'data-' ) ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_html_custom_data_attribute_name() * * @param string $html_attribute_name Raw attribute name as found in the source HTML. * @return string|null Transformed `dataset` name, if interpretable as a custom data attribute, else `null`. */ function wp_js_dataset_name( string $html_attribute_name ): ?string { if ( 0 !== substr_compare( $html_attribute_name, 'data-', 0, 5, true ) ) { return null; } $end = strlen( $html_attribute_name ); /* * If it contains characters which would end the attribute name parsing then * something else is wrong and this contains more than just an attribute name. */ if ( ( $end - 5 ) !== strcspn( $html_attribute_name, "=/> \t\f\r\n", 5 ) ) { return null; } /** * > For each name in list, for each U+002D HYPHEN-MINUS character (-) * > in the name that is followed by an ASCII lower alpha, remove the * > U+002D HYPHEN-MINUS character (-) and replace the character that * > followed it by the same character converted to ASCII uppercase. * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs */ $custom_name = ''; $at = 5; $was_at = $at; while ( $at < $end ) { $next_dash_at = strpos( $html_attribute_name, '-', $at ); if ( false === $next_dash_at || $next_dash_at === $end - 1 ) { break; } // Transform `-a` to `A`, for example. $c = $html_attribute_name[ $next_dash_at + 1 ]; if ( ( $c >= 'A' && $c <= 'Z' ) || ( $c >= 'a' && $c <= 'z' ) ) { $prefix = substr( $html_attribute_name, $was_at, $next_dash_at - $was_at ); $custom_name .= strtolower( $prefix ); $custom_name .= strtoupper( $c ); $at = $next_dash_at + 2; $was_at = $at; continue; } $at = $next_dash_at + 1; } // If nothing has been added it means there are no dash-letter pairs; return the name as-is. return '' === $custom_name ? strtolower( substr( $html_attribute_name, 5 ) ) : ( $custom_name . strtolower( substr( $html_attribute_name, $was_at ) ) ); } /** * Returns a corresponding HTML attribute name for the given name, * if that name were found in a JS element’s `dataset` property. * * Example: * * 'data-post-id' === wp_html_custom_data_attribute_name( 'postId' ); * 'data--before' === wp_html_custom_data_attribute_name( 'Before' ); * 'data---one---two---' === wp_html_custom_data_attribute_name( '-One--Two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_html_custom_data_attribute_name( '/not-an-attribute/' ); * null === wp_html_custom_data_attribute_name( 'no spaces' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * 'data-' === wp_html_custom_data_attribute_name( '' ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_js_dataset_name() * * @param string $js_dataset_name Name of JS `dataset` property to transform. * @return string|null Corresponding name of an HTML custom data attribute for the given dataset name, * if possible to represent in HTML, otherwise `null`. */ function wp_html_custom_data_attribute_name( string $js_dataset_name ): ?string { $end = strlen( $js_dataset_name ); if ( 0 === $end ) { return 'data-'; } /* * If it contains characters which would end the attribute name parsing then * something it’s not possible to represent this in HTML. */ if ( strcspn( $js_dataset_name, "=/> \t\f\r\n" ) !== $end ) { return null; } $html_name = 'data-'; $at = 0; $was_at = $at; while ( $at < $end ) { $next_upper_after = strcspn( $js_dataset_name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', $at ); $next_upper_at = $at + $next_upper_after; if ( $next_upper_at >= $end ) { break; } $prefix = substr( $js_dataset_name, $was_at, $next_upper_at - $was_at ); $html_name .= strtolower( $prefix ); $html_name .= '-' . strtolower( $js_dataset_name[ $next_upper_at ] ); $at = $next_upper_at + 1; $was_at = $at; } if ( $was_at < $end ) { $html_name .= strtolower( substr( $js_dataset_name, $was_at ) ); } return $html_name; } HTTP/class-wp-theme-json-20260605063823.php 0000666 00000500773 15226703613 0013251 0 ustar 00 <?php /** * WP_Theme_JSON class * * @package WordPress * @subpackage Theme * @since 5.8.0 */ /** * Class that encapsulates the processing of structures that adhere to the theme.json spec. * * This class is for internal core usage and is not supposed to be used by extenders (plugins and/or themes). * This is a low-level API that may need to do breaking changes. Please, * use get_global_settings, get_global_styles, and get_global_stylesheet instead. * * @access private */ #[AllowDynamicProperties] class WP_Theme_JSON { /** * Container of data in theme.json format. * * @since 5.8.0 * @var array */ protected $theme_json = null; /** * Holds block metadata extracted from block.json * to be shared among all instances so we don't * process it twice. * * @since 5.8.0 * @since 6.1.0 Initialize as an empty array. * @var array */ protected static $blocks_metadata = array(); /** * The CSS selector for the top-level preset settings. * * @since 6.6.0 * @var string */ const ROOT_CSS_PROPERTIES_SELECTOR = ':root'; /** * The CSS selector for the top-level styles. * * @since 5.8.0 * @var string */ const ROOT_BLOCK_SELECTOR = 'body'; /** * The sources of data this object can represent. * * @since 5.8.0 * @since 6.1.0 Added 'blocks'. * @var string[] */ const VALID_ORIGINS = array( 'default', 'blocks', 'theme', 'custom', ); /** * Presets are a set of values that serve * to bootstrap some styles: colors, font sizes, etc. * * They are a unkeyed array of values such as: * * array( * array( * 'slug' => 'unique-name-within-the-set', * 'name' => 'Name for the UI', * <value_key> => 'value' * ), * ) * * This contains the necessary metadata to process them: * * - path => Where to find the preset within the settings section. * - prevent_override => Disables override of default presets by theme presets. * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults by setting this false. * - use_default_names => whether to use the default names * - value_key => the key that represents the value * - value_func => optionally, instead of value_key, a function to generate * the value that takes a preset as an argument * (either value_key or value_func should be present) * - css_vars => template string to use in generating the CSS Custom Property. * Example output: "--wp--preset--duotone--blue: <value>" will generate as many CSS Custom Properties as presets defined * substituting the $slug for the slug's value for each preset value. * - classes => array containing a structure with the classes to * generate for the presets, where for each array item * the key is the class name and the value the property name. * The "$slug" substring will be replaced by the slug of each preset. * For example: * 'classes' => array( * '.has-$slug-color' => 'color', * '.has-$slug-background-color' => 'background-color', * '.has-$slug-border-color' => 'border-color', * ) * - properties => array of CSS properties to be used by kses to * validate the content of each preset * by means of the remove_insecure_properties method. * * @since 5.8.0 * @since 5.9.0 Added the `color.duotone` and `typography.fontFamilies` presets, * `use_default_names` preset key, and simplified the metadata structure. * @since 6.0.0 Replaced `override` with `prevent_override` and updated the * `prevent_override` value for `color.duotone` to use `color.defaultDuotone`. * @since 6.2.0 Added 'shadow' presets. * @since 6.3.0 Replaced value_func for duotone with `null`. Custom properties are handled by class-wp-duotone.php. * @since 6.6.0 Added the `dimensions.aspectRatios` and `dimensions.defaultAspectRatios` presets. * Updated the 'prevent_override' value for font size presets to use 'typography.defaultFontSizes' * and spacing size presets to use `spacing.defaultSpacingSizes`. * @since 6.9.0 Added `border.radiusSizes`. * @var array */ const PRESETS_METADATA = array( array( 'path' => array( 'dimensions', 'aspectRatios' ), 'prevent_override' => array( 'dimensions', 'defaultAspectRatios' ), 'use_default_names' => false, 'value_key' => 'ratio', 'css_vars' => '--wp--preset--aspect-ratio--$slug', 'classes' => array(), 'properties' => array( 'aspect-ratio' ), ), array( 'path' => array( 'color', 'palette' ), 'prevent_override' => array( 'color', 'defaultPalette' ), 'use_default_names' => false, 'value_key' => 'color', 'css_vars' => '--wp--preset--color--$slug', 'classes' => array( '.has-$slug-color' => 'color', '.has-$slug-background-color' => 'background-color', '.has-$slug-border-color' => 'border-color', ), 'properties' => array( 'color', 'background-color', 'border-color' ), ), array( 'path' => array( 'color', 'gradients' ), 'prevent_override' => array( 'color', 'defaultGradients' ), 'use_default_names' => false, 'value_key' => 'gradient', 'css_vars' => '--wp--preset--gradient--$slug', 'classes' => array( '.has-$slug-gradient-background' => 'background' ), 'properties' => array( 'background' ), ), array( 'path' => array( 'color', 'duotone' ), 'prevent_override' => array( 'color', 'defaultDuotone' ), 'use_default_names' => false, 'value_func' => null, // CSS Custom Properties for duotone are handled by block supports in class-wp-duotone.php. 'css_vars' => null, 'classes' => array(), 'properties' => array( 'filter' ), ), array( 'path' => array( 'typography', 'fontSizes' ), 'prevent_override' => array( 'typography', 'defaultFontSizes' ), 'use_default_names' => true, 'value_func' => 'wp_get_typography_font_size_value', 'css_vars' => '--wp--preset--font-size--$slug', 'classes' => array( '.has-$slug-font-size' => 'font-size' ), 'properties' => array( 'font-size' ), ), array( 'path' => array( 'typography', 'fontFamilies' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'fontFamily', 'css_vars' => '--wp--preset--font-family--$slug', 'classes' => array( '.has-$slug-font-family' => 'font-family' ), 'properties' => array( 'font-family' ), ), array( 'path' => array( 'spacing', 'spacingSizes' ), 'prevent_override' => array( 'spacing', 'defaultSpacingSizes' ), 'use_default_names' => true, 'value_key' => 'size', 'css_vars' => '--wp--preset--spacing--$slug', 'classes' => array(), 'properties' => array( 'padding', 'margin' ), ), array( 'path' => array( 'shadow', 'presets' ), 'prevent_override' => array( 'shadow', 'defaultPresets' ), 'use_default_names' => false, 'value_key' => 'shadow', 'css_vars' => '--wp--preset--shadow--$slug', 'classes' => array(), 'properties' => array( 'box-shadow' ), ), array( 'path' => array( 'border', 'radiusSizes' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'size', 'css_vars' => '--wp--preset--border-radius--$slug', 'classes' => array(), 'properties' => array( 'border-radius' ), ), ); /** * Metadata for style properties. * * Each element is a direct mapping from the CSS property name to the * path to the value in theme.json & block attributes. * * @since 5.8.0 * @since 5.9.0 Added the `border-*`, `font-family`, `font-style`, `font-weight`, * `letter-spacing`, `margin-*`, `padding-*`, `--wp--style--block-gap`, * `text-decoration`, `text-transform`, and `filter` properties, * simplified the metadata structure. * @since 6.1.0 Added the `border-*-color`, `border-*-width`, `border-*-style`, * `--wp--style--root--padding-*`, and `box-shadow` properties, * removed the `--wp--style--block-gap` property. * @since 6.2.0 Added `outline-*`, and `min-height` properties. * @since 6.3.0 Added `column-count` property. * @since 6.4.0 Added `writing-mode` property. * @since 6.5.0 Added `aspect-ratio` property. * @since 6.6.0 Added `background-[image|position|repeat|size]` properties. * @since 6.7.0 Added `background-attachment` property. * @var array */ const PROPERTIES_METADATA = array( 'aspect-ratio' => array( 'dimensions', 'aspectRatio' ), 'background' => array( 'color', 'gradient' ), 'background-color' => array( 'color', 'background' ), 'background-image' => array( 'background', 'backgroundImage' ), 'background-position' => array( 'background', 'backgroundPosition' ), 'background-repeat' => array( 'background', 'backgroundRepeat' ), 'background-size' => array( 'background', 'backgroundSize' ), 'background-attachment' => array( 'background', 'backgroundAttachment' ), 'border-radius' => array( 'border', 'radius' ), 'border-top-left-radius' => array( 'border', 'radius', 'topLeft' ), 'border-top-right-radius' => array( 'border', 'radius', 'topRight' ), 'border-bottom-left-radius' => array( 'border', 'radius', 'bottomLeft' ), 'border-bottom-right-radius' => array( 'border', 'radius', 'bottomRight' ), 'border-color' => array( 'border', 'color' ), 'border-width' => array( 'border', 'width' ), 'border-style' => array( 'border', 'style' ), 'border-top-color' => array( 'border', 'top', 'color' ), 'border-top-width' => array( 'border', 'top', 'width' ), 'border-top-style' => array( 'border', 'top', 'style' ), 'border-right-color' => array( 'border', 'right', 'color' ), 'border-right-width' => array( 'border', 'right', 'width' ), 'border-right-style' => array( 'border', 'right', 'style' ), 'border-bottom-color' => array( 'border', 'bottom', 'color' ), 'border-bottom-width' => array( 'border', 'bottom', 'width' ), 'border-bottom-style' => array( 'border', 'bottom', 'style' ), 'border-left-color' => array( 'border', 'left', 'color' ), 'border-left-width' => array( 'border', 'left', 'width' ), 'border-left-style' => array( 'border', 'left', 'style' ), 'color' => array( 'color', 'text' ), 'text-align' => array( 'typography', 'textAlign' ), 'column-count' => array( 'typography', 'textColumns' ), 'font-family' => array( 'typography', 'fontFamily' ), 'font-size' => array( 'typography', 'fontSize' ), 'font-style' => array( 'typography', 'fontStyle' ), 'font-weight' => array( 'typography', 'fontWeight' ), 'letter-spacing' => array( 'typography', 'letterSpacing' ), 'line-height' => array( 'typography', 'lineHeight' ), 'margin' => array( 'spacing', 'margin' ), 'margin-top' => array( 'spacing', 'margin', 'top' ), 'margin-right' => array( 'spacing', 'margin', 'right' ), 'margin-bottom' => array( 'spacing', 'margin', 'bottom' ), 'margin-left' => array( 'spacing', 'margin', 'left' ), 'min-height' => array( 'dimensions', 'minHeight' ), 'outline-color' => array( 'outline', 'color' ), 'outline-offset' => array( 'outline', 'offset' ), 'outline-style' => array( 'outline', 'style' ), 'outline-width' => array( 'outline', 'width' ), 'padding' => array( 'spacing', 'padding' ), 'padding-top' => array( 'spacing', 'padding', 'top' ), 'padding-right' => array( 'spacing', 'padding', 'right' ), 'padding-bottom' => array( 'spacing', 'padding', 'bottom' ), 'padding-left' => array( 'spacing', 'padding', 'left' ), '--wp--style--root--padding' => array( 'spacing', 'padding' ), '--wp--style--root--padding-top' => array( 'spacing', 'padding', 'top' ), '--wp--style--root--padding-right' => array( 'spacing', 'padding', 'right' ), '--wp--style--root--padding-bottom' => array( 'spacing', 'padding', 'bottom' ), '--wp--style--root--padding-left' => array( 'spacing', 'padding', 'left' ), 'text-decoration' => array( 'typography', 'textDecoration' ), 'text-transform' => array( 'typography', 'textTransform' ), 'filter' => array( 'filter', 'duotone' ), 'box-shadow' => array( 'shadow' ), 'writing-mode' => array( 'typography', 'writingMode' ), ); /** * Indirect metadata for style properties that are not directly output. * * Each element maps from a CSS property name to an array of * paths to the value in theme.json & block attributes. * * Indirect properties are not output directly by `compute_style_properties`, * but are used elsewhere in the processing of global styles. The indirect * property is used to validate whether a style value is allowed. * * @since 6.2.0 * @since 6.6.0 Added background-image properties. * @var array */ const INDIRECT_PROPERTIES_METADATA = array( 'gap' => array( array( 'spacing', 'blockGap' ), ), 'column-gap' => array( array( 'spacing', 'blockGap', 'left' ), ), 'row-gap' => array( array( 'spacing', 'blockGap', 'top' ), ), 'max-width' => array( array( 'layout', 'contentSize' ), array( 'layout', 'wideSize' ), ), 'background-image' => array( array( 'background', 'backgroundImage', 'url' ), ), ); /** * Protected style properties. * * These style properties are only rendered if a setting enables it * via a value other than `null`. * * Each element maps the style property to the corresponding theme.json * setting key. * * @since 5.9.0 * @var array */ const PROTECTED_PROPERTIES = array( 'spacing.blockGap' => array( 'spacing', 'blockGap' ), ); /** * The top-level keys a theme.json can have. * * @since 5.8.0 As `ALLOWED_TOP_LEVEL_KEYS`. * @since 5.9.0 Renamed from `ALLOWED_TOP_LEVEL_KEYS` to `VALID_TOP_LEVEL_KEYS`, * added the `customTemplates` and `templateParts` values. * @since 6.3.0 Added the `description` value. * @since 6.6.0 Added `blockTypes` to support block style variation theme.json partials. * @var string[] */ const VALID_TOP_LEVEL_KEYS = array( 'blockTypes', 'customTemplates', 'description', 'patterns', 'settings', 'slug', 'styles', 'templateParts', 'title', 'version', ); /** * The valid properties under the settings key. * * @since 5.8.0 As `ALLOWED_SETTINGS`. * @since 5.9.0 Renamed from `ALLOWED_SETTINGS` to `VALID_SETTINGS`, * added new properties for `border`, `color`, `spacing`, * and `typography`, and renamed others according to the new schema. * @since 6.0.0 Added `color.defaultDuotone`. * @since 6.1.0 Added `layout.definitions` and `useRootPaddingAwareAlignments`. * @since 6.2.0 Added `dimensions.minHeight`, 'shadow.presets', 'shadow.defaultPresets', * `position.fixed` and `position.sticky`. * @since 6.3.0 Added support for `typography.textColumns`, removed `layout.definitions`. * @since 6.4.0 Added support for `layout.allowEditing`, `background.backgroundImage`, * `typography.writingMode`, `lightbox.enabled` and `lightbox.allowEditing`. * @since 6.5.0 Added support for `layout.allowCustomContentAndWideSize`, * `background.backgroundSize` and `dimensions.aspectRatio`. * @since 6.6.0 Added support for 'dimensions.aspectRatios', 'dimensions.defaultAspectRatios', * 'typography.defaultFontSizes', and 'spacing.defaultSpacingSizes'. * @since 6.9.0 Added support for `border.radiusSizes`. * @var array */ const VALID_SETTINGS = array( 'appearanceTools' => null, 'useRootPaddingAwareAlignments' => null, 'background' => array( 'backgroundImage' => null, 'backgroundSize' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'radiusSizes' => null, 'style' => null, 'width' => null, ), 'color' => array( 'background' => null, 'custom' => null, 'customDuotone' => null, 'customGradient' => null, 'defaultDuotone' => null, 'defaultGradients' => null, 'defaultPalette' => null, 'duotone' => null, 'gradients' => null, 'link' => null, 'heading' => null, 'button' => null, 'caption' => null, 'palette' => null, 'text' => null, ), 'custom' => null, 'dimensions' => array( 'aspectRatio' => null, 'aspectRatios' => null, 'defaultAspectRatios' => null, 'minHeight' => null, ), 'layout' => array( 'contentSize' => null, 'wideSize' => null, 'allowEditing' => null, 'allowCustomContentAndWideSize' => null, ), 'lightbox' => array( 'enabled' => null, 'allowEditing' => null, ), 'position' => array( 'fixed' => null, 'sticky' => null, ), 'spacing' => array( 'customSpacingSize' => null, 'defaultSpacingSizes' => null, 'spacingSizes' => null, 'spacingScale' => null, 'blockGap' => null, 'margin' => null, 'padding' => null, 'units' => null, ), 'shadow' => array( 'presets' => null, 'defaultPresets' => null, ), 'typography' => array( 'fluid' => null, 'customFontSize' => null, 'defaultFontSizes' => null, 'dropCap' => null, 'fontFamilies' => null, 'fontSizes' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), ); /** * The valid properties for fontFamilies under settings key. * * @since 6.5.0 * @var array */ const FONT_FAMILY_SCHEMA = array( array( 'fontFamily' => null, 'name' => null, 'slug' => null, 'fontFace' => array( array( 'ascentOverride' => null, 'descentOverride' => null, 'fontDisplay' => null, 'fontFamily' => null, 'fontFeatureSettings' => null, 'fontStyle' => null, 'fontStretch' => null, 'fontVariationSettings' => null, 'fontWeight' => null, 'lineGapOverride' => null, 'sizeAdjust' => null, 'src' => null, 'unicodeRange' => null, ), ), ), ); /** * The valid properties under the styles key. * * @since 5.8.0 As `ALLOWED_STYLES`. * @since 5.9.0 Renamed from `ALLOWED_STYLES` to `VALID_STYLES`, * added new properties for `border`, `filter`, `spacing`, * and `typography`. * @since 6.1.0 Added new side properties for `border`, * added new property `shadow`, * updated `blockGap` to be allowed at any level. * @since 6.2.0 Added `outline`, and `minHeight` properties. * @since 6.3.0 Added support for `typography.textColumns`. * @since 6.5.0 Added support for `dimensions.aspectRatio`. * @since 6.6.0 Added `background` sub properties to top-level only. * @var array */ const VALID_STYLES = array( 'background' => array( 'backgroundImage' => null, 'backgroundPosition' => null, 'backgroundRepeat' => null, 'backgroundSize' => null, 'backgroundAttachment' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'style' => null, 'width' => null, 'top' => null, 'right' => null, 'bottom' => null, 'left' => null, ), 'color' => array( 'background' => null, 'gradient' => null, 'text' => null, ), 'dimensions' => array( 'aspectRatio' => null, 'minHeight' => null, ), 'filter' => array( 'duotone' => null, ), 'outline' => array( 'color' => null, 'offset' => null, 'style' => null, 'width' => null, ), 'shadow' => null, 'spacing' => array( 'margin' => null, 'padding' => null, 'blockGap' => null, ), 'typography' => array( 'fontFamily' => null, 'fontSize' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), 'css' => null, ); /** * Defines which pseudo selectors are enabled for which elements. * * The order of the selectors should be: link, any-link, visited, hover, focus, focus-visible, active. * This is to ensure the user action (hover, focus and active) styles have a higher * specificity than the visited styles, which in turn have a higher specificity than * the unvisited styles. * * See https://core.trac.wordpress.org/ticket/56928. * Note: this will affect both top-level and block-level elements. * * @since 6.1.0 * @since 6.2.0 Added support for ':link' and ':any-link'. * @since 6.8.0 Added support for ':focus-visible'. * @since 6.9.0 Added `textInput` and `select` elements. * @var array */ const VALID_ELEMENT_PSEUDO_SELECTORS = array( 'link' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), 'button' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), ); /** * The valid elements that can be found under styles. * * @since 5.8.0 * @since 6.1.0 Added `heading`, `button`, and `caption` elements. * @var string[] */ const ELEMENTS = array( 'link' => 'a:where(:not(.wp-element-button))', // The `where` is needed to lower the specificity. 'heading' => 'h1, h2, h3, h4, h5, h6', 'h1' => 'h1', 'h2' => 'h2', 'h3' => 'h3', 'h4' => 'h4', 'h5' => 'h5', 'h6' => 'h6', // We have the .wp-block-button__link class so that this will target older buttons that have been serialized. 'button' => '.wp-element-button, .wp-block-button__link', // The block classes are necessary to target older content that won't use the new class names. 'caption' => '.wp-element-caption, .wp-block-audio figcaption, .wp-block-embed figcaption, .wp-block-gallery figcaption, .wp-block-image figcaption, .wp-block-table figcaption, .wp-block-video figcaption', 'cite' => 'cite', 'textInput' => 'textarea, input:where([type=email],[type=number],[type=password],[type=search],[type=text],[type=tel],[type=url])', 'select' => 'select', ); const __EXPERIMENTAL_ELEMENT_CLASS_NAMES = array( 'button' => 'wp-element-button', 'caption' => 'wp-element-caption', ); /** * List of block support features that can have their related styles * generated under their own feature level selector rather than the block's. * * @since 6.1.0 * @var string[] */ const BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS = array( '__experimentalBorder' => 'border', 'color' => 'color', 'spacing' => 'spacing', 'typography' => 'typography', ); /** * Return the input schema at the root and per origin. * * @since 6.5.0 * * @param array $schema The base schema. * @return array The schema at the root and per origin. * * Example: * schema_in_root_and_per_origin( * array( * 'fontFamily' => null, * 'slug' => null, * ) * ) * * Returns: * array( * 'fontFamily' => null, * 'slug' => null, * 'default' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'blocks' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'theme' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'custom' => array( * 'fontFamily' => null, * 'slug' => null, * ), * ) */ protected static function schema_in_root_and_per_origin( $schema ) { $schema_in_root_and_per_origin = $schema; foreach ( static::VALID_ORIGINS as $origin ) { $schema_in_root_and_per_origin[ $origin ] = $schema; } return $schema_in_root_and_per_origin; } /** * Returns a class name by an element name. * * @since 6.1.0 * * @param string $element The name of the element. * @return string The name of the class. */ public static function get_element_class_name( $element ) { $class_name = ''; if ( isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ] ) ) { $class_name = static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ]; } return $class_name; } /** * Options that settings.appearanceTools enables. * * @since 6.0.0 * @since 6.2.0 Added `dimensions.minHeight` and `position.sticky`. * @since 6.4.0 Added `background.backgroundImage`. * @since 6.5.0 Added `background.backgroundSize` and `dimensions.aspectRatio`. * @var array */ const APPEARANCE_TOOLS_OPT_INS = array( array( 'background', 'backgroundImage' ), array( 'background', 'backgroundSize' ), array( 'border', 'color' ), array( 'border', 'radius' ), array( 'border', 'style' ), array( 'border', 'width' ), array( 'color', 'link' ), array( 'color', 'heading' ), array( 'color', 'button' ), array( 'color', 'caption' ), array( 'dimensions', 'aspectRatio' ), array( 'dimensions', 'minHeight' ), array( 'position', 'sticky' ), array( 'spacing', 'blockGap' ), array( 'spacing', 'margin' ), array( 'spacing', 'padding' ), array( 'typography', 'lineHeight' ), ); /** * The latest version of the schema in use. * * @since 5.8.0 * @since 5.9.0 Changed value from 1 to 2. * @since 6.6.0 Changed value from 2 to 3. * @var int */ const LATEST_SCHEMA = 3; /** * Constructor. * * @since 5.8.0 * @since 6.6.0 Key spacingScale by origin, and Pre-generate the spacingSizes from spacingScale. * Added unwrapping of shared block style variations into block type variations if registered. * * @param array $theme_json A structure that follows the theme.json schema. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. */ public function __construct( $theme_json = array( 'version' => self::LATEST_SCHEMA ), $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $this->theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $this->theme_json = static::unwrap_shared_block_style_variations( $this->theme_json, $valid_variations ); $this->theme_json = static::sanitize( $this->theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $this->theme_json = static::maybe_opt_in_into_settings( $this->theme_json ); // Internally, presets are keyed by origin. $nodes = static::get_setting_nodes( $this->theme_json ); foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $subpath ) { $path[] = $subpath; } $preset = _wp_array_get( $this->theme_json, $path, null ); if ( null !== $preset ) { // If the preset is not already keyed by origin. if ( isset( $preset[0] ) || empty( $preset ) ) { _wp_array_set( $this->theme_json, $path, array( $origin => $preset ) ); } } } } // In addition to presets, spacingScale (which generates presets) is also keyed by origin. $scale_path = array( 'settings', 'spacing', 'spacingScale' ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( null !== $spacing_scale ) { // If the spacingScale is not already keyed by origin. if ( empty( array_intersect( array_keys( $spacing_scale ), static::VALID_ORIGINS ) ) ) { _wp_array_set( $this->theme_json, $scale_path, array( $origin => $spacing_scale ) ); } } // Pre-generate the spacingSizes from spacingScale. $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( isset( $spacing_scale ) ) { $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $this->theme_json, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $this->theme_json, $sizes_path, $merged_spacing_sizes ); } } /** * Unwraps shared block style variations. * * It takes the shared variations (styles.variations.variationName) and * applies them to all the blocks that have the given variation registered * (styles.blocks.blockType.variations.variationName). * * For example, given the `core/paragraph` and `core/group` blocks have * registered the `section-a` style variation, and given the following input: * * { * "styles": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * * It returns the following output: * * { * "styles": { * "blocks": { * "core/paragraph": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * }, * }, * "core/group": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * } * } * * @since 6.6.0 * * @param array $theme_json A structure that follows the theme.json schema. * @param array $valid_variations Valid block style variations. * @return array Theme json data with shared variation definitions unwrapped under appropriate block types. */ private static function unwrap_shared_block_style_variations( $theme_json, $valid_variations ) { if ( empty( $theme_json['styles']['variations'] ) || empty( $valid_variations ) ) { return $theme_json; } $new_theme_json = $theme_json; $variations = $new_theme_json['styles']['variations']; foreach ( $valid_variations as $block_type => $registered_variations ) { foreach ( $registered_variations as $variation_name ) { $block_level_data = $new_theme_json['styles']['blocks'][ $block_type ]['variations'][ $variation_name ] ?? array(); $top_level_data = $variations[ $variation_name ] ?? array(); $merged_data = array_replace_recursive( $top_level_data, $block_level_data ); if ( ! empty( $merged_data ) ) { _wp_array_set( $new_theme_json, array( 'styles', 'blocks', $block_type, 'variations', $variation_name ), $merged_data ); } } } unset( $new_theme_json['styles']['variations'] ); return $new_theme_json; } /** * Enables some opt-in settings if theme declared support. * * @since 5.9.0 * * @param array $theme_json A theme.json structure to modify. * @return array The modified theme.json structure. */ protected static function maybe_opt_in_into_settings( $theme_json ) { $new_theme_json = $theme_json; if ( isset( $new_theme_json['settings']['appearanceTools'] ) && true === $new_theme_json['settings']['appearanceTools'] ) { static::do_opt_in_into_settings( $new_theme_json['settings'] ); } if ( isset( $new_theme_json['settings']['blocks'] ) && is_array( $new_theme_json['settings']['blocks'] ) ) { foreach ( $new_theme_json['settings']['blocks'] as &$block ) { if ( isset( $block['appearanceTools'] ) && ( true === $block['appearanceTools'] ) ) { static::do_opt_in_into_settings( $block ); } } } return $new_theme_json; } /** * Enables some settings. * * @since 5.9.0 * * @param array $context The context to which the settings belong. */ protected static function do_opt_in_into_settings( &$context ) { foreach ( static::APPEARANCE_TOOLS_OPT_INS as $path ) { /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ if ( 'unset prop' === _wp_array_get( $context, $path, 'unset prop' ) ) { _wp_array_set( $context, $path, true ); } } unset( $context['appearanceTools'] ); } /** * Sanitizes the input according to the schemas. * * @since 5.8.0 * @since 5.9.0 Added the `$valid_block_names` and `$valid_element_name` parameters. * @since 6.3.0 Added the `$valid_variations` parameter. * @since 6.6.0 Updated schema to allow extended block style variations. * * @param array $input Structure to sanitize. * @param array $valid_block_names List of valid block names. * @param array $valid_element_names List of valid element names. * @param array $valid_variations List of valid variations per block. * @return array The sanitized output. */ protected static function sanitize( $input, $valid_block_names, $valid_element_names, $valid_variations ) { $output = array(); if ( ! is_array( $input ) ) { return $output; } // Preserve only the top most level keys. $output = array_intersect_key( $input, array_flip( static::VALID_TOP_LEVEL_KEYS ) ); /* * Remove any rules that are annotated as "top" in VALID_STYLES constant. * Some styles are only meant to be available at the top-level (e.g.: blockGap), * hence, the schema for blocks & elements should not have them. */ $styles_non_top_level = static::VALID_STYLES; foreach ( array_keys( $styles_non_top_level ) as $section ) { // array_key_exists() needs to be used instead of isset() because the value can be null. if ( array_key_exists( $section, $styles_non_top_level ) && is_array( $styles_non_top_level[ $section ] ) ) { foreach ( array_keys( $styles_non_top_level[ $section ] ) as $prop ) { if ( 'top' === $styles_non_top_level[ $section ][ $prop ] ) { unset( $styles_non_top_level[ $section ][ $prop ] ); } } } } // Build the schema based on valid block & element names. $schema = array(); $schema_styles_elements = array(); /* * Set allowed element pseudo selectors based on per element allow list. * Target data structure in schema: * e.g. * - top level elements: `$schema['styles']['elements']['link'][':hover']`. * - block level elements: `$schema['styles']['blocks']['core/button']['elements']['link'][':hover']`. */ foreach ( $valid_element_names as $element ) { $schema_styles_elements[ $element ] = $styles_non_top_level; if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { $schema_styles_elements[ $element ][ $pseudo_selector ] = $styles_non_top_level; } } } $schema_styles_blocks = array(); $schema_settings_blocks = array(); /* * Generate a schema for blocks. * - Block styles can contain `elements` & `variations` definitions. * - Variations definitions cannot be nested. * - Variations can contain styles for inner `blocks`. * - Variation inner `blocks` styles can contain `elements`. * * As each variation needs a `blocks` schema but further nested * inner `blocks`, the overall schema will be generated in multiple passes. */ foreach ( $valid_block_names as $block ) { $schema_settings_blocks[ $block ] = static::VALID_SETTINGS; $schema_styles_blocks[ $block ] = $styles_non_top_level; $schema_styles_blocks[ $block ]['elements'] = $schema_styles_elements; } $block_style_variation_styles = static::VALID_STYLES; $block_style_variation_styles['blocks'] = $schema_styles_blocks; $block_style_variation_styles['elements'] = $schema_styles_elements; foreach ( $valid_block_names as $block ) { // Build the schema for each block style variation. $style_variation_names = array(); if ( ! empty( $input['styles']['blocks'][ $block ]['variations'] ) && is_array( $input['styles']['blocks'][ $block ]['variations'] ) && isset( $valid_variations[ $block ] ) ) { $style_variation_names = array_intersect( array_keys( $input['styles']['blocks'][ $block ]['variations'] ), $valid_variations[ $block ] ); } $schema_styles_variations = array(); if ( ! empty( $style_variation_names ) ) { $schema_styles_variations = array_fill_keys( $style_variation_names, $block_style_variation_styles ); } $schema_styles_blocks[ $block ]['variations'] = $schema_styles_variations; } $schema['styles'] = static::VALID_STYLES; $schema['styles']['blocks'] = $schema_styles_blocks; $schema['styles']['elements'] = $schema_styles_elements; $schema['settings'] = static::VALID_SETTINGS; $schema['settings']['blocks'] = $schema_settings_blocks; $schema['settings']['typography']['fontFamilies'] = static::schema_in_root_and_per_origin( static::FONT_FAMILY_SCHEMA ); // Remove anything that's not present in the schema. foreach ( array( 'styles', 'settings' ) as $subtree ) { if ( ! isset( $input[ $subtree ] ) ) { continue; } if ( ! is_array( $input[ $subtree ] ) ) { unset( $output[ $subtree ] ); continue; } $result = static::remove_keys_not_in_schema( $input[ $subtree ], $schema[ $subtree ] ); if ( empty( $result ) ) { unset( $output[ $subtree ] ); } else { $output[ $subtree ] = static::resolve_custom_css_format( $result ); } } return $output; } /** * Appends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_append selector ".some-class" the result will be * "h1.some-class, h2.some-class, h3.some-class". * * @since 5.8.0 * @since 6.1.0 Added append position. * @since 6.3.0 Removed append position parameter. * * @param string $selector Original selector. * @param string $to_append Selector to append. * @return string The new selector. */ protected static function append_to_selector( $selector, $to_append ) { if ( ! str_contains( $selector, ',' ) ) { return $selector . $to_append; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $sel . $to_append; } return implode( ',', $new_selectors ); } /** * Prepends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_prepend selector ".some-class " the result will be * ".some-class h1, .some-class h2, .some-class h3". * * @since 6.3.0 * * @param string $selector Original selector. * @param string $to_prepend Selector to prepend. * @return string The new selector. */ protected static function prepend_to_selector( $selector, $to_prepend ) { if ( ! str_contains( $selector, ',' ) ) { return $to_prepend . $selector; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $to_prepend . $sel; } return implode( ',', $new_selectors ); } /** * Returns the metadata for each block. * * Example: * * { * 'core/paragraph': { * 'selector': 'p', * 'elements': { * 'link' => 'link selector', * 'etc' => 'element selector' * } * }, * 'core/heading': { * 'selector': 'h1', * 'elements': {} * }, * 'core/image': { * 'selector': '.wp-block-image', * 'duotone': 'img', * 'elements': {} * } * } * * @since 5.8.0 * @since 5.9.0 Added `duotone` key with CSS selector. * @since 6.1.0 Added `features` key with block support feature level selectors. * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Updated to include block style variations from the block styles registry. * * @return array Block metadata. */ protected static function get_blocks_metadata() { $registry = WP_Block_Type_Registry::get_instance(); $blocks = $registry->get_all_registered(); $style_registry = WP_Block_Styles_Registry::get_instance(); // Is there metadata for all currently registered blocks? $blocks = array_diff_key( $blocks, static::$blocks_metadata ); if ( empty( $blocks ) ) { /* * New block styles may have been registered within WP_Block_Styles_Registry. * Update block metadata for any new block style variations. */ $registered_styles = $style_registry->get_all_registered(); foreach ( static::$blocks_metadata as $block_name => $block_metadata ) { if ( ! empty( $registered_styles[ $block_name ] ) ) { $style_selectors = $block_metadata['styleVariations'] ?? array(); foreach ( $registered_styles[ $block_name ] as $block_style ) { if ( ! isset( $style_selectors[ $block_style['name'] ] ) ) { $style_selectors[ $block_style['name'] ] = static::get_block_style_variation_selector( $block_style['name'], $block_metadata['selector'] ); } } static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } foreach ( $blocks as $block_name => $block_type ) { $root_selector = wp_get_block_css_selector( $block_type ); static::$blocks_metadata[ $block_name ]['selector'] = $root_selector; static::$blocks_metadata[ $block_name ]['selectors'] = static::get_block_selectors( $block_type, $root_selector ); $elements = static::get_block_element_selectors( $root_selector ); if ( ! empty( $elements ) ) { static::$blocks_metadata[ $block_name ]['elements'] = $elements; } // The block may or may not have a duotone selector. $duotone_selector = wp_get_block_css_selector( $block_type, 'filter.duotone' ); // Keep backwards compatibility for support.color.__experimentalDuotone. if ( null === $duotone_selector ) { $duotone_support = isset( $block_type->supports['color']['__experimentalDuotone'] ) ? $block_type->supports['color']['__experimentalDuotone'] : null; if ( $duotone_support ) { $root_selector = wp_get_block_css_selector( $block_type ); $duotone_selector = static::scope_selector( $root_selector, $duotone_support ); } } if ( null !== $duotone_selector ) { static::$blocks_metadata[ $block_name ]['duotone'] = $duotone_selector; } // If the block has style variations, append their selectors to the block metadata. $style_selectors = array(); if ( ! empty( $block_type->styles ) ) { foreach ( $block_type->styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } } // Block style variations can be registered through the WP_Block_Styles_Registry as well as block.json. $registered_styles = $style_registry->get_registered_styles_for_block( $block_name ); foreach ( $registered_styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } if ( ! empty( $style_selectors ) ) { static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } /** * Given a tree, removes the keys that are not present in the schema. * * It is recursive and modifies the input in-place. * * @since 5.8.0 * * @param array $tree Input to process. * @param array $schema Schema to adhere to. * @return array The modified $tree. */ protected static function remove_keys_not_in_schema( $tree, $schema ) { if ( ! is_array( $tree ) ) { return $tree; } foreach ( $tree as $key => $value ) { // Remove keys not in the schema or with null/empty values. if ( ! array_key_exists( $key, $schema ) ) { unset( $tree[ $key ] ); continue; } if ( is_array( $schema[ $key ] ) ) { if ( ! is_array( $value ) ) { unset( $tree[ $key ] ); } elseif ( wp_is_numeric_array( $value ) ) { // If indexed, process each item in the array. foreach ( $value as $item_key => $item_value ) { if ( isset( $schema[ $key ][0] ) && is_array( $schema[ $key ][0] ) ) { $tree[ $key ][ $item_key ] = self::remove_keys_not_in_schema( $item_value, $schema[ $key ][0] ); } else { // If the schema does not define a further structure, keep the value as is. $tree[ $key ][ $item_key ] = $item_value; } } } else { // If associative, process as a single object. $tree[ $key ] = self::remove_keys_not_in_schema( $value, $schema[ $key ] ); if ( empty( $tree[ $key ] ) ) { unset( $tree[ $key ] ); } } } } return $tree; } /** * Returns the existing settings for each block. * * Example: * * { * 'root': { * 'color': { * 'custom': true * } * }, * 'core/paragraph': { * 'spacing': { * 'customPadding': true * } * } * } * * @since 5.8.0 * * @return array Settings per block. */ public function get_settings() { if ( ! isset( $this->theme_json['settings'] ) ) { return array(); } else { return $this->theme_json['settings']; } } /** * Returns the stylesheet that results of processing * the theme.json structure this object represents. * * @since 5.8.0 * @since 5.9.0 Removed the `$type` parameter, added the `$types` and `$origins` parameters. * @since 6.3.0 Add fallback layout styles for Post Template when block gap support isn't available. * @since 6.6.0 Added boolean `skip_root_layout_styles` and `include_block_style_variations` options * to control styles output as desired. * * @param string[] $types Types of styles to load. Will load all by default. It accepts: * - `variables`: only the CSS Custom Properties for presets & custom ones. * - `styles`: only the styles section in theme.json. * - `presets`: only the classes for the presets. * - `base-layout-styles`: only the base layout styles. * - `custom-css`: only the custom CSS. * @param string[] $origins A list of origins to include. By default it includes VALID_ORIGINS. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type string $scope Makes sure all style are scoped to a given selector * @type string $root_selector Overwrites and forces a given selector to be used on the root node * @type bool $skip_root_layout_styles Omits root layout styles from the generated stylesheet. Default false. * @type bool $include_block_style_variations Includes styles for block style variations in the generated stylesheet. Default false. * } * @return string The resulting stylesheet. */ public function get_stylesheet( $types = array( 'variables', 'styles', 'presets' ), $origins = null, $options = array() ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } if ( is_string( $types ) ) { // Dispatch error and map old arguments to new ones. _deprecated_argument( __FUNCTION__, '5.9.0' ); if ( 'block_styles' === $types ) { $types = array( 'styles', 'presets' ); } elseif ( 'css_variables' === $types ) { $types = array( 'variables' ); } else { $types = array( 'variables', 'styles', 'presets' ); } } $blocks_metadata = static::get_blocks_metadata(); $style_nodes = static::get_style_nodes( $this->theme_json, $blocks_metadata, $options ); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $root_style_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $style_nodes, 'selector' ), true ); $root_settings_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $setting_nodes, 'selector' ), true ); if ( ! empty( $options['scope'] ) ) { foreach ( $setting_nodes as &$node ) { $node['selector'] = static::scope_selector( $options['scope'], $node['selector'] ); } foreach ( $style_nodes as &$node ) { $node = static::scope_style_node_selectors( $options['scope'], $node ); } unset( $node ); } if ( ! empty( $options['root_selector'] ) ) { if ( false !== $root_settings_key ) { $setting_nodes[ $root_settings_key ]['selector'] = $options['root_selector']; } if ( false !== $root_style_key ) { $style_nodes[ $root_style_key ]['selector'] = $options['root_selector']; } } $stylesheet = ''; if ( in_array( 'variables', $types, true ) ) { $stylesheet .= $this->get_css_variables( $setting_nodes, $origins ); } if ( in_array( 'styles', $types, true ) ) { if ( false !== $root_style_key && empty( $options['skip_root_layout_styles'] ) ) { $stylesheet .= $this->get_root_layout_rules( $style_nodes[ $root_style_key ]['selector'], $style_nodes[ $root_style_key ] ); } $stylesheet .= $this->get_block_classes( $style_nodes ); } elseif ( in_array( 'base-layout-styles', $types, true ) ) { $root_selector = static::ROOT_BLOCK_SELECTOR; $columns_selector = '.wp-block-columns'; $post_template_selector = '.wp-block-post-template'; if ( ! empty( $options['scope'] ) ) { $root_selector = static::scope_selector( $options['scope'], $root_selector ); $columns_selector = static::scope_selector( $options['scope'], $columns_selector ); $post_template_selector = static::scope_selector( $options['scope'], $post_template_selector ); } if ( ! empty( $options['root_selector'] ) ) { $root_selector = $options['root_selector']; } /* * Base layout styles are provided as part of `styles`, so only output separately if explicitly requested. * For backwards compatibility, the Columns block is explicitly included, to support a different default gap value. */ $base_styles_nodes = array( array( 'path' => array( 'styles' ), 'selector' => $root_selector, ), array( 'path' => array( 'styles', 'blocks', 'core/columns' ), 'selector' => $columns_selector, 'name' => 'core/columns', ), array( 'path' => array( 'styles', 'blocks', 'core/post-template' ), 'selector' => $post_template_selector, 'name' => 'core/post-template', ), ); foreach ( $base_styles_nodes as $base_style_node ) { $stylesheet .= $this->get_layout_styles( $base_style_node, $types ); } } if ( in_array( 'presets', $types, true ) ) { $stylesheet .= $this->get_preset_classes( $setting_nodes, $origins ); } // Load the custom CSS last so it has the highest specificity. if ( in_array( 'custom-css', $types, true ) ) { // Add the global styles root CSS. $stylesheet .= _wp_array_get( $this->theme_json, array( 'styles', 'css' ) ); } return $stylesheet; } /** * Processes the CSS, to apply nesting. * * @since 6.2.0 * @since 6.6.0 Enforced 0-1-0 specificity for block custom CSS selectors. * * @param string $css The CSS to process. * @param string $selector The selector to nest. * @return string The processed CSS. */ protected function process_blocks_custom_css( $css, $selector ) { $processed_css = ''; if ( empty( $css ) ) { return $processed_css; } // Split CSS nested rules. $parts = explode( '&', $css ); foreach ( $parts as $part ) { if ( empty( $part ) ) { continue; } $is_root_css = ( ! str_contains( $part, '{' ) ); if ( $is_root_css ) { // If the part doesn't contain braces, it applies to the root level. $processed_css .= ':root :where(' . trim( $selector ) . '){' . trim( $part ) . '}'; } else { // If the part contains braces, it's a nested CSS rule. $part = explode( '{', str_replace( '}', '', $part ) ); if ( count( $part ) !== 2 ) { continue; } $nested_selector = $part[0]; $css_value = $part[1]; /* * Handle pseudo elements such as ::before, ::after etc. Regex will also * capture any leading combinator such as >, +, or ~, as well as spaces. * This allows pseudo elements as descendants e.g. `.parent ::before`. */ $matches = array(); $has_pseudo_element = preg_match( '/([>+~\s]*::[a-zA-Z-]+)/', $nested_selector, $matches ); $pseudo_part = $has_pseudo_element ? $matches[1] : ''; $nested_selector = $has_pseudo_element ? str_replace( $pseudo_part, '', $nested_selector ) : $nested_selector; // Finalize selector and re-append pseudo element if required. $part_selector = str_starts_with( $nested_selector, ' ' ) ? static::scope_selector( $selector, $nested_selector ) : static::append_to_selector( $selector, $nested_selector ); $final_selector = ":root :where($part_selector)$pseudo_part"; $processed_css .= $final_selector . '{' . trim( $css_value ) . '}'; } } return $processed_css; } /** * Returns the global styles custom CSS. * * @since 6.2.0 * @deprecated 6.7.0 Use {@see 'get_stylesheet'} instead. * * @return string The global styles custom CSS. */ public function get_custom_css() { _deprecated_function( __METHOD__, '6.7.0', 'get_stylesheet' ); // Add the global styles root CSS. $stylesheet = isset( $this->theme_json['styles']['css'] ) ? $this->theme_json['styles']['css'] : ''; // Add the global styles block CSS. if ( isset( $this->theme_json['styles']['blocks'] ) ) { foreach ( $this->theme_json['styles']['blocks'] as $name => $node ) { $custom_block_css = isset( $this->theme_json['styles']['blocks'][ $name ]['css'] ) ? $this->theme_json['styles']['blocks'][ $name ]['css'] : null; if ( $custom_block_css ) { $selector = static::$blocks_metadata[ $name ]['selector']; $stylesheet .= $this->process_blocks_custom_css( $custom_block_css, $selector ); } } } return $stylesheet; } /** * Returns the page templates of the active theme. * * @since 5.9.0 * * @return array */ public function get_custom_templates() { $custom_templates = array(); if ( ! isset( $this->theme_json['customTemplates'] ) || ! is_array( $this->theme_json['customTemplates'] ) ) { return $custom_templates; } foreach ( $this->theme_json['customTemplates'] as $item ) { if ( isset( $item['name'] ) ) { $custom_templates[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'postTypes' => isset( $item['postTypes'] ) ? $item['postTypes'] : array( 'page' ), ); } } return $custom_templates; } /** * Returns the template part data of active theme. * * @since 5.9.0 * * @return array */ public function get_template_parts() { $template_parts = array(); if ( ! isset( $this->theme_json['templateParts'] ) || ! is_array( $this->theme_json['templateParts'] ) ) { return $template_parts; } foreach ( $this->theme_json['templateParts'] as $item ) { if ( isset( $item['name'] ) ) { $template_parts[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'area' => isset( $item['area'] ) ? $item['area'] : '', ); } } return $template_parts; } /** * Converts each style section into a list of rulesets * containing the block styles to be appended to the stylesheet. * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * style-property-one: value; * } * * @since 5.8.0 As `get_block_styles()`. * @since 5.9.0 Renamed from `get_block_styles()` to `get_block_classes()` * and no longer returns preset classes. * Removed the `$setting_nodes` parameter. * @since 6.1.0 Moved most internal logic to `get_styles_for_block()`. * * @param array $style_nodes Nodes with styles. * @return string The new stylesheet. */ protected function get_block_classes( $style_nodes ) { $block_rules = ''; foreach ( $style_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $block_rules .= static::get_styles_for_block( $metadata ); } return $block_rules; } /** * Gets the CSS layout rules for a particular block from theme.json layout definitions. * * @since 6.1.0 * @since 6.3.0 Reduced specificity for layout margin rules. * @since 6.5.1 Only output rules referencing content and wide sizes when values exist. * @since 6.5.3 Add types parameter to check if only base layout styles are needed. * @since 6.6.0 Updated layout style specificity to be compatible with overall 0-1-0 specificity in global styles. * * @param array $block_metadata Metadata about the block to get styles for. * @param array $types Optional. Types of styles to output. If empty, all styles will be output. * @return string Layout styles for the block. */ protected function get_layout_styles( $block_metadata, $types = array() ) { $block_rules = ''; $block_type = null; // Skip outputting layout styles if explicitly disabled. if ( current_theme_supports( 'disable-layout-styles' ) ) { return $block_rules; } if ( isset( $block_metadata['name'] ) ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block_metadata['name'] ); if ( ! block_has_support( $block_type, 'layout', false ) && ! block_has_support( $block_type, '__experimentalLayout', false ) ) { return $block_rules; } } $selector = isset( $block_metadata['selector'] ) ? $block_metadata['selector'] : ''; $has_block_gap_support = isset( $this->theme_json['settings']['spacing']['blockGap'] ); $has_fallback_gap_support = ! $has_block_gap_support; // This setting isn't useful yet: it exists as a placeholder for a future explicit fallback gap styles support. $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $layout_definitions = wp_get_layout_definitions(); $layout_selector_pattern = '/^[a-zA-Z0-9\-\.\,\ *+>:\(\)]*$/'; // Allow alphanumeric classnames, spaces, wildcard, sibling, child combinator and pseudo class selectors. /* * Gap styles will only be output if the theme has block gap support, or supports a fallback gap. * Default layout gap styles will be skipped for themes that do not explicitly opt-in to blockGap with a `true` or `false` value. */ if ( $has_block_gap_support || $has_fallback_gap_support ) { $block_gap_value = null; // Use a fallback gap value if block gap support is not available. if ( ! $has_block_gap_support ) { $block_gap_value = static::ROOT_BLOCK_SELECTOR === $selector ? '0.5em' : null; if ( ! empty( $block_type ) ) { $block_gap_value = isset( $block_type->supports['spacing']['blockGap']['__experimentalDefault'] ) ? $block_type->supports['spacing']['blockGap']['__experimentalDefault'] : null; } } else { $block_gap_value = static::get_property_value( $node, array( 'spacing', 'blockGap' ) ); } // Support split row / column values and concatenate to a shorthand value. if ( is_array( $block_gap_value ) ) { if ( isset( $block_gap_value['top'] ) && isset( $block_gap_value['left'] ) ) { $gap_row = static::get_property_value( $node, array( 'spacing', 'blockGap', 'top' ) ); $gap_column = static::get_property_value( $node, array( 'spacing', 'blockGap', 'left' ) ); $block_gap_value = $gap_row === $gap_column ? $gap_row : $gap_row . ' ' . $gap_column; } else { // Skip outputting gap value if not all sides are provided. $block_gap_value = null; } } // If the block should have custom gap, add the gap styles. if ( null !== $block_gap_value && false !== $block_gap_value && '' !== $block_gap_value ) { foreach ( $layout_definitions as $layout_definition_key => $layout_definition ) { // Allow outputting fallback gap styles for flex and grid layout types when block gap support isn't available. if ( ! $has_block_gap_support && 'flex' !== $layout_definition_key && 'grid' !== $layout_definition_key ) { continue; } $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $spacing_rules = isset( $layout_definition['spacingStyles'] ) ? $layout_definition['spacingStyles'] : array(); if ( ! empty( $class_name ) && ! empty( $spacing_rules ) ) { foreach ( $spacing_rules as $spacing_rule ) { $declarations = array(); if ( isset( $spacing_rule['selector'] ) && preg_match( $layout_selector_pattern, $spacing_rule['selector'] ) && ! empty( $spacing_rule['rules'] ) ) { // Iterate over each of the styling rules and substitute non-string values such as `null` with the real `blockGap` value. foreach ( $spacing_rule['rules'] as $css_property => $css_value ) { $current_css_value = is_string( $css_value ) ? $css_value : $block_gap_value; if ( static::is_safe_css_declaration( $css_property, $current_css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $current_css_value, ); } } if ( ! $has_block_gap_support ) { // For fallback gap styles, use lower specificity, to ensure styles do not unintentionally override theme styles. $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':where(.%2$s%3$s)' : ':where(%1$s.%2$s%3$s)'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } else { $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':root :where(.%2$s)%3$s' : ':root :where(%1$s-%2$s)%3$s'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } } // Output base styles. if ( static::ROOT_BLOCK_SELECTOR === $selector ) { $valid_display_modes = array( 'block', 'flex', 'grid' ); foreach ( $layout_definitions as $layout_definition ) { $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $base_style_rules = isset( $layout_definition['baseStyles'] ) ? $layout_definition['baseStyles'] : array(); if ( ! empty( $class_name ) && is_array( $base_style_rules ) ) { // Output display mode. This requires special handling as `display` is not exposed in `safe_style_css_filter`. if ( ! empty( $layout_definition['displayMode'] ) && is_string( $layout_definition['displayMode'] ) && in_array( $layout_definition['displayMode'], $valid_display_modes, true ) ) { $layout_selector = sprintf( '%s .%s', $selector, $class_name ); $block_rules .= static::to_ruleset( $layout_selector, array( array( 'name' => 'display', 'value' => $layout_definition['displayMode'], ), ) ); } foreach ( $base_style_rules as $base_style_rule ) { $declarations = array(); // Skip outputting base styles for flow and constrained layout types if theme doesn't support theme.json. The 'base-layout-styles' type flags this. if ( in_array( 'base-layout-styles', $types, true ) && ( 'default' === $layout_definition['name'] || 'constrained' === $layout_definition['name'] ) ) { continue; } if ( isset( $base_style_rule['selector'] ) && preg_match( $layout_selector_pattern, $base_style_rule['selector'] ) && ! empty( $base_style_rule['rules'] ) ) { foreach ( $base_style_rule['rules'] as $css_property => $css_value ) { // Skip rules that reference content size or wide size if they are not defined in the theme.json. if ( is_string( $css_value ) && ( str_contains( $css_value, '--global--content-size' ) || str_contains( $css_value, '--global--wide-size' ) ) && ! isset( $this->theme_json['settings']['layout']['contentSize'] ) && ! isset( $this->theme_json['settings']['layout']['wideSize'] ) ) { continue; } if ( static::is_safe_css_declaration( $css_property, $css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $css_value, ); } } $layout_selector = sprintf( '.%s%s', $class_name, $base_style_rule['selector'] ); $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } return $block_rules; } /** * Creates new rulesets as classes for each preset value such as: * * .has-value-color { * color: value; * } * * .has-value-background-color { * background-color: value; * } * * .has-value-font-size { * font-size: value; * } * * .has-value-gradient-background { * background: value; * } * * p.has-value-gradient-background { * background: value; * } * * @since 5.9.0 * * @param array $setting_nodes Nodes with settings. * @param string[] $origins List of origins to process presets from. * @return string The new stylesheet. */ protected function get_preset_classes( $setting_nodes, $origins ) { $preset_rules = ''; foreach ( $setting_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $preset_rules .= static::compute_preset_classes( $node, $selector, $origins ); } return $preset_rules; } /** * Converts each styles section into a list of rulesets * to be appended to the stylesheet. * These rulesets contain all the css variables (custom variables and preset variables). * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * --wp--preset--category--slug: value; * --wp--custom--variable: value; * } * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $nodes Nodes with settings. * @param string[] $origins List of origins to process. * @return string The new stylesheet. */ protected function get_css_variables( $nodes, $origins ) { $stylesheet = ''; foreach ( $nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $declarations = static::compute_preset_vars( $node, $origins ); $theme_vars_declarations = static::compute_theme_vars( $node ); foreach ( $theme_vars_declarations as $theme_vars_declaration ) { $declarations[] = $theme_vars_declaration; } $stylesheet .= static::to_ruleset( $selector, $declarations ); } return $stylesheet; } /** * Given a selector and a declaration list, * creates the corresponding ruleset. * * @since 5.8.0 * * @param string $selector CSS selector. * @param array $declarations List of declarations. * @return string The resulting CSS ruleset. */ protected static function to_ruleset( $selector, $declarations ) { if ( empty( $declarations ) ) { return ''; } $declaration_block = array_reduce( $declarations, static function ( $carry, $element ) { return $carry .= $element['name'] . ': ' . $element['value'] . ';'; }, '' ); return $selector . '{' . $declaration_block . '}'; } /** * Given a settings array, returns the generated rulesets * for the preset classes. * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * @since 6.6.0 Added check for root CSS properties selector. * * @param array $settings Settings to process. * @param string $selector Selector wrapping the classes. * @param string[] $origins List of origins to process. * @return string The result of processing the presets. */ protected static function compute_preset_classes( $settings, $selector, $origins ) { if ( static::ROOT_BLOCK_SELECTOR === $selector || static::ROOT_CSS_PROPERTIES_SELECTOR === $selector ) { /* * Classes at the global level do not need any CSS prefixed, * and we don't want to increase its specificity. */ $selector = ''; } $stylesheet = ''; foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['classes'] ) ) { continue; } $slugs = static::get_settings_slugs( $settings, $preset_metadata, $origins ); foreach ( $preset_metadata['classes'] as $class => $property ) { foreach ( $slugs as $slug ) { $css_var = static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ); $class_name = static::replace_slug_in_string( $class, $slug ); // $selector is often empty, so we can save ourselves the `append_to_selector()` call then. $new_selector = '' === $selector ? $class_name : static::append_to_selector( $selector, $class_name ); $stylesheet .= static::to_ruleset( $new_selector, array( array( 'name' => $property, 'value' => 'var(' . $css_var . ') !important', ), ) ); } } } return $stylesheet; } /** * Function that scopes a selector with another one. This works a bit like * SCSS nesting except the `&` operator isn't supported. * * <code> * $scope = '.a, .b .c'; * $selector = '> .x, .y'; * $merged = scope_selector( $scope, $selector ); * // $merged is '.a > .x, .a .y, .b .c > .x, .b .c .y' * </code> * * @since 5.9.0 * @since 6.6.0 Added early return if missing scope or selector. * * @param string $scope Selector to scope to. * @param string $selector Original selector. * @return string Scoped selector. */ public static function scope_selector( $scope, $selector ) { if ( ! $scope || ! $selector ) { return $selector; } $scopes = explode( ',', $scope ); $selectors = explode( ',', $selector ); $selectors_scoped = array(); foreach ( $scopes as $outer ) { foreach ( $selectors as $inner ) { $outer = trim( $outer ); $inner = trim( $inner ); if ( ! empty( $outer ) && ! empty( $inner ) ) { $selectors_scoped[] = $outer . ' ' . $inner; } elseif ( empty( $outer ) ) { $selectors_scoped[] = $inner; } elseif ( empty( $inner ) ) { $selectors_scoped[] = $outer; } } } $result = implode( ', ', $selectors_scoped ); return $result; } /** * Scopes the selectors for a given style node. * * This includes the primary selector, i.e. `$node['selector']`, as well as any custom * selectors for features and subfeatures, e.g. `$node['selectors']['border']` etc. * * @since 6.6.0 * * @param string $scope Selector to scope to. * @param array $node Style node with selectors to scope. * @return array Node with updated selectors. */ protected static function scope_style_node_selectors( $scope, $node ) { $node['selector'] = static::scope_selector( $scope, $node['selector'] ); if ( empty( $node['selectors'] ) ) { return $node; } foreach ( $node['selectors'] as $feature => $selector ) { if ( is_string( $selector ) ) { $node['selectors'][ $feature ] = static::scope_selector( $scope, $selector ); } if ( is_array( $selector ) ) { foreach ( $selector as $subfeature => $subfeature_selector ) { $node['selectors'][ $feature ][ $subfeature ] = static::scope_selector( $scope, $subfeature_selector ); } } } return $node; } /** * Gets preset values keyed by slugs based on settings and metadata. * * <code> * $settings = array( * 'typography' => array( * 'fontFamilies' => array( * array( * 'slug' => 'sansSerif', * 'fontFamily' => '"Helvetica Neue", sans-serif', * ), * array( * 'slug' => 'serif', * 'colors' => 'Georgia, serif', * ) * ), * ), * ); * $meta = array( * 'path' => array( 'typography', 'fontFamilies' ), * 'value_key' => 'fontFamily', * ); * $values_by_slug = get_settings_values_by_slug(); * // $values_by_slug === array( * // 'sans-serif' => '"Helvetica Neue", sans-serif', * // 'serif' => 'Georgia, serif', * // ); * </code> * * @since 5.9.0 * @since 6.6.0 Passing $settings to the callbacks defined in static::PRESETS_METADATA. * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where each key is a slug and each value is the preset value. */ protected static function get_settings_values_by_slug( $settings, $preset_metadata, $origins ) { $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); $value = ''; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value_key = $preset_metadata['value_key']; $value = $preset[ $value_key ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value_func = $preset_metadata['value_func']; $value = call_user_func( $value_func, $preset, $settings ); } else { // If we don't have a value, then don't add it to the result. continue; } $result[ $slug ] = $value; } } return $result; } /** * Similar to get_settings_values_by_slug, but doesn't compute the value. * * @since 5.9.0 * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where the key and value are both the slug. */ protected static function get_settings_slugs( $settings, $preset_metadata, $origins = null ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); // Use the array as a set so we don't get duplicates. $result[ $slug ] = $slug; } } return $result; } /** * Transforms a slug into a CSS Custom Property. * * @since 5.9.0 * * @param string $input String to replace. * @param string $slug The slug value to use to generate the custom property. * @return string The CSS Custom Property. Something along the lines of `--wp--preset--color--black`. */ protected static function replace_slug_in_string( $input, $slug ) { return strtr( $input, array( '$slug' => $slug ) ); } /** * Given the block settings, extracts the CSS Custom Properties * for the presets and adds them to the $declarations array * following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $settings Settings to process. * @param string[] $origins List of origins to process. * @return array The modified $declarations. */ protected static function compute_preset_vars( $settings, $origins ) { $declarations = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['css_vars'] ) ) { continue; } $values_by_slug = static::get_settings_values_by_slug( $settings, $preset_metadata, $origins ); foreach ( $values_by_slug as $slug => $value ) { $declarations[] = array( 'name' => static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ), 'value' => $value, ); } } return $declarations; } /** * Given an array of settings, extracts the CSS Custom Properties * for the custom values and adds them to the $declarations * array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * * @param array $settings Settings to process. * @return array The modified $declarations. */ protected static function compute_theme_vars( $settings ) { $declarations = array(); $custom_values = isset( $settings['custom'] ) ? $settings['custom'] : array(); $css_vars = static::flatten_tree( $custom_values ); foreach ( $css_vars as $key => $value ) { $declarations[] = array( 'name' => '--wp--custom--' . $key, 'value' => $value, ); } return $declarations; } /** * Given a tree, it creates a flattened one * by merging the keys and binding the leaf values * to the new keys. * * It also transforms camelCase names into kebab-case * and substitutes '/' by '-'. * * This is thought to be useful to generate * CSS Custom Properties from a tree, * although there's nothing in the implementation * of this function that requires that format. * * For example, assuming the given prefix is '--wp' * and the token is '--', for this input tree: * * { * 'some/property': 'value', * 'nestedProperty': { * 'sub-property': 'value' * } * } * * it'll return this output: * * { * '--wp--some-property': 'value', * '--wp--nested-property--sub-property': 'value' * } * * @since 5.8.0 * * @param array $tree Input tree to process. * @param string $prefix Optional. Prefix to prepend to each variable. Default empty string. * @param string $token Optional. Token to use between levels. Default '--'. * @return array The flattened tree. */ protected static function flatten_tree( $tree, $prefix = '', $token = '--' ) { $result = array(); foreach ( $tree as $property => $value ) { $new_key = $prefix . str_replace( '/', '-', strtolower( _wp_to_kebab_case( $property ) ) ); if ( is_array( $value ) ) { $new_prefix = $new_key . $token; $flattened_subtree = static::flatten_tree( $value, $new_prefix, $token ); foreach ( $flattened_subtree as $subtree_key => $subtree_value ) { $result[ $subtree_key ] = $subtree_value; } } else { $result[ $new_key ] = $value; } } return $result; } /** * Given a styles array, it extracts the style properties * and adds them to the $declarations array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value', * ) * * @since 5.8.0 * @since 5.9.0 Added the `$settings` and `$properties` parameters. * @since 6.1.0 Added `$theme_json`, `$selector`, and `$use_root_padding` parameters. * @since 6.5.0 Output a `min-height: unset` rule when `aspect-ratio` is set. * @since 6.6.0 Pass current theme JSON settings to wp_get_typography_font_size_value(), and process background properties. * @since 6.7.0 `ref` resolution of background properties, and assigning custom default values. * * @param array $styles Styles to process. * @param array $settings Theme settings. * @param array $properties Properties metadata. * @param array $theme_json Theme JSON array. * @param string $selector The style block selector. * @param boolean $use_root_padding Whether to add custom properties at root level. * @return array Returns the modified $declarations. */ protected static function compute_style_properties( $styles, $settings = array(), $properties = null, $theme_json = null, $selector = null, $use_root_padding = null ) { if ( empty( $styles ) ) { return array(); } if ( null === $properties ) { $properties = static::PROPERTIES_METADATA; } $declarations = array(); $root_variable_duplicates = array(); $root_style_length = strlen( '--wp--style--root--' ); foreach ( $properties as $css_property => $value_path ) { if ( ! is_array( $value_path ) ) { continue; } $is_root_style = str_starts_with( $css_property, '--wp--style--root--' ); if ( $is_root_style && ( static::ROOT_BLOCK_SELECTOR !== $selector || ! $use_root_padding ) ) { continue; } $value = static::get_property_value( $styles, $value_path, $theme_json ); /* * Root-level padding styles don't currently support strings with CSS shorthand values. * This may change: https://github.com/WordPress/gutenberg/issues/40132. */ if ( '--wp--style--root--padding' === $css_property && is_string( $value ) ) { continue; } if ( $is_root_style && $use_root_padding ) { $root_variable_duplicates[] = substr( $css_property, $root_style_length ); } /* * Processes background image styles. * If the value is a URL, it will be converted to a CSS `url()` value. * For uploaded image (images with a database ID), apply size and position defaults, * equal to those applied in block supports in lib/background.php. */ if ( 'background-image' === $css_property && ! empty( $value ) ) { $background_styles = wp_style_engine_get_styles( array( 'background' => array( 'backgroundImage' => $value ) ) ); $value = $background_styles['declarations'][ $css_property ]; } if ( empty( $value ) && static::ROOT_BLOCK_SELECTOR !== $selector && ! empty( $styles['background']['backgroundImage']['id'] ) ) { if ( 'background-size' === $css_property ) { $value = 'cover'; } // If the background size is set to `contain` and no position is set, set the position to `center`. if ( 'background-position' === $css_property ) { $background_size = $styles['background']['backgroundSize'] ?? null; $value = 'contain' === $background_size ? '50% 50%' : null; } } // Skip if empty and not "0" or value represents array of longhand values. $has_missing_value = empty( $value ) && ! is_numeric( $value ); if ( $has_missing_value || is_array( $value ) ) { continue; } /* * Look up protected properties, keyed by value path. * Skip protected properties that are explicitly set to `null`. */ $path_string = implode( '.', $value_path ); if ( isset( static::PROTECTED_PROPERTIES[ $path_string ] ) && _wp_array_get( $settings, static::PROTECTED_PROPERTIES[ $path_string ], null ) === null ) { continue; } // Calculates fluid typography rules where available. if ( 'font-size' === $css_property ) { /* * wp_get_typography_font_size_value() will check * if fluid typography has been activated and also * whether the incoming value can be converted to a fluid value. * Values that already have a clamp() function will not pass the test, * and therefore the original $value will be returned. * Pass the current theme_json settings to override any global settings. */ $value = wp_get_typography_font_size_value( array( 'size' => $value ), $settings ); } if ( 'aspect-ratio' === $css_property ) { // For aspect ratio to work, other dimensions rules must be unset. // This ensures that a fixed height does not override the aspect ratio. $declarations[] = array( 'name' => 'min-height', 'value' => 'unset', ); } $declarations[] = array( 'name' => $css_property, 'value' => $value, ); } // If a variable value is added to the root, the corresponding property should be removed. foreach ( $root_variable_duplicates as $duplicate ) { $discard = array_search( $duplicate, array_column( $declarations, 'name' ), true ); if ( is_numeric( $discard ) ) { array_splice( $declarations, $discard, 1 ); } } return $declarations; } /** * Returns the style property for the given path. * * It also converts references to a path to the value * stored at that location, e.g. * { "ref": "style.color.background" } => "#fff". * * @since 5.8.0 * @since 5.9.0 Added support for values of array type, which are returned as is. * @since 6.1.0 Added the `$theme_json` parameter. * @since 6.3.0 It no longer converts the internal format "var:preset|color|secondary" * to the standard form "--wp--preset--color--secondary". * This is already done by the sanitize method, * so every property will be in the standard form. * @since 6.7.0 Added support for background image refs. * * @param array $styles Styles subtree. * @param array $path Which property to process. * @param array $theme_json Theme JSON array. * @return string|array Style property value. */ protected static function get_property_value( $styles, $path, $theme_json = null ) { $value = _wp_array_get( $styles, $path, '' ); if ( '' === $value || null === $value ) { // No need to process the value further. return ''; } /* * This converts references to a path to the value at that path * where the value is an array with a "ref" key, pointing to a path. * For example: { "ref": "style.color.background" } => "#fff". * In the case of backgroundImage, if both a ref and a URL are present in the value, * the URL takes precedence and the ref is ignored. */ if ( is_array( $value ) && isset( $value['ref'] ) ) { $value_path = explode( '.', $value['ref'] ); $ref_value = _wp_array_get( $theme_json, $value_path ); // Background Image refs can refer to a string or an array containing a URL string. $ref_value_url = $ref_value['url'] ?? null; // Only use the ref value if we find anything. if ( ! empty( $ref_value ) && ( is_string( $ref_value ) || is_string( $ref_value_url ) ) ) { $value = $ref_value; } if ( is_array( $ref_value ) && isset( $ref_value['ref'] ) ) { $path_string = json_encode( $path ); $ref_value_string = json_encode( $ref_value ); _doing_it_wrong( 'get_property_value', sprintf( /* translators: 1: theme.json, 2: Value name, 3: Value path, 4: Another value name. */ __( 'Your %1$s file uses a dynamic value (%2$s) for the path at %3$s. However, the value at %3$s is also a dynamic value (pointing to %4$s) and pointing to another dynamic value is not supported. Please update %3$s to point directly to %4$s.' ), 'theme.json', $ref_value_string, $path_string, $ref_value['ref'] ), '6.1.0' ); } } if ( is_array( $value ) ) { return $value; } return $value; } /** * Builds metadata for the setting nodes, which returns in the form of: * * [ * [ * 'path' => ['path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node' * ], * [ * 'path' => [ 'path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node' * ], * ] * * @since 5.8.0 * * @param array $theme_json The tree to extract setting nodes from. * @param array $selectors List of selectors per block. * @return array An array of setting nodes metadata. */ protected static function get_setting_nodes( $theme_json, $selectors = array() ) { $nodes = array(); if ( ! isset( $theme_json['settings'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'settings' ), 'selector' => static::ROOT_CSS_PROPERTIES_SELECTOR, ); // Calculate paths for blocks. if ( ! isset( $theme_json['settings']['blocks'] ) ) { return $nodes; } foreach ( $theme_json['settings']['blocks'] as $name => $node ) { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $nodes[] = array( 'path' => array( 'settings', 'blocks', $name ), 'selector' => $selector, ); } return $nodes; } /** * Builds metadata for the style nodes, which returns in the form of: * * [ * [ * 'path' => [ 'path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node', * 'duotone' => 'CSS selector for duotone for some node' * ], * [ * 'path' => ['path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node', * 'duotone' => null * ], * ] * * @since 5.8.0 * @since 6.6.0 Added options array for modifying generated nodes. * * @param array $theme_json The tree to extract style nodes from. * @param array $selectors List of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Includes style nodes for block style variations. Default false. * } * @return array An array of style nodes metadata. */ protected static function get_style_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'styles' ), 'selector' => static::ROOT_BLOCK_SELECTOR, ); if ( isset( $theme_json['styles']['elements'] ) ) { foreach ( self::ELEMENTS as $element => $selector ) { if ( ! isset( $theme_json['styles']['elements'][ $element ] ) ) { continue; } $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::ELEMENTS[ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['elements'][ $element ][ $pseudo_selector ] ) ) { $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::append_to_selector( static::ELEMENTS[ $element ], $pseudo_selector ), ); } } } } } // Blocks. if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $block_nodes = static::get_block_nodes( $theme_json, $selectors, $options ); foreach ( $block_nodes as $block_node ) { $nodes[] = $block_node; } /** * Filters the list of style nodes with metadata. * * This allows for things like loading block CSS independently. * * @since 6.1.0 * * @param array $nodes Style nodes with metadata. */ return apply_filters( 'wp_theme_json_get_style_nodes', $nodes ); } /** * A public helper to get the block nodes from a theme.json file. * * @since 6.1.0 * * @return array The block nodes in theme.json. */ public function get_styles_block_nodes() { return static::get_block_nodes( $this->theme_json ); } /** * Returns a filtered declarations array if there is a separator block with only a background * style defined in theme.json by adding a color attribute to reflect the changes in the front. * * @since 6.1.1 * * @param array $declarations List of declarations. * @return array $declarations List of declarations filtered. */ private static function update_separator_declarations( $declarations ) { $background_color = ''; $border_color_matches = false; $text_color_matches = false; foreach ( $declarations as $declaration ) { if ( 'background-color' === $declaration['name'] && ! $background_color && isset( $declaration['value'] ) ) { $background_color = $declaration['value']; } elseif ( 'border-color' === $declaration['name'] ) { $border_color_matches = true; } elseif ( 'color' === $declaration['name'] ) { $text_color_matches = true; } if ( $background_color && $border_color_matches && $text_color_matches ) { break; } } if ( $background_color && ! $border_color_matches && ! $text_color_matches ) { $declarations[] = array( 'name' => 'color', 'value' => $background_color, ); } return $declarations; } /** * An internal method to get the block nodes from a theme.json file. * * @since 6.1.0 * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Added optional selectors and options for generating block nodes. * @since 6.7.0 Added $include_node_paths_only option. * * @param array $theme_json The theme.json converted to an array. * @param array $selectors Optional list of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Include nodes for block style variations. Default false. * @type bool $include_node_paths_only Return only block nodes node paths. Default false. * } * @return array The block nodes in theme.json. */ private static function get_block_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $include_variations = $options['include_block_style_variations'] ?? false; $include_node_paths_only = $options['include_node_paths_only'] ?? false; // If only node paths are to be returned, skip selector assignment. if ( ! $include_node_paths_only ) { $selectors = empty( $selectors ) ? static::get_blocks_metadata() : $selectors; } foreach ( $theme_json['styles']['blocks'] as $name => $node ) { $node_path = array( 'styles', 'blocks', $name ); if ( $include_node_paths_only ) { $variation_paths = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $variation_node ) { $variation_paths[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), ); } } $node = array( 'path' => $node_path, ); if ( ! empty( $variation_paths ) ) { $node['variations'] = $variation_paths; } $nodes[] = $node; } else { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $duotone_selector = null; if ( isset( $selectors[ $name ]['duotone'] ) ) { $duotone_selector = $selectors[ $name ]['duotone']; } $feature_selectors = null; if ( isset( $selectors[ $name ]['selectors'] ) ) { $feature_selectors = $selectors[ $name ]['selectors']; } $variation_selectors = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $node ) { $variation_selectors[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), 'selector' => $selectors[ $name ]['styleVariations'][ $variation ], ); } } $nodes[] = array( 'name' => $name, 'path' => $node_path, 'selector' => $selector, 'selectors' => $feature_selectors, 'duotone' => $duotone_selector, 'features' => $feature_selectors, 'variations' => $variation_selectors, 'css' => $selector, ); } if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'] ) ) { foreach ( $theme_json['styles']['blocks'][ $name ]['elements'] as $element => $node ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); if ( $include_node_paths_only ) { $nodes[] = array( 'path' => $node_path, ); continue; } $nodes[] = array( 'path' => $node_path, 'selector' => $selectors[ $name ]['elements'][ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'][ $element ][ $pseudo_selector ] ) ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); $nodes[] = array( 'path' => $node_path, 'selector' => static::append_to_selector( $selectors[ $name ]['elements'][ $element ], $pseudo_selector ), ); } } } } } } return $nodes; } /** * Gets the CSS rules for a particular block from theme.json. * * @since 6.1.0 * @since 6.6.0 Setting a min-height of HTML when root styles have a background gradient or image. * Updated general global styles specificity to 0-1-0. * Fixed custom CSS output in block style variations. * * @param array $block_metadata Metadata about the block to get styles for. * @return string Styles for the block. */ public function get_styles_for_block( $block_metadata ) { $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; $selector = $block_metadata['selector']; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $feature_declarations = static::get_feature_declarations_for_node( $block_metadata, $node ); $is_root_selector = static::ROOT_BLOCK_SELECTOR === $selector; // If there are style variations, generate the declarations for them, including any feature selectors the block may have. $style_variation_declarations = array(); $style_variation_custom_css = array(); if ( ! empty( $block_metadata['variations'] ) ) { foreach ( $block_metadata['variations'] as $style_variation ) { $style_variation_node = _wp_array_get( $this->theme_json, $style_variation['path'], array() ); $clean_style_variation_selector = trim( $style_variation['selector'] ); // Generate any feature/subfeature style declarations for the current style variation. $variation_declarations = static::get_feature_declarations_for_node( $block_metadata, $style_variation_node ); // Combine selectors with style variation's selector and add to overall style variation declarations. foreach ( $variation_declarations as $current_selector => $new_declarations ) { /* * Clean up any whitespace between comma separated selectors. * This prevents these spaces breaking compound selectors such as: * - `.wp-block-list:not(.wp-block-list .wp-block-list)` * - `.wp-block-image img, .wp-block-image.my-class img` */ $clean_current_selector = preg_replace( '/,\s+/', ',', $current_selector ); $shortened_selector = str_replace( $block_metadata['selector'], '', $clean_current_selector ); // Prepend the variation selector to the current selector. $split_selectors = explode( ',', $shortened_selector ); $updated_selectors = array_map( static function ( $split_selector ) use ( $clean_style_variation_selector ) { return $clean_style_variation_selector . $split_selector; }, $split_selectors ); $combined_selectors = implode( ',', $updated_selectors ); // Add the new declarations to the overall results under the modified selector. $style_variation_declarations[ $combined_selectors ] = $new_declarations; } // Compute declarations for remaining styles not covered by feature level selectors. $style_variation_declarations[ $style_variation['selector'] ] = static::compute_style_properties( $style_variation_node, $settings, null, $this->theme_json ); // Store custom CSS for the style variation. if ( isset( $style_variation_node['css'] ) ) { $style_variation_custom_css[ $style_variation['selector'] ] = $this->process_blocks_custom_css( $style_variation_node['css'], $style_variation['selector'] ); } } } /* * Get a reference to element name from path. * $block_metadata['path'] = array( 'styles','elements','link' ); * Make sure that $block_metadata['path'] describes an element node, like [ 'styles', 'element', 'link' ]. * Skip non-element paths like just ['styles']. */ $is_processing_element = in_array( 'elements', $block_metadata['path'], true ); $current_element = $is_processing_element ? $block_metadata['path'][ count( $block_metadata['path'] ) - 1 ] : null; $element_pseudo_allowed = array(); if ( isset( $current_element, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { $element_pseudo_allowed = static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ]; } /* * Check for allowed pseudo classes (e.g. ":hover") from the $selector ("a:hover"). * This also resets the array keys. */ $pseudo_matches = array_values( array_filter( $element_pseudo_allowed, static function ( $pseudo_selector ) use ( $selector ) { /* * Check if the pseudo selector is in the current selector, * ensuring it is not followed by a dash (e.g., :focus should not match :focus-visible). */ return preg_match( '/' . preg_quote( $pseudo_selector, '/' ) . '(?!-)/', $selector ) === 1; } ) ); $pseudo_selector = isset( $pseudo_matches[0] ) ? $pseudo_matches[0] : null; /* * If the current selector is a pseudo selector that's defined in the allow list for the current * element then compute the style properties for it. * Otherwise just compute the styles for the default selector as normal. */ if ( $pseudo_selector && isset( $node[ $pseudo_selector ] ) && isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) && in_array( $pseudo_selector, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ], true ) ) { $declarations = static::compute_style_properties( $node[ $pseudo_selector ], $settings, null, $this->theme_json, $selector, $use_root_padding ); } else { $declarations = static::compute_style_properties( $node, $settings, null, $this->theme_json, $selector, $use_root_padding ); } $block_rules = ''; /* * 1. Bespoke declaration modifiers: * - 'filter': Separate the declarations that use the general selector * from the ones using the duotone selector. * - 'background|background-image': set the html min-height to 100% * to ensure the background covers the entire viewport. */ $declarations_duotone = array(); $should_set_root_min_height = false; foreach ( $declarations as $index => $declaration ) { if ( 'filter' === $declaration['name'] ) { /* * 'unset' filters happen when a filter is unset * in the site-editor UI. Because the 'unset' value * in the user origin overrides the value in the * theme origin, we can skip rendering anything * here as no filter needs to be applied anymore. * So only add declarations to with values other * than 'unset'. */ if ( 'unset' !== $declaration['value'] ) { $declarations_duotone[] = $declaration; } unset( $declarations[ $index ] ); } if ( $is_root_selector && ( 'background-image' === $declaration['name'] || 'background' === $declaration['name'] ) ) { $should_set_root_min_height = true; } } /* * If root styles has a background-image or a background (gradient) set, * set the min-height to '100%'. Minus `--wp-admin--admin-bar--height` for logged-in view. * Setting the CSS rule on the HTML tag ensures background gradients and images behave similarly, * and matches the behavior of the site editor. */ if ( $should_set_root_min_height ) { $block_rules .= static::to_ruleset( 'html', array( array( 'name' => 'min-height', 'value' => 'calc(100% - var(--wp-admin--admin-bar--height, 0px))', ), ) ); } // Update declarations if there are separators with only background color defined. if ( '.wp-block-separator' === $selector ) { $declarations = static::update_separator_declarations( $declarations ); } /* * Root selector (body) styles should not be wrapped in `:root where()` to keep * specificity at (0,0,1) and maintain backwards compatibility. * * Top-level element styles using element-only specificity selectors should * not get wrapped in `:root :where()` to maintain backwards compatibility. * * Pseudo classes, e.g. :hover, :focus etc., are a class-level selector so * still need to be wrapped in `:root :where` to cap specificity for nested * variations etc. Pseudo selectors won't match the ELEMENTS selector exactly. */ $element_only_selector = $is_root_selector || ( $current_element && isset( static::ELEMENTS[ $current_element ] ) && // buttons, captions etc. still need `:root :where()` as they are class based selectors. ! isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $current_element ] ) && static::ELEMENTS[ $current_element ] === $selector ); // 2. Generate and append the rules that use the general selector. $general_selector = $element_only_selector ? $selector : ":root :where($selector)"; $block_rules .= static::to_ruleset( $general_selector, $declarations ); // 3. Generate and append the rules that use the duotone selector. if ( isset( $block_metadata['duotone'] ) && ! empty( $declarations_duotone ) ) { $block_rules .= static::to_ruleset( $block_metadata['duotone'], $declarations_duotone ); } // 4. Generate Layout block gap styles. if ( ! $is_root_selector && ! empty( $block_metadata['name'] ) ) { $block_rules .= $this->get_layout_styles( $block_metadata ); } // 5. Generate and append the feature level rulesets. foreach ( $feature_declarations as $feature_selector => $individual_feature_declarations ) { $block_rules .= static::to_ruleset( ":root :where($feature_selector)", $individual_feature_declarations ); } // 6. Generate and append the style variation rulesets. foreach ( $style_variation_declarations as $style_variation_selector => $individual_style_variation_declarations ) { $block_rules .= static::to_ruleset( ":root :where($style_variation_selector)", $individual_style_variation_declarations ); if ( isset( $style_variation_custom_css[ $style_variation_selector ] ) ) { $block_rules .= $style_variation_custom_css[ $style_variation_selector ]; } } // 7. Generate and append any custom CSS rules. if ( isset( $node['css'] ) && ! $is_root_selector ) { $block_rules .= $this->process_blocks_custom_css( $node['css'], $selector ); } return $block_rules; } /** * Outputs the CSS for layout rules on the root. * * @since 6.1.0 * @since 6.6.0 Use `ROOT_CSS_PROPERTIES_SELECTOR` for CSS custom properties and improved consistency of root padding rules. * Updated specificity of body margin reset and first/last child selectors. * * @param string $selector The root node selector. * @param array $block_metadata The metadata for the root block. * @return string The additional root rules CSS. */ public function get_root_layout_rules( $selector, $block_metadata ) { $css = ''; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; /* * If there are content and wide widths in theme.json, output them * as custom properties on the body element so all blocks can use them. */ if ( isset( $settings['layout']['contentSize'] ) || isset( $settings['layout']['wideSize'] ) ) { $content_size = isset( $settings['layout']['contentSize'] ) ? $settings['layout']['contentSize'] : $settings['layout']['wideSize']; $content_size = static::is_safe_css_declaration( 'max-width', $content_size ) ? $content_size : 'initial'; $wide_size = isset( $settings['layout']['wideSize'] ) ? $settings['layout']['wideSize'] : $settings['layout']['contentSize']; $wide_size = static::is_safe_css_declaration( 'max-width', $wide_size ) ? $wide_size : 'initial'; $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . ' { --wp--style--global--content-size: ' . $content_size . ';'; $css .= '--wp--style--global--wide-size: ' . $wide_size . '; }'; } /* * Reset default browser margin on the body element. * This is set on the body selector **before** generating the ruleset * from the `theme.json`. This is to ensure that if the `theme.json` declares * `margin` in its `spacing` declaration for the `body` element then these * user-generated values take precedence in the CSS cascade. * @link https://github.com/WordPress/gutenberg/issues/36147. */ $css .= ':where(body) { margin: 0; }'; if ( $use_root_padding ) { // Top and bottom padding are applied to the outer block container. $css .= '.wp-site-blocks { padding-top: var(--wp--style--root--padding-top); padding-bottom: var(--wp--style--root--padding-bottom); }'; // Right and left padding are applied to the first container with `.has-global-padding` class. $css .= '.has-global-padding { padding-right: var(--wp--style--root--padding-right); padding-left: var(--wp--style--root--padding-left); }'; // Alignfull children of the container with left and right padding have negative margins so they can still be full width. $css .= '.has-global-padding > .alignfull { margin-right: calc(var(--wp--style--root--padding-right) * -1); margin-left: calc(var(--wp--style--root--padding-left) * -1); }'; // Nested children of the container with left and right padding that are not full aligned do not get padding, unless they are direct children of an alignfull flow container. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) { padding-right: 0; padding-left: 0; }'; // Alignfull direct children of the containers that are targeted by the rule above do not need negative margins. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) > .alignfull { margin-left: 0; margin-right: 0; }'; } $css .= '.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }'; $css .= '.wp-site-blocks > .alignright { float: right; margin-left: 2em; }'; $css .= '.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }'; // Block gap styles will be output unless explicitly set to `null`. See static::PROTECTED_PROPERTIES. if ( isset( $this->theme_json['settings']['spacing']['blockGap'] ) ) { $block_gap_value = static::get_property_value( $this->theme_json, array( 'styles', 'spacing', 'blockGap' ) ); $css .= ":where(.wp-site-blocks) > * { margin-block-start: $block_gap_value; margin-block-end: 0; }"; $css .= ':where(.wp-site-blocks) > :first-child { margin-block-start: 0; }'; $css .= ':where(.wp-site-blocks) > :last-child { margin-block-end: 0; }'; // For backwards compatibility, ensure the legacy block gap CSS variable is still available. $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . " { --wp--style--block-gap: $block_gap_value; }"; } $css .= $this->get_layout_styles( $block_metadata ); return $css; } /** * For metadata values that can either be booleans or paths to booleans, gets the value. * * $data = array( * 'color' => array( * 'defaultPalette' => true * ) * ); * * static::get_metadata_boolean( $data, false ); * // => false * * static::get_metadata_boolean( $data, array( 'color', 'defaultPalette' ) ); * // => true * * @since 6.0.0 * * @param array $data The data to inspect. * @param bool|array $path Boolean or path to a boolean. * @param bool $default_value Default value if the referenced path is missing. * Default false. * @return bool Value of boolean metadata. */ protected static function get_metadata_boolean( $data, $path, $default_value = false ) { if ( is_bool( $path ) ) { return $path; } if ( is_array( $path ) ) { $value = _wp_array_get( $data, $path ); if ( null !== $value ) { return $value; } } return $default_value; } /** * Merges new incoming data. * * @since 5.8.0 * @since 5.9.0 Duotone preset also has origins. * @since 6.7.0 Replace background image objects during merge. * * @param WP_Theme_JSON $incoming Data to merge. */ public function merge( $incoming ) { $incoming_data = $incoming->get_raw_data(); $this->theme_json = array_replace_recursive( $this->theme_json, $incoming_data ); /* * Recompute all the spacing sizes based on the new hierarchy of data. In the constructor * spacingScale and spacingSizes are both keyed by origin and VALID_ORIGINS is ordered, so * we can allow partial spacingScale data to inherit missing data from earlier layers when * computing the spacing sizes. * * This happens before the presets are merged to ensure that default spacing sizes can be * removed from the theme origin if $prevent_override is true. */ $flattened_spacing_scale = array(); foreach ( static::VALID_ORIGINS as $origin ) { $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); // Apply the base spacing scale to the current layer. $base_spacing_scale = _wp_array_get( $this->theme_json, $scale_path, array() ); $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $base_spacing_scale ); $spacing_scale = _wp_array_get( $incoming_data, $scale_path, null ); if ( ! isset( $spacing_scale ) ) { continue; } // Allow partial scale settings by merging with lower layers. $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $spacing_scale ); // Generate and merge the scales for this layer. $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $incoming_data, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $flattened_spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $incoming_data, $sizes_path, $merged_spacing_sizes ); } /* * The array_replace_recursive algorithm merges at the leaf level, * but we don't want leaf arrays to be merged, so we overwrite it. * * For leaf values that are sequential arrays it will use the numeric indexes for replacement. * We rather replace the existing with the incoming value, if it exists. * This is the case of spacing.units. * * For leaf values that are associative arrays it will merge them as expected. * This is also not the behavior we want for the current associative arrays (presets). * We rather replace the existing with the incoming value, if it exists. * This happens, for example, when we merge data from theme.json upon existing * theme supports or when we merge anything coming from the same source twice. * This is the case of color.palette, color.gradients, color.duotone, * typography.fontSizes, or typography.fontFamilies. * * Additionally, for some preset types, we also want to make sure the * values they introduce don't conflict with default values. We do so * by checking the incoming slugs for theme presets and compare them * with the equivalent default presets: if a slug is present as a default * we remove it from the theme presets. */ $nodes = static::get_setting_nodes( $incoming_data ); $slugs_global = static::get_default_slugs( $this->theme_json, array( 'settings' ) ); foreach ( $nodes as $node ) { // Replace the spacing.units. $path = $node['path']; $path[] = 'spacing'; $path[] = 'units'; $content = _wp_array_get( $incoming_data, $path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $path, $content ); } // Replace the presets. foreach ( static::PRESETS_METADATA as $preset_metadata ) { $prevent_override = $preset_metadata['prevent_override']; if ( is_array( $prevent_override ) ) { $global_path = array_merge( array( 'settings' ), $prevent_override ); $global_value = _wp_array_get( $this->theme_json, $global_path, null ); $node_level_path = array_merge( $node['path'], $prevent_override ); $prevent_override = _wp_array_get( $this->theme_json, $node_level_path, $global_value ); } foreach ( static::VALID_ORIGINS as $origin ) { $base_path = $node['path']; foreach ( $preset_metadata['path'] as $leaf ) { $base_path[] = $leaf; } $path = $base_path; $path[] = $origin; $content = _wp_array_get( $incoming_data, $path, null ); if ( ! isset( $content ) ) { continue; } // Set names for theme presets based on the slug if they are not set and can use default names. if ( 'theme' === $origin && $preset_metadata['use_default_names'] ) { foreach ( $content as $key => $item ) { if ( ! isset( $item['name'] ) ) { $name = static::get_name_from_defaults( $item['slug'], $base_path ); if ( null !== $name ) { $content[ $key ]['name'] = $name; } } } } // Filter out default slugs from theme presets when defaults should not be overridden. if ( 'theme' === $origin && $prevent_override ) { $slugs_node = static::get_default_slugs( $this->theme_json, $node['path'] ); $preset_global = _wp_array_get( $slugs_global, $preset_metadata['path'], array() ); $preset_node = _wp_array_get( $slugs_node, $preset_metadata['path'], array() ); $preset_slugs = array_merge_recursive( $preset_global, $preset_node ); $content = static::filter_slugs( $content, $preset_slugs ); } _wp_array_set( $this->theme_json, $path, $content ); } } } /* * Style values are merged at the leaf level, however * some values provide exceptions, namely style values that are * objects and represent unique definitions for the style. */ $style_nodes = static::get_block_nodes( $this->theme_json, array(), array( 'include_node_paths_only' => true ) ); // Add top-level styles. $style_nodes[] = array( 'path' => array( 'styles' ) ); foreach ( $style_nodes as $style_node ) { $path = $style_node['path']; /* * Background image styles should be replaced, not merged, * as they themselves are specific object definitions for the style. */ $background_image_path = array_merge( $path, static::PROPERTIES_METADATA['background-image'] ); $content = _wp_array_get( $incoming_data, $background_image_path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $background_image_path, $content ); } } } /** * Converts all filter (duotone) presets into SVGs. * * @since 5.9.1 * * @param array $origins List of origins to process. * @return string SVG filters. */ public function get_svg_filters( $origins ) { $blocks_metadata = static::get_blocks_metadata(); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $filters = ''; foreach ( $setting_nodes as $metadata ) { $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); if ( empty( $node['color']['duotone'] ) ) { continue; } $duotone_presets = $node['color']['duotone']; foreach ( $origins as $origin ) { if ( ! isset( $duotone_presets[ $origin ] ) ) { continue; } foreach ( $duotone_presets[ $origin ] as $duotone_preset ) { $filters .= WP_Duotone::get_filter_svg_from_preset( $duotone_preset ); } } } return $filters; } /** * Determines whether a presets should be overridden or not. * * @since 5.9.0 * @deprecated 6.0.0 Use {@see 'get_metadata_boolean'} instead. * * @param array $theme_json The theme.json like structure to inspect. * @param array $path Path to inspect. * @param bool|array $override Data to compute whether to override the preset. * @return bool */ protected static function should_override_preset( $theme_json, $path, $override ) { _deprecated_function( __METHOD__, '6.0.0', 'get_metadata_boolean' ); if ( is_bool( $override ) ) { return $override; } /* * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults. */ if ( is_array( $override ) ) { $value = _wp_array_get( $theme_json, array_merge( $path, $override ) ); if ( isset( $value ) ) { return ! $value; } // Search the top-level key if none was found for this node. $value = _wp_array_get( $theme_json, array_merge( array( 'settings' ), $override ) ); if ( isset( $value ) ) { return ! $value; } return true; } } /** * Returns the default slugs for all the presets in an associative array * whose keys are the preset paths and the leaves is the list of slugs. * * For example: * * array( * 'color' => array( * 'palette' => array( 'slug-1', 'slug-2' ), * 'gradients' => array( 'slug-3', 'slug-4' ), * ), * ) * * @since 5.9.0 * * @param array $data A theme.json like structure. * @param array $node_path The path to inspect. It's 'settings' by default. * @return array */ protected static function get_default_slugs( $data, $node_path ) { $slugs = array(); foreach ( static::PRESETS_METADATA as $metadata ) { $path = $node_path; foreach ( $metadata['path'] as $leaf ) { $path[] = $leaf; } $path[] = 'default'; $preset = _wp_array_get( $data, $path, null ); if ( ! isset( $preset ) ) { continue; } $slugs_for_preset = array(); foreach ( $preset as $item ) { if ( isset( $item['slug'] ) ) { $slugs_for_preset[] = $item['slug']; } } _wp_array_set( $slugs, $metadata['path'], $slugs_for_preset ); } return $slugs; } /** * Gets a `default`'s preset name by a provided slug. * * @since 5.9.0 * * @param string $slug The slug we want to find a match from default presets. * @param array $base_path The path to inspect. It's 'settings' by default. * @return string|null */ protected function get_name_from_defaults( $slug, $base_path ) { $path = $base_path; $path[] = 'default'; $default_content = _wp_array_get( $this->theme_json, $path, null ); if ( ! $default_content ) { return null; } foreach ( $default_content as $item ) { if ( $slug === $item['slug'] ) { return $item['name']; } } return null; } /** * Removes the preset values whose slug is equal to any of given slugs. * * @since 5.9.0 * * @param array $node The node with the presets to validate. * @param array $slugs The slugs that should not be overridden. * @return array The new node. */ protected static function filter_slugs( $node, $slugs ) { if ( empty( $slugs ) ) { return $node; } $new_node = array(); foreach ( $node as $value ) { if ( isset( $value['slug'] ) && ! in_array( $value['slug'], $slugs, true ) ) { $new_node[] = $value; } } return $new_node; } /** * Removes insecure data from theme.json. * * @since 5.9.0 * @since 6.3.2 Preserves global styles block variations when securing styles. * @since 6.6.0 Updated to allow variation element styles and $origin parameter. * * @param array $theme_json Structure to sanitize. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. * @return array Sanitized structure. */ public static function remove_insecure_properties( $theme_json, $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $sanitized = array(); $theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $theme_json = static::sanitize( $theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $blocks_metadata = static::get_blocks_metadata(); $style_options = array( 'include_block_style_variations' => true ); // Allow variations data. $style_nodes = static::get_style_nodes( $theme_json, $blocks_metadata, $style_options ); foreach ( $style_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } // The global styles custom CSS is not sanitized, but can only be edited by users with 'edit_css' capability. if ( isset( $input['css'] ) && current_user_can( 'edit_css' ) ) { $output = $input; } else { $output = static::remove_insecure_styles( $input ); } /* * Get a reference to element name from path. * $metadata['path'] = array( 'styles', 'elements', 'link' ); */ $current_element = $metadata['path'][ count( $metadata['path'] ) - 1 ]; /* * $output is stripped of pseudo selectors. Re-add and process them * or insecure styles here. */ if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] as $pseudo_selector ) { if ( isset( $input[ $pseudo_selector ] ) ) { $output[ $pseudo_selector ] = static::remove_insecure_styles( $input[ $pseudo_selector ] ); } } } if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } if ( isset( $metadata['variations'] ) ) { foreach ( $metadata['variations'] as $variation ) { $variation_input = _wp_array_get( $theme_json, $variation['path'], array() ); if ( empty( $variation_input ) ) { continue; } $variation_output = static::remove_insecure_styles( $variation_input ); if ( isset( $variation_input['blocks'] ) ) { $variation_output['blocks'] = static::remove_insecure_inner_block_styles( $variation_input['blocks'] ); } if ( isset( $variation_input['elements'] ) ) { $variation_output['elements'] = static::remove_insecure_element_styles( $variation_input['elements'] ); } if ( ! empty( $variation_output ) ) { _wp_array_set( $sanitized, $variation['path'], $variation_output ); } } } } $setting_nodes = static::get_setting_nodes( $theme_json ); foreach ( $setting_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } $output = static::remove_insecure_settings( $input ); if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } } if ( empty( $sanitized['styles'] ) ) { unset( $theme_json['styles'] ); } else { $theme_json['styles'] = $sanitized['styles']; } if ( empty( $sanitized['settings'] ) ) { unset( $theme_json['settings'] ); } else { $theme_json['settings'] = $sanitized['settings']; } return $theme_json; } /** * Remove insecure element styles within a variation or block. * * @since 6.8.0 * * @param array $elements The elements to process. * @return array The sanitized elements styles. */ protected static function remove_insecure_element_styles( $elements ) { $sanitized = array(); $valid_element_names = array_keys( static::ELEMENTS ); foreach ( $valid_element_names as $element_name ) { $element_input = $elements[ $element_name ] ?? null; if ( $element_input ) { $element_output = static::remove_insecure_styles( $element_input ); if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] as $pseudo_selector ) { if ( isset( $element_input[ $pseudo_selector ] ) ) { $element_output[ $pseudo_selector ] = static::remove_insecure_styles( $element_input[ $pseudo_selector ] ); } } } $sanitized[ $element_name ] = $element_output; } } return $sanitized; } /** * Remove insecure styles from inner blocks and their elements. * * @since 6.8.0 * * @param array $blocks The block styles to process. * @return array Sanitized block type styles. */ protected static function remove_insecure_inner_block_styles( $blocks ) { $sanitized = array(); foreach ( $blocks as $block_type => $block_input ) { $block_output = static::remove_insecure_styles( $block_input ); if ( isset( $block_input['elements'] ) ) { $block_output['elements'] = static::remove_insecure_element_styles( $block_input['elements'] ); } $sanitized[ $block_type ] = $block_output; } return $sanitized; } /** * Processes a setting node and returns the same node * without the insecure settings. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_settings( $input ) { $output = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { foreach ( static::VALID_ORIGINS as $origin ) { $path_with_origin = $preset_metadata['path']; $path_with_origin[] = $origin; $presets = _wp_array_get( $input, $path_with_origin, null ); if ( null === $presets ) { continue; } $escaped_preset = array(); foreach ( $presets as $preset ) { if ( esc_attr( esc_html( $preset['name'] ) ) === $preset['name'] && sanitize_html_class( $preset['slug'] ) === $preset['slug'] ) { $value = null; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value = $preset[ $preset_metadata['value_key'] ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value = call_user_func( $preset_metadata['value_func'], $preset ); } $preset_is_valid = true; foreach ( $preset_metadata['properties'] as $property ) { if ( ! static::is_safe_css_declaration( $property, $value ) ) { $preset_is_valid = false; break; } } if ( $preset_is_valid ) { $escaped_preset[] = $preset; } } } if ( ! empty( $escaped_preset ) ) { _wp_array_set( $output, $path_with_origin, $escaped_preset ); } } } // Ensure indirect properties not included in any `PRESETS_METADATA` value are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Processes a style node and returns the same node * without the insecure styles. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_styles( $input ) { $output = array(); $declarations = static::compute_style_properties( $input ); foreach ( $declarations as $declaration ) { if ( static::is_safe_css_declaration( $declaration['name'], $declaration['value'] ) ) { $path = static::PROPERTIES_METADATA[ $declaration['name'] ]; /* * Check the value isn't an array before adding so as to not * double up shorthand and longhand styles. */ $value = _wp_array_get( $input, $path, array() ); if ( ! is_array( $value ) ) { _wp_array_set( $output, $path, $value ); } } } // Ensure indirect properties not handled by `compute_style_properties` are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Checks that a declaration provided by the user is safe. * * @since 5.9.0 * * @param string $property_name Property name in a CSS declaration, i.e. the `color` in `color: red`. * @param string $property_value Value in a CSS declaration, i.e. the `red` in `color: red`. * @return bool */ protected static function is_safe_css_declaration( $property_name, $property_value ) { $style_to_validate = $property_name . ': ' . $property_value; $filtered = esc_html( safecss_filter_attr( $style_to_validate ) ); return ! empty( trim( $filtered ) ); } /** * Removes indirect properties from the given input node and * sets in the given output node. * * @since 6.2.0 * * @param array $input Node to process. * @param array $output The processed node. Passed by reference. */ private static function remove_indirect_properties( $input, &$output ) { foreach ( static::INDIRECT_PROPERTIES_METADATA as $property => $paths ) { foreach ( $paths as $path ) { $value = _wp_array_get( $input, $path ); if ( is_string( $value ) && static::is_safe_css_declaration( $property, $value ) ) { _wp_array_set( $output, $path, $value ); } } } } /** * Returns the raw data. * * @since 5.8.0 * * @return array Raw data. */ public function get_raw_data() { return $this->theme_json; } /** * Transforms the given editor settings according the * add_theme_support format to the theme.json format. * * @since 5.8.0 * * @param array $settings Existing editor settings. * @return array Config that adheres to the theme.json schema. */ public static function get_from_editor_settings( $settings ) { $theme_settings = array( 'version' => static::LATEST_SCHEMA, 'settings' => array(), ); // Deprecated theme supports. if ( isset( $settings['disableCustomColors'] ) ) { $theme_settings['settings']['color']['custom'] = ! $settings['disableCustomColors']; } if ( isset( $settings['disableCustomGradients'] ) ) { $theme_settings['settings']['color']['customGradient'] = ! $settings['disableCustomGradients']; } if ( isset( $settings['disableCustomFontSizes'] ) ) { $theme_settings['settings']['typography']['customFontSize'] = ! $settings['disableCustomFontSizes']; } if ( isset( $settings['enableCustomLineHeight'] ) ) { $theme_settings['settings']['typography']['lineHeight'] = $settings['enableCustomLineHeight']; } if ( isset( $settings['enableCustomUnits'] ) ) { $theme_settings['settings']['spacing']['units'] = ( true === $settings['enableCustomUnits'] ) ? array( 'px', 'em', 'rem', 'vh', 'vw', '%' ) : $settings['enableCustomUnits']; } if ( isset( $settings['colors'] ) ) { $theme_settings['settings']['color']['palette'] = $settings['colors']; } if ( isset( $settings['gradients'] ) ) { $theme_settings['settings']['color']['gradients'] = $settings['gradients']; } if ( isset( $settings['fontSizes'] ) ) { $font_sizes = $settings['fontSizes']; // Back-compatibility for presets without units. foreach ( $font_sizes as $key => $font_size ) { if ( is_numeric( $font_size['size'] ) ) { $font_sizes[ $key ]['size'] = $font_size['size'] . 'px'; } } $theme_settings['settings']['typography']['fontSizes'] = $font_sizes; } if ( isset( $settings['enableCustomSpacing'] ) ) { $theme_settings['settings']['spacing']['padding'] = $settings['enableCustomSpacing']; } if ( isset( $settings['spacingSizes'] ) ) { $theme_settings['settings']['spacing']['spacingSizes'] = $settings['spacingSizes']; } return $theme_settings; } /** * Returns the current theme's wanted patterns(slugs) to be * registered from Pattern Directory. * * @since 6.0.0 * * @return string[] */ public function get_patterns() { if ( isset( $this->theme_json['patterns'] ) && is_array( $this->theme_json['patterns'] ) ) { return $this->theme_json['patterns']; } return array(); } /** * Returns a valid theme.json as provided by a theme. * * Unlike get_raw_data() this returns the presets flattened, as provided by a theme. * This also uses appearanceTools instead of their opt-ins if all of them are true. * * @since 6.0.0 * * @return array */ public function get_data() { $output = $this->theme_json; $nodes = static::get_setting_nodes( $output ); /** * Flatten the theme & custom origins into a single one. * * For example, the following: * * { * "settings": { * "color": { * "palette": { * "theme": [ {} ], * "custom": [ {} ] * } * } * } * } * * will be converted to: * * { * "settings": { * "color": { * "palette": [ {} ] * } * } * } */ foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $preset_metadata_path ) { $path[] = $preset_metadata_path; } $preset = _wp_array_get( $output, $path, null ); if ( null === $preset ) { continue; } $items = array(); if ( isset( $preset['theme'] ) ) { foreach ( $preset['theme'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } if ( isset( $preset['custom'] ) ) { foreach ( $preset['custom'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } $flattened_preset = array(); foreach ( $items as $slug => $value ) { $flattened_preset[] = array_merge( array( 'slug' => (string) $slug ), $value ); } _wp_array_set( $output, $path, $flattened_preset ); } } /* * If all of the static::APPEARANCE_TOOLS_OPT_INS are true, * this code unsets them and sets 'appearanceTools' instead. */ foreach ( $nodes as $node ) { $all_opt_ins_are_set = true; foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( 'unset prop' === $opt_in_value ) { $all_opt_ins_are_set = false; break; } } if ( $all_opt_ins_are_set ) { $node_path_with_appearance_tools = $node['path']; $node_path_with_appearance_tools[] = 'appearanceTools'; _wp_array_set( $output, $node_path_with_appearance_tools, true ); foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( true !== $opt_in_value ) { continue; } /* * The following could be improved to be path independent. * At the moment it relies on a couple of assumptions: * * - all opt-ins having a path of size 2. * - there's two sources of settings: the top-level and the block-level. */ if ( ( 1 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) ) { // Top-level settings. unset( $output['settings'][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings'][ $opt_in_path[0] ] ) ) { unset( $output['settings'][ $opt_in_path[0] ] ); } } elseif ( ( 3 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) && ( 'blocks' === $node['path'][1] ) ) { // Block-level settings. $block_name = $node['path'][2]; unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ) ) { unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ); } } } } } wp_recursive_ksort( $output ); return $output; } /** * Sets the spacingSizes array based on the spacingScale values from theme.json. * * @since 6.1.0 * @deprecated 6.6.0 No longer used as the spacingSizes are automatically * generated in the constructor and merge methods instead * of manually after instantiation. * * @return null|void */ public function set_spacing_sizes() { _deprecated_function( __METHOD__, '6.6.0' ); $spacing_scale = isset( $this->theme_json['settings']['spacing']['spacingScale'] ) ? $this->theme_json['settings']['spacing']['spacingScale'] : array(); if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || ! isset( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) ) { if ( ! empty( $spacing_scale ) ) { wp_trigger_error( __METHOD__, sprintf( /* translators: 1: theme.json, 2: settings.spacing.spacingScale */ __( 'Some of the %1$s %2$s values are invalid' ), 'theme.json', 'settings.spacing.spacingScale' ), E_USER_NOTICE ); } return null; } // If theme authors want to prevent the generation of the core spacing scale they can set their theme.json spacingScale.steps to 0. if ( 0 === $spacing_scale['steps'] ) { return null; } $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); // If there are 7 or fewer steps in the scale revert to numbers for labels instead of t-shirt sizes. if ( $spacing_scale['steps'] <= 7 ) { for ( $spacing_sizes_count = 0; $spacing_sizes_count < count( $spacing_sizes ); $spacing_sizes_count++ ) { $spacing_sizes[ $spacing_sizes_count ]['name'] = (string) ( $spacing_sizes_count + 1 ); } } _wp_array_set( $this->theme_json, array( 'settings', 'spacing', 'spacingSizes', 'default' ), $spacing_sizes ); } /** * Merges two sets of spacing size presets. * * @since 6.6.0 * * @param array $base The base set of spacing sizes. * @param array $incoming The set of spacing sizes to merge with the base. Duplicate slugs will override the base values. * @return array The merged set of spacing sizes. */ private static function merge_spacing_sizes( $base, $incoming ) { // Preserve the order if there are no base (spacingScale) values. if ( empty( $base ) ) { return $incoming; } $merged = array(); foreach ( $base as $item ) { $merged[ $item['slug'] ] = $item; } foreach ( $incoming as $item ) { $merged[ $item['slug'] ] = $item; } ksort( $merged, SORT_NUMERIC ); return array_values( $merged ); } /** * Generates a set of spacing sizes by starting with a medium size and * applying an operator with an increment value to generate the rest of the * sizes outward from the medium size. The medium slug is '50' with the rest * of the slugs being 10 apart. The generated names use t-shirt sizing. * * Example: * * $spacing_scale = array( * 'steps' => 4, * 'mediumStep' => 16, * 'unit' => 'px', * 'operator' => '+', * 'increment' => 2, * ); * $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); * // -> array( * // array( 'name' => 'Small', 'slug' => '40', 'size' => '14px' ), * // array( 'name' => 'Medium', 'slug' => '50', 'size' => '16px' ), * // array( 'name' => 'Large', 'slug' => '60', 'size' => '18px' ), * // array( 'name' => 'X-Large', 'slug' => '70', 'size' => '20px' ), * // ) * * @since 6.6.0 * * @param array $spacing_scale { * The spacing scale values. All are required. * * @type int $steps The number of steps in the scale. (up to 10 steps are supported.) * @type float $mediumStep The middle value that gets the slug '50'. (For even number of steps, this becomes the first middle value.) * @type string $unit The CSS unit to use for the sizes. * @type string $operator The mathematical operator to apply to generate the other sizes. Either '+' or '*'. * @type float $increment The value used with the operator to generate the other sizes. * } * @return array The spacing sizes presets or an empty array if some spacing scale values are missing or invalid. */ private static function compute_spacing_sizes( $spacing_scale ) { /* * This condition is intentionally missing some checks on ranges for the values in order to * keep backwards compatibility with the previous implementation. */ if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || 0 === $spacing_scale['steps'] || ! isset( $spacing_scale['mediumStep'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['increment'] ) ) { return array(); } $unit = '%' === $spacing_scale['unit'] ? '%' : sanitize_title( $spacing_scale['unit'] ); $current_step = $spacing_scale['mediumStep']; $steps_mid_point = round( $spacing_scale['steps'] / 2, 0 ); $x_small_count = null; $below_sizes = array(); $slug = 40; $remainder = 0; for ( $below_midpoint_count = $steps_mid_point - 1; $spacing_scale['steps'] > 1 && $slug > 0 && $below_midpoint_count > 0; $below_midpoint_count-- ) { if ( '+' === $spacing_scale['operator'] ) { $current_step -= $spacing_scale['increment']; } elseif ( $spacing_scale['increment'] > 1 ) { $current_step /= $spacing_scale['increment']; } else { $current_step *= $spacing_scale['increment']; } if ( $current_step <= 0 ) { $remainder = $below_midpoint_count; break; } $below_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Small. */ 'name' => $below_midpoint_count === $steps_mid_point - 1 ? __( 'Small' ) : sprintf( __( '%sX-Small' ), (string) $x_small_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( $below_midpoint_count === $steps_mid_point - 2 ) { $x_small_count = 2; } if ( $below_midpoint_count < $steps_mid_point - 2 ) { ++$x_small_count; } $slug -= 10; } $below_sizes = array_reverse( $below_sizes ); $below_sizes[] = array( 'name' => __( 'Medium' ), 'slug' => '50', 'size' => $spacing_scale['mediumStep'] . $unit, ); $current_step = $spacing_scale['mediumStep']; $x_large_count = null; $above_sizes = array(); $slug = 60; $steps_above = ( $spacing_scale['steps'] - $steps_mid_point ) + $remainder; for ( $above_midpoint_count = 0; $above_midpoint_count < $steps_above; $above_midpoint_count++ ) { $current_step = '+' === $spacing_scale['operator'] ? $current_step + $spacing_scale['increment'] : ( $spacing_scale['increment'] >= 1 ? $current_step * $spacing_scale['increment'] : $current_step / $spacing_scale['increment'] ); $above_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Large. */ 'name' => 0 === $above_midpoint_count ? __( 'Large' ) : sprintf( __( '%sX-Large' ), (string) $x_large_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( 1 === $above_midpoint_count ) { $x_large_count = 2; } if ( $above_midpoint_count > 1 ) { ++$x_large_count; } $slug += 10; } $spacing_sizes = $below_sizes; foreach ( $above_sizes as $above_sizes_item ) { $spacing_sizes[] = $above_sizes_item; } return $spacing_sizes; } /** * This is used to convert the internal representation of variables to the CSS representation. * For example, `var:preset|color|vivid-green-cyan` becomes `var(--wp--preset--color--vivid-green-cyan)`. * * @since 6.3.0 * * @param string $value The variable such as var:preset|color|vivid-green-cyan to convert. * @return string The converted variable. */ private static function convert_custom_properties( $value ) { $prefix = 'var:'; $prefix_len = strlen( $prefix ); $token_in = '|'; $token_out = '--'; if ( str_starts_with( $value, $prefix ) ) { $unwrapped_name = str_replace( $token_in, $token_out, substr( $value, $prefix_len ) ); $value = "var(--wp--$unwrapped_name)"; } return $value; } /** * Given a tree, converts the internal representation of variables to the CSS representation. * It is recursive and modifies the input in-place. * * @since 6.3.0 * * @param array $tree Input to process. * @return array The modified $tree. */ private static function resolve_custom_css_format( $tree ) { $prefix = 'var:'; foreach ( $tree as $key => $data ) { if ( is_string( $data ) && str_starts_with( $data, $prefix ) ) { $tree[ $key ] = self::convert_custom_properties( $data ); } elseif ( is_array( $data ) ) { $tree[ $key ] = self::resolve_custom_css_format( $data ); } } return $tree; } /** * Returns the selectors metadata for a block. * * @since 6.3.0 * * @param object $block_type The block type. * @param string $root_selector The block's root selector. * @return array The custom selectors set by the block. */ protected static function get_block_selectors( $block_type, $root_selector ) { if ( ! empty( $block_type->selectors ) ) { return $block_type->selectors; } $selectors = array( 'root' => $root_selector ); foreach ( static::BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS as $key => $feature ) { $feature_selector = wp_get_block_css_selector( $block_type, $key ); if ( null !== $feature_selector ) { $selectors[ $feature ] = array( 'root' => $feature_selector ); } } return $selectors; } /** * Generates all the element selectors for a block. * * @since 6.3.0 * * @param string $root_selector The block's root CSS selector. * @return array The block's element selectors. */ protected static function get_block_element_selectors( $root_selector ) { /* * Assign defaults, then override those that the block sets by itself. * If the block selector is compounded, will append the element to each * individual block selector. */ $block_selectors = explode( ',', $root_selector ); $element_selectors = array(); foreach ( static::ELEMENTS as $el_name => $el_selector ) { $element_selector = array(); foreach ( $block_selectors as $selector ) { if ( $selector === $el_selector ) { $element_selector = array( $el_selector ); break; } $element_selector[] = static::prepend_to_selector( $el_selector, $selector . ' ' ); } $element_selectors[ $el_name ] = implode( ',', $element_selector ); } return $element_selectors; } /** * Generates style declarations for a node's features e.g., color, border, * typography etc. that have custom selectors in their related block's * metadata. * * @since 6.3.0 * * @param object $metadata The related block metadata containing selectors. * @param object $node A merged theme.json node for block or variation. * @return array The style declarations for the node's features with custom * selectors. */ protected function get_feature_declarations_for_node( $metadata, &$node ) { $declarations = array(); if ( ! isset( $metadata['selectors'] ) ) { return $declarations; } $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); foreach ( $metadata['selectors'] as $feature => $feature_selectors ) { /* * Skip if this is the block's root selector or the block doesn't * have any styles for the feature. */ if ( 'root' === $feature || empty( $node[ $feature ] ) ) { continue; } if ( is_array( $feature_selectors ) ) { foreach ( $feature_selectors as $subfeature => $subfeature_selector ) { if ( 'root' === $subfeature || empty( $node[ $feature ][ $subfeature ] ) ) { continue; } /* * Create temporary node containing only the subfeature data * to leverage existing `compute_style_properties` function. */ $subfeature_node = array( $feature => array( $subfeature => $node[ $feature ][ $subfeature ], ), ); // Generate style declarations. $new_declarations = static::compute_style_properties( $subfeature_node, $settings, null, $this->theme_json ); // Merge subfeature declarations into feature declarations. if ( isset( $declarations[ $subfeature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $subfeature_selector ][] = $new_declaration; } } else { $declarations[ $subfeature_selector ] = $new_declarations; } /* * Remove the subfeature from the block's node now its * styles will be included under its own selector not the * block's. */ unset( $node[ $feature ][ $subfeature ] ); } } /* * Now subfeatures have been processed and removed we can process * feature root selector or simple string selector. */ if ( is_string( $feature_selectors ) || ( isset( $feature_selectors['root'] ) && $feature_selectors['root'] ) ) { $feature_selector = is_string( $feature_selectors ) ? $feature_selectors : $feature_selectors['root']; /* * Create temporary node containing only the feature data * to leverage existing `compute_style_properties` function. */ $feature_node = array( $feature => $node[ $feature ] ); // Generate the style declarations. $new_declarations = static::compute_style_properties( $feature_node, $settings, null, $this->theme_json ); /* * Merge new declarations with any that already exist for * the feature selector. This may occur when multiple block * support features use the same custom selector. */ if ( isset( $declarations[ $feature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $feature_selector ][] = $new_declaration; } } else { $declarations[ $feature_selector ] = $new_declarations; } /* * Remove the feature from the block's node now its styles * will be included under its own selector not the block's. */ unset( $node[ $feature ] ); } } return $declarations; } /** * Replaces CSS variables with their values in place. * * @since 6.3.0 * @since 6.5.0 Check for empty style before processing its value. * * @param array $styles CSS declarations to convert. * @param array $values key => value pairs to use for replacement. * @return array */ private static function convert_variables_to_value( $styles, $values ) { foreach ( $styles as $key => $style ) { if ( empty( $style ) ) { continue; } if ( is_array( $style ) ) { $styles[ $key ] = self::convert_variables_to_value( $style, $values ); continue; } if ( 0 <= strpos( $style, 'var(' ) ) { // find all the variables in the string in the form of var(--variable-name, fallback), with fallback in the second capture group. $has_matches = preg_match_all( '/var\(([^),]+)?,?\s?(\S+)?\)/', $style, $var_parts ); if ( $has_matches ) { $resolved_style = $styles[ $key ]; foreach ( $var_parts[1] as $index => $var_part ) { $key_in_values = 'var(' . $var_part . ')'; $rule_to_replace = $var_parts[0][ $index ]; // the css rule to replace e.g. var(--wp--preset--color--vivid-green-cyan). $fallback = $var_parts[2][ $index ]; // the fallback value. $resolved_style = str_replace( array( $rule_to_replace, $fallback, ), array( isset( $values[ $key_in_values ] ) ? $values[ $key_in_values ] : $rule_to_replace, isset( $values[ $fallback ] ) ? $values[ $fallback ] : $fallback, ), $resolved_style ); } $styles[ $key ] = $resolved_style; } } } return $styles; } /** * Resolves the values of CSS variables in the given styles. * * @since 6.3.0 * * @param WP_Theme_JSON $theme_json The theme json resolver. * @return WP_Theme_JSON The $theme_json with resolved variables. */ public static function resolve_variables( $theme_json ) { $settings = $theme_json->get_settings(); $styles = $theme_json->get_raw_data()['styles']; $preset_vars = static::compute_preset_vars( $settings, static::VALID_ORIGINS ); $theme_vars = static::compute_theme_vars( $settings ); $vars = array_reduce( array_merge( $preset_vars, $theme_vars ), function ( $carry, $item ) { $name = $item['name']; $carry[ "var({$name})" ] = $item['value']; return $carry; }, array() ); $theme_json->theme_json['styles'] = self::convert_variables_to_value( $styles, $vars ); return $theme_json; } /** * Generates a selector for a block style variation. * * @since 6.5.0 * * @param string $variation_name Name of the block style variation. * @param string $block_selector CSS selector for the block. * @return string Block selector with block style variation selector added to it. */ protected static function get_block_style_variation_selector( $variation_name, $block_selector ) { $variation_class = ".is-style-$variation_name"; if ( ! $block_selector ) { return $variation_class; } $limit = 1; $selector_parts = explode( ',', $block_selector ); $result = array(); foreach ( $selector_parts as $part ) { $result[] = preg_replace_callback( '/((?::\([^)]+\))?\s*)([^\s:]+)/', function ( $matches ) use ( $variation_class ) { return $matches[1] . $matches[2] . $variation_class; }, $part, $limit ); } return implode( ',', $result ); } /** * Collects valid block style variations keyed by block type. * * @since 6.6.0 * @since 6.8.0 Added the `$blocks_metadata` parameter. * * @param array $blocks_metadata Optional. List of metadata per block. Default is the metadata for all blocks. * @return array Valid block style variations by block type. */ protected static function get_valid_block_style_variations( $blocks_metadata = array() ) { $valid_variations = array(); $blocks_metadata = empty( $blocks_metadata ) ? static::get_blocks_metadata() : $blocks_metadata; foreach ( $blocks_metadata as $block_name => $block_meta ) { if ( ! isset( $block_meta['styleVariations'] ) ) { continue; } $valid_variations[ $block_name ] = array_keys( $block_meta['styleVariations'] ); } return $valid_variations; } } HTTP/https-migration-20260605221623.php 0000666 00000011205 15226703613 0012557 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606072111.php 0000666 00000013341 15226703613 0012544 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606074142-20260608045956.php 0000666 00000011205 15226703613 0014164 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606042005-20260607152000.php 0000666 00000011205 15226703613 0014127 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605090746-20260608165451.php 0000666 00000013341 15226703613 0014154 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605213309.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606030233-20260608135023.php 0000666 00000011205 15226703613 0014136 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-customize-setting-20260605041352.php 0000666 00000072412 15226703613 0014660 0 ustar 00 <?php /** * WordPress Customize Setting classes * * @package WordPress * @subpackage Customize * @since 3.4.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } /** * Customize Setting class. * * Handles saving and sanitizing of settings. * * @since 3.4.0 * * @see WP_Customize_Manager * @link https://developer.wordpress.org/themes/customize-api */ #[AllowDynamicProperties] class WP_Customize_Setting { /** * Customizer bootstrap instance. * * @since 3.4.0 * @var WP_Customize_Manager */ public $manager; /** * Unique string identifier for the setting. * * @since 3.4.0 * @var string */ public $id; /** * Type of customize settings. * * @since 3.4.0 * @var string */ public $type = 'theme_mod'; /** * Capability required to edit this setting. * * @since 3.4.0 * @var string|array */ public $capability = 'edit_theme_options'; /** * Theme features required to support the setting. * * @since 3.4.0 * @var string|string[] */ public $theme_supports = ''; /** * The default value for the setting. * * @since 3.4.0 * @var string */ public $default = ''; /** * Options for rendering the live preview of changes in Customizer. * * Set this value to 'postMessage' to enable a custom JavaScript handler to render changes to this setting * as opposed to reloading the whole page. * * @since 3.4.0 * @var string */ public $transport = 'refresh'; /** * Server-side validation callback for the setting's value. * * @since 4.6.0 * @var callable */ public $validate_callback = ''; /** * Callback to filter a Customize setting value in un-slashed form. * * @since 3.4.0 * @var callable */ public $sanitize_callback = ''; /** * Callback to convert a Customize PHP setting value to a value that is JSON serializable. * * @since 3.4.0 * @var callable */ public $sanitize_js_callback = ''; /** * Whether or not the setting is initially dirty when created. * * This is used to ensure that a setting will be sent from the pane to the * preview when loading the Customizer. Normally a setting only is synced to * the preview if it has been changed. This allows the setting to be sent * from the start. * * @since 4.2.0 * @var bool */ public $dirty = false; /** * ID Data. * * @since 3.4.0 * @var array */ protected $id_data = array(); /** * Whether or not preview() was called. * * @since 4.4.0 * @var bool */ protected $is_previewed = false; /** * Cache of multidimensional values to improve performance. * * @since 4.4.0 * @var array */ protected static $aggregated_multidimensionals = array(); /** * Whether the multidimensional setting is aggregated. * * @since 4.4.0 * @var bool */ protected $is_multidimensional_aggregated = false; /** * Constructor. * * Any supplied $args override class property defaults. * * @since 3.4.0 * * @param WP_Customize_Manager $manager Customizer bootstrap instance. * @param string $id A specific ID of the setting. * Can be a theme mod or option name. * @param array $args { * Optional. Array of properties for the new Setting object. Default empty array. * * @type string $type Type of the setting. Default 'theme_mod'. * @type string $capability Capability required for the setting. Default 'edit_theme_options' * @type string|string[] $theme_supports Theme features required to support the panel. Default is none. * @type string $default Default value for the setting. Default is empty string. * @type string $transport Options for rendering the live preview of changes in Customizer. * Using 'refresh' makes the change visible by reloading the whole preview. * Using 'postMessage' allows a custom JavaScript to handle live changes. * Default is 'refresh'. * @type callable $validate_callback Server-side validation callback for the setting's value. * @type callable $sanitize_callback Callback to filter a Customize setting value in un-slashed form. * @type callable $sanitize_js_callback Callback to convert a Customize PHP setting value to a value that is * JSON serializable. * @type bool $dirty Whether or not the setting is initially dirty when created. * } */ public function __construct( $manager, $id, $args = array() ) { $keys = array_keys( get_object_vars( $this ) ); foreach ( $keys as $key ) { if ( isset( $args[ $key ] ) ) { $this->$key = $args[ $key ]; } } $this->manager = $manager; $this->id = $id; // Parse the ID for array keys. $this->id_data['keys'] = preg_split( '/\[/', str_replace( ']', '', $this->id ) ); $this->id_data['base'] = array_shift( $this->id_data['keys'] ); // Rebuild the ID. $this->id = $this->id_data['base']; if ( ! empty( $this->id_data['keys'] ) ) { $this->id .= '[' . implode( '][', $this->id_data['keys'] ) . ']'; } if ( $this->validate_callback ) { add_filter( "customize_validate_{$this->id}", $this->validate_callback, 10, 3 ); } if ( $this->sanitize_callback ) { add_filter( "customize_sanitize_{$this->id}", $this->sanitize_callback, 10, 2 ); } if ( $this->sanitize_js_callback ) { add_filter( "customize_sanitize_js_{$this->id}", $this->sanitize_js_callback, 10, 2 ); } if ( 'option' === $this->type || 'theme_mod' === $this->type ) { // Other setting types can opt-in to aggregate multidimensional explicitly. $this->aggregate_multidimensional(); // Allow option settings to indicate whether they should be autoloaded. if ( 'option' === $this->type && isset( $args['autoload'] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] = $args['autoload']; } } } /** * Get parsed ID data for multidimensional setting. * * @since 4.4.0 * * @return array { * ID data for multidimensional setting. * * @type string $base ID base * @type array $keys Keys for multidimensional array. * } */ final public function id_data() { return $this->id_data; } /** * Set up the setting for aggregated multidimensional values. * * When a multidimensional setting gets aggregated, all of its preview and update * calls get combined into one call, greatly improving performance. * * @since 4.4.0 */ protected function aggregate_multidimensional() { $id_base = $this->id_data['base']; if ( ! isset( self::$aggregated_multidimensionals[ $this->type ] ) ) { self::$aggregated_multidimensionals[ $this->type ] = array(); } if ( ! isset( self::$aggregated_multidimensionals[ $this->type ][ $id_base ] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $id_base ] = array( 'previewed_instances' => array(), // Calling preview() will add the $setting to the array. 'preview_applied_instances' => array(), // Flags for which settings have had their values applied. 'root_value' => $this->get_root_value( array() ), // Root value for initial state, manipulated by preview and update calls. ); } if ( ! empty( $this->id_data['keys'] ) ) { // Note the preview-applied flag is cleared at priority 9 to ensure it is cleared before a deferred-preview runs. add_action( "customize_post_value_set_{$this->id}", array( $this, '_clear_aggregated_multidimensional_preview_applied_flag' ), 9 ); $this->is_multidimensional_aggregated = true; } } /** * Reset `$aggregated_multidimensionals` static variable. * * This is intended only for use by unit tests. * * @since 4.5.0 * @ignore */ public static function reset_aggregated_multidimensionals() { self::$aggregated_multidimensionals = array(); } /** * The ID for the current site when the preview() method was called. * * @since 4.2.0 * @var int */ protected $_previewed_blog_id; /** * Return true if the current site is not the same as the previewed site. * * @since 4.2.0 * * @return bool If preview() has been called. */ public function is_current_blog_previewed() { if ( ! isset( $this->_previewed_blog_id ) ) { return false; } return ( get_current_blog_id() === $this->_previewed_blog_id ); } /** * Original non-previewed value stored by the preview method. * * @see WP_Customize_Setting::preview() * @since 4.1.1 * @var mixed */ protected $_original_value; /** * Add filters to supply the setting's value when accessed. * * If the setting already has a pre-existing value and there is no incoming * post value for the setting, then this method will short-circuit since * there is no change to preview. * * @since 3.4.0 * @since 4.4.0 Added boolean return value. * * @return bool False when preview short-circuits due no change needing to be previewed. */ public function preview() { if ( ! isset( $this->_previewed_blog_id ) ) { $this->_previewed_blog_id = get_current_blog_id(); } // Prevent re-previewing an already-previewed setting. if ( $this->is_previewed ) { return true; } $id_base = $this->id_data['base']; $is_multidimensional = ! empty( $this->id_data['keys'] ); $multidimensional_filter = array( $this, '_multidimensional_preview_filter' ); /* * Check if the setting has a pre-existing value (an isset check), * and if doesn't have any incoming post value. If both checks are true, * then the preview short-circuits because there is nothing that needs * to be previewed. */ $undefined = new stdClass(); $needs_preview = ( $undefined !== $this->post_value( $undefined ) ); $value = null; // Since no post value was defined, check if we have an initial value set. if ( ! $needs_preview ) { if ( $this->is_multidimensional_aggregated ) { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root, $this->id_data['keys'], $undefined ); } else { $default = $this->default; $this->default = $undefined; // Temporarily set default to undefined so we can detect if existing value is set. $value = $this->value(); $this->default = $default; } $needs_preview = ( $undefined === $value ); // Because the default needs to be supplied. } // If the setting does not need previewing now, defer to when it has a value to preview. if ( ! $needs_preview ) { if ( ! has_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ) ) { add_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ); } return false; } switch ( $this->type ) { case 'theme_mod': if ( ! $is_multidimensional ) { add_filter( "theme_mod_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add this filter once for this ID base. add_filter( "theme_mod_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; case 'option': if ( ! $is_multidimensional ) { add_filter( "pre_option_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add these filters once for this ID base. add_filter( "option_{$id_base}", $multidimensional_filter ); add_filter( "default_option_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; default: /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->id}", $this ); /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the setting type. * * @since 4.1.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->type}", $this ); } $this->is_previewed = true; return true; } /** * Clear out the previewed-applied flag for a multidimensional-aggregated value whenever its post value is updated. * * This ensures that the new value will get sanitized and used the next time * that `WP_Customize_Setting::_multidimensional_preview_filter()` * is called for this setting. * * @since 4.4.0 * * @see WP_Customize_Manager::set_post_value() * @see WP_Customize_Setting::_multidimensional_preview_filter() */ final public function _clear_aggregated_multidimensional_preview_applied_flag() { unset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['preview_applied_instances'][ $this->id ] ); } /** * Callback function to filter non-multidimensional theme mods and options. * * If switch_to_blog() was called after the preview() method, and the current * site is now not the same site, then this method does a no-op and returns * the original value. * * @since 3.4.0 * * @param mixed $original Old value. * @return mixed New or old value. */ public function _preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $undefined = new stdClass(); // Symbol hack. $post_value = $this->post_value( $undefined ); if ( $undefined !== $post_value ) { $value = $post_value; } else { /* * Note that we don't use $original here because preview() will * not add the filter in the first place if it has an initial value * and there is no post value. */ $value = $this->default; } return $value; } /** * Callback function to filter multidimensional theme mods and options. * * For all multidimensional settings of a given type, the preview filter for * the first setting previewed will be used to apply the values for the others. * * @since 4.4.0 * * @see WP_Customize_Setting::$aggregated_multidimensionals * @param mixed $original Original root value. * @return mixed New or old value. */ final public function _multidimensional_preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $id_base = $this->id_data['base']; // If no settings have been previewed yet (which should not be the case, since $this is), just pass through the original value. if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { return $original; } foreach ( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] as $previewed_setting ) { // Skip applying previewed value for any settings that have already been applied. if ( ! empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] ) ) { continue; } // Do the replacements of the posted/default sub value into the root value. $value = $previewed_setting->post_value( $previewed_setting->default ); $root = self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value']; $root = $previewed_setting->multidimensional_replace( $root, $previewed_setting->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value'] = $root; // Mark this setting having been applied so that it will be skipped when the filter is called again. self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] = true; } return self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; } /** * Checks user capabilities and theme supports, and then saves * the value of the setting. * * @since 3.4.0 * * @return void|false Void on success, false if cap check fails * or value isn't set or is invalid. */ final public function save() { $value = $this->post_value(); if ( ! $this->check_capabilities() || ! isset( $value ) ) { return false; } $id_base = $this->id_data['base']; /** * Fires when the WP_Customize_Setting::save() method is called. * * The dynamic portion of the hook name, `$id_base` refers to * the base slug of the setting name. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_save_{$id_base}", $this ); $this->update( $value ); } /** * Fetch and sanitize the $_POST value for the setting. * * During a save request prior to save, post_value() provides the new value while value() does not. * * @since 3.4.0 * * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The default value on failure, otherwise the sanitized and validated value. */ final public function post_value( $default_value = null ) { return $this->manager->post_value( $this, $default_value ); } /** * Sanitize an input. * * @since 3.4.0 * * @param string|array $value The value to sanitize. * @return string|array|null|WP_Error Sanitized value, or `null`/`WP_Error` if invalid. */ public function sanitize( $value ) { /** * Filters a Customize setting value in un-slashed form. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ return apply_filters( "customize_sanitize_{$this->id}", $value, $this ); } /** * Validates an input. * * @since 4.6.0 * * @see WP_REST_Request::has_valid_params() * * @param mixed $value Value to validate. * @return true|WP_Error True if the input was validated, otherwise WP_Error. */ public function validate( $value ) { if ( is_wp_error( $value ) ) { return $value; } if ( is_null( $value ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value.' ) ); } $validity = new WP_Error(); /** * Validates a Customize setting value. * * Plugins should amend the `$validity` object via its `WP_Error::add()` method. * * The dynamic portion of the hook name, `$this->ID`, refers to the setting ID. * * @since 4.6.0 * * @param WP_Error $validity Filtered from `true` to `WP_Error` when invalid. * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $validity = apply_filters( "customize_validate_{$this->id}", $validity, $value, $this ); if ( is_wp_error( $validity ) && ! $validity->has_errors() ) { $validity = true; } return $validity; } /** * Get the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $default_value Value to return if root does not exist. * @return mixed */ protected function get_root_value( $default_value = null ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { return get_option( $id_base, $default_value ); } elseif ( 'theme_mod' === $this->type ) { return get_theme_mod( $id_base, $default_value ); } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return $default_value; } } /** * Set the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $value Value to set as root of multidimensional setting. * @return bool Whether the multidimensional root was updated successfully. */ protected function set_root_value( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { $autoload = true; if ( isset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] ) ) { $autoload = self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload']; } return update_option( $id_base, $value, $autoload ); } elseif ( 'theme_mod' === $this->type ) { set_theme_mod( $id_base, $value ); return true; } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return false; } } /** * Save the value of the setting, using the related API. * * @since 3.4.0 * * @param mixed $value The value to update. * @return bool The result of saving the value. */ protected function update( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type || 'theme_mod' === $this->type ) { if ( ! $this->is_multidimensional_aggregated ) { return $this->set_root_value( $value ); } else { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $root = $this->multidimensional_replace( $root, $this->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value'] = $root; return $this->set_root_value( $root ); } } else { /** * Fires when the WP_Customize_Setting::update() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the type of setting. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_update_{$this->type}", $value, $this ); return has_action( "customize_update_{$this->type}" ); } } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_theme_mod() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_option() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Fetch the value of the setting. * * @since 3.4.0 * * @return mixed The value. */ public function value() { $id_base = $this->id_data['base']; $is_core_type = ( 'option' === $this->type || 'theme_mod' === $this->type ); if ( ! $is_core_type && ! $this->is_multidimensional_aggregated ) { // Use post value if previewed and a post value is present. if ( $this->is_previewed ) { $value = $this->post_value( null ); if ( null !== $value ) { return $value; } } $value = $this->get_root_value( $this->default ); /** * Filters a Customize setting value not handled as a theme_mod or option. * * The dynamic portion of the hook name, `$id_base`, refers to * the base slug of the setting name, initialized from `$this->id_data['base']`. * * For settings handled as theme_mods or options, see those corresponding * functions for available hooks. * * @since 3.4.0 * @since 4.6.0 Added the `$this` setting instance as the second parameter. * * @param mixed $default_value The setting default value. Default empty. * @param WP_Customize_Setting $setting The setting instance. */ $value = apply_filters( "customize_value_{$id_base}", $value, $this ); } elseif ( $this->is_multidimensional_aggregated ) { $root_value = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root_value, $this->id_data['keys'], $this->default ); // Ensure that the post value is used if the setting is previewed, since preview filters aren't applying on cached $root_value. if ( $this->is_previewed ) { $value = $this->post_value( $value ); } } else { $value = $this->get_root_value( $this->default ); } return $value; } /** * Sanitize the setting's value for use in JavaScript. * * @since 3.4.0 * * @return mixed The requested escaped value. */ public function js_value() { /** * Filters a Customize setting value for use in JavaScript. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param mixed $value The setting value. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $value = apply_filters( "customize_sanitize_js_{$this->id}", $this->value(), $this ); if ( is_string( $value ) ) { return html_entity_decode( $value, ENT_QUOTES, 'UTF-8' ); } return $value; } /** * Retrieves the data to export to the client via JSON. * * @since 4.6.0 * * @return array Array of parameters passed to JavaScript. */ public function json() { return array( 'value' => $this->js_value(), 'transport' => $this->transport, 'dirty' => $this->dirty, 'type' => $this->type, ); } /** * Validate user capabilities whether the theme supports the setting. * * @since 3.4.0 * * @return bool False if theme doesn't support the setting or user can't change setting, otherwise true. */ final public function check_capabilities() { if ( $this->capability && ! current_user_can( $this->capability ) ) { return false; } if ( $this->theme_supports && ! current_theme_supports( ...(array) $this->theme_supports ) ) { return false; } return true; } /** * Multidimensional helper function. * * @since 3.4.0 * * @param array $root * @param array $keys * @param bool $create Default false. * @return array|void Keys are 'root', 'node', and 'key'. */ final protected function multidimensional( &$root, $keys, $create = false ) { if ( $create && empty( $root ) ) { $root = array(); } if ( ! isset( $root ) || empty( $keys ) ) { return; } $last = array_pop( $keys ); $node = &$root; foreach ( $keys as $key ) { if ( $create && ! isset( $node[ $key ] ) ) { $node[ $key ] = array(); } if ( ! is_array( $node ) || ! isset( $node[ $key ] ) ) { return; } $node = &$node[ $key ]; } if ( $create ) { if ( ! is_array( $node ) ) { // Account for an array overriding a string or object value. $node = array(); } if ( ! isset( $node[ $last ] ) ) { $node[ $last ] = array(); } } if ( ! isset( $node[ $last ] ) ) { return; } return array( 'root' => &$root, 'node' => &$node, 'key' => $last, ); } /** * Will attempt to replace a specific value in a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $value The value to update. * @return mixed */ final protected function multidimensional_replace( $root, $keys, $value ) { if ( ! isset( $value ) ) { return $root; } elseif ( empty( $keys ) ) { // If there are no keys, we're replacing the root. return $value; } $result = $this->multidimensional( $root, $keys, true ); if ( isset( $result ) ) { $result['node'][ $result['key'] ] = $value; } return $root; } /** * Will attempt to fetch a specific value from a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The requested value or the default value. */ final protected function multidimensional_get( $root, $keys, $default_value = null ) { if ( empty( $keys ) ) { // If there are no keys, test the root. return isset( $root ) ? $root : $default_value; } $result = $this->multidimensional( $root, $keys ); return isset( $result ) ? $result['node'][ $result['key'] ] : $default_value; } /** * Will attempt to check if a specific value in a multidimensional array is set. * * @since 3.4.0 * * @param array $root * @param array $keys * @return bool True if value is set, false if not. */ final protected function multidimensional_isset( $root, $keys ) { $result = $this->multidimensional_get( $root, $keys ); return isset( $result ); } } /** * WP_Customize_Filter_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-filter-setting.php'; /** * WP_Customize_Header_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-setting.php'; /** * WP_Customize_Background_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-setting.php'; /** * WP_Customize_Nav_Menu_Item_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-setting.php'; /** * WP_Customize_Nav_Menu_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-setting.php'; HTTP/class-wp-http-encoding-20260605110904.php 0000666 00000015041 15226703613 0013721 0 ustar 00 <?php /** * HTTP API: WP_Http_Encoding class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement deflate and gzip transfer encoding support for HTTP requests. * * Includes RFC 1950, RFC 1951, and RFC 1952. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Http_Encoding { /** * Compress raw string using the deflate format. * * Supports the RFC 1951 standard. * * @since 2.8.0 * * @param string $raw String to compress. * @param int $level Optional. Compression level, 9 is highest. Default 9. * @param string $supports Optional, not used. When implemented it will choose * the right compression based on what the server supports. * @return string|false Compressed string on success, false on failure. */ public static function compress( $raw, $level = 9, $supports = null ) { return gzdeflate( $raw, $level ); } /** * Decompression of deflated string. * * Will attempt to decompress using the RFC 1950 standard, and if that fails * then the RFC 1951 standard deflate will be attempted. Finally, the RFC * 1952 standard gzip decode will be attempted. If all fail, then the * original compressed string will be returned. * * @since 2.8.0 * * @param string $compressed String to decompress. * @param int $length The optional length of the compressed data. * @return string|false Decompressed string on success, false on failure. */ public static function decompress( $compressed, $length = null ) { if ( empty( $compressed ) ) { return $compressed; } $decompressed = @gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = self::compatible_gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = @gzuncompress( $compressed ); if ( false !== $decompressed ) { return $decompressed; } if ( function_exists( 'gzdecode' ) ) { $decompressed = @gzdecode( $compressed ); if ( false !== $decompressed ) { return $decompressed; } } return $compressed; } /** * Decompression of deflated string while staying compatible with the majority of servers. * * Certain Servers will return deflated data with headers which PHP's gzinflate() * function cannot handle out of the box. The following function has been created from * various snippets on the gzinflate() PHP documentation. * * Warning: Magic numbers within. Due to the potential different formats that the compressed * data may be returned in, some "magic offsets" are needed to ensure proper decompression * takes place. For a simple pragmatic way to determine the magic offset in use, see: * https://core.trac.wordpress.org/ticket/18273 * * @since 2.8.1 * * @link https://core.trac.wordpress.org/ticket/18273 * @link https://www.php.net/manual/en/function.gzinflate.php#70875 * @link https://www.php.net/manual/en/function.gzinflate.php#77336 * * @param string $gz_data String to decompress. * @return string|false Decompressed string on success, false on failure. */ public static function compatible_gzinflate( $gz_data ) { // Compressed data might contain a full header, if so strip it for gzinflate(). if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) { $i = 10; $flg = ord( substr( $gz_data, 3, 1 ) ); if ( $flg > 0 ) { if ( $flg & 4 ) { list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) ); $i = $i + 2 + $xlen; } if ( $flg & 8 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 16 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 2 ) { $i = $i + 2; } } $decompressed = @gzinflate( substr( $gz_data, $i, -8 ) ); if ( false !== $decompressed ) { return $decompressed; } } // Compressed data from java.util.zip.Deflater amongst others. $decompressed = @gzinflate( substr( $gz_data, 2 ) ); if ( false !== $decompressed ) { return $decompressed; } return false; } /** * What encoding types to accept and their priority values. * * @since 2.8.0 * * @param string $url * @param array $args * @return string Types of encoding to accept. */ public static function accept_encoding( $url, $args ) { $type = array(); $compression_enabled = self::is_available(); if ( ! $args['decompress'] ) { // Decompression specifically disabled. $compression_enabled = false; } elseif ( $args['stream'] ) { // Disable when streaming to file. $compression_enabled = false; } elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it. $compression_enabled = false; } if ( $compression_enabled ) { if ( function_exists( 'gzinflate' ) ) { $type[] = 'deflate;q=1.0'; } if ( function_exists( 'gzuncompress' ) ) { $type[] = 'compress;q=0.5'; } if ( function_exists( 'gzdecode' ) ) { $type[] = 'gzip;q=0.5'; } } /** * Filters the allowed encoding types. * * @since 3.6.0 * * @param string[] $type Array of what encoding types to accept and their priority values. * @param string $url URL of the HTTP request. * @param array $args HTTP request arguments. */ $type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args ); return implode( ', ', $type ); } /** * What encoding the content used when it was compressed to send in the headers. * * @since 2.8.0 * * @return string Content-Encoding string to send in the header. */ public static function content_encoding() { return 'deflate'; } /** * Whether the content be decoded based on the headers. * * @since 2.8.0 * * @param array|string $headers All of the available headers. * @return bool */ public static function should_decode( $headers ) { if ( is_array( $headers ) ) { if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) { return true; } } elseif ( is_string( $headers ) ) { return ( stripos( $headers, 'content-encoding:' ) !== false ); } return false; } /** * Whether decompression and compression are supported by the PHP version. * * Each function is tested instead of checking for the zlib extension, to * ensure that the functions all exist in the PHP version and aren't * disabled. * * @since 2.8.0 * * @return bool */ public static function is_available() { return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) ); } } HTTP/https-detection-20260605023619-20260608050047.php 0000666 00000013341 15226703613 0014141 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605172137-20260609123424.php 0000666 00000011205 15226703613 0014152 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605125547-20260606101745.php 0000666 00000013341 15226703613 0014144 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605222433-20260606143719.php 0000666 00000013341 15226703613 0014143 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606050704-20260606141321.php 0000666 00000013341 15226703613 0014127 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605183346.php 0000666 00000013341 15226703613 0012560 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/cache.php 0000666 00000032256 15226703613 0007120 0 ustar 00 <?php /** * Object Cache API * * @link https://developer.wordpress.org/reference/classes/wp_object_cache/ * * @package WordPress * @subpackage Cache */ /** WP_Object_Cache class */ require_once ABSPATH . WPINC . '/class-wp-object-cache.php'; /** * Sets up Object Cache Global and assigns it. * * @since 2.0.0 * * @global WP_Object_Cache $wp_object_cache */ function wp_cache_init() { $GLOBALS['wp_object_cache'] = new WP_Object_Cache(); } /** * Adds data to the cache, if the cache key doesn't already exist. * * @since 2.0.0 * * @see WP_Object_Cache::add() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The data to add to the cache. * @param string $group Optional. The group to add the cache to. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When the cache data should expire, in seconds. * Default 0 (no expiration). * @return bool True on success, false if cache key and group already exist. */ function wp_cache_add( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add( $key, $data, $group, (int) $expire ); } /** * Adds multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::add_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if cache key and group already exist. */ function wp_cache_add_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add_multiple( $data, $group, (int) $expire ); } /** * Replaces the contents of the cache with new data. * * @since 2.0.0 * * @see WP_Object_Cache::replace() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache data that should be replaced. * @param mixed $data The new data to store in the cache. * @param string $group Optional. The group for the cache data that should be replaced. * Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True if contents were replaced, false if original value does not exist. */ function wp_cache_replace( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->replace( $key, $data, $group, (int) $expire ); } /** * Saves the data to the cache. * * Differs from wp_cache_add() and wp_cache_replace() in that it will always write data. * * @since 2.0.0 * * @see WP_Object_Cache::set() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The contents to store in the cache. * @param string $group Optional. Where to group the cache contents. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True on success, false on failure. */ function wp_cache_set( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set( $key, $data, $group, (int) $expire ); } /** * Sets multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::set_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false on failure. */ function wp_cache_set_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set_multiple( $data, $group, (int) $expire ); } /** * Retrieves the cache contents from the cache by key and group. * * @since 2.0.0 * * @see WP_Object_Cache::get() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @param bool|null $found Optional. Whether the key was found in the cache (passed by reference). * Disambiguates a return of false, a storable value. Default null. * @return mixed|false The cache contents on success, false on failure to retrieve contents. */ function wp_cache_get( $key, $group = '', $force = false, &$found = null ) { global $wp_object_cache; return $wp_object_cache->get( $key, $group, $force, $found ); } /** * Retrieves multiple values from the cache in one call. * * @since 5.5.0 * * @see WP_Object_Cache::get_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @return array Array of return values, grouped by key. Each value is either * the cache contents on success, or false on failure. */ function wp_cache_get_multiple( $keys, $group = '', $force = false ) { global $wp_object_cache; return $wp_object_cache->get_multiple( $keys, $group, $force ); } /** * Removes the cache contents matching key and group. * * @since 2.0.0 * * @see WP_Object_Cache::delete() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key What the contents in the cache are called. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool True on successful removal, false on failure. */ function wp_cache_delete( $key, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete( $key, $group ); } /** * Deletes multiple values from the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::delete_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache to deleted. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if the contents were not deleted. */ function wp_cache_delete_multiple( array $keys, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete_multiple( $keys, $group ); } /** * Increments numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::incr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache contents that should be incremented. * @param int $offset Optional. The amount by which to increment the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_incr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->incr( $key, $offset, $group ); } /** * Decrements numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::decr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to decrement. * @param int $offset Optional. The amount by which to decrement the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_decr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->decr( $key, $offset, $group ); } /** * Removes all cache items. * * @since 2.0.0 * * @see WP_Object_Cache::flush() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @return bool True on success, false on failure. */ function wp_cache_flush() { global $wp_object_cache; return $wp_object_cache->flush(); } /** * Removes all cache items from the in-memory runtime cache. * * @since 6.0.0 * * @see WP_Object_Cache::flush() * * @return bool True on success, false on failure. */ function wp_cache_flush_runtime() { return wp_cache_flush(); } /** * Removes all cache items in a group, if the object cache implementation supports it. * * Before calling this function, always check for group flushing support using the * `wp_cache_supports( 'flush_group' )` function. * * @since 6.1.0 * * @see WP_Object_Cache::flush_group() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string $group Name of group to remove from cache. * @return bool True if group was flushed, false otherwise. */ function wp_cache_flush_group( $group ) { global $wp_object_cache; return $wp_object_cache->flush_group( $group ); } /** * Determines whether the object cache implementation supports a particular feature. * * @since 6.1.0 * * @param string $feature Name of the feature to check for. Possible values include: * 'add_multiple', 'set_multiple', 'get_multiple', 'delete_multiple', * 'flush_runtime', 'flush_group'. * @return bool True if the feature is supported, false otherwise. */ function wp_cache_supports( $feature ) { switch ( $feature ) { case 'add_multiple': case 'set_multiple': case 'get_multiple': case 'delete_multiple': case 'flush_runtime': case 'flush_group': return true; default: return false; } } /** * Closes the cache. * * This function has ceased to do anything since WordPress 2.5. The * functionality was removed along with the rest of the persistent cache. * * This does not mean that plugins can't implement this function when they need * to make sure that the cache is cleaned up after WordPress no longer needs it. * * @since 2.0.0 * * @return true Always returns true. */ function wp_cache_close() { return true; } /** * Adds a group or set of groups to the list of global groups. * * @since 2.6.0 * * @see WP_Object_Cache::add_global_groups() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_global_groups( $groups ) { global $wp_object_cache; $wp_object_cache->add_global_groups( $groups ); } /** * Adds a group or set of groups to the list of non-persistent groups. * * @since 2.6.0 * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_non_persistent_groups( $groups ) { // Default cache doesn't persist so nothing to do here. } /** * Switches the internal blog ID. * * This changes the blog id used to create keys in blog specific groups. * * @since 3.5.0 * * @see WP_Object_Cache::switch_to_blog() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int $blog_id Site ID. */ function wp_cache_switch_to_blog( $blog_id ) { global $wp_object_cache; $wp_object_cache->switch_to_blog( $blog_id ); } /** * Resets internal cache keys and structures. * * If the cache back end uses global blog or site IDs as part of its cache keys, * this function instructs the back end to reset those keys and perform any cleanup * since blog or site IDs have changed since cache init. * * This function is deprecated. Use wp_cache_switch_to_blog() instead of this * function when preparing the cache for a blog switch. For clearing the cache * during unit tests, consider using wp_cache_init(). wp_cache_init() is not * recommended outside of unit tests as the performance penalty for using it is high. * * @since 3.0.0 * @deprecated 3.5.0 Use wp_cache_switch_to_blog() * @see WP_Object_Cache::reset() * * @global WP_Object_Cache $wp_object_cache Object cache global instance. */ function wp_cache_reset() { _deprecated_function( __FUNCTION__, '3.5.0', 'wp_cache_switch_to_blog()' ); global $wp_object_cache; $wp_object_cache->reset(); } HTTP/https-migration-20260605144206-20260606052925.php 0000666 00000011205 15226703613 0014152 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606022251-20260606052954.php 0000666 00000011205 15226703613 0014150 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605201901.php 0000666 00000013341 15226703613 0012544 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605172131-20260607140017.php 0000666 00000013341 15226703613 0014127 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606153048-20260608070418.php 0000666 00000011205 15226703613 0014156 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605234755-20260610120457.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Psr18Client-20260605041947.php 0000666 00000010537 15226703613 0011522 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use Psr\Http\Client\ClientExceptionInterface; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use Psr\Http\Message\UriFactoryInterface; use Throwable; /** * HTTP Client based on PSR-18 and PSR-17 implementations * * @internal */ final class Psr18Client implements Client { /** * @var ClientInterface */ private $httpClient; /** * @var RequestFactoryInterface */ private $requestFactory; /** * @var UriFactoryInterface */ private $uriFactory; /** * @var int */ private $allowedRedirects = 5; public function __construct(ClientInterface $httpClient, RequestFactoryInterface $requestFactory, UriFactoryInterface $uriFactory) { $this->httpClient = $httpClient; $this->requestFactory = $requestFactory; $this->uriFactory = $uriFactory; } public function getHttpClient(): ClientInterface { return $this->httpClient; } public function getRequestFactory(): RequestFactoryInterface { return $this->requestFactory; } public function getUriFactory(): UriFactoryInterface { return $this->uriFactory; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param string $url * @param array<string,string|string[]> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } if (preg_match('/^http(s)?:\/\//i', $url)) { return $this->requestUrl($method, $url, $headers); } return $this->requestLocalFile($url); } /** * @param array<string,string|string[]> $headers */ private function requestUrl(string $method, string $url, array $headers): Response { $permanentUrl = $url; $requestedUrl = $url; $remainingRedirects = $this->allowedRedirects; $request = $this->requestFactory->createRequest( $method, $this->uriFactory->createUri($requestedUrl) ); foreach ($headers as $name => $value) { $request = $request->withHeader($name, $value); } do { $followRedirect = false; try { $response = $this->httpClient->sendRequest($request); } catch (ClientExceptionInterface $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } $statusCode = $response->getStatusCode(); // If we have a redirect if (in_array($statusCode, [300, 301, 302, 303, 307]) && $response->hasHeader('Location')) { // Prevent infinity redirect loops if ($remainingRedirects <= 0) { break; } $remainingRedirects--; $followRedirect = true; $requestedUrl = $response->getHeaderLine('Location'); if ($statusCode === 301) { $permanentUrl = $requestedUrl; } $request = $request->withUri($this->uriFactory->createUri($requestedUrl)); } } while ($followRedirect); return new Psr7Response($response, $permanentUrl, $requestedUrl); } private function requestLocalFile(string $path): Response { if (!is_readable($path)) { throw new ClientException(sprintf('file "%s" is not readable', $path)); } try { $raw = file_get_contents($path); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($raw === false) { throw new ClientException('file_get_contents() could not read the file', 1); } return new RawTextResponse($raw, $path); } } HTTP/class-wp-http-proxy-20260605072729.php 0000666 00000013534 15226703613 0013335 0 ustar 00 <?php /** * HTTP API: WP_HTTP_Proxy class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement HTTP API proxy support. * * There are caveats to proxy support. It requires that defines be made in the wp-config.php file to * enable proxy support. There are also a few filters that plugins can hook into for some of the * constants. * * Please note that only BASIC authentication is supported by most transports. * cURL MAY support more methods (such as NTLM authentication) depending on your environment. * * The constants are as follows: * <ol> * <li>WP_PROXY_HOST - Enable proxy support and host for connecting.</li> * <li>WP_PROXY_PORT - Proxy port for connection. No default, must be defined.</li> * <li>WP_PROXY_USERNAME - Proxy username, if it requires authentication.</li> * <li>WP_PROXY_PASSWORD - Proxy password, if it requires authentication.</li> * <li>WP_PROXY_BYPASS_HOSTS - Will prevent the hosts in this list from going through the proxy. * You do not need to have localhost and the site host in this list, because they will not be passed * through the proxy. The list should be presented in a comma separated list, wildcards using * are supported. Example: *.wordpress.org</li> * </ol> * * An example can be as seen below. * * define('WP_PROXY_HOST', '192.168.84.101'); * define('WP_PROXY_PORT', '8080'); * define('WP_PROXY_BYPASS_HOSTS', 'localhost, www.example.com, *.wordpress.org'); * * @link https://core.trac.wordpress.org/ticket/4011 Proxy support ticket in WordPress. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_PROXY_BYPASS_HOSTS * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_HTTP_Proxy { /** * Whether proxy connection should be used. * * Constants which control this behavior: * * - `WP_PROXY_HOST` * - `WP_PROXY_PORT` * * @since 2.8.0 * * @return bool */ public function is_enabled() { return defined( 'WP_PROXY_HOST' ) && defined( 'WP_PROXY_PORT' ); } /** * Whether authentication should be used. * * Constants which control this behavior: * * - `WP_PROXY_USERNAME` * - `WP_PROXY_PASSWORD` * * @since 2.8.0 * * @return bool */ public function use_authentication() { return defined( 'WP_PROXY_USERNAME' ) && defined( 'WP_PROXY_PASSWORD' ); } /** * Retrieve the host for the proxy server. * * @since 2.8.0 * * @return string */ public function host() { if ( defined( 'WP_PROXY_HOST' ) ) { return WP_PROXY_HOST; } return ''; } /** * Retrieve the port for the proxy server. * * @since 2.8.0 * * @return string */ public function port() { if ( defined( 'WP_PROXY_PORT' ) ) { return WP_PROXY_PORT; } return ''; } /** * Retrieve the username for proxy authentication. * * @since 2.8.0 * * @return string */ public function username() { if ( defined( 'WP_PROXY_USERNAME' ) ) { return WP_PROXY_USERNAME; } return ''; } /** * Retrieve the password for proxy authentication. * * @since 2.8.0 * * @return string */ public function password() { if ( defined( 'WP_PROXY_PASSWORD' ) ) { return WP_PROXY_PASSWORD; } return ''; } /** * Retrieve authentication string for proxy authentication. * * @since 2.8.0 * * @return string */ public function authentication() { return $this->username() . ':' . $this->password(); } /** * Retrieve header string for proxy authentication. * * @since 2.8.0 * * @return string */ public function authentication_header() { return 'Proxy-Authorization: Basic ' . base64_encode( $this->authentication() ); } /** * Determines whether the request should be sent through a proxy. * * We want to keep localhost and the site URL from being sent through the proxy, because * some proxies can not handle this. We also have the constant available for defining other * hosts that won't be sent through the proxy. * * @since 2.8.0 * * @param string $uri URL of the request. * @return bool Whether to send the request through the proxy. */ public function send_through_proxy( $uri ) { $check = parse_url( $uri ); // Malformed URL, can not process, but this could mean ssl, so let through anyway. if ( false === $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); /** * Filters whether to preempt sending the request through the proxy. * * Returning false will bypass the proxy; returning true will send * the request through the proxy. Returning null bypasses the filter. * * @since 3.5.0 * * @param bool|null $override Whether to send the request through the proxy. Default null. * @param string $uri URL of the request. * @param array $check Associative array result of parsing the request URL with `parse_url()`. * @param array $home Associative array result of parsing the site URL with `parse_url()`. */ $result = apply_filters( 'pre_http_send_through_proxy', null, $uri, $check, $home ); if ( ! is_null( $result ) ) { return $result; } if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { return false; } if ( ! defined( 'WP_PROXY_BYPASS_HOSTS' ) ) { return true; } static $bypass_hosts = null; static $wildcard_regex = array(); if ( null === $bypass_hosts ) { $bypass_hosts = preg_split( '|,\s*|', WP_PROXY_BYPASS_HOSTS ); if ( str_contains( WP_PROXY_BYPASS_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $bypass_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $bypass_hosts, true ); } } } HTTP/class-wp-customize-widgets-20260605053434.php 0000666 00000215637 15226703613 0014665 0 ustar 00 <?php /** * WordPress Customize Widgets classes * * @package WordPress * @subpackage Customize * @since 3.9.0 */ /** * Customize Widgets class. * * Implements widget management in the Customizer. * * @since 3.9.0 * * @see WP_Customize_Manager */ #[AllowDynamicProperties] final class WP_Customize_Widgets { /** * WP_Customize_Manager instance. * * @since 3.9.0 * @var WP_Customize_Manager */ public $manager; /** * All id_bases for widgets defined in core. * * @since 3.9.0 * @var array */ protected $core_widget_id_bases = array( 'archives', 'calendar', 'categories', 'custom_html', 'links', 'media_audio', 'media_image', 'media_video', 'meta', 'nav_menu', 'pages', 'recent-comments', 'recent-posts', 'rss', 'search', 'tag_cloud', 'text', ); /** * @since 3.9.0 * @var array */ protected $rendered_sidebars = array(); /** * @since 3.9.0 * @var array */ protected $rendered_widgets = array(); /** * @since 3.9.0 * @var array */ protected $old_sidebars_widgets = array(); /** * Mapping of widget ID base to whether it supports selective refresh. * * @since 4.5.0 * @var array */ protected $selective_refreshable_widgets; /** * Mapping of setting type to setting ID pattern. * * @since 4.2.0 * @var array */ protected $setting_id_patterns = array( 'widget_instance' => '/^widget_(?P<id_base>.+?)(?:\[(?P<widget_number>\d+)\])?$/', 'sidebar_widgets' => '/^sidebars_widgets\[(?P<sidebar_id>.+?)\]$/', ); /** * Initial loader. * * @since 3.9.0 * * @param WP_Customize_Manager $manager Customizer bootstrap instance. */ public function __construct( $manager ) { $this->manager = $manager; // See https://github.com/xwp/wp-customize-snapshots/blob/962586659688a5b1fd9ae93618b7ce2d4e7a421c/php/class-customize-snapshot-manager.php#L420-L449 add_filter( 'customize_dynamic_setting_args', array( $this, 'filter_customize_dynamic_setting_args' ), 10, 2 ); add_action( 'widgets_init', array( $this, 'register_settings' ), 95 ); add_action( 'customize_register', array( $this, 'schedule_customize_register' ), 1 ); // Skip remaining hooks when the user can't manage widgets anyway. if ( ! current_user_can( 'edit_theme_options' ) ) { return; } add_action( 'wp_loaded', array( $this, 'override_sidebars_widgets_for_theme_switch' ) ); add_action( 'customize_controls_init', array( $this, 'customize_controls_init' ) ); add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_scripts' ) ); add_action( 'customize_controls_print_styles', array( $this, 'print_styles' ) ); add_action( 'customize_controls_print_scripts', array( $this, 'print_scripts' ) ); add_action( 'customize_controls_print_footer_scripts', array( $this, 'print_footer_scripts' ) ); add_action( 'customize_controls_print_footer_scripts', array( $this, 'output_widget_control_templates' ) ); add_action( 'customize_preview_init', array( $this, 'customize_preview_init' ) ); add_filter( 'customize_refresh_nonces', array( $this, 'refresh_nonces' ) ); add_filter( 'should_load_block_editor_scripts_and_styles', array( $this, 'should_load_block_editor_scripts_and_styles' ) ); add_action( 'dynamic_sidebar', array( $this, 'tally_rendered_widgets' ) ); add_filter( 'is_active_sidebar', array( $this, 'tally_sidebars_via_is_active_sidebar_calls' ), 10, 2 ); add_filter( 'dynamic_sidebar_has_widgets', array( $this, 'tally_sidebars_via_dynamic_sidebar_calls' ), 10, 2 ); // Selective Refresh. add_filter( 'customize_dynamic_partial_args', array( $this, 'customize_dynamic_partial_args' ), 10, 2 ); add_action( 'customize_preview_init', array( $this, 'selective_refresh_init' ) ); } /** * List whether each registered widget can be use selective refresh. * * If the theme does not support the customize-selective-refresh-widgets feature, * then this will always return an empty array. * * @since 4.5.0 * * @global WP_Widget_Factory $wp_widget_factory * * @return array Mapping of id_base to support. If theme doesn't support * selective refresh, an empty array is returned. */ public function get_selective_refreshable_widgets() { global $wp_widget_factory; if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return array(); } if ( ! isset( $this->selective_refreshable_widgets ) ) { $this->selective_refreshable_widgets = array(); foreach ( $wp_widget_factory->widgets as $wp_widget ) { $this->selective_refreshable_widgets[ $wp_widget->id_base ] = ! empty( $wp_widget->widget_options['customize_selective_refresh'] ); } } return $this->selective_refreshable_widgets; } /** * Determines if a widget supports selective refresh. * * @since 4.5.0 * * @param string $id_base Widget ID Base. * @return bool Whether the widget can be selective refreshed. */ public function is_widget_selective_refreshable( $id_base ) { $selective_refreshable_widgets = $this->get_selective_refreshable_widgets(); return ! empty( $selective_refreshable_widgets[ $id_base ] ); } /** * Retrieves the widget setting type given a setting ID. * * @since 4.2.0 * * @param string $setting_id Setting ID. * @return string|void Setting type. */ protected function get_setting_type( $setting_id ) { static $cache = array(); if ( isset( $cache[ $setting_id ] ) ) { return $cache[ $setting_id ]; } foreach ( $this->setting_id_patterns as $type => $pattern ) { if ( preg_match( $pattern, $setting_id ) ) { $cache[ $setting_id ] = $type; return $type; } } } /** * Inspects the incoming customized data for any widget settings, and dynamically adds * them up-front so widgets will be initialized properly. * * @since 4.2.0 */ public function register_settings() { $widget_setting_ids = array(); $incoming_setting_ids = array_keys( $this->manager->unsanitized_post_values() ); foreach ( $incoming_setting_ids as $setting_id ) { if ( ! is_null( $this->get_setting_type( $setting_id ) ) ) { $widget_setting_ids[] = $setting_id; } } if ( $this->manager->doing_ajax( 'update-widget' ) && isset( $_REQUEST['widget-id'] ) ) { $widget_setting_ids[] = $this->get_setting_id( wp_unslash( $_REQUEST['widget-id'] ) ); } $settings = $this->manager->add_dynamic_settings( array_unique( $widget_setting_ids ) ); if ( $this->manager->settings_previewed() ) { foreach ( $settings as $setting ) { $setting->preview(); } } } /** * Determines the arguments for a dynamically-created setting. * * @since 4.2.0 * * @param false|array $args The arguments to the WP_Customize_Setting constructor. * @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`. * @return array|false Setting arguments, false otherwise. */ public function filter_customize_dynamic_setting_args( $args, $setting_id ) { if ( $this->get_setting_type( $setting_id ) ) { $args = $this->get_setting_args( $setting_id ); } return $args; } /** * Retrieves an unslashed post value or return a default. * * @since 3.9.0 * * @param string $name Post value. * @param mixed $default_value Default post value. * @return mixed Unslashed post value or default value. */ protected function get_post_value( $name, $default_value = null ) { if ( ! isset( $_POST[ $name ] ) ) { return $default_value; } return wp_unslash( $_POST[ $name ] ); } /** * Override sidebars_widgets for theme switch. * * When switching a theme via the Customizer, supply any previously-configured * sidebars_widgets from the target theme as the initial sidebars_widgets * setting. Also store the old theme's existing settings so that they can * be passed along for storing in the sidebars_widgets theme_mod when the * theme gets switched. * * @since 3.9.0 * * @global array $sidebars_widgets * @global array $_wp_sidebars_widgets */ public function override_sidebars_widgets_for_theme_switch() { global $sidebars_widgets; if ( $this->manager->doing_ajax() || $this->manager->is_theme_active() ) { return; } $this->old_sidebars_widgets = wp_get_sidebars_widgets(); add_filter( 'customize_value_old_sidebars_widgets_data', array( $this, 'filter_customize_value_old_sidebars_widgets_data' ) ); $this->manager->set_post_value( 'old_sidebars_widgets_data', $this->old_sidebars_widgets ); // Override any value cached in changeset. // retrieve_widgets() looks at the global $sidebars_widgets. $sidebars_widgets = $this->old_sidebars_widgets; $sidebars_widgets = retrieve_widgets( 'customize' ); add_filter( 'option_sidebars_widgets', array( $this, 'filter_option_sidebars_widgets_for_theme_switch' ), 1 ); // Reset global cache var used by wp_get_sidebars_widgets(). unset( $GLOBALS['_wp_sidebars_widgets'] ); } /** * Filters old_sidebars_widgets_data Customizer setting. * * When switching themes, filter the Customizer setting old_sidebars_widgets_data * to supply initial $sidebars_widgets before they were overridden by retrieve_widgets(). * The value for old_sidebars_widgets_data gets set in the old theme's sidebars_widgets * theme_mod. * * @since 3.9.0 * * @see WP_Customize_Widgets::handle_theme_switch() * * @param array $old_sidebars_widgets * @return array */ public function filter_customize_value_old_sidebars_widgets_data( $old_sidebars_widgets ) { return $this->old_sidebars_widgets; } /** * Filters sidebars_widgets option for theme switch. * * When switching themes, the retrieve_widgets() function is run when the Customizer initializes, * and then the new sidebars_widgets here get supplied as the default value for the sidebars_widgets * option. * * @since 3.9.0 * * @see WP_Customize_Widgets::handle_theme_switch() * @global array $sidebars_widgets * * @param array $sidebars_widgets * @return array */ public function filter_option_sidebars_widgets_for_theme_switch( $sidebars_widgets ) { $sidebars_widgets = $GLOBALS['sidebars_widgets']; $sidebars_widgets['array_version'] = 3; return $sidebars_widgets; } /** * Ensures all widgets get loaded into the Customizer. * * Note: these actions are also fired in wp_ajax_update_widget(). * * @since 3.9.0 */ public function customize_controls_init() { /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/widgets.php */ do_action( 'sidebar_admin_setup' ); } /** * Ensures widgets are available for all types of previews. * * When in preview, hook to {@see 'customize_register'} for settings after WordPress is loaded * so that all filters have been initialized (e.g. Widget Visibility). * * @since 3.9.0 */ public function schedule_customize_register() { if ( is_admin() ) { $this->customize_register(); } else { add_action( 'wp', array( $this, 'customize_register' ) ); } } /** * Registers Customizer settings and controls for all sidebars and widgets. * * @since 3.9.0 * * @global array $wp_registered_widgets * @global array $wp_registered_widget_controls * @global array $wp_registered_sidebars */ public function customize_register() { global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_sidebars; $use_widgets_block_editor = wp_use_widgets_block_editor(); add_filter( 'sidebars_widgets', array( $this, 'preview_sidebars_widgets' ), 1 ); $sidebars_widgets = array_merge( array( 'wp_inactive_widgets' => array() ), array_fill_keys( array_keys( $wp_registered_sidebars ), array() ), wp_get_sidebars_widgets() ); $new_setting_ids = array(); /* * Register a setting for all widgets, including those which are active, * inactive, and orphaned since a widget may get suppressed from a sidebar * via a plugin (like Widget Visibility). */ foreach ( array_keys( $wp_registered_widgets ) as $widget_id ) { $setting_id = $this->get_setting_id( $widget_id ); $setting_args = $this->get_setting_args( $setting_id ); if ( ! $this->manager->get_setting( $setting_id ) ) { $this->manager->add_setting( $setting_id, $setting_args ); } $new_setting_ids[] = $setting_id; } /* * Add a setting which will be supplied for the theme's sidebars_widgets * theme_mod when the theme is switched. */ if ( ! $this->manager->is_theme_active() ) { $setting_id = 'old_sidebars_widgets_data'; $setting_args = $this->get_setting_args( $setting_id, array( 'type' => 'global_variable', 'dirty' => true, ) ); $this->manager->add_setting( $setting_id, $setting_args ); } $this->manager->add_panel( 'widgets', array( 'type' => 'widgets', 'title' => __( 'Widgets' ), 'description' => __( 'Widgets are independent sections of content that can be placed into widgetized areas provided by your theme (commonly called sidebars).' ), 'priority' => 110, 'active_callback' => array( $this, 'is_panel_active' ), 'auto_expand_sole_section' => true, 'theme_supports' => 'widgets', ) ); foreach ( $sidebars_widgets as $sidebar_id => $sidebar_widget_ids ) { if ( empty( $sidebar_widget_ids ) ) { $sidebar_widget_ids = array(); } $is_registered_sidebar = is_registered_sidebar( $sidebar_id ); $is_inactive_widgets = ( 'wp_inactive_widgets' === $sidebar_id ); $is_active_sidebar = ( $is_registered_sidebar && ! $is_inactive_widgets ); // Add setting for managing the sidebar's widgets. if ( $is_registered_sidebar || $is_inactive_widgets ) { $setting_id = sprintf( 'sidebars_widgets[%s]', $sidebar_id ); $setting_args = $this->get_setting_args( $setting_id ); if ( ! $this->manager->get_setting( $setting_id ) ) { if ( ! $this->manager->is_theme_active() ) { $setting_args['dirty'] = true; } $this->manager->add_setting( $setting_id, $setting_args ); } $new_setting_ids[] = $setting_id; // Add section to contain controls. $section_id = sprintf( 'sidebar-widgets-%s', $sidebar_id ); if ( $is_active_sidebar ) { $section_args = array( 'title' => $wp_registered_sidebars[ $sidebar_id ]['name'], 'priority' => array_search( $sidebar_id, array_keys( $wp_registered_sidebars ), true ), 'panel' => 'widgets', 'sidebar_id' => $sidebar_id, ); if ( $use_widgets_block_editor ) { $section_args['description'] = ''; } else { $section_args['description'] = $wp_registered_sidebars[ $sidebar_id ]['description']; } /** * Filters Customizer widget section arguments for a given sidebar. * * @since 3.9.0 * * @param array $section_args Array of Customizer widget section arguments. * @param string $section_id Customizer section ID. * @param int|string $sidebar_id Sidebar ID. */ $section_args = apply_filters( 'customizer_widgets_section_args', $section_args, $section_id, $sidebar_id ); $section = new WP_Customize_Sidebar_Section( $this->manager, $section_id, $section_args ); $this->manager->add_section( $section ); if ( $use_widgets_block_editor ) { $control = new WP_Sidebar_Block_Editor_Control( $this->manager, $setting_id, array( 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'label' => $section_args['title'], 'description' => $section_args['description'], ) ); } else { $control = new WP_Widget_Area_Customize_Control( $this->manager, $setting_id, array( 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'priority' => count( $sidebar_widget_ids ), // place 'Add Widget' and 'Reorder' buttons at end. ) ); } $this->manager->add_control( $control ); $new_setting_ids[] = $setting_id; } } if ( ! $use_widgets_block_editor ) { // Add a control for each active widget (located in a sidebar). foreach ( $sidebar_widget_ids as $i => $widget_id ) { // Skip widgets that may have gone away due to a plugin being deactivated. if ( ! $is_active_sidebar || ! isset( $wp_registered_widgets[ $widget_id ] ) ) { continue; } $registered_widget = $wp_registered_widgets[ $widget_id ]; $setting_id = $this->get_setting_id( $widget_id ); $id_base = $wp_registered_widget_controls[ $widget_id ]['id_base']; $control = new WP_Widget_Form_Customize_Control( $this->manager, $setting_id, array( 'label' => $registered_widget['name'], 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'widget_id' => $widget_id, 'widget_id_base' => $id_base, 'priority' => $i, 'width' => $wp_registered_widget_controls[ $widget_id ]['width'], 'height' => $wp_registered_widget_controls[ $widget_id ]['height'], 'is_wide' => $this->is_wide_widget( $widget_id ), ) ); $this->manager->add_control( $control ); } } } if ( $this->manager->settings_previewed() ) { foreach ( $new_setting_ids as $new_setting_id ) { $this->manager->get_setting( $new_setting_id )->preview(); } } } /** * Determines whether the widgets panel is active, based on whether there are sidebars registered. * * @since 4.4.0 * * @see WP_Customize_Panel::$active_callback * * @global array $wp_registered_sidebars * * @return bool Active. */ public function is_panel_active() { global $wp_registered_sidebars; return ! empty( $wp_registered_sidebars ); } /** * Converts a widget_id into its corresponding Customizer setting ID (option name). * * @since 3.9.0 * * @param string $widget_id Widget ID. * @return string Maybe-parsed widget ID. */ public function get_setting_id( $widget_id ) { $parsed_widget_id = $this->parse_widget_id( $widget_id ); $setting_id = sprintf( 'widget_%s', $parsed_widget_id['id_base'] ); if ( ! is_null( $parsed_widget_id['number'] ) ) { $setting_id .= sprintf( '[%d]', $parsed_widget_id['number'] ); } return $setting_id; } /** * Determines whether the widget is considered "wide". * * Core widgets which may have controls wider than 250, but can still be shown * in the narrow Customizer panel. The RSS and Text widgets in Core, for example, * have widths of 400 and yet they still render fine in the Customizer panel. * * This method will return all Core widgets as being not wide, but this can be * overridden with the {@see 'is_wide_widget_in_customizer'} filter. * * @since 3.9.0 * * @global array $wp_registered_widget_controls * * @param string $widget_id Widget ID. * @return bool Whether or not the widget is a "wide" widget. */ public function is_wide_widget( $widget_id ) { global $wp_registered_widget_controls; $parsed_widget_id = $this->parse_widget_id( $widget_id ); $width = $wp_registered_widget_controls[ $widget_id ]['width']; $is_core = in_array( $parsed_widget_id['id_base'], $this->core_widget_id_bases, true ); $is_wide = ( $width > 250 && ! $is_core ); /** * Filters whether the given widget is considered "wide". * * @since 3.9.0 * * @param bool $is_wide Whether the widget is wide, Default false. * @param string $widget_id Widget ID. */ return apply_filters( 'is_wide_widget_in_customizer', $is_wide, $widget_id ); } /** * Converts a widget ID into its id_base and number components. * * @since 3.9.0 * * @param string $widget_id Widget ID. * @return array Array containing a widget's id_base and number components. */ public function parse_widget_id( $widget_id ) { $parsed = array( 'number' => null, 'id_base' => null, ); if ( preg_match( '/^(.+)-(\d+)$/', $widget_id, $matches ) ) { $parsed['id_base'] = $matches[1]; $parsed['number'] = (int) $matches[2]; } else { // Likely an old single widget. $parsed['id_base'] = $widget_id; } return $parsed; } /** * Converts a widget setting ID (option path) to its id_base and number components. * * @since 3.9.0 * * @param string $setting_id Widget setting ID. * @return array|WP_Error Array containing a widget's id_base and number components, * or a WP_Error object. */ public function parse_widget_setting_id( $setting_id ) { if ( ! preg_match( '/^(widget_(.+?))(?:\[(\d+)\])?$/', $setting_id, $matches ) ) { return new WP_Error( 'widget_setting_invalid_id' ); } $id_base = $matches[2]; $number = isset( $matches[3] ) ? (int) $matches[3] : null; return compact( 'id_base', 'number' ); } /** * Calls admin_print_styles-widgets.php and admin_print_styles hooks to * allow custom styles from plugins. * * @since 3.9.0 */ public function print_styles() { /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_styles-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_styles' ); } /** * Calls admin_print_scripts-widgets.php and admin_print_scripts hooks to * allow custom scripts from plugins. * * @since 3.9.0 */ public function print_scripts() { /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_scripts' ); } /** * Enqueues scripts and styles for Customizer panel and export data to JavaScript. * * @since 3.9.0 * * @global WP_Scripts $wp_scripts * @global array $wp_registered_sidebars * @global array $wp_registered_widgets */ public function enqueue_scripts() { global $wp_scripts, $wp_registered_sidebars, $wp_registered_widgets; wp_enqueue_style( 'customize-widgets' ); wp_enqueue_script( 'customize-widgets' ); /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_enqueue_scripts', 'widgets.php' ); /* * Export available widgets with control_tpl removed from model * since plugins need templates to be in the DOM. */ $available_widgets = array(); foreach ( $this->get_available_widgets() as $available_widget ) { unset( $available_widget['control_tpl'] ); $available_widgets[] = $available_widget; } $widget_reorder_nav_tpl = sprintf( '<div class="widget-reorder-nav"><span class="move-widget" tabindex="0">%1$s</span><span class="move-widget-down" tabindex="0">%2$s</span><span class="move-widget-up" tabindex="0">%3$s</span></div>', __( 'Move to another area…' ), __( 'Move down' ), __( 'Move up' ) ); $move_widget_area_tpl = str_replace( array( '{description}', '{btn}' ), array( __( 'Select an area to move this widget into:' ), _x( 'Move', 'Move widget' ), ), '<div class="move-widget-area"> <p class="description">{description}</p> <ul class="widget-area-select"> <% _.each( sidebars, function ( sidebar ){ %> <li class="" data-id="<%- sidebar.id %>" tabindex="0"> <div><strong><%- sidebar.name %></strong></div> <div><%- sidebar.description %></div> </li> <% }); %> </ul> <div class="move-widget-actions"> <button class="move-widget-btn button" type="button">{btn}</button> </div> </div>' ); /* * Gather all strings in PHP that may be needed by JS on the client. * Once JS i18n is implemented (in #20491), this can be removed. */ $some_non_rendered_areas_messages = array(); $some_non_rendered_areas_messages[1] = html_entity_decode( __( 'Your theme has 1 other widget area, but this particular page does not display it.' ), ENT_QUOTES, get_bloginfo( 'charset' ) ); $registered_sidebar_count = count( $wp_registered_sidebars ); for ( $non_rendered_count = 2; $non_rendered_count < $registered_sidebar_count; $non_rendered_count++ ) { $some_non_rendered_areas_messages[ $non_rendered_count ] = html_entity_decode( sprintf( /* translators: %s: The number of other widget areas registered but not rendered. */ _n( 'Your theme has %s other widget area, but this particular page does not display it.', 'Your theme has %s other widget areas, but this particular page does not display them.', $non_rendered_count ), number_format_i18n( $non_rendered_count ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( 1 === $registered_sidebar_count ) { $no_areas_shown_message = html_entity_decode( sprintf( __( 'Your theme has 1 widget area, but this particular page does not display it.' ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } else { $no_areas_shown_message = html_entity_decode( sprintf( /* translators: %s: The total number of widget areas registered. */ _n( 'Your theme has %s widget area, but this particular page does not display it.', 'Your theme has %s widget areas, but this particular page does not display them.', $registered_sidebar_count ), number_format_i18n( $registered_sidebar_count ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } $settings = array( 'registeredSidebars' => array_values( $wp_registered_sidebars ), 'registeredWidgets' => $wp_registered_widgets, 'availableWidgets' => $available_widgets, // @todo Merge this with registered_widgets. 'l10n' => array( 'saveBtnLabel' => __( 'Apply' ), 'saveBtnTooltip' => __( 'Save and preview changes before publishing them.' ), 'removeBtnLabel' => __( 'Remove' ), 'removeBtnTooltip' => __( 'Keep widget settings and move it to the inactive widgets' ), 'error' => __( 'An error has occurred. Please reload the page and try again.' ), 'widgetMovedUp' => __( 'Widget moved up' ), 'widgetMovedDown' => __( 'Widget moved down' ), 'navigatePreview' => __( 'You can navigate to other pages on your site while using the Customizer to view and edit the widgets displayed on those pages.' ), 'someAreasShown' => $some_non_rendered_areas_messages, 'noAreasShown' => $no_areas_shown_message, 'reorderModeOn' => __( 'Reorder mode enabled' ), 'reorderModeOff' => __( 'Reorder mode closed' ), 'reorderLabelOn' => esc_attr__( 'Reorder widgets' ), /* translators: %d: The number of widgets found. */ 'widgetsFound' => __( 'Number of widgets found: %d' ), 'noWidgetsFound' => __( 'No widgets found.' ), ), 'tpl' => array( 'widgetReorderNav' => $widget_reorder_nav_tpl, 'moveWidgetArea' => $move_widget_area_tpl, ), 'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(), ); foreach ( $settings['registeredWidgets'] as &$registered_widget ) { unset( $registered_widget['callback'] ); // May not be JSON-serializable. } $wp_scripts->add_data( 'customize-widgets', 'data', sprintf( 'var _wpCustomizeWidgetsSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); /* * TODO: Update 'wp-customize-widgets' to not rely so much on things in * 'customize-widgets'. This will let us skip most of the above and not * enqueue 'customize-widgets' which saves bytes. */ if ( wp_use_widgets_block_editor() ) { $block_editor_context = new WP_Block_Editor_Context( array( 'name' => 'core/customize-widgets', ) ); $editor_settings = get_block_editor_settings( get_legacy_widget_block_editor_settings(), $block_editor_context ); wp_add_inline_script( 'wp-customize-widgets', sprintf( 'wp.domReady( function() { wp.customizeWidgets.initialize( "widgets-customizer", %s ); } );', wp_json_encode( $editor_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); // Preload server-registered block schemas. wp_add_inline_script( 'wp-blocks', 'wp.blocks.unstable__bootstrapServerSideBlockDefinitions(' . wp_json_encode( get_block_editor_server_block_settings(), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ');' ); // Preload server-registered block bindings sources. $registered_sources = get_all_registered_block_bindings_sources(); if ( ! empty( $registered_sources ) ) { $filtered_sources = array(); foreach ( $registered_sources as $source ) { $filtered_sources[] = array( 'name' => $source->name, 'label' => $source->label, 'usesContext' => $source->uses_context, ); } $script = sprintf( 'for ( const source of %s ) { wp.blocks.registerBlockBindingsSource( source ); }', wp_json_encode( $filtered_sources, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); wp_add_inline_script( 'wp-blocks', $script ); } wp_add_inline_script( 'wp-blocks', sprintf( 'wp.blocks.setCategories( %s );', wp_json_encode( get_block_categories( $block_editor_context ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); wp_enqueue_script( 'wp-customize-widgets' ); wp_enqueue_style( 'wp-customize-widgets' ); /** This action is documented in edit-form-blocks.php */ do_action( 'enqueue_block_editor_assets' ); } } /** * Renders the widget form control templates into the DOM. * * @since 3.9.0 */ public function output_widget_control_templates() { ?> <div id="widgets-left"><!-- compatibility with JS which looks for widget templates here --> <div id="available-widgets"> <div class="customize-section-title"> <button class="customize-section-back" tabindex="-1"> <span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Back' ); ?> </span> </button> <h3> <span class="customize-action"> <?php $panel = $this->manager->get_panel( 'widgets' ); $panel_title = isset( $panel->title ) ? $panel->title : __( 'Widgets' ); /* translators: ▸ is the unicode right-pointing triangle. %s: Section title in the Customizer. */ printf( __( 'Customizing ▸ %s' ), esc_html( $panel_title ) ); ?> </span> <?php _e( 'Add a Widget' ); ?> </h3> </div> <div id="available-widgets-filter"> <label for="widgets-search"> <?php /* translators: Hidden accessibility text. */ _e( 'Search Widgets' ); ?> </label> <input type="text" id="widgets-search" aria-describedby="widgets-search-desc" /> <div class="search-icon" aria-hidden="true"></div> <button type="button" class="clear-results"><span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Clear Results' ); ?> </span></button> <p class="screen-reader-text" id="widgets-search-desc"> <?php /* translators: Hidden accessibility text. */ _e( 'The search results will be updated as you type.' ); ?> </p> </div> <div id="available-widgets-list"> <?php foreach ( $this->get_available_widgets() as $available_widget ) : ?> <div id="widget-tpl-<?php echo esc_attr( $available_widget['id'] ); ?>" data-widget-id="<?php echo esc_attr( $available_widget['id'] ); ?>" class="widget-tpl <?php echo esc_attr( $available_widget['id'] ); ?>" tabindex="0"> <?php echo $available_widget['control_tpl']; ?> </div> <?php endforeach; ?> <p class="no-widgets-found-message"><?php _e( 'No widgets found.' ); ?></p> </div><!-- #available-widgets-list --> </div><!-- #available-widgets --> </div><!-- #widgets-left --> <?php } /** * Calls admin_print_footer_scripts and admin_print_scripts hooks to * allow custom scripts from plugins. * * @since 3.9.0 */ public function print_footer_scripts() { /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_print_footer_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_print_footer_scripts' ); /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_footer-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores } /** * Retrieves common arguments to supply when constructing a Customizer setting. * * @since 3.9.0 * * @param string $id Widget setting ID. * @param array $overrides Array of setting overrides. * @return array Possibly modified setting arguments. */ public function get_setting_args( $id, $overrides = array() ) { $args = array( 'type' => 'option', 'capability' => 'edit_theme_options', 'default' => array(), ); if ( preg_match( $this->setting_id_patterns['sidebar_widgets'], $id, $matches ) ) { $args['sanitize_callback'] = array( $this, 'sanitize_sidebar_widgets' ); $args['sanitize_js_callback'] = array( $this, 'sanitize_sidebar_widgets_js_instance' ); $args['transport'] = current_theme_supports( 'customize-selective-refresh-widgets' ) ? 'postMessage' : 'refresh'; } elseif ( preg_match( $this->setting_id_patterns['widget_instance'], $id, $matches ) ) { $id_base = $matches['id_base']; $args['sanitize_callback'] = function ( $value ) use ( $id_base ) { return $this->sanitize_widget_instance( $value, $id_base ); }; $args['sanitize_js_callback'] = function ( $value ) use ( $id_base ) { return $this->sanitize_widget_js_instance( $value, $id_base ); }; $args['transport'] = $this->is_widget_selective_refreshable( $matches['id_base'] ) ? 'postMessage' : 'refresh'; } $args = array_merge( $args, $overrides ); /** * Filters the common arguments supplied when constructing a Customizer setting. * * @since 3.9.0 * * @see WP_Customize_Setting * * @param array $args Array of Customizer setting arguments. * @param string $id Widget setting ID. */ return apply_filters( 'widget_customizer_setting_args', $args, $id ); } /** * Ensures sidebar widget arrays only ever contain widget IDS. * * Used as the 'sanitize_callback' for each $sidebars_widgets setting. * * @since 3.9.0 * * @param string[] $widget_ids Array of widget IDs. * @return string[] Array of sanitized widget IDs. */ public function sanitize_sidebar_widgets( $widget_ids ) { $widget_ids = array_map( 'strval', (array) $widget_ids ); $sanitized_widget_ids = array(); foreach ( $widget_ids as $widget_id ) { $sanitized_widget_ids[] = preg_replace( '/[^a-z0-9_\-]/', '', $widget_id ); } return $sanitized_widget_ids; } /** * Builds up an index of all available widgets for use in Backbone models. * * @since 3.9.0 * * @global array $wp_registered_widgets * @global array $wp_registered_widget_controls * * @see wp_list_widgets() * * @return array List of available widgets. */ public function get_available_widgets() { static $available_widgets = array(); if ( ! empty( $available_widgets ) ) { return $available_widgets; } global $wp_registered_widgets, $wp_registered_widget_controls; require_once ABSPATH . 'wp-admin/includes/widgets.php'; // For next_widget_id_number(). $sort = $wp_registered_widgets; usort( $sort, array( $this, '_sort_name_callback' ) ); $done = array(); foreach ( $sort as $widget ) { if ( in_array( $widget['callback'], $done, true ) ) { // We already showed this multi-widget. continue; } $sidebar = is_active_widget( $widget['callback'], $widget['id'], false, false ); $done[] = $widget['callback']; if ( ! isset( $widget['params'][0] ) ) { $widget['params'][0] = array(); } $available_widget = $widget; unset( $available_widget['callback'] ); // Not serializable to JSON. $args = array( 'widget_id' => $widget['id'], 'widget_name' => $widget['name'], '_display' => 'template', ); $is_disabled = false; $is_multi_widget = ( isset( $wp_registered_widget_controls[ $widget['id'] ]['id_base'] ) && isset( $widget['params'][0]['number'] ) ); if ( $is_multi_widget ) { $id_base = $wp_registered_widget_controls[ $widget['id'] ]['id_base']; $args['_temp_id'] = "$id_base-__i__"; $args['_multi_num'] = next_widget_id_number( $id_base ); $args['_add'] = 'multi'; } else { $args['_add'] = 'single'; if ( $sidebar && 'wp_inactive_widgets' !== $sidebar ) { $is_disabled = true; } $id_base = $widget['id']; } $list_widget_controls_args = wp_list_widget_controls_dynamic_sidebar( array( 0 => $args, 1 => $widget['params'][0], ) ); $control_tpl = $this->get_widget_control( $list_widget_controls_args ); // The properties here are mapped to the Backbone Widget model. $available_widget = array_merge( $available_widget, array( 'temp_id' => isset( $args['_temp_id'] ) ? $args['_temp_id'] : null, 'is_multi' => $is_multi_widget, 'control_tpl' => $control_tpl, 'multi_number' => ( 'multi' === $args['_add'] ) ? $args['_multi_num'] : false, 'is_disabled' => $is_disabled, 'id_base' => $id_base, 'transport' => $this->is_widget_selective_refreshable( $id_base ) ? 'postMessage' : 'refresh', 'width' => $wp_registered_widget_controls[ $widget['id'] ]['width'], 'height' => $wp_registered_widget_controls[ $widget['id'] ]['height'], 'is_wide' => $this->is_wide_widget( $widget['id'] ), ) ); $available_widgets[] = $available_widget; } return $available_widgets; } /** * Naturally orders available widgets by name. * * @since 3.9.0 * * @param array $widget_a The first widget to compare. * @param array $widget_b The second widget to compare. * @return int Reorder position for the current widget comparison. */ protected function _sort_name_callback( $widget_a, $widget_b ) { return strnatcasecmp( $widget_a['name'], $widget_b['name'] ); } /** * Retrieves the widget control markup. * * @since 3.9.0 * * @param array $args Widget control arguments. * @return string Widget control form HTML markup. */ public function get_widget_control( $args ) { $args[0]['before_form'] = '<div class="form">'; $args[0]['after_form'] = '</div><!-- .form -->'; $args[0]['before_widget_content'] = '<div class="widget-content">'; $args[0]['after_widget_content'] = '</div><!-- .widget-content -->'; ob_start(); wp_widget_control( ...$args ); $control_tpl = ob_get_clean(); return $control_tpl; } /** * Retrieves the widget control markup parts. * * @since 4.4.0 * * @param array $args Widget control arguments. * @return array { * @type string $control Markup for widget control wrapping form. * @type string $content The contents of the widget form itself. * } */ public function get_widget_control_parts( $args ) { $args[0]['before_widget_content'] = '<div class="widget-content">'; $args[0]['after_widget_content'] = '</div><!-- .widget-content -->'; $control_markup = $this->get_widget_control( $args ); $content_start_pos = strpos( $control_markup, $args[0]['before_widget_content'] ); $content_end_pos = strrpos( $control_markup, $args[0]['after_widget_content'] ); $control = substr( $control_markup, 0, $content_start_pos + strlen( $args[0]['before_widget_content'] ) ); $control .= substr( $control_markup, $content_end_pos ); $content = trim( substr( $control_markup, $content_start_pos + strlen( $args[0]['before_widget_content'] ), $content_end_pos - $content_start_pos - strlen( $args[0]['before_widget_content'] ) ) ); return compact( 'control', 'content' ); } /** * Adds hooks for the Customizer preview. * * @since 3.9.0 */ public function customize_preview_init() { add_action( 'wp_enqueue_scripts', array( $this, 'customize_preview_enqueue' ) ); add_action( 'wp_print_styles', array( $this, 'print_preview_css' ), 1 ); add_action( 'wp_footer', array( $this, 'export_preview_data' ), 20 ); } /** * Refreshes the nonce for widget updates. * * @since 4.2.0 * * @param array $nonces Array of nonces. * @return array Array of nonces. */ public function refresh_nonces( $nonces ) { $nonces['update-widget'] = wp_create_nonce( 'update-widget' ); return $nonces; } /** * Tells the script loader to load the scripts and styles of custom blocks * if the widgets block editor is enabled. * * @since 5.8.0 * * @param bool $is_block_editor_screen Current decision about loading block assets. * @return bool Filtered decision about loading block assets. */ public function should_load_block_editor_scripts_and_styles( $is_block_editor_screen ) { if ( wp_use_widgets_block_editor() ) { return true; } return $is_block_editor_screen; } /** * When previewing, ensures the proper previewing widgets are used. * * Because wp_get_sidebars_widgets() gets called early at {@see 'init' } (via * wp_convert_widget_settings()) and can set global variable `$_wp_sidebars_widgets` * to the value of `get_option( 'sidebars_widgets' )` before the Customizer preview * filter is added, it has to be reset after the filter has been added. * * @since 3.9.0 * * @param array $sidebars_widgets List of widgets for the current sidebar. * @return array */ public function preview_sidebars_widgets( $sidebars_widgets ) { $sidebars_widgets = get_option( 'sidebars_widgets', array() ); unset( $sidebars_widgets['array_version'] ); return $sidebars_widgets; } /** * Enqueues scripts for the Customizer preview. * * @since 3.9.0 */ public function customize_preview_enqueue() { wp_enqueue_script( 'customize-preview-widgets' ); } /** * Inserts default style for highlighted widget at early point so theme * stylesheet can override. * * @since 3.9.0 */ public function print_preview_css() { ?> <style> .widget-customizer-highlighted-widget { outline: none; -webkit-box-shadow: 0 0 2px rgba(30, 140, 190, 0.8); box-shadow: 0 0 2px rgba(30, 140, 190, 0.8); position: relative; z-index: 1; } </style> <?php } /** * Communicates the sidebars that appeared on the page at the very end of the page, * and at the very end of the wp_footer, * * @since 3.9.0 * * @global array $wp_registered_sidebars * @global array $wp_registered_widgets */ public function export_preview_data() { global $wp_registered_sidebars, $wp_registered_widgets; $switched_locale = switch_to_user_locale( get_current_user_id() ); $l10n = array( 'widgetTooltip' => __( 'Shift-click to edit this widget.' ), ); if ( $switched_locale ) { restore_previous_locale(); } $rendered_sidebars = array_filter( $this->rendered_sidebars ); $rendered_widgets = array_filter( $this->rendered_widgets ); // Prepare Customizer settings to pass to JavaScript. $settings = array( 'renderedSidebars' => array_fill_keys( array_keys( $rendered_sidebars ), true ), 'renderedWidgets' => array_fill_keys( array_keys( $rendered_widgets ), true ), 'registeredSidebars' => array_values( $wp_registered_sidebars ), 'registeredWidgets' => $wp_registered_widgets, 'l10n' => $l10n, 'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(), ); foreach ( $settings['registeredWidgets'] as &$registered_widget ) { unset( $registered_widget['callback'] ); // May not be JSON-serializable. } wp_print_inline_script_tag( sprintf( 'var _wpWidgetCustomizerPreviewSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) . "\n//# sourceURL=" . rawurlencode( __METHOD__ ) ); } /** * Tracks the widgets that were rendered. * * @since 3.9.0 * * @param array $widget Rendered widget to tally. */ public function tally_rendered_widgets( $widget ) { $this->rendered_widgets[ $widget['id'] ] = true; } /** * Determine if a widget is rendered on the page. * * @since 4.0.0 * * @param string $widget_id Widget ID to check. * @return bool Whether the widget is rendered. */ public function is_widget_rendered( $widget_id ) { return ! empty( $this->rendered_widgets[ $widget_id ] ); } /** * Determines if a sidebar is rendered on the page. * * @since 4.0.0 * * @param string $sidebar_id Sidebar ID to check. * @return bool Whether the sidebar is rendered. */ public function is_sidebar_rendered( $sidebar_id ) { return ! empty( $this->rendered_sidebars[ $sidebar_id ] ); } /** * Tallies the sidebars rendered via is_active_sidebar(). * * Keep track of the times that is_active_sidebar() is called in the template, * and assume that this means that the sidebar would be rendered on the template * if there were widgets populating it. * * @since 3.9.0 * * @param bool $is_active Whether the sidebar is active. * @param string $sidebar_id Sidebar ID. * @return bool Whether the sidebar is active. */ public function tally_sidebars_via_is_active_sidebar_calls( $is_active, $sidebar_id ) { if ( is_registered_sidebar( $sidebar_id ) ) { $this->rendered_sidebars[ $sidebar_id ] = true; } /* * We may need to force this to true, and also force-true the value * for 'dynamic_sidebar_has_widgets' if we want to ensure that there * is an area to drop widgets into, if the sidebar is empty. */ return $is_active; } /** * Tallies the sidebars rendered via dynamic_sidebar(). * * Keep track of the times that dynamic_sidebar() is called in the template, * and assume this means the sidebar would be rendered on the template if * there were widgets populating it. * * @since 3.9.0 * * @param bool $has_widgets Whether the current sidebar has widgets. * @param string $sidebar_id Sidebar ID. * @return bool Whether the current sidebar has widgets. */ public function tally_sidebars_via_dynamic_sidebar_calls( $has_widgets, $sidebar_id ) { if ( is_registered_sidebar( $sidebar_id ) ) { $this->rendered_sidebars[ $sidebar_id ] = true; } /* * We may need to force this to true, and also force-true the value * for 'is_active_sidebar' if we want to ensure there is an area to * drop widgets into, if the sidebar is empty. */ return $has_widgets; } /** * Retrieves MAC for a serialized widget instance string. * * Allows values posted back from JS to be rejected if any tampering of the * data has occurred. * * @since 3.9.0 * * @param string $serialized_instance Widget instance. * @return string MAC for serialized widget instance. */ protected function get_instance_hash_key( $serialized_instance ) { return wp_hash( $serialized_instance ); } /** * Sanitizes a widget instance. * * Unserialize the JS-instance for storing in the options. It's important that this filter * only get applied to an instance *once*. * * @since 3.9.0 * @since 5.8.0 Added the `$id_base` parameter. * * @global WP_Widget_Factory $wp_widget_factory * * @param array $value Widget instance to sanitize. * @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null. * @return array|void Sanitized widget instance. */ public function sanitize_widget_instance( $value, $id_base = null ) { global $wp_widget_factory; if ( array() === $value ) { return $value; } if ( isset( $value['raw_instance'] ) && $id_base && wp_use_widgets_block_editor() ) { $widget_object = $wp_widget_factory->get_widget_object( $id_base ); if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) { if ( 'block' === $id_base && ! current_user_can( 'unfiltered_html' ) ) { /* * The content of the 'block' widget is not filtered on the fly while editing. * Filter the content here to prevent vulnerabilities. */ $value['raw_instance']['content'] = wp_kses_post( $value['raw_instance']['content'] ); } return $value['raw_instance']; } } if ( empty( $value['is_widget_customizer_js_value'] ) || empty( $value['instance_hash_key'] ) || empty( $value['encoded_serialized_instance'] ) ) { return; } $decoded = base64_decode( $value['encoded_serialized_instance'], true ); if ( false === $decoded ) { return; } if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) { return; } $instance = unserialize( $decoded ); if ( false === $instance ) { return; } return $instance; } /** * Converts a widget instance into JSON-representable format. * * @since 3.9.0 * @since 5.8.0 Added the `$id_base` parameter. * * @global WP_Widget_Factory $wp_widget_factory * * @param array $value Widget instance to convert to JSON. * @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null. * @return array JSON-converted widget instance. */ public function sanitize_widget_js_instance( $value, $id_base = null ) { global $wp_widget_factory; if ( empty( $value['is_widget_customizer_js_value'] ) ) { $serialized = serialize( $value ); $js_value = array( 'encoded_serialized_instance' => base64_encode( $serialized ), 'title' => empty( $value['title'] ) ? '' : $value['title'], 'is_widget_customizer_js_value' => true, 'instance_hash_key' => $this->get_instance_hash_key( $serialized ), ); if ( $id_base && wp_use_widgets_block_editor() ) { $widget_object = $wp_widget_factory->get_widget_object( $id_base ); if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) { $js_value['raw_instance'] = (object) $value; } } return $js_value; } return $value; } /** * Strips out widget IDs for widgets which are no longer registered. * * One example where this might happen is when a plugin orphans a widget * in a sidebar upon deactivation. * * @since 3.9.0 * * @global array $wp_registered_widgets * * @param array $widget_ids List of widget IDs. * @return array Parsed list of widget IDs. */ public function sanitize_sidebar_widgets_js_instance( $widget_ids ) { global $wp_registered_widgets; $widget_ids = array_values( array_intersect( $widget_ids, array_keys( $wp_registered_widgets ) ) ); return $widget_ids; } /** * Finds and invokes the widget update and control callbacks. * * Requires that `$_POST` be populated with the instance data. * * @since 3.9.0 * * @global array $wp_registered_widget_updates * @global array $wp_registered_widget_controls * * @param string $widget_id Widget ID. * @return array|WP_Error Array containing the updated widget information. * A WP_Error object, otherwise. */ public function call_widget_update( $widget_id ) { global $wp_registered_widget_updates, $wp_registered_widget_controls; $setting_id = $this->get_setting_id( $widget_id ); /* * Make sure that other setting changes have previewed since this widget * may depend on them (e.g. Menus being present for Navigation Menu widget). */ if ( ! did_action( 'customize_preview_init' ) ) { foreach ( $this->manager->settings() as $setting ) { if ( $setting->id !== $setting_id ) { $setting->preview(); } } } $this->start_capturing_option_updates(); $parsed_id = $this->parse_widget_id( $widget_id ); $option_name = 'widget_' . $parsed_id['id_base']; /* * If a previously-sanitized instance is provided, populate the input vars * with its values so that the widget update callback will read this instance */ $added_input_vars = array(); if ( ! empty( $_POST['sanitized_widget_setting'] ) ) { $sanitized_widget_setting = json_decode( $this->get_post_value( 'sanitized_widget_setting' ), true ); if ( false === $sanitized_widget_setting ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_malformed' ); } $instance = $this->sanitize_widget_instance( $sanitized_widget_setting, $parsed_id['id_base'] ); if ( is_null( $instance ) ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_unsanitized' ); } if ( ! is_null( $parsed_id['number'] ) ) { $value = array(); $value[ $parsed_id['number'] ] = $instance; $key = 'widget-' . $parsed_id['id_base']; $_REQUEST[ $key ] = wp_slash( $value ); $_POST[ $key ] = $_REQUEST[ $key ]; $added_input_vars[] = $key; } else { foreach ( $instance as $key => $value ) { $_REQUEST[ $key ] = wp_slash( $value ); $_POST[ $key ] = $_REQUEST[ $key ]; $added_input_vars[] = $key; } } } // Invoke the widget update callback. foreach ( (array) $wp_registered_widget_updates as $name => $control ) { if ( $name === $parsed_id['id_base'] && is_callable( $control['callback'] ) ) { ob_start(); call_user_func_array( $control['callback'], $control['params'] ); ob_end_clean(); break; } } // Clean up any input vars that were manually added. foreach ( $added_input_vars as $key ) { unset( $_POST[ $key ] ); unset( $_REQUEST[ $key ] ); } // Make sure the expected option was updated. if ( 0 !== $this->count_captured_options() ) { if ( $this->count_captured_options() > 1 ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_too_many_options' ); } $updated_option_name = key( $this->get_captured_options() ); if ( $updated_option_name !== $option_name ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_unexpected_option' ); } } // Obtain the widget instance. $option = $this->get_captured_option( $option_name ); if ( null !== $parsed_id['number'] ) { $instance = $option[ $parsed_id['number'] ]; } else { $instance = $option; } /* * Override the incoming $_POST['customized'] for a newly-created widget's * setting with the new $instance so that the preview filter currently * in place from WP_Customize_Setting::preview() will use this value * instead of the default widget instance value (an empty array). */ $this->manager->set_post_value( $setting_id, $this->sanitize_widget_js_instance( $instance, $parsed_id['id_base'] ) ); // Obtain the widget control with the updated instance in place. ob_start(); $form = $wp_registered_widget_controls[ $widget_id ]; if ( $form ) { call_user_func_array( $form['callback'], $form['params'] ); } $form = ob_get_clean(); $this->stop_capturing_option_updates(); return compact( 'instance', 'form' ); } /** * Updates widget settings asynchronously. * * Allows the Customizer to update a widget using its form, but return the new * instance info via Ajax instead of saving it to the options table. * * Most code here copied from wp_ajax_save_widget(). * * @since 3.9.0 * * @see wp_ajax_save_widget() */ public function wp_ajax_update_widget() { if ( ! is_user_logged_in() ) { wp_die( 0 ); } check_ajax_referer( 'update-widget', 'nonce' ); if ( ! current_user_can( 'edit_theme_options' ) ) { wp_die( -1 ); } if ( empty( $_POST['widget-id'] ) ) { wp_send_json_error( 'missing_widget-id' ); } /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/widgets.php */ do_action( 'sidebar_admin_setup' ); $widget_id = $this->get_post_value( 'widget-id' ); $parsed_id = $this->parse_widget_id( $widget_id ); $id_base = $parsed_id['id_base']; $is_updating_widget_template = ( isset( $_POST[ 'widget-' . $id_base ] ) && is_array( $_POST[ 'widget-' . $id_base ] ) && preg_match( '/__i__|%i%/', key( $_POST[ 'widget-' . $id_base ] ) ) ); if ( $is_updating_widget_template ) { wp_send_json_error( 'template_widget_not_updatable' ); } $updated_widget = $this->call_widget_update( $widget_id ); // => {instance,form} if ( is_wp_error( $updated_widget ) ) { wp_send_json_error( $updated_widget->get_error_code() ); } $form = $updated_widget['form']; $instance = $this->sanitize_widget_js_instance( $updated_widget['instance'], $id_base ); wp_send_json_success( compact( 'form', 'instance' ) ); } /* * Selective Refresh Methods */ /** * Filters arguments for dynamic widget partials. * * @since 4.5.0 * * @param array|false $partial_args Partial arguments. * @param string $partial_id Partial ID. * @return array (Maybe) modified partial arguments. */ public function customize_dynamic_partial_args( $partial_args, $partial_id ) { if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return $partial_args; } if ( preg_match( '/^widget\[(?P<widget_id>.+)\]$/', $partial_id, $matches ) ) { if ( false === $partial_args ) { $partial_args = array(); } $partial_args = array_merge( $partial_args, array( 'type' => 'widget', 'render_callback' => array( $this, 'render_widget_partial' ), 'container_inclusive' => true, 'settings' => array( $this->get_setting_id( $matches['widget_id'] ) ), 'capability' => 'edit_theme_options', ) ); } return $partial_args; } /** * Adds hooks for selective refresh. * * @since 4.5.0 */ public function selective_refresh_init() { if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return; } add_filter( 'dynamic_sidebar_params', array( $this, 'filter_dynamic_sidebar_params' ) ); add_filter( 'wp_kses_allowed_html', array( $this, 'filter_wp_kses_allowed_data_attributes' ) ); add_action( 'dynamic_sidebar_before', array( $this, 'start_dynamic_sidebar' ) ); add_action( 'dynamic_sidebar_after', array( $this, 'end_dynamic_sidebar' ) ); } /** * Inject selective refresh data attributes into widget container elements. * * @since 4.5.0 * * @see WP_Customize_Nav_Menus::filter_wp_nav_menu_args() * * @param array $params { * Dynamic sidebar params. * * @type array $args Sidebar args. * @type array $widget_args Widget args. * } * @return array Params. */ public function filter_dynamic_sidebar_params( $params ) { $sidebar_args = array_merge( array( 'before_widget' => '', 'after_widget' => '', ), $params[0] ); // Skip widgets not in a registered sidebar or ones which lack a proper wrapper element to attach the data-* attributes to. $matches = array(); $is_valid = ( isset( $sidebar_args['id'] ) && is_registered_sidebar( $sidebar_args['id'] ) && ( isset( $this->current_dynamic_sidebar_id_stack[0] ) && $this->current_dynamic_sidebar_id_stack[0] === $sidebar_args['id'] ) && preg_match( '#^<(?P<tag_name>\w+)#', $sidebar_args['before_widget'], $matches ) ); if ( ! $is_valid ) { return $params; } $this->before_widget_tags_seen[ $matches['tag_name'] ] = true; $context = array( 'sidebar_id' => $sidebar_args['id'], ); if ( isset( $this->context_sidebar_instance_number ) ) { $context['sidebar_instance_number'] = $this->context_sidebar_instance_number; } elseif ( isset( $sidebar_args['id'] ) && isset( $this->sidebar_instance_count[ $sidebar_args['id'] ] ) ) { $context['sidebar_instance_number'] = $this->sidebar_instance_count[ $sidebar_args['id'] ]; } $attributes = sprintf( ' data-customize-partial-id="%s"', esc_attr( 'widget[' . $sidebar_args['widget_id'] . ']' ) ); $attributes .= ' data-customize-partial-type="widget"'; $attributes .= sprintf( ' data-customize-partial-placement-context="%s"', esc_attr( wp_json_encode( $context ) ) ); $attributes .= sprintf( ' data-customize-widget-id="%s"', esc_attr( $sidebar_args['widget_id'] ) ); $sidebar_args['before_widget'] = preg_replace( '#^(<\w+)#', '$1 ' . $attributes, $sidebar_args['before_widget'] ); $params[0] = $sidebar_args; return $params; } /** * List of the tag names seen for before_widget strings. * * This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the * data-* attributes can be allowed. * * @since 4.5.0 * @var array */ protected $before_widget_tags_seen = array(); /** * Ensures the HTML data-* attributes for selective refresh are allowed by kses. * * This is needed in case the `$before_widget` is run through wp_kses() when printed. * * @since 4.5.0 * * @param array $allowed_html Allowed HTML. * @return array (Maybe) modified allowed HTML. */ public function filter_wp_kses_allowed_data_attributes( $allowed_html ) { foreach ( array_keys( $this->before_widget_tags_seen ) as $tag_name ) { if ( ! isset( $allowed_html[ $tag_name ] ) ) { $allowed_html[ $tag_name ] = array(); } $allowed_html[ $tag_name ] = array_merge( $allowed_html[ $tag_name ], array_fill_keys( array( 'data-customize-partial-id', 'data-customize-partial-type', 'data-customize-partial-placement-context', 'data-customize-partial-widget-id', 'data-customize-partial-options', ), true ) ); } return $allowed_html; } /** * Keep track of the number of times that dynamic_sidebar() was called for a given sidebar index. * * This helps facilitate the uncommon scenario where a single sidebar is rendered multiple times on a template. * * @since 4.5.0 * @var array */ protected $sidebar_instance_count = array(); /** * The current request's sidebar_instance_number context. * * @since 4.5.0 * @var int|null */ protected $context_sidebar_instance_number; /** * Current sidebar ID being rendered. * * @since 4.5.0 * @var array */ protected $current_dynamic_sidebar_id_stack = array(); /** * Begins keeping track of the current sidebar being rendered. * * Insert marker before widgets are rendered in a dynamic sidebar. * * @since 4.5.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. */ public function start_dynamic_sidebar( $index ) { array_unshift( $this->current_dynamic_sidebar_id_stack, $index ); if ( ! isset( $this->sidebar_instance_count[ $index ] ) ) { $this->sidebar_instance_count[ $index ] = 0; } $this->sidebar_instance_count[ $index ] += 1; if ( ! $this->manager->selective_refresh->is_render_partials_request() ) { printf( "\n<!--dynamic_sidebar_before:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] ); } } /** * Finishes keeping track of the current sidebar being rendered. * * Inserts a marker after widgets are rendered in a dynamic sidebar. * * @since 4.5.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. */ public function end_dynamic_sidebar( $index ) { array_shift( $this->current_dynamic_sidebar_id_stack ); if ( ! $this->manager->selective_refresh->is_render_partials_request() ) { printf( "\n<!--dynamic_sidebar_after:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] ); } } /** * Current sidebar being rendered. * * @since 4.5.0 * @var string|null */ protected $rendering_widget_id; /** * Current widget being rendered. * * @since 4.5.0 * @var string|null */ protected $rendering_sidebar_id; /** * Filters sidebars_widgets to ensure the currently-rendered widget is the only widget in the current sidebar. * * @since 4.5.0 * * @param array $sidebars_widgets Sidebars widgets. * @return array Filtered sidebars widgets. */ public function filter_sidebars_widgets_for_rendering_widget( $sidebars_widgets ) { $sidebars_widgets[ $this->rendering_sidebar_id ] = array( $this->rendering_widget_id ); return $sidebars_widgets; } /** * Renders a specific widget using the supplied sidebar arguments. * * @since 4.5.0 * * @see dynamic_sidebar() * * @param WP_Customize_Partial $partial Partial. * @param array $context { * Sidebar args supplied as container context. * * @type string $sidebar_id ID for sidebar for widget to render into. * @type int $sidebar_instance_number Disambiguating instance number. * } * @return string|false */ public function render_widget_partial( $partial, $context ) { $id_data = $partial->id_data(); $widget_id = array_shift( $id_data['keys'] ); if ( ! is_array( $context ) || empty( $context['sidebar_id'] ) || ! is_registered_sidebar( $context['sidebar_id'] ) ) { return false; } $this->rendering_sidebar_id = $context['sidebar_id']; if ( isset( $context['sidebar_instance_number'] ) ) { $this->context_sidebar_instance_number = (int) $context['sidebar_instance_number']; } // Filter sidebars_widgets so that only the queried widget is in the sidebar. $this->rendering_widget_id = $widget_id; $filter_callback = array( $this, 'filter_sidebars_widgets_for_rendering_widget' ); add_filter( 'sidebars_widgets', $filter_callback, 1000 ); // Render the widget. ob_start(); $this->rendering_sidebar_id = $context['sidebar_id']; dynamic_sidebar( $this->rendering_sidebar_id ); $container = ob_get_clean(); // Reset variables for next partial render. remove_filter( 'sidebars_widgets', $filter_callback, 1000 ); $this->context_sidebar_instance_number = null; $this->rendering_sidebar_id = null; $this->rendering_widget_id = null; return $container; } // // Option Update Capturing. // /** * List of captured widget option updates. * * @since 3.9.0 * @var array $_captured_options Values updated while option capture is happening. */ protected $_captured_options = array(); /** * Whether option capture is currently happening. * * @since 3.9.0 * @var bool $_is_current Whether option capture is currently happening or not. */ protected $_is_capturing_option_updates = false; /** * Determines whether the captured option update should be ignored. * * @since 3.9.0 * * @param string $option_name Option name. * @return bool Whether the option capture is ignored. */ protected function is_option_capture_ignored( $option_name ) { return ( str_starts_with( $option_name, '_transient_' ) ); } /** * Retrieves captured widget option updates. * * @since 3.9.0 * * @return array Array of captured options. */ protected function get_captured_options() { return $this->_captured_options; } /** * Retrieves the option that was captured from being saved. * * @since 4.2.0 * * @param string $option_name Option name. * @param mixed $default_value Optional. Default value to return if the option does not exist. Default false. * @return mixed Value set for the option. */ protected function get_captured_option( $option_name, $default_value = false ) { if ( array_key_exists( $option_name, $this->_captured_options ) ) { $value = $this->_captured_options[ $option_name ]; } else { $value = $default_value; } return $value; } /** * Retrieves the number of captured widget option updates. * * @since 3.9.0 * * @return int Number of updated options. */ protected function count_captured_options() { return count( $this->_captured_options ); } /** * Begins keeping track of changes to widget options, caching new values. * * @since 3.9.0 */ protected function start_capturing_option_updates() { if ( $this->_is_capturing_option_updates ) { return; } $this->_is_capturing_option_updates = true; add_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10, 3 ); } /** * Pre-filters captured option values before updating. * * @since 3.9.0 * * @param mixed $new_value The new option value. * @param string $option_name Name of the option. * @param mixed $old_value The old option value. * @return mixed Filtered option value. */ public function capture_filter_pre_update_option( $new_value, $option_name, $old_value ) { if ( $this->is_option_capture_ignored( $option_name ) ) { return $new_value; } if ( ! isset( $this->_captured_options[ $option_name ] ) ) { add_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) ); } $this->_captured_options[ $option_name ] = $new_value; return $old_value; } /** * Pre-filters captured option values before retrieving. * * @since 3.9.0 * * @param mixed $value Value to return instead of the option value. * @return mixed Filtered option value. */ public function capture_filter_pre_get_option( $value ) { $option_name = preg_replace( '/^pre_option_/', '', current_filter() ); if ( isset( $this->_captured_options[ $option_name ] ) ) { $value = $this->_captured_options[ $option_name ]; /** This filter is documented in wp-includes/option.php */ $value = apply_filters( 'option_' . $option_name, $value, $option_name ); } return $value; } /** * Undoes any changes to the options since options capture began. * * @since 3.9.0 */ protected function stop_capturing_option_updates() { if ( ! $this->_is_capturing_option_updates ) { return; } remove_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10 ); foreach ( array_keys( $this->_captured_options ) as $option_name ) { remove_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) ); } $this->_captured_options = array(); $this->_is_capturing_option_updates = false; } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function setup_widget_addition_previews() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function prepreview_added_sidebars_widgets() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function prepreview_added_widget_instance() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function remove_prepreview_filters() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } } HTTP/class-wp-http-encoding-20260605103959.php 0000666 00000015041 15226703613 0013735 0 ustar 00 <?php /** * HTTP API: WP_Http_Encoding class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement deflate and gzip transfer encoding support for HTTP requests. * * Includes RFC 1950, RFC 1951, and RFC 1952. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Http_Encoding { /** * Compress raw string using the deflate format. * * Supports the RFC 1951 standard. * * @since 2.8.0 * * @param string $raw String to compress. * @param int $level Optional. Compression level, 9 is highest. Default 9. * @param string $supports Optional, not used. When implemented it will choose * the right compression based on what the server supports. * @return string|false Compressed string on success, false on failure. */ public static function compress( $raw, $level = 9, $supports = null ) { return gzdeflate( $raw, $level ); } /** * Decompression of deflated string. * * Will attempt to decompress using the RFC 1950 standard, and if that fails * then the RFC 1951 standard deflate will be attempted. Finally, the RFC * 1952 standard gzip decode will be attempted. If all fail, then the * original compressed string will be returned. * * @since 2.8.0 * * @param string $compressed String to decompress. * @param int $length The optional length of the compressed data. * @return string|false Decompressed string on success, false on failure. */ public static function decompress( $compressed, $length = null ) { if ( empty( $compressed ) ) { return $compressed; } $decompressed = @gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = self::compatible_gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = @gzuncompress( $compressed ); if ( false !== $decompressed ) { return $decompressed; } if ( function_exists( 'gzdecode' ) ) { $decompressed = @gzdecode( $compressed ); if ( false !== $decompressed ) { return $decompressed; } } return $compressed; } /** * Decompression of deflated string while staying compatible with the majority of servers. * * Certain Servers will return deflated data with headers which PHP's gzinflate() * function cannot handle out of the box. The following function has been created from * various snippets on the gzinflate() PHP documentation. * * Warning: Magic numbers within. Due to the potential different formats that the compressed * data may be returned in, some "magic offsets" are needed to ensure proper decompression * takes place. For a simple pragmatic way to determine the magic offset in use, see: * https://core.trac.wordpress.org/ticket/18273 * * @since 2.8.1 * * @link https://core.trac.wordpress.org/ticket/18273 * @link https://www.php.net/manual/en/function.gzinflate.php#70875 * @link https://www.php.net/manual/en/function.gzinflate.php#77336 * * @param string $gz_data String to decompress. * @return string|false Decompressed string on success, false on failure. */ public static function compatible_gzinflate( $gz_data ) { // Compressed data might contain a full header, if so strip it for gzinflate(). if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) { $i = 10; $flg = ord( substr( $gz_data, 3, 1 ) ); if ( $flg > 0 ) { if ( $flg & 4 ) { list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) ); $i = $i + 2 + $xlen; } if ( $flg & 8 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 16 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 2 ) { $i = $i + 2; } } $decompressed = @gzinflate( substr( $gz_data, $i, -8 ) ); if ( false !== $decompressed ) { return $decompressed; } } // Compressed data from java.util.zip.Deflater amongst others. $decompressed = @gzinflate( substr( $gz_data, 2 ) ); if ( false !== $decompressed ) { return $decompressed; } return false; } /** * What encoding types to accept and their priority values. * * @since 2.8.0 * * @param string $url * @param array $args * @return string Types of encoding to accept. */ public static function accept_encoding( $url, $args ) { $type = array(); $compression_enabled = self::is_available(); if ( ! $args['decompress'] ) { // Decompression specifically disabled. $compression_enabled = false; } elseif ( $args['stream'] ) { // Disable when streaming to file. $compression_enabled = false; } elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it. $compression_enabled = false; } if ( $compression_enabled ) { if ( function_exists( 'gzinflate' ) ) { $type[] = 'deflate;q=1.0'; } if ( function_exists( 'gzuncompress' ) ) { $type[] = 'compress;q=0.5'; } if ( function_exists( 'gzdecode' ) ) { $type[] = 'gzip;q=0.5'; } } /** * Filters the allowed encoding types. * * @since 3.6.0 * * @param string[] $type Array of what encoding types to accept and their priority values. * @param string $url URL of the HTTP request. * @param array $args HTTP request arguments. */ $type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args ); return implode( ', ', $type ); } /** * What encoding the content used when it was compressed to send in the headers. * * @since 2.8.0 * * @return string Content-Encoding string to send in the header. */ public static function content_encoding() { return 'deflate'; } /** * Whether the content be decoded based on the headers. * * @since 2.8.0 * * @param array|string $headers All of the available headers. * @return bool */ public static function should_decode( $headers ) { if ( is_array( $headers ) ) { if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) { return true; } } elseif ( is_string( $headers ) ) { return ( stripos( $headers, 'content-encoding:' ) !== false ); } return false; } /** * Whether decompression and compression are supported by the PHP version. * * Each function is tested instead of checking for the zlib extension, to * ensure that the functions all exist in the PHP version and aren't * disabled. * * @since 2.8.0 * * @return bool */ public static function is_available() { return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) ); } } HTTP/class-wp-theme-json-20260605044635.php 0000666 00000500773 15226703613 0013251 0 ustar 00 <?php /** * WP_Theme_JSON class * * @package WordPress * @subpackage Theme * @since 5.8.0 */ /** * Class that encapsulates the processing of structures that adhere to the theme.json spec. * * This class is for internal core usage and is not supposed to be used by extenders (plugins and/or themes). * This is a low-level API that may need to do breaking changes. Please, * use get_global_settings, get_global_styles, and get_global_stylesheet instead. * * @access private */ #[AllowDynamicProperties] class WP_Theme_JSON { /** * Container of data in theme.json format. * * @since 5.8.0 * @var array */ protected $theme_json = null; /** * Holds block metadata extracted from block.json * to be shared among all instances so we don't * process it twice. * * @since 5.8.0 * @since 6.1.0 Initialize as an empty array. * @var array */ protected static $blocks_metadata = array(); /** * The CSS selector for the top-level preset settings. * * @since 6.6.0 * @var string */ const ROOT_CSS_PROPERTIES_SELECTOR = ':root'; /** * The CSS selector for the top-level styles. * * @since 5.8.0 * @var string */ const ROOT_BLOCK_SELECTOR = 'body'; /** * The sources of data this object can represent. * * @since 5.8.0 * @since 6.1.0 Added 'blocks'. * @var string[] */ const VALID_ORIGINS = array( 'default', 'blocks', 'theme', 'custom', ); /** * Presets are a set of values that serve * to bootstrap some styles: colors, font sizes, etc. * * They are a unkeyed array of values such as: * * array( * array( * 'slug' => 'unique-name-within-the-set', * 'name' => 'Name for the UI', * <value_key> => 'value' * ), * ) * * This contains the necessary metadata to process them: * * - path => Where to find the preset within the settings section. * - prevent_override => Disables override of default presets by theme presets. * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults by setting this false. * - use_default_names => whether to use the default names * - value_key => the key that represents the value * - value_func => optionally, instead of value_key, a function to generate * the value that takes a preset as an argument * (either value_key or value_func should be present) * - css_vars => template string to use in generating the CSS Custom Property. * Example output: "--wp--preset--duotone--blue: <value>" will generate as many CSS Custom Properties as presets defined * substituting the $slug for the slug's value for each preset value. * - classes => array containing a structure with the classes to * generate for the presets, where for each array item * the key is the class name and the value the property name. * The "$slug" substring will be replaced by the slug of each preset. * For example: * 'classes' => array( * '.has-$slug-color' => 'color', * '.has-$slug-background-color' => 'background-color', * '.has-$slug-border-color' => 'border-color', * ) * - properties => array of CSS properties to be used by kses to * validate the content of each preset * by means of the remove_insecure_properties method. * * @since 5.8.0 * @since 5.9.0 Added the `color.duotone` and `typography.fontFamilies` presets, * `use_default_names` preset key, and simplified the metadata structure. * @since 6.0.0 Replaced `override` with `prevent_override` and updated the * `prevent_override` value for `color.duotone` to use `color.defaultDuotone`. * @since 6.2.0 Added 'shadow' presets. * @since 6.3.0 Replaced value_func for duotone with `null`. Custom properties are handled by class-wp-duotone.php. * @since 6.6.0 Added the `dimensions.aspectRatios` and `dimensions.defaultAspectRatios` presets. * Updated the 'prevent_override' value for font size presets to use 'typography.defaultFontSizes' * and spacing size presets to use `spacing.defaultSpacingSizes`. * @since 6.9.0 Added `border.radiusSizes`. * @var array */ const PRESETS_METADATA = array( array( 'path' => array( 'dimensions', 'aspectRatios' ), 'prevent_override' => array( 'dimensions', 'defaultAspectRatios' ), 'use_default_names' => false, 'value_key' => 'ratio', 'css_vars' => '--wp--preset--aspect-ratio--$slug', 'classes' => array(), 'properties' => array( 'aspect-ratio' ), ), array( 'path' => array( 'color', 'palette' ), 'prevent_override' => array( 'color', 'defaultPalette' ), 'use_default_names' => false, 'value_key' => 'color', 'css_vars' => '--wp--preset--color--$slug', 'classes' => array( '.has-$slug-color' => 'color', '.has-$slug-background-color' => 'background-color', '.has-$slug-border-color' => 'border-color', ), 'properties' => array( 'color', 'background-color', 'border-color' ), ), array( 'path' => array( 'color', 'gradients' ), 'prevent_override' => array( 'color', 'defaultGradients' ), 'use_default_names' => false, 'value_key' => 'gradient', 'css_vars' => '--wp--preset--gradient--$slug', 'classes' => array( '.has-$slug-gradient-background' => 'background' ), 'properties' => array( 'background' ), ), array( 'path' => array( 'color', 'duotone' ), 'prevent_override' => array( 'color', 'defaultDuotone' ), 'use_default_names' => false, 'value_func' => null, // CSS Custom Properties for duotone are handled by block supports in class-wp-duotone.php. 'css_vars' => null, 'classes' => array(), 'properties' => array( 'filter' ), ), array( 'path' => array( 'typography', 'fontSizes' ), 'prevent_override' => array( 'typography', 'defaultFontSizes' ), 'use_default_names' => true, 'value_func' => 'wp_get_typography_font_size_value', 'css_vars' => '--wp--preset--font-size--$slug', 'classes' => array( '.has-$slug-font-size' => 'font-size' ), 'properties' => array( 'font-size' ), ), array( 'path' => array( 'typography', 'fontFamilies' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'fontFamily', 'css_vars' => '--wp--preset--font-family--$slug', 'classes' => array( '.has-$slug-font-family' => 'font-family' ), 'properties' => array( 'font-family' ), ), array( 'path' => array( 'spacing', 'spacingSizes' ), 'prevent_override' => array( 'spacing', 'defaultSpacingSizes' ), 'use_default_names' => true, 'value_key' => 'size', 'css_vars' => '--wp--preset--spacing--$slug', 'classes' => array(), 'properties' => array( 'padding', 'margin' ), ), array( 'path' => array( 'shadow', 'presets' ), 'prevent_override' => array( 'shadow', 'defaultPresets' ), 'use_default_names' => false, 'value_key' => 'shadow', 'css_vars' => '--wp--preset--shadow--$slug', 'classes' => array(), 'properties' => array( 'box-shadow' ), ), array( 'path' => array( 'border', 'radiusSizes' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'size', 'css_vars' => '--wp--preset--border-radius--$slug', 'classes' => array(), 'properties' => array( 'border-radius' ), ), ); /** * Metadata for style properties. * * Each element is a direct mapping from the CSS property name to the * path to the value in theme.json & block attributes. * * @since 5.8.0 * @since 5.9.0 Added the `border-*`, `font-family`, `font-style`, `font-weight`, * `letter-spacing`, `margin-*`, `padding-*`, `--wp--style--block-gap`, * `text-decoration`, `text-transform`, and `filter` properties, * simplified the metadata structure. * @since 6.1.0 Added the `border-*-color`, `border-*-width`, `border-*-style`, * `--wp--style--root--padding-*`, and `box-shadow` properties, * removed the `--wp--style--block-gap` property. * @since 6.2.0 Added `outline-*`, and `min-height` properties. * @since 6.3.0 Added `column-count` property. * @since 6.4.0 Added `writing-mode` property. * @since 6.5.0 Added `aspect-ratio` property. * @since 6.6.0 Added `background-[image|position|repeat|size]` properties. * @since 6.7.0 Added `background-attachment` property. * @var array */ const PROPERTIES_METADATA = array( 'aspect-ratio' => array( 'dimensions', 'aspectRatio' ), 'background' => array( 'color', 'gradient' ), 'background-color' => array( 'color', 'background' ), 'background-image' => array( 'background', 'backgroundImage' ), 'background-position' => array( 'background', 'backgroundPosition' ), 'background-repeat' => array( 'background', 'backgroundRepeat' ), 'background-size' => array( 'background', 'backgroundSize' ), 'background-attachment' => array( 'background', 'backgroundAttachment' ), 'border-radius' => array( 'border', 'radius' ), 'border-top-left-radius' => array( 'border', 'radius', 'topLeft' ), 'border-top-right-radius' => array( 'border', 'radius', 'topRight' ), 'border-bottom-left-radius' => array( 'border', 'radius', 'bottomLeft' ), 'border-bottom-right-radius' => array( 'border', 'radius', 'bottomRight' ), 'border-color' => array( 'border', 'color' ), 'border-width' => array( 'border', 'width' ), 'border-style' => array( 'border', 'style' ), 'border-top-color' => array( 'border', 'top', 'color' ), 'border-top-width' => array( 'border', 'top', 'width' ), 'border-top-style' => array( 'border', 'top', 'style' ), 'border-right-color' => array( 'border', 'right', 'color' ), 'border-right-width' => array( 'border', 'right', 'width' ), 'border-right-style' => array( 'border', 'right', 'style' ), 'border-bottom-color' => array( 'border', 'bottom', 'color' ), 'border-bottom-width' => array( 'border', 'bottom', 'width' ), 'border-bottom-style' => array( 'border', 'bottom', 'style' ), 'border-left-color' => array( 'border', 'left', 'color' ), 'border-left-width' => array( 'border', 'left', 'width' ), 'border-left-style' => array( 'border', 'left', 'style' ), 'color' => array( 'color', 'text' ), 'text-align' => array( 'typography', 'textAlign' ), 'column-count' => array( 'typography', 'textColumns' ), 'font-family' => array( 'typography', 'fontFamily' ), 'font-size' => array( 'typography', 'fontSize' ), 'font-style' => array( 'typography', 'fontStyle' ), 'font-weight' => array( 'typography', 'fontWeight' ), 'letter-spacing' => array( 'typography', 'letterSpacing' ), 'line-height' => array( 'typography', 'lineHeight' ), 'margin' => array( 'spacing', 'margin' ), 'margin-top' => array( 'spacing', 'margin', 'top' ), 'margin-right' => array( 'spacing', 'margin', 'right' ), 'margin-bottom' => array( 'spacing', 'margin', 'bottom' ), 'margin-left' => array( 'spacing', 'margin', 'left' ), 'min-height' => array( 'dimensions', 'minHeight' ), 'outline-color' => array( 'outline', 'color' ), 'outline-offset' => array( 'outline', 'offset' ), 'outline-style' => array( 'outline', 'style' ), 'outline-width' => array( 'outline', 'width' ), 'padding' => array( 'spacing', 'padding' ), 'padding-top' => array( 'spacing', 'padding', 'top' ), 'padding-right' => array( 'spacing', 'padding', 'right' ), 'padding-bottom' => array( 'spacing', 'padding', 'bottom' ), 'padding-left' => array( 'spacing', 'padding', 'left' ), '--wp--style--root--padding' => array( 'spacing', 'padding' ), '--wp--style--root--padding-top' => array( 'spacing', 'padding', 'top' ), '--wp--style--root--padding-right' => array( 'spacing', 'padding', 'right' ), '--wp--style--root--padding-bottom' => array( 'spacing', 'padding', 'bottom' ), '--wp--style--root--padding-left' => array( 'spacing', 'padding', 'left' ), 'text-decoration' => array( 'typography', 'textDecoration' ), 'text-transform' => array( 'typography', 'textTransform' ), 'filter' => array( 'filter', 'duotone' ), 'box-shadow' => array( 'shadow' ), 'writing-mode' => array( 'typography', 'writingMode' ), ); /** * Indirect metadata for style properties that are not directly output. * * Each element maps from a CSS property name to an array of * paths to the value in theme.json & block attributes. * * Indirect properties are not output directly by `compute_style_properties`, * but are used elsewhere in the processing of global styles. The indirect * property is used to validate whether a style value is allowed. * * @since 6.2.0 * @since 6.6.0 Added background-image properties. * @var array */ const INDIRECT_PROPERTIES_METADATA = array( 'gap' => array( array( 'spacing', 'blockGap' ), ), 'column-gap' => array( array( 'spacing', 'blockGap', 'left' ), ), 'row-gap' => array( array( 'spacing', 'blockGap', 'top' ), ), 'max-width' => array( array( 'layout', 'contentSize' ), array( 'layout', 'wideSize' ), ), 'background-image' => array( array( 'background', 'backgroundImage', 'url' ), ), ); /** * Protected style properties. * * These style properties are only rendered if a setting enables it * via a value other than `null`. * * Each element maps the style property to the corresponding theme.json * setting key. * * @since 5.9.0 * @var array */ const PROTECTED_PROPERTIES = array( 'spacing.blockGap' => array( 'spacing', 'blockGap' ), ); /** * The top-level keys a theme.json can have. * * @since 5.8.0 As `ALLOWED_TOP_LEVEL_KEYS`. * @since 5.9.0 Renamed from `ALLOWED_TOP_LEVEL_KEYS` to `VALID_TOP_LEVEL_KEYS`, * added the `customTemplates` and `templateParts` values. * @since 6.3.0 Added the `description` value. * @since 6.6.0 Added `blockTypes` to support block style variation theme.json partials. * @var string[] */ const VALID_TOP_LEVEL_KEYS = array( 'blockTypes', 'customTemplates', 'description', 'patterns', 'settings', 'slug', 'styles', 'templateParts', 'title', 'version', ); /** * The valid properties under the settings key. * * @since 5.8.0 As `ALLOWED_SETTINGS`. * @since 5.9.0 Renamed from `ALLOWED_SETTINGS` to `VALID_SETTINGS`, * added new properties for `border`, `color`, `spacing`, * and `typography`, and renamed others according to the new schema. * @since 6.0.0 Added `color.defaultDuotone`. * @since 6.1.0 Added `layout.definitions` and `useRootPaddingAwareAlignments`. * @since 6.2.0 Added `dimensions.minHeight`, 'shadow.presets', 'shadow.defaultPresets', * `position.fixed` and `position.sticky`. * @since 6.3.0 Added support for `typography.textColumns`, removed `layout.definitions`. * @since 6.4.0 Added support for `layout.allowEditing`, `background.backgroundImage`, * `typography.writingMode`, `lightbox.enabled` and `lightbox.allowEditing`. * @since 6.5.0 Added support for `layout.allowCustomContentAndWideSize`, * `background.backgroundSize` and `dimensions.aspectRatio`. * @since 6.6.0 Added support for 'dimensions.aspectRatios', 'dimensions.defaultAspectRatios', * 'typography.defaultFontSizes', and 'spacing.defaultSpacingSizes'. * @since 6.9.0 Added support for `border.radiusSizes`. * @var array */ const VALID_SETTINGS = array( 'appearanceTools' => null, 'useRootPaddingAwareAlignments' => null, 'background' => array( 'backgroundImage' => null, 'backgroundSize' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'radiusSizes' => null, 'style' => null, 'width' => null, ), 'color' => array( 'background' => null, 'custom' => null, 'customDuotone' => null, 'customGradient' => null, 'defaultDuotone' => null, 'defaultGradients' => null, 'defaultPalette' => null, 'duotone' => null, 'gradients' => null, 'link' => null, 'heading' => null, 'button' => null, 'caption' => null, 'palette' => null, 'text' => null, ), 'custom' => null, 'dimensions' => array( 'aspectRatio' => null, 'aspectRatios' => null, 'defaultAspectRatios' => null, 'minHeight' => null, ), 'layout' => array( 'contentSize' => null, 'wideSize' => null, 'allowEditing' => null, 'allowCustomContentAndWideSize' => null, ), 'lightbox' => array( 'enabled' => null, 'allowEditing' => null, ), 'position' => array( 'fixed' => null, 'sticky' => null, ), 'spacing' => array( 'customSpacingSize' => null, 'defaultSpacingSizes' => null, 'spacingSizes' => null, 'spacingScale' => null, 'blockGap' => null, 'margin' => null, 'padding' => null, 'units' => null, ), 'shadow' => array( 'presets' => null, 'defaultPresets' => null, ), 'typography' => array( 'fluid' => null, 'customFontSize' => null, 'defaultFontSizes' => null, 'dropCap' => null, 'fontFamilies' => null, 'fontSizes' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), ); /** * The valid properties for fontFamilies under settings key. * * @since 6.5.0 * @var array */ const FONT_FAMILY_SCHEMA = array( array( 'fontFamily' => null, 'name' => null, 'slug' => null, 'fontFace' => array( array( 'ascentOverride' => null, 'descentOverride' => null, 'fontDisplay' => null, 'fontFamily' => null, 'fontFeatureSettings' => null, 'fontStyle' => null, 'fontStretch' => null, 'fontVariationSettings' => null, 'fontWeight' => null, 'lineGapOverride' => null, 'sizeAdjust' => null, 'src' => null, 'unicodeRange' => null, ), ), ), ); /** * The valid properties under the styles key. * * @since 5.8.0 As `ALLOWED_STYLES`. * @since 5.9.0 Renamed from `ALLOWED_STYLES` to `VALID_STYLES`, * added new properties for `border`, `filter`, `spacing`, * and `typography`. * @since 6.1.0 Added new side properties for `border`, * added new property `shadow`, * updated `blockGap` to be allowed at any level. * @since 6.2.0 Added `outline`, and `minHeight` properties. * @since 6.3.0 Added support for `typography.textColumns`. * @since 6.5.0 Added support for `dimensions.aspectRatio`. * @since 6.6.0 Added `background` sub properties to top-level only. * @var array */ const VALID_STYLES = array( 'background' => array( 'backgroundImage' => null, 'backgroundPosition' => null, 'backgroundRepeat' => null, 'backgroundSize' => null, 'backgroundAttachment' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'style' => null, 'width' => null, 'top' => null, 'right' => null, 'bottom' => null, 'left' => null, ), 'color' => array( 'background' => null, 'gradient' => null, 'text' => null, ), 'dimensions' => array( 'aspectRatio' => null, 'minHeight' => null, ), 'filter' => array( 'duotone' => null, ), 'outline' => array( 'color' => null, 'offset' => null, 'style' => null, 'width' => null, ), 'shadow' => null, 'spacing' => array( 'margin' => null, 'padding' => null, 'blockGap' => null, ), 'typography' => array( 'fontFamily' => null, 'fontSize' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), 'css' => null, ); /** * Defines which pseudo selectors are enabled for which elements. * * The order of the selectors should be: link, any-link, visited, hover, focus, focus-visible, active. * This is to ensure the user action (hover, focus and active) styles have a higher * specificity than the visited styles, which in turn have a higher specificity than * the unvisited styles. * * See https://core.trac.wordpress.org/ticket/56928. * Note: this will affect both top-level and block-level elements. * * @since 6.1.0 * @since 6.2.0 Added support for ':link' and ':any-link'. * @since 6.8.0 Added support for ':focus-visible'. * @since 6.9.0 Added `textInput` and `select` elements. * @var array */ const VALID_ELEMENT_PSEUDO_SELECTORS = array( 'link' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), 'button' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), ); /** * The valid elements that can be found under styles. * * @since 5.8.0 * @since 6.1.0 Added `heading`, `button`, and `caption` elements. * @var string[] */ const ELEMENTS = array( 'link' => 'a:where(:not(.wp-element-button))', // The `where` is needed to lower the specificity. 'heading' => 'h1, h2, h3, h4, h5, h6', 'h1' => 'h1', 'h2' => 'h2', 'h3' => 'h3', 'h4' => 'h4', 'h5' => 'h5', 'h6' => 'h6', // We have the .wp-block-button__link class so that this will target older buttons that have been serialized. 'button' => '.wp-element-button, .wp-block-button__link', // The block classes are necessary to target older content that won't use the new class names. 'caption' => '.wp-element-caption, .wp-block-audio figcaption, .wp-block-embed figcaption, .wp-block-gallery figcaption, .wp-block-image figcaption, .wp-block-table figcaption, .wp-block-video figcaption', 'cite' => 'cite', 'textInput' => 'textarea, input:where([type=email],[type=number],[type=password],[type=search],[type=text],[type=tel],[type=url])', 'select' => 'select', ); const __EXPERIMENTAL_ELEMENT_CLASS_NAMES = array( 'button' => 'wp-element-button', 'caption' => 'wp-element-caption', ); /** * List of block support features that can have their related styles * generated under their own feature level selector rather than the block's. * * @since 6.1.0 * @var string[] */ const BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS = array( '__experimentalBorder' => 'border', 'color' => 'color', 'spacing' => 'spacing', 'typography' => 'typography', ); /** * Return the input schema at the root and per origin. * * @since 6.5.0 * * @param array $schema The base schema. * @return array The schema at the root and per origin. * * Example: * schema_in_root_and_per_origin( * array( * 'fontFamily' => null, * 'slug' => null, * ) * ) * * Returns: * array( * 'fontFamily' => null, * 'slug' => null, * 'default' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'blocks' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'theme' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'custom' => array( * 'fontFamily' => null, * 'slug' => null, * ), * ) */ protected static function schema_in_root_and_per_origin( $schema ) { $schema_in_root_and_per_origin = $schema; foreach ( static::VALID_ORIGINS as $origin ) { $schema_in_root_and_per_origin[ $origin ] = $schema; } return $schema_in_root_and_per_origin; } /** * Returns a class name by an element name. * * @since 6.1.0 * * @param string $element The name of the element. * @return string The name of the class. */ public static function get_element_class_name( $element ) { $class_name = ''; if ( isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ] ) ) { $class_name = static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ]; } return $class_name; } /** * Options that settings.appearanceTools enables. * * @since 6.0.0 * @since 6.2.0 Added `dimensions.minHeight` and `position.sticky`. * @since 6.4.0 Added `background.backgroundImage`. * @since 6.5.0 Added `background.backgroundSize` and `dimensions.aspectRatio`. * @var array */ const APPEARANCE_TOOLS_OPT_INS = array( array( 'background', 'backgroundImage' ), array( 'background', 'backgroundSize' ), array( 'border', 'color' ), array( 'border', 'radius' ), array( 'border', 'style' ), array( 'border', 'width' ), array( 'color', 'link' ), array( 'color', 'heading' ), array( 'color', 'button' ), array( 'color', 'caption' ), array( 'dimensions', 'aspectRatio' ), array( 'dimensions', 'minHeight' ), array( 'position', 'sticky' ), array( 'spacing', 'blockGap' ), array( 'spacing', 'margin' ), array( 'spacing', 'padding' ), array( 'typography', 'lineHeight' ), ); /** * The latest version of the schema in use. * * @since 5.8.0 * @since 5.9.0 Changed value from 1 to 2. * @since 6.6.0 Changed value from 2 to 3. * @var int */ const LATEST_SCHEMA = 3; /** * Constructor. * * @since 5.8.0 * @since 6.6.0 Key spacingScale by origin, and Pre-generate the spacingSizes from spacingScale. * Added unwrapping of shared block style variations into block type variations if registered. * * @param array $theme_json A structure that follows the theme.json schema. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. */ public function __construct( $theme_json = array( 'version' => self::LATEST_SCHEMA ), $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $this->theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $this->theme_json = static::unwrap_shared_block_style_variations( $this->theme_json, $valid_variations ); $this->theme_json = static::sanitize( $this->theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $this->theme_json = static::maybe_opt_in_into_settings( $this->theme_json ); // Internally, presets are keyed by origin. $nodes = static::get_setting_nodes( $this->theme_json ); foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $subpath ) { $path[] = $subpath; } $preset = _wp_array_get( $this->theme_json, $path, null ); if ( null !== $preset ) { // If the preset is not already keyed by origin. if ( isset( $preset[0] ) || empty( $preset ) ) { _wp_array_set( $this->theme_json, $path, array( $origin => $preset ) ); } } } } // In addition to presets, spacingScale (which generates presets) is also keyed by origin. $scale_path = array( 'settings', 'spacing', 'spacingScale' ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( null !== $spacing_scale ) { // If the spacingScale is not already keyed by origin. if ( empty( array_intersect( array_keys( $spacing_scale ), static::VALID_ORIGINS ) ) ) { _wp_array_set( $this->theme_json, $scale_path, array( $origin => $spacing_scale ) ); } } // Pre-generate the spacingSizes from spacingScale. $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( isset( $spacing_scale ) ) { $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $this->theme_json, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $this->theme_json, $sizes_path, $merged_spacing_sizes ); } } /** * Unwraps shared block style variations. * * It takes the shared variations (styles.variations.variationName) and * applies them to all the blocks that have the given variation registered * (styles.blocks.blockType.variations.variationName). * * For example, given the `core/paragraph` and `core/group` blocks have * registered the `section-a` style variation, and given the following input: * * { * "styles": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * * It returns the following output: * * { * "styles": { * "blocks": { * "core/paragraph": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * }, * }, * "core/group": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * } * } * * @since 6.6.0 * * @param array $theme_json A structure that follows the theme.json schema. * @param array $valid_variations Valid block style variations. * @return array Theme json data with shared variation definitions unwrapped under appropriate block types. */ private static function unwrap_shared_block_style_variations( $theme_json, $valid_variations ) { if ( empty( $theme_json['styles']['variations'] ) || empty( $valid_variations ) ) { return $theme_json; } $new_theme_json = $theme_json; $variations = $new_theme_json['styles']['variations']; foreach ( $valid_variations as $block_type => $registered_variations ) { foreach ( $registered_variations as $variation_name ) { $block_level_data = $new_theme_json['styles']['blocks'][ $block_type ]['variations'][ $variation_name ] ?? array(); $top_level_data = $variations[ $variation_name ] ?? array(); $merged_data = array_replace_recursive( $top_level_data, $block_level_data ); if ( ! empty( $merged_data ) ) { _wp_array_set( $new_theme_json, array( 'styles', 'blocks', $block_type, 'variations', $variation_name ), $merged_data ); } } } unset( $new_theme_json['styles']['variations'] ); return $new_theme_json; } /** * Enables some opt-in settings if theme declared support. * * @since 5.9.0 * * @param array $theme_json A theme.json structure to modify. * @return array The modified theme.json structure. */ protected static function maybe_opt_in_into_settings( $theme_json ) { $new_theme_json = $theme_json; if ( isset( $new_theme_json['settings']['appearanceTools'] ) && true === $new_theme_json['settings']['appearanceTools'] ) { static::do_opt_in_into_settings( $new_theme_json['settings'] ); } if ( isset( $new_theme_json['settings']['blocks'] ) && is_array( $new_theme_json['settings']['blocks'] ) ) { foreach ( $new_theme_json['settings']['blocks'] as &$block ) { if ( isset( $block['appearanceTools'] ) && ( true === $block['appearanceTools'] ) ) { static::do_opt_in_into_settings( $block ); } } } return $new_theme_json; } /** * Enables some settings. * * @since 5.9.0 * * @param array $context The context to which the settings belong. */ protected static function do_opt_in_into_settings( &$context ) { foreach ( static::APPEARANCE_TOOLS_OPT_INS as $path ) { /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ if ( 'unset prop' === _wp_array_get( $context, $path, 'unset prop' ) ) { _wp_array_set( $context, $path, true ); } } unset( $context['appearanceTools'] ); } /** * Sanitizes the input according to the schemas. * * @since 5.8.0 * @since 5.9.0 Added the `$valid_block_names` and `$valid_element_name` parameters. * @since 6.3.0 Added the `$valid_variations` parameter. * @since 6.6.0 Updated schema to allow extended block style variations. * * @param array $input Structure to sanitize. * @param array $valid_block_names List of valid block names. * @param array $valid_element_names List of valid element names. * @param array $valid_variations List of valid variations per block. * @return array The sanitized output. */ protected static function sanitize( $input, $valid_block_names, $valid_element_names, $valid_variations ) { $output = array(); if ( ! is_array( $input ) ) { return $output; } // Preserve only the top most level keys. $output = array_intersect_key( $input, array_flip( static::VALID_TOP_LEVEL_KEYS ) ); /* * Remove any rules that are annotated as "top" in VALID_STYLES constant. * Some styles are only meant to be available at the top-level (e.g.: blockGap), * hence, the schema for blocks & elements should not have them. */ $styles_non_top_level = static::VALID_STYLES; foreach ( array_keys( $styles_non_top_level ) as $section ) { // array_key_exists() needs to be used instead of isset() because the value can be null. if ( array_key_exists( $section, $styles_non_top_level ) && is_array( $styles_non_top_level[ $section ] ) ) { foreach ( array_keys( $styles_non_top_level[ $section ] ) as $prop ) { if ( 'top' === $styles_non_top_level[ $section ][ $prop ] ) { unset( $styles_non_top_level[ $section ][ $prop ] ); } } } } // Build the schema based on valid block & element names. $schema = array(); $schema_styles_elements = array(); /* * Set allowed element pseudo selectors based on per element allow list. * Target data structure in schema: * e.g. * - top level elements: `$schema['styles']['elements']['link'][':hover']`. * - block level elements: `$schema['styles']['blocks']['core/button']['elements']['link'][':hover']`. */ foreach ( $valid_element_names as $element ) { $schema_styles_elements[ $element ] = $styles_non_top_level; if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { $schema_styles_elements[ $element ][ $pseudo_selector ] = $styles_non_top_level; } } } $schema_styles_blocks = array(); $schema_settings_blocks = array(); /* * Generate a schema for blocks. * - Block styles can contain `elements` & `variations` definitions. * - Variations definitions cannot be nested. * - Variations can contain styles for inner `blocks`. * - Variation inner `blocks` styles can contain `elements`. * * As each variation needs a `blocks` schema but further nested * inner `blocks`, the overall schema will be generated in multiple passes. */ foreach ( $valid_block_names as $block ) { $schema_settings_blocks[ $block ] = static::VALID_SETTINGS; $schema_styles_blocks[ $block ] = $styles_non_top_level; $schema_styles_blocks[ $block ]['elements'] = $schema_styles_elements; } $block_style_variation_styles = static::VALID_STYLES; $block_style_variation_styles['blocks'] = $schema_styles_blocks; $block_style_variation_styles['elements'] = $schema_styles_elements; foreach ( $valid_block_names as $block ) { // Build the schema for each block style variation. $style_variation_names = array(); if ( ! empty( $input['styles']['blocks'][ $block ]['variations'] ) && is_array( $input['styles']['blocks'][ $block ]['variations'] ) && isset( $valid_variations[ $block ] ) ) { $style_variation_names = array_intersect( array_keys( $input['styles']['blocks'][ $block ]['variations'] ), $valid_variations[ $block ] ); } $schema_styles_variations = array(); if ( ! empty( $style_variation_names ) ) { $schema_styles_variations = array_fill_keys( $style_variation_names, $block_style_variation_styles ); } $schema_styles_blocks[ $block ]['variations'] = $schema_styles_variations; } $schema['styles'] = static::VALID_STYLES; $schema['styles']['blocks'] = $schema_styles_blocks; $schema['styles']['elements'] = $schema_styles_elements; $schema['settings'] = static::VALID_SETTINGS; $schema['settings']['blocks'] = $schema_settings_blocks; $schema['settings']['typography']['fontFamilies'] = static::schema_in_root_and_per_origin( static::FONT_FAMILY_SCHEMA ); // Remove anything that's not present in the schema. foreach ( array( 'styles', 'settings' ) as $subtree ) { if ( ! isset( $input[ $subtree ] ) ) { continue; } if ( ! is_array( $input[ $subtree ] ) ) { unset( $output[ $subtree ] ); continue; } $result = static::remove_keys_not_in_schema( $input[ $subtree ], $schema[ $subtree ] ); if ( empty( $result ) ) { unset( $output[ $subtree ] ); } else { $output[ $subtree ] = static::resolve_custom_css_format( $result ); } } return $output; } /** * Appends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_append selector ".some-class" the result will be * "h1.some-class, h2.some-class, h3.some-class". * * @since 5.8.0 * @since 6.1.0 Added append position. * @since 6.3.0 Removed append position parameter. * * @param string $selector Original selector. * @param string $to_append Selector to append. * @return string The new selector. */ protected static function append_to_selector( $selector, $to_append ) { if ( ! str_contains( $selector, ',' ) ) { return $selector . $to_append; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $sel . $to_append; } return implode( ',', $new_selectors ); } /** * Prepends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_prepend selector ".some-class " the result will be * ".some-class h1, .some-class h2, .some-class h3". * * @since 6.3.0 * * @param string $selector Original selector. * @param string $to_prepend Selector to prepend. * @return string The new selector. */ protected static function prepend_to_selector( $selector, $to_prepend ) { if ( ! str_contains( $selector, ',' ) ) { return $to_prepend . $selector; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $to_prepend . $sel; } return implode( ',', $new_selectors ); } /** * Returns the metadata for each block. * * Example: * * { * 'core/paragraph': { * 'selector': 'p', * 'elements': { * 'link' => 'link selector', * 'etc' => 'element selector' * } * }, * 'core/heading': { * 'selector': 'h1', * 'elements': {} * }, * 'core/image': { * 'selector': '.wp-block-image', * 'duotone': 'img', * 'elements': {} * } * } * * @since 5.8.0 * @since 5.9.0 Added `duotone` key with CSS selector. * @since 6.1.0 Added `features` key with block support feature level selectors. * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Updated to include block style variations from the block styles registry. * * @return array Block metadata. */ protected static function get_blocks_metadata() { $registry = WP_Block_Type_Registry::get_instance(); $blocks = $registry->get_all_registered(); $style_registry = WP_Block_Styles_Registry::get_instance(); // Is there metadata for all currently registered blocks? $blocks = array_diff_key( $blocks, static::$blocks_metadata ); if ( empty( $blocks ) ) { /* * New block styles may have been registered within WP_Block_Styles_Registry. * Update block metadata for any new block style variations. */ $registered_styles = $style_registry->get_all_registered(); foreach ( static::$blocks_metadata as $block_name => $block_metadata ) { if ( ! empty( $registered_styles[ $block_name ] ) ) { $style_selectors = $block_metadata['styleVariations'] ?? array(); foreach ( $registered_styles[ $block_name ] as $block_style ) { if ( ! isset( $style_selectors[ $block_style['name'] ] ) ) { $style_selectors[ $block_style['name'] ] = static::get_block_style_variation_selector( $block_style['name'], $block_metadata['selector'] ); } } static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } foreach ( $blocks as $block_name => $block_type ) { $root_selector = wp_get_block_css_selector( $block_type ); static::$blocks_metadata[ $block_name ]['selector'] = $root_selector; static::$blocks_metadata[ $block_name ]['selectors'] = static::get_block_selectors( $block_type, $root_selector ); $elements = static::get_block_element_selectors( $root_selector ); if ( ! empty( $elements ) ) { static::$blocks_metadata[ $block_name ]['elements'] = $elements; } // The block may or may not have a duotone selector. $duotone_selector = wp_get_block_css_selector( $block_type, 'filter.duotone' ); // Keep backwards compatibility for support.color.__experimentalDuotone. if ( null === $duotone_selector ) { $duotone_support = isset( $block_type->supports['color']['__experimentalDuotone'] ) ? $block_type->supports['color']['__experimentalDuotone'] : null; if ( $duotone_support ) { $root_selector = wp_get_block_css_selector( $block_type ); $duotone_selector = static::scope_selector( $root_selector, $duotone_support ); } } if ( null !== $duotone_selector ) { static::$blocks_metadata[ $block_name ]['duotone'] = $duotone_selector; } // If the block has style variations, append their selectors to the block metadata. $style_selectors = array(); if ( ! empty( $block_type->styles ) ) { foreach ( $block_type->styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } } // Block style variations can be registered through the WP_Block_Styles_Registry as well as block.json. $registered_styles = $style_registry->get_registered_styles_for_block( $block_name ); foreach ( $registered_styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } if ( ! empty( $style_selectors ) ) { static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } /** * Given a tree, removes the keys that are not present in the schema. * * It is recursive and modifies the input in-place. * * @since 5.8.0 * * @param array $tree Input to process. * @param array $schema Schema to adhere to. * @return array The modified $tree. */ protected static function remove_keys_not_in_schema( $tree, $schema ) { if ( ! is_array( $tree ) ) { return $tree; } foreach ( $tree as $key => $value ) { // Remove keys not in the schema or with null/empty values. if ( ! array_key_exists( $key, $schema ) ) { unset( $tree[ $key ] ); continue; } if ( is_array( $schema[ $key ] ) ) { if ( ! is_array( $value ) ) { unset( $tree[ $key ] ); } elseif ( wp_is_numeric_array( $value ) ) { // If indexed, process each item in the array. foreach ( $value as $item_key => $item_value ) { if ( isset( $schema[ $key ][0] ) && is_array( $schema[ $key ][0] ) ) { $tree[ $key ][ $item_key ] = self::remove_keys_not_in_schema( $item_value, $schema[ $key ][0] ); } else { // If the schema does not define a further structure, keep the value as is. $tree[ $key ][ $item_key ] = $item_value; } } } else { // If associative, process as a single object. $tree[ $key ] = self::remove_keys_not_in_schema( $value, $schema[ $key ] ); if ( empty( $tree[ $key ] ) ) { unset( $tree[ $key ] ); } } } } return $tree; } /** * Returns the existing settings for each block. * * Example: * * { * 'root': { * 'color': { * 'custom': true * } * }, * 'core/paragraph': { * 'spacing': { * 'customPadding': true * } * } * } * * @since 5.8.0 * * @return array Settings per block. */ public function get_settings() { if ( ! isset( $this->theme_json['settings'] ) ) { return array(); } else { return $this->theme_json['settings']; } } /** * Returns the stylesheet that results of processing * the theme.json structure this object represents. * * @since 5.8.0 * @since 5.9.0 Removed the `$type` parameter, added the `$types` and `$origins` parameters. * @since 6.3.0 Add fallback layout styles for Post Template when block gap support isn't available. * @since 6.6.0 Added boolean `skip_root_layout_styles` and `include_block_style_variations` options * to control styles output as desired. * * @param string[] $types Types of styles to load. Will load all by default. It accepts: * - `variables`: only the CSS Custom Properties for presets & custom ones. * - `styles`: only the styles section in theme.json. * - `presets`: only the classes for the presets. * - `base-layout-styles`: only the base layout styles. * - `custom-css`: only the custom CSS. * @param string[] $origins A list of origins to include. By default it includes VALID_ORIGINS. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type string $scope Makes sure all style are scoped to a given selector * @type string $root_selector Overwrites and forces a given selector to be used on the root node * @type bool $skip_root_layout_styles Omits root layout styles from the generated stylesheet. Default false. * @type bool $include_block_style_variations Includes styles for block style variations in the generated stylesheet. Default false. * } * @return string The resulting stylesheet. */ public function get_stylesheet( $types = array( 'variables', 'styles', 'presets' ), $origins = null, $options = array() ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } if ( is_string( $types ) ) { // Dispatch error and map old arguments to new ones. _deprecated_argument( __FUNCTION__, '5.9.0' ); if ( 'block_styles' === $types ) { $types = array( 'styles', 'presets' ); } elseif ( 'css_variables' === $types ) { $types = array( 'variables' ); } else { $types = array( 'variables', 'styles', 'presets' ); } } $blocks_metadata = static::get_blocks_metadata(); $style_nodes = static::get_style_nodes( $this->theme_json, $blocks_metadata, $options ); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $root_style_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $style_nodes, 'selector' ), true ); $root_settings_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $setting_nodes, 'selector' ), true ); if ( ! empty( $options['scope'] ) ) { foreach ( $setting_nodes as &$node ) { $node['selector'] = static::scope_selector( $options['scope'], $node['selector'] ); } foreach ( $style_nodes as &$node ) { $node = static::scope_style_node_selectors( $options['scope'], $node ); } unset( $node ); } if ( ! empty( $options['root_selector'] ) ) { if ( false !== $root_settings_key ) { $setting_nodes[ $root_settings_key ]['selector'] = $options['root_selector']; } if ( false !== $root_style_key ) { $style_nodes[ $root_style_key ]['selector'] = $options['root_selector']; } } $stylesheet = ''; if ( in_array( 'variables', $types, true ) ) { $stylesheet .= $this->get_css_variables( $setting_nodes, $origins ); } if ( in_array( 'styles', $types, true ) ) { if ( false !== $root_style_key && empty( $options['skip_root_layout_styles'] ) ) { $stylesheet .= $this->get_root_layout_rules( $style_nodes[ $root_style_key ]['selector'], $style_nodes[ $root_style_key ] ); } $stylesheet .= $this->get_block_classes( $style_nodes ); } elseif ( in_array( 'base-layout-styles', $types, true ) ) { $root_selector = static::ROOT_BLOCK_SELECTOR; $columns_selector = '.wp-block-columns'; $post_template_selector = '.wp-block-post-template'; if ( ! empty( $options['scope'] ) ) { $root_selector = static::scope_selector( $options['scope'], $root_selector ); $columns_selector = static::scope_selector( $options['scope'], $columns_selector ); $post_template_selector = static::scope_selector( $options['scope'], $post_template_selector ); } if ( ! empty( $options['root_selector'] ) ) { $root_selector = $options['root_selector']; } /* * Base layout styles are provided as part of `styles`, so only output separately if explicitly requested. * For backwards compatibility, the Columns block is explicitly included, to support a different default gap value. */ $base_styles_nodes = array( array( 'path' => array( 'styles' ), 'selector' => $root_selector, ), array( 'path' => array( 'styles', 'blocks', 'core/columns' ), 'selector' => $columns_selector, 'name' => 'core/columns', ), array( 'path' => array( 'styles', 'blocks', 'core/post-template' ), 'selector' => $post_template_selector, 'name' => 'core/post-template', ), ); foreach ( $base_styles_nodes as $base_style_node ) { $stylesheet .= $this->get_layout_styles( $base_style_node, $types ); } } if ( in_array( 'presets', $types, true ) ) { $stylesheet .= $this->get_preset_classes( $setting_nodes, $origins ); } // Load the custom CSS last so it has the highest specificity. if ( in_array( 'custom-css', $types, true ) ) { // Add the global styles root CSS. $stylesheet .= _wp_array_get( $this->theme_json, array( 'styles', 'css' ) ); } return $stylesheet; } /** * Processes the CSS, to apply nesting. * * @since 6.2.0 * @since 6.6.0 Enforced 0-1-0 specificity for block custom CSS selectors. * * @param string $css The CSS to process. * @param string $selector The selector to nest. * @return string The processed CSS. */ protected function process_blocks_custom_css( $css, $selector ) { $processed_css = ''; if ( empty( $css ) ) { return $processed_css; } // Split CSS nested rules. $parts = explode( '&', $css ); foreach ( $parts as $part ) { if ( empty( $part ) ) { continue; } $is_root_css = ( ! str_contains( $part, '{' ) ); if ( $is_root_css ) { // If the part doesn't contain braces, it applies to the root level. $processed_css .= ':root :where(' . trim( $selector ) . '){' . trim( $part ) . '}'; } else { // If the part contains braces, it's a nested CSS rule. $part = explode( '{', str_replace( '}', '', $part ) ); if ( count( $part ) !== 2 ) { continue; } $nested_selector = $part[0]; $css_value = $part[1]; /* * Handle pseudo elements such as ::before, ::after etc. Regex will also * capture any leading combinator such as >, +, or ~, as well as spaces. * This allows pseudo elements as descendants e.g. `.parent ::before`. */ $matches = array(); $has_pseudo_element = preg_match( '/([>+~\s]*::[a-zA-Z-]+)/', $nested_selector, $matches ); $pseudo_part = $has_pseudo_element ? $matches[1] : ''; $nested_selector = $has_pseudo_element ? str_replace( $pseudo_part, '', $nested_selector ) : $nested_selector; // Finalize selector and re-append pseudo element if required. $part_selector = str_starts_with( $nested_selector, ' ' ) ? static::scope_selector( $selector, $nested_selector ) : static::append_to_selector( $selector, $nested_selector ); $final_selector = ":root :where($part_selector)$pseudo_part"; $processed_css .= $final_selector . '{' . trim( $css_value ) . '}'; } } return $processed_css; } /** * Returns the global styles custom CSS. * * @since 6.2.0 * @deprecated 6.7.0 Use {@see 'get_stylesheet'} instead. * * @return string The global styles custom CSS. */ public function get_custom_css() { _deprecated_function( __METHOD__, '6.7.0', 'get_stylesheet' ); // Add the global styles root CSS. $stylesheet = isset( $this->theme_json['styles']['css'] ) ? $this->theme_json['styles']['css'] : ''; // Add the global styles block CSS. if ( isset( $this->theme_json['styles']['blocks'] ) ) { foreach ( $this->theme_json['styles']['blocks'] as $name => $node ) { $custom_block_css = isset( $this->theme_json['styles']['blocks'][ $name ]['css'] ) ? $this->theme_json['styles']['blocks'][ $name ]['css'] : null; if ( $custom_block_css ) { $selector = static::$blocks_metadata[ $name ]['selector']; $stylesheet .= $this->process_blocks_custom_css( $custom_block_css, $selector ); } } } return $stylesheet; } /** * Returns the page templates of the active theme. * * @since 5.9.0 * * @return array */ public function get_custom_templates() { $custom_templates = array(); if ( ! isset( $this->theme_json['customTemplates'] ) || ! is_array( $this->theme_json['customTemplates'] ) ) { return $custom_templates; } foreach ( $this->theme_json['customTemplates'] as $item ) { if ( isset( $item['name'] ) ) { $custom_templates[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'postTypes' => isset( $item['postTypes'] ) ? $item['postTypes'] : array( 'page' ), ); } } return $custom_templates; } /** * Returns the template part data of active theme. * * @since 5.9.0 * * @return array */ public function get_template_parts() { $template_parts = array(); if ( ! isset( $this->theme_json['templateParts'] ) || ! is_array( $this->theme_json['templateParts'] ) ) { return $template_parts; } foreach ( $this->theme_json['templateParts'] as $item ) { if ( isset( $item['name'] ) ) { $template_parts[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'area' => isset( $item['area'] ) ? $item['area'] : '', ); } } return $template_parts; } /** * Converts each style section into a list of rulesets * containing the block styles to be appended to the stylesheet. * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * style-property-one: value; * } * * @since 5.8.0 As `get_block_styles()`. * @since 5.9.0 Renamed from `get_block_styles()` to `get_block_classes()` * and no longer returns preset classes. * Removed the `$setting_nodes` parameter. * @since 6.1.0 Moved most internal logic to `get_styles_for_block()`. * * @param array $style_nodes Nodes with styles. * @return string The new stylesheet. */ protected function get_block_classes( $style_nodes ) { $block_rules = ''; foreach ( $style_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $block_rules .= static::get_styles_for_block( $metadata ); } return $block_rules; } /** * Gets the CSS layout rules for a particular block from theme.json layout definitions. * * @since 6.1.0 * @since 6.3.0 Reduced specificity for layout margin rules. * @since 6.5.1 Only output rules referencing content and wide sizes when values exist. * @since 6.5.3 Add types parameter to check if only base layout styles are needed. * @since 6.6.0 Updated layout style specificity to be compatible with overall 0-1-0 specificity in global styles. * * @param array $block_metadata Metadata about the block to get styles for. * @param array $types Optional. Types of styles to output. If empty, all styles will be output. * @return string Layout styles for the block. */ protected function get_layout_styles( $block_metadata, $types = array() ) { $block_rules = ''; $block_type = null; // Skip outputting layout styles if explicitly disabled. if ( current_theme_supports( 'disable-layout-styles' ) ) { return $block_rules; } if ( isset( $block_metadata['name'] ) ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block_metadata['name'] ); if ( ! block_has_support( $block_type, 'layout', false ) && ! block_has_support( $block_type, '__experimentalLayout', false ) ) { return $block_rules; } } $selector = isset( $block_metadata['selector'] ) ? $block_metadata['selector'] : ''; $has_block_gap_support = isset( $this->theme_json['settings']['spacing']['blockGap'] ); $has_fallback_gap_support = ! $has_block_gap_support; // This setting isn't useful yet: it exists as a placeholder for a future explicit fallback gap styles support. $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $layout_definitions = wp_get_layout_definitions(); $layout_selector_pattern = '/^[a-zA-Z0-9\-\.\,\ *+>:\(\)]*$/'; // Allow alphanumeric classnames, spaces, wildcard, sibling, child combinator and pseudo class selectors. /* * Gap styles will only be output if the theme has block gap support, or supports a fallback gap. * Default layout gap styles will be skipped for themes that do not explicitly opt-in to blockGap with a `true` or `false` value. */ if ( $has_block_gap_support || $has_fallback_gap_support ) { $block_gap_value = null; // Use a fallback gap value if block gap support is not available. if ( ! $has_block_gap_support ) { $block_gap_value = static::ROOT_BLOCK_SELECTOR === $selector ? '0.5em' : null; if ( ! empty( $block_type ) ) { $block_gap_value = isset( $block_type->supports['spacing']['blockGap']['__experimentalDefault'] ) ? $block_type->supports['spacing']['blockGap']['__experimentalDefault'] : null; } } else { $block_gap_value = static::get_property_value( $node, array( 'spacing', 'blockGap' ) ); } // Support split row / column values and concatenate to a shorthand value. if ( is_array( $block_gap_value ) ) { if ( isset( $block_gap_value['top'] ) && isset( $block_gap_value['left'] ) ) { $gap_row = static::get_property_value( $node, array( 'spacing', 'blockGap', 'top' ) ); $gap_column = static::get_property_value( $node, array( 'spacing', 'blockGap', 'left' ) ); $block_gap_value = $gap_row === $gap_column ? $gap_row : $gap_row . ' ' . $gap_column; } else { // Skip outputting gap value if not all sides are provided. $block_gap_value = null; } } // If the block should have custom gap, add the gap styles. if ( null !== $block_gap_value && false !== $block_gap_value && '' !== $block_gap_value ) { foreach ( $layout_definitions as $layout_definition_key => $layout_definition ) { // Allow outputting fallback gap styles for flex and grid layout types when block gap support isn't available. if ( ! $has_block_gap_support && 'flex' !== $layout_definition_key && 'grid' !== $layout_definition_key ) { continue; } $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $spacing_rules = isset( $layout_definition['spacingStyles'] ) ? $layout_definition['spacingStyles'] : array(); if ( ! empty( $class_name ) && ! empty( $spacing_rules ) ) { foreach ( $spacing_rules as $spacing_rule ) { $declarations = array(); if ( isset( $spacing_rule['selector'] ) && preg_match( $layout_selector_pattern, $spacing_rule['selector'] ) && ! empty( $spacing_rule['rules'] ) ) { // Iterate over each of the styling rules and substitute non-string values such as `null` with the real `blockGap` value. foreach ( $spacing_rule['rules'] as $css_property => $css_value ) { $current_css_value = is_string( $css_value ) ? $css_value : $block_gap_value; if ( static::is_safe_css_declaration( $css_property, $current_css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $current_css_value, ); } } if ( ! $has_block_gap_support ) { // For fallback gap styles, use lower specificity, to ensure styles do not unintentionally override theme styles. $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':where(.%2$s%3$s)' : ':where(%1$s.%2$s%3$s)'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } else { $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':root :where(.%2$s)%3$s' : ':root :where(%1$s-%2$s)%3$s'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } } // Output base styles. if ( static::ROOT_BLOCK_SELECTOR === $selector ) { $valid_display_modes = array( 'block', 'flex', 'grid' ); foreach ( $layout_definitions as $layout_definition ) { $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $base_style_rules = isset( $layout_definition['baseStyles'] ) ? $layout_definition['baseStyles'] : array(); if ( ! empty( $class_name ) && is_array( $base_style_rules ) ) { // Output display mode. This requires special handling as `display` is not exposed in `safe_style_css_filter`. if ( ! empty( $layout_definition['displayMode'] ) && is_string( $layout_definition['displayMode'] ) && in_array( $layout_definition['displayMode'], $valid_display_modes, true ) ) { $layout_selector = sprintf( '%s .%s', $selector, $class_name ); $block_rules .= static::to_ruleset( $layout_selector, array( array( 'name' => 'display', 'value' => $layout_definition['displayMode'], ), ) ); } foreach ( $base_style_rules as $base_style_rule ) { $declarations = array(); // Skip outputting base styles for flow and constrained layout types if theme doesn't support theme.json. The 'base-layout-styles' type flags this. if ( in_array( 'base-layout-styles', $types, true ) && ( 'default' === $layout_definition['name'] || 'constrained' === $layout_definition['name'] ) ) { continue; } if ( isset( $base_style_rule['selector'] ) && preg_match( $layout_selector_pattern, $base_style_rule['selector'] ) && ! empty( $base_style_rule['rules'] ) ) { foreach ( $base_style_rule['rules'] as $css_property => $css_value ) { // Skip rules that reference content size or wide size if they are not defined in the theme.json. if ( is_string( $css_value ) && ( str_contains( $css_value, '--global--content-size' ) || str_contains( $css_value, '--global--wide-size' ) ) && ! isset( $this->theme_json['settings']['layout']['contentSize'] ) && ! isset( $this->theme_json['settings']['layout']['wideSize'] ) ) { continue; } if ( static::is_safe_css_declaration( $css_property, $css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $css_value, ); } } $layout_selector = sprintf( '.%s%s', $class_name, $base_style_rule['selector'] ); $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } return $block_rules; } /** * Creates new rulesets as classes for each preset value such as: * * .has-value-color { * color: value; * } * * .has-value-background-color { * background-color: value; * } * * .has-value-font-size { * font-size: value; * } * * .has-value-gradient-background { * background: value; * } * * p.has-value-gradient-background { * background: value; * } * * @since 5.9.0 * * @param array $setting_nodes Nodes with settings. * @param string[] $origins List of origins to process presets from. * @return string The new stylesheet. */ protected function get_preset_classes( $setting_nodes, $origins ) { $preset_rules = ''; foreach ( $setting_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $preset_rules .= static::compute_preset_classes( $node, $selector, $origins ); } return $preset_rules; } /** * Converts each styles section into a list of rulesets * to be appended to the stylesheet. * These rulesets contain all the css variables (custom variables and preset variables). * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * --wp--preset--category--slug: value; * --wp--custom--variable: value; * } * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $nodes Nodes with settings. * @param string[] $origins List of origins to process. * @return string The new stylesheet. */ protected function get_css_variables( $nodes, $origins ) { $stylesheet = ''; foreach ( $nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $declarations = static::compute_preset_vars( $node, $origins ); $theme_vars_declarations = static::compute_theme_vars( $node ); foreach ( $theme_vars_declarations as $theme_vars_declaration ) { $declarations[] = $theme_vars_declaration; } $stylesheet .= static::to_ruleset( $selector, $declarations ); } return $stylesheet; } /** * Given a selector and a declaration list, * creates the corresponding ruleset. * * @since 5.8.0 * * @param string $selector CSS selector. * @param array $declarations List of declarations. * @return string The resulting CSS ruleset. */ protected static function to_ruleset( $selector, $declarations ) { if ( empty( $declarations ) ) { return ''; } $declaration_block = array_reduce( $declarations, static function ( $carry, $element ) { return $carry .= $element['name'] . ': ' . $element['value'] . ';'; }, '' ); return $selector . '{' . $declaration_block . '}'; } /** * Given a settings array, returns the generated rulesets * for the preset classes. * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * @since 6.6.0 Added check for root CSS properties selector. * * @param array $settings Settings to process. * @param string $selector Selector wrapping the classes. * @param string[] $origins List of origins to process. * @return string The result of processing the presets. */ protected static function compute_preset_classes( $settings, $selector, $origins ) { if ( static::ROOT_BLOCK_SELECTOR === $selector || static::ROOT_CSS_PROPERTIES_SELECTOR === $selector ) { /* * Classes at the global level do not need any CSS prefixed, * and we don't want to increase its specificity. */ $selector = ''; } $stylesheet = ''; foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['classes'] ) ) { continue; } $slugs = static::get_settings_slugs( $settings, $preset_metadata, $origins ); foreach ( $preset_metadata['classes'] as $class => $property ) { foreach ( $slugs as $slug ) { $css_var = static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ); $class_name = static::replace_slug_in_string( $class, $slug ); // $selector is often empty, so we can save ourselves the `append_to_selector()` call then. $new_selector = '' === $selector ? $class_name : static::append_to_selector( $selector, $class_name ); $stylesheet .= static::to_ruleset( $new_selector, array( array( 'name' => $property, 'value' => 'var(' . $css_var . ') !important', ), ) ); } } } return $stylesheet; } /** * Function that scopes a selector with another one. This works a bit like * SCSS nesting except the `&` operator isn't supported. * * <code> * $scope = '.a, .b .c'; * $selector = '> .x, .y'; * $merged = scope_selector( $scope, $selector ); * // $merged is '.a > .x, .a .y, .b .c > .x, .b .c .y' * </code> * * @since 5.9.0 * @since 6.6.0 Added early return if missing scope or selector. * * @param string $scope Selector to scope to. * @param string $selector Original selector. * @return string Scoped selector. */ public static function scope_selector( $scope, $selector ) { if ( ! $scope || ! $selector ) { return $selector; } $scopes = explode( ',', $scope ); $selectors = explode( ',', $selector ); $selectors_scoped = array(); foreach ( $scopes as $outer ) { foreach ( $selectors as $inner ) { $outer = trim( $outer ); $inner = trim( $inner ); if ( ! empty( $outer ) && ! empty( $inner ) ) { $selectors_scoped[] = $outer . ' ' . $inner; } elseif ( empty( $outer ) ) { $selectors_scoped[] = $inner; } elseif ( empty( $inner ) ) { $selectors_scoped[] = $outer; } } } $result = implode( ', ', $selectors_scoped ); return $result; } /** * Scopes the selectors for a given style node. * * This includes the primary selector, i.e. `$node['selector']`, as well as any custom * selectors for features and subfeatures, e.g. `$node['selectors']['border']` etc. * * @since 6.6.0 * * @param string $scope Selector to scope to. * @param array $node Style node with selectors to scope. * @return array Node with updated selectors. */ protected static function scope_style_node_selectors( $scope, $node ) { $node['selector'] = static::scope_selector( $scope, $node['selector'] ); if ( empty( $node['selectors'] ) ) { return $node; } foreach ( $node['selectors'] as $feature => $selector ) { if ( is_string( $selector ) ) { $node['selectors'][ $feature ] = static::scope_selector( $scope, $selector ); } if ( is_array( $selector ) ) { foreach ( $selector as $subfeature => $subfeature_selector ) { $node['selectors'][ $feature ][ $subfeature ] = static::scope_selector( $scope, $subfeature_selector ); } } } return $node; } /** * Gets preset values keyed by slugs based on settings and metadata. * * <code> * $settings = array( * 'typography' => array( * 'fontFamilies' => array( * array( * 'slug' => 'sansSerif', * 'fontFamily' => '"Helvetica Neue", sans-serif', * ), * array( * 'slug' => 'serif', * 'colors' => 'Georgia, serif', * ) * ), * ), * ); * $meta = array( * 'path' => array( 'typography', 'fontFamilies' ), * 'value_key' => 'fontFamily', * ); * $values_by_slug = get_settings_values_by_slug(); * // $values_by_slug === array( * // 'sans-serif' => '"Helvetica Neue", sans-serif', * // 'serif' => 'Georgia, serif', * // ); * </code> * * @since 5.9.0 * @since 6.6.0 Passing $settings to the callbacks defined in static::PRESETS_METADATA. * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where each key is a slug and each value is the preset value. */ protected static function get_settings_values_by_slug( $settings, $preset_metadata, $origins ) { $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); $value = ''; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value_key = $preset_metadata['value_key']; $value = $preset[ $value_key ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value_func = $preset_metadata['value_func']; $value = call_user_func( $value_func, $preset, $settings ); } else { // If we don't have a value, then don't add it to the result. continue; } $result[ $slug ] = $value; } } return $result; } /** * Similar to get_settings_values_by_slug, but doesn't compute the value. * * @since 5.9.0 * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where the key and value are both the slug. */ protected static function get_settings_slugs( $settings, $preset_metadata, $origins = null ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); // Use the array as a set so we don't get duplicates. $result[ $slug ] = $slug; } } return $result; } /** * Transforms a slug into a CSS Custom Property. * * @since 5.9.0 * * @param string $input String to replace. * @param string $slug The slug value to use to generate the custom property. * @return string The CSS Custom Property. Something along the lines of `--wp--preset--color--black`. */ protected static function replace_slug_in_string( $input, $slug ) { return strtr( $input, array( '$slug' => $slug ) ); } /** * Given the block settings, extracts the CSS Custom Properties * for the presets and adds them to the $declarations array * following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $settings Settings to process. * @param string[] $origins List of origins to process. * @return array The modified $declarations. */ protected static function compute_preset_vars( $settings, $origins ) { $declarations = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['css_vars'] ) ) { continue; } $values_by_slug = static::get_settings_values_by_slug( $settings, $preset_metadata, $origins ); foreach ( $values_by_slug as $slug => $value ) { $declarations[] = array( 'name' => static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ), 'value' => $value, ); } } return $declarations; } /** * Given an array of settings, extracts the CSS Custom Properties * for the custom values and adds them to the $declarations * array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * * @param array $settings Settings to process. * @return array The modified $declarations. */ protected static function compute_theme_vars( $settings ) { $declarations = array(); $custom_values = isset( $settings['custom'] ) ? $settings['custom'] : array(); $css_vars = static::flatten_tree( $custom_values ); foreach ( $css_vars as $key => $value ) { $declarations[] = array( 'name' => '--wp--custom--' . $key, 'value' => $value, ); } return $declarations; } /** * Given a tree, it creates a flattened one * by merging the keys and binding the leaf values * to the new keys. * * It also transforms camelCase names into kebab-case * and substitutes '/' by '-'. * * This is thought to be useful to generate * CSS Custom Properties from a tree, * although there's nothing in the implementation * of this function that requires that format. * * For example, assuming the given prefix is '--wp' * and the token is '--', for this input tree: * * { * 'some/property': 'value', * 'nestedProperty': { * 'sub-property': 'value' * } * } * * it'll return this output: * * { * '--wp--some-property': 'value', * '--wp--nested-property--sub-property': 'value' * } * * @since 5.8.0 * * @param array $tree Input tree to process. * @param string $prefix Optional. Prefix to prepend to each variable. Default empty string. * @param string $token Optional. Token to use between levels. Default '--'. * @return array The flattened tree. */ protected static function flatten_tree( $tree, $prefix = '', $token = '--' ) { $result = array(); foreach ( $tree as $property => $value ) { $new_key = $prefix . str_replace( '/', '-', strtolower( _wp_to_kebab_case( $property ) ) ); if ( is_array( $value ) ) { $new_prefix = $new_key . $token; $flattened_subtree = static::flatten_tree( $value, $new_prefix, $token ); foreach ( $flattened_subtree as $subtree_key => $subtree_value ) { $result[ $subtree_key ] = $subtree_value; } } else { $result[ $new_key ] = $value; } } return $result; } /** * Given a styles array, it extracts the style properties * and adds them to the $declarations array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value', * ) * * @since 5.8.0 * @since 5.9.0 Added the `$settings` and `$properties` parameters. * @since 6.1.0 Added `$theme_json`, `$selector`, and `$use_root_padding` parameters. * @since 6.5.0 Output a `min-height: unset` rule when `aspect-ratio` is set. * @since 6.6.0 Pass current theme JSON settings to wp_get_typography_font_size_value(), and process background properties. * @since 6.7.0 `ref` resolution of background properties, and assigning custom default values. * * @param array $styles Styles to process. * @param array $settings Theme settings. * @param array $properties Properties metadata. * @param array $theme_json Theme JSON array. * @param string $selector The style block selector. * @param boolean $use_root_padding Whether to add custom properties at root level. * @return array Returns the modified $declarations. */ protected static function compute_style_properties( $styles, $settings = array(), $properties = null, $theme_json = null, $selector = null, $use_root_padding = null ) { if ( empty( $styles ) ) { return array(); } if ( null === $properties ) { $properties = static::PROPERTIES_METADATA; } $declarations = array(); $root_variable_duplicates = array(); $root_style_length = strlen( '--wp--style--root--' ); foreach ( $properties as $css_property => $value_path ) { if ( ! is_array( $value_path ) ) { continue; } $is_root_style = str_starts_with( $css_property, '--wp--style--root--' ); if ( $is_root_style && ( static::ROOT_BLOCK_SELECTOR !== $selector || ! $use_root_padding ) ) { continue; } $value = static::get_property_value( $styles, $value_path, $theme_json ); /* * Root-level padding styles don't currently support strings with CSS shorthand values. * This may change: https://github.com/WordPress/gutenberg/issues/40132. */ if ( '--wp--style--root--padding' === $css_property && is_string( $value ) ) { continue; } if ( $is_root_style && $use_root_padding ) { $root_variable_duplicates[] = substr( $css_property, $root_style_length ); } /* * Processes background image styles. * If the value is a URL, it will be converted to a CSS `url()` value. * For uploaded image (images with a database ID), apply size and position defaults, * equal to those applied in block supports in lib/background.php. */ if ( 'background-image' === $css_property && ! empty( $value ) ) { $background_styles = wp_style_engine_get_styles( array( 'background' => array( 'backgroundImage' => $value ) ) ); $value = $background_styles['declarations'][ $css_property ]; } if ( empty( $value ) && static::ROOT_BLOCK_SELECTOR !== $selector && ! empty( $styles['background']['backgroundImage']['id'] ) ) { if ( 'background-size' === $css_property ) { $value = 'cover'; } // If the background size is set to `contain` and no position is set, set the position to `center`. if ( 'background-position' === $css_property ) { $background_size = $styles['background']['backgroundSize'] ?? null; $value = 'contain' === $background_size ? '50% 50%' : null; } } // Skip if empty and not "0" or value represents array of longhand values. $has_missing_value = empty( $value ) && ! is_numeric( $value ); if ( $has_missing_value || is_array( $value ) ) { continue; } /* * Look up protected properties, keyed by value path. * Skip protected properties that are explicitly set to `null`. */ $path_string = implode( '.', $value_path ); if ( isset( static::PROTECTED_PROPERTIES[ $path_string ] ) && _wp_array_get( $settings, static::PROTECTED_PROPERTIES[ $path_string ], null ) === null ) { continue; } // Calculates fluid typography rules where available. if ( 'font-size' === $css_property ) { /* * wp_get_typography_font_size_value() will check * if fluid typography has been activated and also * whether the incoming value can be converted to a fluid value. * Values that already have a clamp() function will not pass the test, * and therefore the original $value will be returned. * Pass the current theme_json settings to override any global settings. */ $value = wp_get_typography_font_size_value( array( 'size' => $value ), $settings ); } if ( 'aspect-ratio' === $css_property ) { // For aspect ratio to work, other dimensions rules must be unset. // This ensures that a fixed height does not override the aspect ratio. $declarations[] = array( 'name' => 'min-height', 'value' => 'unset', ); } $declarations[] = array( 'name' => $css_property, 'value' => $value, ); } // If a variable value is added to the root, the corresponding property should be removed. foreach ( $root_variable_duplicates as $duplicate ) { $discard = array_search( $duplicate, array_column( $declarations, 'name' ), true ); if ( is_numeric( $discard ) ) { array_splice( $declarations, $discard, 1 ); } } return $declarations; } /** * Returns the style property for the given path. * * It also converts references to a path to the value * stored at that location, e.g. * { "ref": "style.color.background" } => "#fff". * * @since 5.8.0 * @since 5.9.0 Added support for values of array type, which are returned as is. * @since 6.1.0 Added the `$theme_json` parameter. * @since 6.3.0 It no longer converts the internal format "var:preset|color|secondary" * to the standard form "--wp--preset--color--secondary". * This is already done by the sanitize method, * so every property will be in the standard form. * @since 6.7.0 Added support for background image refs. * * @param array $styles Styles subtree. * @param array $path Which property to process. * @param array $theme_json Theme JSON array. * @return string|array Style property value. */ protected static function get_property_value( $styles, $path, $theme_json = null ) { $value = _wp_array_get( $styles, $path, '' ); if ( '' === $value || null === $value ) { // No need to process the value further. return ''; } /* * This converts references to a path to the value at that path * where the value is an array with a "ref" key, pointing to a path. * For example: { "ref": "style.color.background" } => "#fff". * In the case of backgroundImage, if both a ref and a URL are present in the value, * the URL takes precedence and the ref is ignored. */ if ( is_array( $value ) && isset( $value['ref'] ) ) { $value_path = explode( '.', $value['ref'] ); $ref_value = _wp_array_get( $theme_json, $value_path ); // Background Image refs can refer to a string or an array containing a URL string. $ref_value_url = $ref_value['url'] ?? null; // Only use the ref value if we find anything. if ( ! empty( $ref_value ) && ( is_string( $ref_value ) || is_string( $ref_value_url ) ) ) { $value = $ref_value; } if ( is_array( $ref_value ) && isset( $ref_value['ref'] ) ) { $path_string = json_encode( $path ); $ref_value_string = json_encode( $ref_value ); _doing_it_wrong( 'get_property_value', sprintf( /* translators: 1: theme.json, 2: Value name, 3: Value path, 4: Another value name. */ __( 'Your %1$s file uses a dynamic value (%2$s) for the path at %3$s. However, the value at %3$s is also a dynamic value (pointing to %4$s) and pointing to another dynamic value is not supported. Please update %3$s to point directly to %4$s.' ), 'theme.json', $ref_value_string, $path_string, $ref_value['ref'] ), '6.1.0' ); } } if ( is_array( $value ) ) { return $value; } return $value; } /** * Builds metadata for the setting nodes, which returns in the form of: * * [ * [ * 'path' => ['path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node' * ], * [ * 'path' => [ 'path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node' * ], * ] * * @since 5.8.0 * * @param array $theme_json The tree to extract setting nodes from. * @param array $selectors List of selectors per block. * @return array An array of setting nodes metadata. */ protected static function get_setting_nodes( $theme_json, $selectors = array() ) { $nodes = array(); if ( ! isset( $theme_json['settings'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'settings' ), 'selector' => static::ROOT_CSS_PROPERTIES_SELECTOR, ); // Calculate paths for blocks. if ( ! isset( $theme_json['settings']['blocks'] ) ) { return $nodes; } foreach ( $theme_json['settings']['blocks'] as $name => $node ) { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $nodes[] = array( 'path' => array( 'settings', 'blocks', $name ), 'selector' => $selector, ); } return $nodes; } /** * Builds metadata for the style nodes, which returns in the form of: * * [ * [ * 'path' => [ 'path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node', * 'duotone' => 'CSS selector for duotone for some node' * ], * [ * 'path' => ['path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node', * 'duotone' => null * ], * ] * * @since 5.8.0 * @since 6.6.0 Added options array for modifying generated nodes. * * @param array $theme_json The tree to extract style nodes from. * @param array $selectors List of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Includes style nodes for block style variations. Default false. * } * @return array An array of style nodes metadata. */ protected static function get_style_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'styles' ), 'selector' => static::ROOT_BLOCK_SELECTOR, ); if ( isset( $theme_json['styles']['elements'] ) ) { foreach ( self::ELEMENTS as $element => $selector ) { if ( ! isset( $theme_json['styles']['elements'][ $element ] ) ) { continue; } $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::ELEMENTS[ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['elements'][ $element ][ $pseudo_selector ] ) ) { $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::append_to_selector( static::ELEMENTS[ $element ], $pseudo_selector ), ); } } } } } // Blocks. if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $block_nodes = static::get_block_nodes( $theme_json, $selectors, $options ); foreach ( $block_nodes as $block_node ) { $nodes[] = $block_node; } /** * Filters the list of style nodes with metadata. * * This allows for things like loading block CSS independently. * * @since 6.1.0 * * @param array $nodes Style nodes with metadata. */ return apply_filters( 'wp_theme_json_get_style_nodes', $nodes ); } /** * A public helper to get the block nodes from a theme.json file. * * @since 6.1.0 * * @return array The block nodes in theme.json. */ public function get_styles_block_nodes() { return static::get_block_nodes( $this->theme_json ); } /** * Returns a filtered declarations array if there is a separator block with only a background * style defined in theme.json by adding a color attribute to reflect the changes in the front. * * @since 6.1.1 * * @param array $declarations List of declarations. * @return array $declarations List of declarations filtered. */ private static function update_separator_declarations( $declarations ) { $background_color = ''; $border_color_matches = false; $text_color_matches = false; foreach ( $declarations as $declaration ) { if ( 'background-color' === $declaration['name'] && ! $background_color && isset( $declaration['value'] ) ) { $background_color = $declaration['value']; } elseif ( 'border-color' === $declaration['name'] ) { $border_color_matches = true; } elseif ( 'color' === $declaration['name'] ) { $text_color_matches = true; } if ( $background_color && $border_color_matches && $text_color_matches ) { break; } } if ( $background_color && ! $border_color_matches && ! $text_color_matches ) { $declarations[] = array( 'name' => 'color', 'value' => $background_color, ); } return $declarations; } /** * An internal method to get the block nodes from a theme.json file. * * @since 6.1.0 * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Added optional selectors and options for generating block nodes. * @since 6.7.0 Added $include_node_paths_only option. * * @param array $theme_json The theme.json converted to an array. * @param array $selectors Optional list of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Include nodes for block style variations. Default false. * @type bool $include_node_paths_only Return only block nodes node paths. Default false. * } * @return array The block nodes in theme.json. */ private static function get_block_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $include_variations = $options['include_block_style_variations'] ?? false; $include_node_paths_only = $options['include_node_paths_only'] ?? false; // If only node paths are to be returned, skip selector assignment. if ( ! $include_node_paths_only ) { $selectors = empty( $selectors ) ? static::get_blocks_metadata() : $selectors; } foreach ( $theme_json['styles']['blocks'] as $name => $node ) { $node_path = array( 'styles', 'blocks', $name ); if ( $include_node_paths_only ) { $variation_paths = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $variation_node ) { $variation_paths[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), ); } } $node = array( 'path' => $node_path, ); if ( ! empty( $variation_paths ) ) { $node['variations'] = $variation_paths; } $nodes[] = $node; } else { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $duotone_selector = null; if ( isset( $selectors[ $name ]['duotone'] ) ) { $duotone_selector = $selectors[ $name ]['duotone']; } $feature_selectors = null; if ( isset( $selectors[ $name ]['selectors'] ) ) { $feature_selectors = $selectors[ $name ]['selectors']; } $variation_selectors = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $node ) { $variation_selectors[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), 'selector' => $selectors[ $name ]['styleVariations'][ $variation ], ); } } $nodes[] = array( 'name' => $name, 'path' => $node_path, 'selector' => $selector, 'selectors' => $feature_selectors, 'duotone' => $duotone_selector, 'features' => $feature_selectors, 'variations' => $variation_selectors, 'css' => $selector, ); } if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'] ) ) { foreach ( $theme_json['styles']['blocks'][ $name ]['elements'] as $element => $node ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); if ( $include_node_paths_only ) { $nodes[] = array( 'path' => $node_path, ); continue; } $nodes[] = array( 'path' => $node_path, 'selector' => $selectors[ $name ]['elements'][ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'][ $element ][ $pseudo_selector ] ) ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); $nodes[] = array( 'path' => $node_path, 'selector' => static::append_to_selector( $selectors[ $name ]['elements'][ $element ], $pseudo_selector ), ); } } } } } } return $nodes; } /** * Gets the CSS rules for a particular block from theme.json. * * @since 6.1.0 * @since 6.6.0 Setting a min-height of HTML when root styles have a background gradient or image. * Updated general global styles specificity to 0-1-0. * Fixed custom CSS output in block style variations. * * @param array $block_metadata Metadata about the block to get styles for. * @return string Styles for the block. */ public function get_styles_for_block( $block_metadata ) { $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; $selector = $block_metadata['selector']; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $feature_declarations = static::get_feature_declarations_for_node( $block_metadata, $node ); $is_root_selector = static::ROOT_BLOCK_SELECTOR === $selector; // If there are style variations, generate the declarations for them, including any feature selectors the block may have. $style_variation_declarations = array(); $style_variation_custom_css = array(); if ( ! empty( $block_metadata['variations'] ) ) { foreach ( $block_metadata['variations'] as $style_variation ) { $style_variation_node = _wp_array_get( $this->theme_json, $style_variation['path'], array() ); $clean_style_variation_selector = trim( $style_variation['selector'] ); // Generate any feature/subfeature style declarations for the current style variation. $variation_declarations = static::get_feature_declarations_for_node( $block_metadata, $style_variation_node ); // Combine selectors with style variation's selector and add to overall style variation declarations. foreach ( $variation_declarations as $current_selector => $new_declarations ) { /* * Clean up any whitespace between comma separated selectors. * This prevents these spaces breaking compound selectors such as: * - `.wp-block-list:not(.wp-block-list .wp-block-list)` * - `.wp-block-image img, .wp-block-image.my-class img` */ $clean_current_selector = preg_replace( '/,\s+/', ',', $current_selector ); $shortened_selector = str_replace( $block_metadata['selector'], '', $clean_current_selector ); // Prepend the variation selector to the current selector. $split_selectors = explode( ',', $shortened_selector ); $updated_selectors = array_map( static function ( $split_selector ) use ( $clean_style_variation_selector ) { return $clean_style_variation_selector . $split_selector; }, $split_selectors ); $combined_selectors = implode( ',', $updated_selectors ); // Add the new declarations to the overall results under the modified selector. $style_variation_declarations[ $combined_selectors ] = $new_declarations; } // Compute declarations for remaining styles not covered by feature level selectors. $style_variation_declarations[ $style_variation['selector'] ] = static::compute_style_properties( $style_variation_node, $settings, null, $this->theme_json ); // Store custom CSS for the style variation. if ( isset( $style_variation_node['css'] ) ) { $style_variation_custom_css[ $style_variation['selector'] ] = $this->process_blocks_custom_css( $style_variation_node['css'], $style_variation['selector'] ); } } } /* * Get a reference to element name from path. * $block_metadata['path'] = array( 'styles','elements','link' ); * Make sure that $block_metadata['path'] describes an element node, like [ 'styles', 'element', 'link' ]. * Skip non-element paths like just ['styles']. */ $is_processing_element = in_array( 'elements', $block_metadata['path'], true ); $current_element = $is_processing_element ? $block_metadata['path'][ count( $block_metadata['path'] ) - 1 ] : null; $element_pseudo_allowed = array(); if ( isset( $current_element, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { $element_pseudo_allowed = static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ]; } /* * Check for allowed pseudo classes (e.g. ":hover") from the $selector ("a:hover"). * This also resets the array keys. */ $pseudo_matches = array_values( array_filter( $element_pseudo_allowed, static function ( $pseudo_selector ) use ( $selector ) { /* * Check if the pseudo selector is in the current selector, * ensuring it is not followed by a dash (e.g., :focus should not match :focus-visible). */ return preg_match( '/' . preg_quote( $pseudo_selector, '/' ) . '(?!-)/', $selector ) === 1; } ) ); $pseudo_selector = isset( $pseudo_matches[0] ) ? $pseudo_matches[0] : null; /* * If the current selector is a pseudo selector that's defined in the allow list for the current * element then compute the style properties for it. * Otherwise just compute the styles for the default selector as normal. */ if ( $pseudo_selector && isset( $node[ $pseudo_selector ] ) && isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) && in_array( $pseudo_selector, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ], true ) ) { $declarations = static::compute_style_properties( $node[ $pseudo_selector ], $settings, null, $this->theme_json, $selector, $use_root_padding ); } else { $declarations = static::compute_style_properties( $node, $settings, null, $this->theme_json, $selector, $use_root_padding ); } $block_rules = ''; /* * 1. Bespoke declaration modifiers: * - 'filter': Separate the declarations that use the general selector * from the ones using the duotone selector. * - 'background|background-image': set the html min-height to 100% * to ensure the background covers the entire viewport. */ $declarations_duotone = array(); $should_set_root_min_height = false; foreach ( $declarations as $index => $declaration ) { if ( 'filter' === $declaration['name'] ) { /* * 'unset' filters happen when a filter is unset * in the site-editor UI. Because the 'unset' value * in the user origin overrides the value in the * theme origin, we can skip rendering anything * here as no filter needs to be applied anymore. * So only add declarations to with values other * than 'unset'. */ if ( 'unset' !== $declaration['value'] ) { $declarations_duotone[] = $declaration; } unset( $declarations[ $index ] ); } if ( $is_root_selector && ( 'background-image' === $declaration['name'] || 'background' === $declaration['name'] ) ) { $should_set_root_min_height = true; } } /* * If root styles has a background-image or a background (gradient) set, * set the min-height to '100%'. Minus `--wp-admin--admin-bar--height` for logged-in view. * Setting the CSS rule on the HTML tag ensures background gradients and images behave similarly, * and matches the behavior of the site editor. */ if ( $should_set_root_min_height ) { $block_rules .= static::to_ruleset( 'html', array( array( 'name' => 'min-height', 'value' => 'calc(100% - var(--wp-admin--admin-bar--height, 0px))', ), ) ); } // Update declarations if there are separators with only background color defined. if ( '.wp-block-separator' === $selector ) { $declarations = static::update_separator_declarations( $declarations ); } /* * Root selector (body) styles should not be wrapped in `:root where()` to keep * specificity at (0,0,1) and maintain backwards compatibility. * * Top-level element styles using element-only specificity selectors should * not get wrapped in `:root :where()` to maintain backwards compatibility. * * Pseudo classes, e.g. :hover, :focus etc., are a class-level selector so * still need to be wrapped in `:root :where` to cap specificity for nested * variations etc. Pseudo selectors won't match the ELEMENTS selector exactly. */ $element_only_selector = $is_root_selector || ( $current_element && isset( static::ELEMENTS[ $current_element ] ) && // buttons, captions etc. still need `:root :where()` as they are class based selectors. ! isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $current_element ] ) && static::ELEMENTS[ $current_element ] === $selector ); // 2. Generate and append the rules that use the general selector. $general_selector = $element_only_selector ? $selector : ":root :where($selector)"; $block_rules .= static::to_ruleset( $general_selector, $declarations ); // 3. Generate and append the rules that use the duotone selector. if ( isset( $block_metadata['duotone'] ) && ! empty( $declarations_duotone ) ) { $block_rules .= static::to_ruleset( $block_metadata['duotone'], $declarations_duotone ); } // 4. Generate Layout block gap styles. if ( ! $is_root_selector && ! empty( $block_metadata['name'] ) ) { $block_rules .= $this->get_layout_styles( $block_metadata ); } // 5. Generate and append the feature level rulesets. foreach ( $feature_declarations as $feature_selector => $individual_feature_declarations ) { $block_rules .= static::to_ruleset( ":root :where($feature_selector)", $individual_feature_declarations ); } // 6. Generate and append the style variation rulesets. foreach ( $style_variation_declarations as $style_variation_selector => $individual_style_variation_declarations ) { $block_rules .= static::to_ruleset( ":root :where($style_variation_selector)", $individual_style_variation_declarations ); if ( isset( $style_variation_custom_css[ $style_variation_selector ] ) ) { $block_rules .= $style_variation_custom_css[ $style_variation_selector ]; } } // 7. Generate and append any custom CSS rules. if ( isset( $node['css'] ) && ! $is_root_selector ) { $block_rules .= $this->process_blocks_custom_css( $node['css'], $selector ); } return $block_rules; } /** * Outputs the CSS for layout rules on the root. * * @since 6.1.0 * @since 6.6.0 Use `ROOT_CSS_PROPERTIES_SELECTOR` for CSS custom properties and improved consistency of root padding rules. * Updated specificity of body margin reset and first/last child selectors. * * @param string $selector The root node selector. * @param array $block_metadata The metadata for the root block. * @return string The additional root rules CSS. */ public function get_root_layout_rules( $selector, $block_metadata ) { $css = ''; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; /* * If there are content and wide widths in theme.json, output them * as custom properties on the body element so all blocks can use them. */ if ( isset( $settings['layout']['contentSize'] ) || isset( $settings['layout']['wideSize'] ) ) { $content_size = isset( $settings['layout']['contentSize'] ) ? $settings['layout']['contentSize'] : $settings['layout']['wideSize']; $content_size = static::is_safe_css_declaration( 'max-width', $content_size ) ? $content_size : 'initial'; $wide_size = isset( $settings['layout']['wideSize'] ) ? $settings['layout']['wideSize'] : $settings['layout']['contentSize']; $wide_size = static::is_safe_css_declaration( 'max-width', $wide_size ) ? $wide_size : 'initial'; $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . ' { --wp--style--global--content-size: ' . $content_size . ';'; $css .= '--wp--style--global--wide-size: ' . $wide_size . '; }'; } /* * Reset default browser margin on the body element. * This is set on the body selector **before** generating the ruleset * from the `theme.json`. This is to ensure that if the `theme.json` declares * `margin` in its `spacing` declaration for the `body` element then these * user-generated values take precedence in the CSS cascade. * @link https://github.com/WordPress/gutenberg/issues/36147. */ $css .= ':where(body) { margin: 0; }'; if ( $use_root_padding ) { // Top and bottom padding are applied to the outer block container. $css .= '.wp-site-blocks { padding-top: var(--wp--style--root--padding-top); padding-bottom: var(--wp--style--root--padding-bottom); }'; // Right and left padding are applied to the first container with `.has-global-padding` class. $css .= '.has-global-padding { padding-right: var(--wp--style--root--padding-right); padding-left: var(--wp--style--root--padding-left); }'; // Alignfull children of the container with left and right padding have negative margins so they can still be full width. $css .= '.has-global-padding > .alignfull { margin-right: calc(var(--wp--style--root--padding-right) * -1); margin-left: calc(var(--wp--style--root--padding-left) * -1); }'; // Nested children of the container with left and right padding that are not full aligned do not get padding, unless they are direct children of an alignfull flow container. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) { padding-right: 0; padding-left: 0; }'; // Alignfull direct children of the containers that are targeted by the rule above do not need negative margins. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) > .alignfull { margin-left: 0; margin-right: 0; }'; } $css .= '.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }'; $css .= '.wp-site-blocks > .alignright { float: right; margin-left: 2em; }'; $css .= '.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }'; // Block gap styles will be output unless explicitly set to `null`. See static::PROTECTED_PROPERTIES. if ( isset( $this->theme_json['settings']['spacing']['blockGap'] ) ) { $block_gap_value = static::get_property_value( $this->theme_json, array( 'styles', 'spacing', 'blockGap' ) ); $css .= ":where(.wp-site-blocks) > * { margin-block-start: $block_gap_value; margin-block-end: 0; }"; $css .= ':where(.wp-site-blocks) > :first-child { margin-block-start: 0; }'; $css .= ':where(.wp-site-blocks) > :last-child { margin-block-end: 0; }'; // For backwards compatibility, ensure the legacy block gap CSS variable is still available. $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . " { --wp--style--block-gap: $block_gap_value; }"; } $css .= $this->get_layout_styles( $block_metadata ); return $css; } /** * For metadata values that can either be booleans or paths to booleans, gets the value. * * $data = array( * 'color' => array( * 'defaultPalette' => true * ) * ); * * static::get_metadata_boolean( $data, false ); * // => false * * static::get_metadata_boolean( $data, array( 'color', 'defaultPalette' ) ); * // => true * * @since 6.0.0 * * @param array $data The data to inspect. * @param bool|array $path Boolean or path to a boolean. * @param bool $default_value Default value if the referenced path is missing. * Default false. * @return bool Value of boolean metadata. */ protected static function get_metadata_boolean( $data, $path, $default_value = false ) { if ( is_bool( $path ) ) { return $path; } if ( is_array( $path ) ) { $value = _wp_array_get( $data, $path ); if ( null !== $value ) { return $value; } } return $default_value; } /** * Merges new incoming data. * * @since 5.8.0 * @since 5.9.0 Duotone preset also has origins. * @since 6.7.0 Replace background image objects during merge. * * @param WP_Theme_JSON $incoming Data to merge. */ public function merge( $incoming ) { $incoming_data = $incoming->get_raw_data(); $this->theme_json = array_replace_recursive( $this->theme_json, $incoming_data ); /* * Recompute all the spacing sizes based on the new hierarchy of data. In the constructor * spacingScale and spacingSizes are both keyed by origin and VALID_ORIGINS is ordered, so * we can allow partial spacingScale data to inherit missing data from earlier layers when * computing the spacing sizes. * * This happens before the presets are merged to ensure that default spacing sizes can be * removed from the theme origin if $prevent_override is true. */ $flattened_spacing_scale = array(); foreach ( static::VALID_ORIGINS as $origin ) { $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); // Apply the base spacing scale to the current layer. $base_spacing_scale = _wp_array_get( $this->theme_json, $scale_path, array() ); $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $base_spacing_scale ); $spacing_scale = _wp_array_get( $incoming_data, $scale_path, null ); if ( ! isset( $spacing_scale ) ) { continue; } // Allow partial scale settings by merging with lower layers. $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $spacing_scale ); // Generate and merge the scales for this layer. $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $incoming_data, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $flattened_spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $incoming_data, $sizes_path, $merged_spacing_sizes ); } /* * The array_replace_recursive algorithm merges at the leaf level, * but we don't want leaf arrays to be merged, so we overwrite it. * * For leaf values that are sequential arrays it will use the numeric indexes for replacement. * We rather replace the existing with the incoming value, if it exists. * This is the case of spacing.units. * * For leaf values that are associative arrays it will merge them as expected. * This is also not the behavior we want for the current associative arrays (presets). * We rather replace the existing with the incoming value, if it exists. * This happens, for example, when we merge data from theme.json upon existing * theme supports or when we merge anything coming from the same source twice. * This is the case of color.palette, color.gradients, color.duotone, * typography.fontSizes, or typography.fontFamilies. * * Additionally, for some preset types, we also want to make sure the * values they introduce don't conflict with default values. We do so * by checking the incoming slugs for theme presets and compare them * with the equivalent default presets: if a slug is present as a default * we remove it from the theme presets. */ $nodes = static::get_setting_nodes( $incoming_data ); $slugs_global = static::get_default_slugs( $this->theme_json, array( 'settings' ) ); foreach ( $nodes as $node ) { // Replace the spacing.units. $path = $node['path']; $path[] = 'spacing'; $path[] = 'units'; $content = _wp_array_get( $incoming_data, $path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $path, $content ); } // Replace the presets. foreach ( static::PRESETS_METADATA as $preset_metadata ) { $prevent_override = $preset_metadata['prevent_override']; if ( is_array( $prevent_override ) ) { $global_path = array_merge( array( 'settings' ), $prevent_override ); $global_value = _wp_array_get( $this->theme_json, $global_path, null ); $node_level_path = array_merge( $node['path'], $prevent_override ); $prevent_override = _wp_array_get( $this->theme_json, $node_level_path, $global_value ); } foreach ( static::VALID_ORIGINS as $origin ) { $base_path = $node['path']; foreach ( $preset_metadata['path'] as $leaf ) { $base_path[] = $leaf; } $path = $base_path; $path[] = $origin; $content = _wp_array_get( $incoming_data, $path, null ); if ( ! isset( $content ) ) { continue; } // Set names for theme presets based on the slug if they are not set and can use default names. if ( 'theme' === $origin && $preset_metadata['use_default_names'] ) { foreach ( $content as $key => $item ) { if ( ! isset( $item['name'] ) ) { $name = static::get_name_from_defaults( $item['slug'], $base_path ); if ( null !== $name ) { $content[ $key ]['name'] = $name; } } } } // Filter out default slugs from theme presets when defaults should not be overridden. if ( 'theme' === $origin && $prevent_override ) { $slugs_node = static::get_default_slugs( $this->theme_json, $node['path'] ); $preset_global = _wp_array_get( $slugs_global, $preset_metadata['path'], array() ); $preset_node = _wp_array_get( $slugs_node, $preset_metadata['path'], array() ); $preset_slugs = array_merge_recursive( $preset_global, $preset_node ); $content = static::filter_slugs( $content, $preset_slugs ); } _wp_array_set( $this->theme_json, $path, $content ); } } } /* * Style values are merged at the leaf level, however * some values provide exceptions, namely style values that are * objects and represent unique definitions for the style. */ $style_nodes = static::get_block_nodes( $this->theme_json, array(), array( 'include_node_paths_only' => true ) ); // Add top-level styles. $style_nodes[] = array( 'path' => array( 'styles' ) ); foreach ( $style_nodes as $style_node ) { $path = $style_node['path']; /* * Background image styles should be replaced, not merged, * as they themselves are specific object definitions for the style. */ $background_image_path = array_merge( $path, static::PROPERTIES_METADATA['background-image'] ); $content = _wp_array_get( $incoming_data, $background_image_path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $background_image_path, $content ); } } } /** * Converts all filter (duotone) presets into SVGs. * * @since 5.9.1 * * @param array $origins List of origins to process. * @return string SVG filters. */ public function get_svg_filters( $origins ) { $blocks_metadata = static::get_blocks_metadata(); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $filters = ''; foreach ( $setting_nodes as $metadata ) { $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); if ( empty( $node['color']['duotone'] ) ) { continue; } $duotone_presets = $node['color']['duotone']; foreach ( $origins as $origin ) { if ( ! isset( $duotone_presets[ $origin ] ) ) { continue; } foreach ( $duotone_presets[ $origin ] as $duotone_preset ) { $filters .= WP_Duotone::get_filter_svg_from_preset( $duotone_preset ); } } } return $filters; } /** * Determines whether a presets should be overridden or not. * * @since 5.9.0 * @deprecated 6.0.0 Use {@see 'get_metadata_boolean'} instead. * * @param array $theme_json The theme.json like structure to inspect. * @param array $path Path to inspect. * @param bool|array $override Data to compute whether to override the preset. * @return bool */ protected static function should_override_preset( $theme_json, $path, $override ) { _deprecated_function( __METHOD__, '6.0.0', 'get_metadata_boolean' ); if ( is_bool( $override ) ) { return $override; } /* * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults. */ if ( is_array( $override ) ) { $value = _wp_array_get( $theme_json, array_merge( $path, $override ) ); if ( isset( $value ) ) { return ! $value; } // Search the top-level key if none was found for this node. $value = _wp_array_get( $theme_json, array_merge( array( 'settings' ), $override ) ); if ( isset( $value ) ) { return ! $value; } return true; } } /** * Returns the default slugs for all the presets in an associative array * whose keys are the preset paths and the leaves is the list of slugs. * * For example: * * array( * 'color' => array( * 'palette' => array( 'slug-1', 'slug-2' ), * 'gradients' => array( 'slug-3', 'slug-4' ), * ), * ) * * @since 5.9.0 * * @param array $data A theme.json like structure. * @param array $node_path The path to inspect. It's 'settings' by default. * @return array */ protected static function get_default_slugs( $data, $node_path ) { $slugs = array(); foreach ( static::PRESETS_METADATA as $metadata ) { $path = $node_path; foreach ( $metadata['path'] as $leaf ) { $path[] = $leaf; } $path[] = 'default'; $preset = _wp_array_get( $data, $path, null ); if ( ! isset( $preset ) ) { continue; } $slugs_for_preset = array(); foreach ( $preset as $item ) { if ( isset( $item['slug'] ) ) { $slugs_for_preset[] = $item['slug']; } } _wp_array_set( $slugs, $metadata['path'], $slugs_for_preset ); } return $slugs; } /** * Gets a `default`'s preset name by a provided slug. * * @since 5.9.0 * * @param string $slug The slug we want to find a match from default presets. * @param array $base_path The path to inspect. It's 'settings' by default. * @return string|null */ protected function get_name_from_defaults( $slug, $base_path ) { $path = $base_path; $path[] = 'default'; $default_content = _wp_array_get( $this->theme_json, $path, null ); if ( ! $default_content ) { return null; } foreach ( $default_content as $item ) { if ( $slug === $item['slug'] ) { return $item['name']; } } return null; } /** * Removes the preset values whose slug is equal to any of given slugs. * * @since 5.9.0 * * @param array $node The node with the presets to validate. * @param array $slugs The slugs that should not be overridden. * @return array The new node. */ protected static function filter_slugs( $node, $slugs ) { if ( empty( $slugs ) ) { return $node; } $new_node = array(); foreach ( $node as $value ) { if ( isset( $value['slug'] ) && ! in_array( $value['slug'], $slugs, true ) ) { $new_node[] = $value; } } return $new_node; } /** * Removes insecure data from theme.json. * * @since 5.9.0 * @since 6.3.2 Preserves global styles block variations when securing styles. * @since 6.6.0 Updated to allow variation element styles and $origin parameter. * * @param array $theme_json Structure to sanitize. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. * @return array Sanitized structure. */ public static function remove_insecure_properties( $theme_json, $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $sanitized = array(); $theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $theme_json = static::sanitize( $theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $blocks_metadata = static::get_blocks_metadata(); $style_options = array( 'include_block_style_variations' => true ); // Allow variations data. $style_nodes = static::get_style_nodes( $theme_json, $blocks_metadata, $style_options ); foreach ( $style_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } // The global styles custom CSS is not sanitized, but can only be edited by users with 'edit_css' capability. if ( isset( $input['css'] ) && current_user_can( 'edit_css' ) ) { $output = $input; } else { $output = static::remove_insecure_styles( $input ); } /* * Get a reference to element name from path. * $metadata['path'] = array( 'styles', 'elements', 'link' ); */ $current_element = $metadata['path'][ count( $metadata['path'] ) - 1 ]; /* * $output is stripped of pseudo selectors. Re-add and process them * or insecure styles here. */ if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] as $pseudo_selector ) { if ( isset( $input[ $pseudo_selector ] ) ) { $output[ $pseudo_selector ] = static::remove_insecure_styles( $input[ $pseudo_selector ] ); } } } if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } if ( isset( $metadata['variations'] ) ) { foreach ( $metadata['variations'] as $variation ) { $variation_input = _wp_array_get( $theme_json, $variation['path'], array() ); if ( empty( $variation_input ) ) { continue; } $variation_output = static::remove_insecure_styles( $variation_input ); if ( isset( $variation_input['blocks'] ) ) { $variation_output['blocks'] = static::remove_insecure_inner_block_styles( $variation_input['blocks'] ); } if ( isset( $variation_input['elements'] ) ) { $variation_output['elements'] = static::remove_insecure_element_styles( $variation_input['elements'] ); } if ( ! empty( $variation_output ) ) { _wp_array_set( $sanitized, $variation['path'], $variation_output ); } } } } $setting_nodes = static::get_setting_nodes( $theme_json ); foreach ( $setting_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } $output = static::remove_insecure_settings( $input ); if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } } if ( empty( $sanitized['styles'] ) ) { unset( $theme_json['styles'] ); } else { $theme_json['styles'] = $sanitized['styles']; } if ( empty( $sanitized['settings'] ) ) { unset( $theme_json['settings'] ); } else { $theme_json['settings'] = $sanitized['settings']; } return $theme_json; } /** * Remove insecure element styles within a variation or block. * * @since 6.8.0 * * @param array $elements The elements to process. * @return array The sanitized elements styles. */ protected static function remove_insecure_element_styles( $elements ) { $sanitized = array(); $valid_element_names = array_keys( static::ELEMENTS ); foreach ( $valid_element_names as $element_name ) { $element_input = $elements[ $element_name ] ?? null; if ( $element_input ) { $element_output = static::remove_insecure_styles( $element_input ); if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] as $pseudo_selector ) { if ( isset( $element_input[ $pseudo_selector ] ) ) { $element_output[ $pseudo_selector ] = static::remove_insecure_styles( $element_input[ $pseudo_selector ] ); } } } $sanitized[ $element_name ] = $element_output; } } return $sanitized; } /** * Remove insecure styles from inner blocks and their elements. * * @since 6.8.0 * * @param array $blocks The block styles to process. * @return array Sanitized block type styles. */ protected static function remove_insecure_inner_block_styles( $blocks ) { $sanitized = array(); foreach ( $blocks as $block_type => $block_input ) { $block_output = static::remove_insecure_styles( $block_input ); if ( isset( $block_input['elements'] ) ) { $block_output['elements'] = static::remove_insecure_element_styles( $block_input['elements'] ); } $sanitized[ $block_type ] = $block_output; } return $sanitized; } /** * Processes a setting node and returns the same node * without the insecure settings. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_settings( $input ) { $output = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { foreach ( static::VALID_ORIGINS as $origin ) { $path_with_origin = $preset_metadata['path']; $path_with_origin[] = $origin; $presets = _wp_array_get( $input, $path_with_origin, null ); if ( null === $presets ) { continue; } $escaped_preset = array(); foreach ( $presets as $preset ) { if ( esc_attr( esc_html( $preset['name'] ) ) === $preset['name'] && sanitize_html_class( $preset['slug'] ) === $preset['slug'] ) { $value = null; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value = $preset[ $preset_metadata['value_key'] ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value = call_user_func( $preset_metadata['value_func'], $preset ); } $preset_is_valid = true; foreach ( $preset_metadata['properties'] as $property ) { if ( ! static::is_safe_css_declaration( $property, $value ) ) { $preset_is_valid = false; break; } } if ( $preset_is_valid ) { $escaped_preset[] = $preset; } } } if ( ! empty( $escaped_preset ) ) { _wp_array_set( $output, $path_with_origin, $escaped_preset ); } } } // Ensure indirect properties not included in any `PRESETS_METADATA` value are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Processes a style node and returns the same node * without the insecure styles. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_styles( $input ) { $output = array(); $declarations = static::compute_style_properties( $input ); foreach ( $declarations as $declaration ) { if ( static::is_safe_css_declaration( $declaration['name'], $declaration['value'] ) ) { $path = static::PROPERTIES_METADATA[ $declaration['name'] ]; /* * Check the value isn't an array before adding so as to not * double up shorthand and longhand styles. */ $value = _wp_array_get( $input, $path, array() ); if ( ! is_array( $value ) ) { _wp_array_set( $output, $path, $value ); } } } // Ensure indirect properties not handled by `compute_style_properties` are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Checks that a declaration provided by the user is safe. * * @since 5.9.0 * * @param string $property_name Property name in a CSS declaration, i.e. the `color` in `color: red`. * @param string $property_value Value in a CSS declaration, i.e. the `red` in `color: red`. * @return bool */ protected static function is_safe_css_declaration( $property_name, $property_value ) { $style_to_validate = $property_name . ': ' . $property_value; $filtered = esc_html( safecss_filter_attr( $style_to_validate ) ); return ! empty( trim( $filtered ) ); } /** * Removes indirect properties from the given input node and * sets in the given output node. * * @since 6.2.0 * * @param array $input Node to process. * @param array $output The processed node. Passed by reference. */ private static function remove_indirect_properties( $input, &$output ) { foreach ( static::INDIRECT_PROPERTIES_METADATA as $property => $paths ) { foreach ( $paths as $path ) { $value = _wp_array_get( $input, $path ); if ( is_string( $value ) && static::is_safe_css_declaration( $property, $value ) ) { _wp_array_set( $output, $path, $value ); } } } } /** * Returns the raw data. * * @since 5.8.0 * * @return array Raw data. */ public function get_raw_data() { return $this->theme_json; } /** * Transforms the given editor settings according the * add_theme_support format to the theme.json format. * * @since 5.8.0 * * @param array $settings Existing editor settings. * @return array Config that adheres to the theme.json schema. */ public static function get_from_editor_settings( $settings ) { $theme_settings = array( 'version' => static::LATEST_SCHEMA, 'settings' => array(), ); // Deprecated theme supports. if ( isset( $settings['disableCustomColors'] ) ) { $theme_settings['settings']['color']['custom'] = ! $settings['disableCustomColors']; } if ( isset( $settings['disableCustomGradients'] ) ) { $theme_settings['settings']['color']['customGradient'] = ! $settings['disableCustomGradients']; } if ( isset( $settings['disableCustomFontSizes'] ) ) { $theme_settings['settings']['typography']['customFontSize'] = ! $settings['disableCustomFontSizes']; } if ( isset( $settings['enableCustomLineHeight'] ) ) { $theme_settings['settings']['typography']['lineHeight'] = $settings['enableCustomLineHeight']; } if ( isset( $settings['enableCustomUnits'] ) ) { $theme_settings['settings']['spacing']['units'] = ( true === $settings['enableCustomUnits'] ) ? array( 'px', 'em', 'rem', 'vh', 'vw', '%' ) : $settings['enableCustomUnits']; } if ( isset( $settings['colors'] ) ) { $theme_settings['settings']['color']['palette'] = $settings['colors']; } if ( isset( $settings['gradients'] ) ) { $theme_settings['settings']['color']['gradients'] = $settings['gradients']; } if ( isset( $settings['fontSizes'] ) ) { $font_sizes = $settings['fontSizes']; // Back-compatibility for presets without units. foreach ( $font_sizes as $key => $font_size ) { if ( is_numeric( $font_size['size'] ) ) { $font_sizes[ $key ]['size'] = $font_size['size'] . 'px'; } } $theme_settings['settings']['typography']['fontSizes'] = $font_sizes; } if ( isset( $settings['enableCustomSpacing'] ) ) { $theme_settings['settings']['spacing']['padding'] = $settings['enableCustomSpacing']; } if ( isset( $settings['spacingSizes'] ) ) { $theme_settings['settings']['spacing']['spacingSizes'] = $settings['spacingSizes']; } return $theme_settings; } /** * Returns the current theme's wanted patterns(slugs) to be * registered from Pattern Directory. * * @since 6.0.0 * * @return string[] */ public function get_patterns() { if ( isset( $this->theme_json['patterns'] ) && is_array( $this->theme_json['patterns'] ) ) { return $this->theme_json['patterns']; } return array(); } /** * Returns a valid theme.json as provided by a theme. * * Unlike get_raw_data() this returns the presets flattened, as provided by a theme. * This also uses appearanceTools instead of their opt-ins if all of them are true. * * @since 6.0.0 * * @return array */ public function get_data() { $output = $this->theme_json; $nodes = static::get_setting_nodes( $output ); /** * Flatten the theme & custom origins into a single one. * * For example, the following: * * { * "settings": { * "color": { * "palette": { * "theme": [ {} ], * "custom": [ {} ] * } * } * } * } * * will be converted to: * * { * "settings": { * "color": { * "palette": [ {} ] * } * } * } */ foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $preset_metadata_path ) { $path[] = $preset_metadata_path; } $preset = _wp_array_get( $output, $path, null ); if ( null === $preset ) { continue; } $items = array(); if ( isset( $preset['theme'] ) ) { foreach ( $preset['theme'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } if ( isset( $preset['custom'] ) ) { foreach ( $preset['custom'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } $flattened_preset = array(); foreach ( $items as $slug => $value ) { $flattened_preset[] = array_merge( array( 'slug' => (string) $slug ), $value ); } _wp_array_set( $output, $path, $flattened_preset ); } } /* * If all of the static::APPEARANCE_TOOLS_OPT_INS are true, * this code unsets them and sets 'appearanceTools' instead. */ foreach ( $nodes as $node ) { $all_opt_ins_are_set = true; foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( 'unset prop' === $opt_in_value ) { $all_opt_ins_are_set = false; break; } } if ( $all_opt_ins_are_set ) { $node_path_with_appearance_tools = $node['path']; $node_path_with_appearance_tools[] = 'appearanceTools'; _wp_array_set( $output, $node_path_with_appearance_tools, true ); foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( true !== $opt_in_value ) { continue; } /* * The following could be improved to be path independent. * At the moment it relies on a couple of assumptions: * * - all opt-ins having a path of size 2. * - there's two sources of settings: the top-level and the block-level. */ if ( ( 1 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) ) { // Top-level settings. unset( $output['settings'][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings'][ $opt_in_path[0] ] ) ) { unset( $output['settings'][ $opt_in_path[0] ] ); } } elseif ( ( 3 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) && ( 'blocks' === $node['path'][1] ) ) { // Block-level settings. $block_name = $node['path'][2]; unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ) ) { unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ); } } } } } wp_recursive_ksort( $output ); return $output; } /** * Sets the spacingSizes array based on the spacingScale values from theme.json. * * @since 6.1.0 * @deprecated 6.6.0 No longer used as the spacingSizes are automatically * generated in the constructor and merge methods instead * of manually after instantiation. * * @return null|void */ public function set_spacing_sizes() { _deprecated_function( __METHOD__, '6.6.0' ); $spacing_scale = isset( $this->theme_json['settings']['spacing']['spacingScale'] ) ? $this->theme_json['settings']['spacing']['spacingScale'] : array(); if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || ! isset( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) ) { if ( ! empty( $spacing_scale ) ) { wp_trigger_error( __METHOD__, sprintf( /* translators: 1: theme.json, 2: settings.spacing.spacingScale */ __( 'Some of the %1$s %2$s values are invalid' ), 'theme.json', 'settings.spacing.spacingScale' ), E_USER_NOTICE ); } return null; } // If theme authors want to prevent the generation of the core spacing scale they can set their theme.json spacingScale.steps to 0. if ( 0 === $spacing_scale['steps'] ) { return null; } $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); // If there are 7 or fewer steps in the scale revert to numbers for labels instead of t-shirt sizes. if ( $spacing_scale['steps'] <= 7 ) { for ( $spacing_sizes_count = 0; $spacing_sizes_count < count( $spacing_sizes ); $spacing_sizes_count++ ) { $spacing_sizes[ $spacing_sizes_count ]['name'] = (string) ( $spacing_sizes_count + 1 ); } } _wp_array_set( $this->theme_json, array( 'settings', 'spacing', 'spacingSizes', 'default' ), $spacing_sizes ); } /** * Merges two sets of spacing size presets. * * @since 6.6.0 * * @param array $base The base set of spacing sizes. * @param array $incoming The set of spacing sizes to merge with the base. Duplicate slugs will override the base values. * @return array The merged set of spacing sizes. */ private static function merge_spacing_sizes( $base, $incoming ) { // Preserve the order if there are no base (spacingScale) values. if ( empty( $base ) ) { return $incoming; } $merged = array(); foreach ( $base as $item ) { $merged[ $item['slug'] ] = $item; } foreach ( $incoming as $item ) { $merged[ $item['slug'] ] = $item; } ksort( $merged, SORT_NUMERIC ); return array_values( $merged ); } /** * Generates a set of spacing sizes by starting with a medium size and * applying an operator with an increment value to generate the rest of the * sizes outward from the medium size. The medium slug is '50' with the rest * of the slugs being 10 apart. The generated names use t-shirt sizing. * * Example: * * $spacing_scale = array( * 'steps' => 4, * 'mediumStep' => 16, * 'unit' => 'px', * 'operator' => '+', * 'increment' => 2, * ); * $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); * // -> array( * // array( 'name' => 'Small', 'slug' => '40', 'size' => '14px' ), * // array( 'name' => 'Medium', 'slug' => '50', 'size' => '16px' ), * // array( 'name' => 'Large', 'slug' => '60', 'size' => '18px' ), * // array( 'name' => 'X-Large', 'slug' => '70', 'size' => '20px' ), * // ) * * @since 6.6.0 * * @param array $spacing_scale { * The spacing scale values. All are required. * * @type int $steps The number of steps in the scale. (up to 10 steps are supported.) * @type float $mediumStep The middle value that gets the slug '50'. (For even number of steps, this becomes the first middle value.) * @type string $unit The CSS unit to use for the sizes. * @type string $operator The mathematical operator to apply to generate the other sizes. Either '+' or '*'. * @type float $increment The value used with the operator to generate the other sizes. * } * @return array The spacing sizes presets or an empty array if some spacing scale values are missing or invalid. */ private static function compute_spacing_sizes( $spacing_scale ) { /* * This condition is intentionally missing some checks on ranges for the values in order to * keep backwards compatibility with the previous implementation. */ if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || 0 === $spacing_scale['steps'] || ! isset( $spacing_scale['mediumStep'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['increment'] ) ) { return array(); } $unit = '%' === $spacing_scale['unit'] ? '%' : sanitize_title( $spacing_scale['unit'] ); $current_step = $spacing_scale['mediumStep']; $steps_mid_point = round( $spacing_scale['steps'] / 2, 0 ); $x_small_count = null; $below_sizes = array(); $slug = 40; $remainder = 0; for ( $below_midpoint_count = $steps_mid_point - 1; $spacing_scale['steps'] > 1 && $slug > 0 && $below_midpoint_count > 0; $below_midpoint_count-- ) { if ( '+' === $spacing_scale['operator'] ) { $current_step -= $spacing_scale['increment']; } elseif ( $spacing_scale['increment'] > 1 ) { $current_step /= $spacing_scale['increment']; } else { $current_step *= $spacing_scale['increment']; } if ( $current_step <= 0 ) { $remainder = $below_midpoint_count; break; } $below_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Small. */ 'name' => $below_midpoint_count === $steps_mid_point - 1 ? __( 'Small' ) : sprintf( __( '%sX-Small' ), (string) $x_small_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( $below_midpoint_count === $steps_mid_point - 2 ) { $x_small_count = 2; } if ( $below_midpoint_count < $steps_mid_point - 2 ) { ++$x_small_count; } $slug -= 10; } $below_sizes = array_reverse( $below_sizes ); $below_sizes[] = array( 'name' => __( 'Medium' ), 'slug' => '50', 'size' => $spacing_scale['mediumStep'] . $unit, ); $current_step = $spacing_scale['mediumStep']; $x_large_count = null; $above_sizes = array(); $slug = 60; $steps_above = ( $spacing_scale['steps'] - $steps_mid_point ) + $remainder; for ( $above_midpoint_count = 0; $above_midpoint_count < $steps_above; $above_midpoint_count++ ) { $current_step = '+' === $spacing_scale['operator'] ? $current_step + $spacing_scale['increment'] : ( $spacing_scale['increment'] >= 1 ? $current_step * $spacing_scale['increment'] : $current_step / $spacing_scale['increment'] ); $above_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Large. */ 'name' => 0 === $above_midpoint_count ? __( 'Large' ) : sprintf( __( '%sX-Large' ), (string) $x_large_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( 1 === $above_midpoint_count ) { $x_large_count = 2; } if ( $above_midpoint_count > 1 ) { ++$x_large_count; } $slug += 10; } $spacing_sizes = $below_sizes; foreach ( $above_sizes as $above_sizes_item ) { $spacing_sizes[] = $above_sizes_item; } return $spacing_sizes; } /** * This is used to convert the internal representation of variables to the CSS representation. * For example, `var:preset|color|vivid-green-cyan` becomes `var(--wp--preset--color--vivid-green-cyan)`. * * @since 6.3.0 * * @param string $value The variable such as var:preset|color|vivid-green-cyan to convert. * @return string The converted variable. */ private static function convert_custom_properties( $value ) { $prefix = 'var:'; $prefix_len = strlen( $prefix ); $token_in = '|'; $token_out = '--'; if ( str_starts_with( $value, $prefix ) ) { $unwrapped_name = str_replace( $token_in, $token_out, substr( $value, $prefix_len ) ); $value = "var(--wp--$unwrapped_name)"; } return $value; } /** * Given a tree, converts the internal representation of variables to the CSS representation. * It is recursive and modifies the input in-place. * * @since 6.3.0 * * @param array $tree Input to process. * @return array The modified $tree. */ private static function resolve_custom_css_format( $tree ) { $prefix = 'var:'; foreach ( $tree as $key => $data ) { if ( is_string( $data ) && str_starts_with( $data, $prefix ) ) { $tree[ $key ] = self::convert_custom_properties( $data ); } elseif ( is_array( $data ) ) { $tree[ $key ] = self::resolve_custom_css_format( $data ); } } return $tree; } /** * Returns the selectors metadata for a block. * * @since 6.3.0 * * @param object $block_type The block type. * @param string $root_selector The block's root selector. * @return array The custom selectors set by the block. */ protected static function get_block_selectors( $block_type, $root_selector ) { if ( ! empty( $block_type->selectors ) ) { return $block_type->selectors; } $selectors = array( 'root' => $root_selector ); foreach ( static::BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS as $key => $feature ) { $feature_selector = wp_get_block_css_selector( $block_type, $key ); if ( null !== $feature_selector ) { $selectors[ $feature ] = array( 'root' => $feature_selector ); } } return $selectors; } /** * Generates all the element selectors for a block. * * @since 6.3.0 * * @param string $root_selector The block's root CSS selector. * @return array The block's element selectors. */ protected static function get_block_element_selectors( $root_selector ) { /* * Assign defaults, then override those that the block sets by itself. * If the block selector is compounded, will append the element to each * individual block selector. */ $block_selectors = explode( ',', $root_selector ); $element_selectors = array(); foreach ( static::ELEMENTS as $el_name => $el_selector ) { $element_selector = array(); foreach ( $block_selectors as $selector ) { if ( $selector === $el_selector ) { $element_selector = array( $el_selector ); break; } $element_selector[] = static::prepend_to_selector( $el_selector, $selector . ' ' ); } $element_selectors[ $el_name ] = implode( ',', $element_selector ); } return $element_selectors; } /** * Generates style declarations for a node's features e.g., color, border, * typography etc. that have custom selectors in their related block's * metadata. * * @since 6.3.0 * * @param object $metadata The related block metadata containing selectors. * @param object $node A merged theme.json node for block or variation. * @return array The style declarations for the node's features with custom * selectors. */ protected function get_feature_declarations_for_node( $metadata, &$node ) { $declarations = array(); if ( ! isset( $metadata['selectors'] ) ) { return $declarations; } $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); foreach ( $metadata['selectors'] as $feature => $feature_selectors ) { /* * Skip if this is the block's root selector or the block doesn't * have any styles for the feature. */ if ( 'root' === $feature || empty( $node[ $feature ] ) ) { continue; } if ( is_array( $feature_selectors ) ) { foreach ( $feature_selectors as $subfeature => $subfeature_selector ) { if ( 'root' === $subfeature || empty( $node[ $feature ][ $subfeature ] ) ) { continue; } /* * Create temporary node containing only the subfeature data * to leverage existing `compute_style_properties` function. */ $subfeature_node = array( $feature => array( $subfeature => $node[ $feature ][ $subfeature ], ), ); // Generate style declarations. $new_declarations = static::compute_style_properties( $subfeature_node, $settings, null, $this->theme_json ); // Merge subfeature declarations into feature declarations. if ( isset( $declarations[ $subfeature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $subfeature_selector ][] = $new_declaration; } } else { $declarations[ $subfeature_selector ] = $new_declarations; } /* * Remove the subfeature from the block's node now its * styles will be included under its own selector not the * block's. */ unset( $node[ $feature ][ $subfeature ] ); } } /* * Now subfeatures have been processed and removed we can process * feature root selector or simple string selector. */ if ( is_string( $feature_selectors ) || ( isset( $feature_selectors['root'] ) && $feature_selectors['root'] ) ) { $feature_selector = is_string( $feature_selectors ) ? $feature_selectors : $feature_selectors['root']; /* * Create temporary node containing only the feature data * to leverage existing `compute_style_properties` function. */ $feature_node = array( $feature => $node[ $feature ] ); // Generate the style declarations. $new_declarations = static::compute_style_properties( $feature_node, $settings, null, $this->theme_json ); /* * Merge new declarations with any that already exist for * the feature selector. This may occur when multiple block * support features use the same custom selector. */ if ( isset( $declarations[ $feature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $feature_selector ][] = $new_declaration; } } else { $declarations[ $feature_selector ] = $new_declarations; } /* * Remove the feature from the block's node now its styles * will be included under its own selector not the block's. */ unset( $node[ $feature ] ); } } return $declarations; } /** * Replaces CSS variables with their values in place. * * @since 6.3.0 * @since 6.5.0 Check for empty style before processing its value. * * @param array $styles CSS declarations to convert. * @param array $values key => value pairs to use for replacement. * @return array */ private static function convert_variables_to_value( $styles, $values ) { foreach ( $styles as $key => $style ) { if ( empty( $style ) ) { continue; } if ( is_array( $style ) ) { $styles[ $key ] = self::convert_variables_to_value( $style, $values ); continue; } if ( 0 <= strpos( $style, 'var(' ) ) { // find all the variables in the string in the form of var(--variable-name, fallback), with fallback in the second capture group. $has_matches = preg_match_all( '/var\(([^),]+)?,?\s?(\S+)?\)/', $style, $var_parts ); if ( $has_matches ) { $resolved_style = $styles[ $key ]; foreach ( $var_parts[1] as $index => $var_part ) { $key_in_values = 'var(' . $var_part . ')'; $rule_to_replace = $var_parts[0][ $index ]; // the css rule to replace e.g. var(--wp--preset--color--vivid-green-cyan). $fallback = $var_parts[2][ $index ]; // the fallback value. $resolved_style = str_replace( array( $rule_to_replace, $fallback, ), array( isset( $values[ $key_in_values ] ) ? $values[ $key_in_values ] : $rule_to_replace, isset( $values[ $fallback ] ) ? $values[ $fallback ] : $fallback, ), $resolved_style ); } $styles[ $key ] = $resolved_style; } } } return $styles; } /** * Resolves the values of CSS variables in the given styles. * * @since 6.3.0 * * @param WP_Theme_JSON $theme_json The theme json resolver. * @return WP_Theme_JSON The $theme_json with resolved variables. */ public static function resolve_variables( $theme_json ) { $settings = $theme_json->get_settings(); $styles = $theme_json->get_raw_data()['styles']; $preset_vars = static::compute_preset_vars( $settings, static::VALID_ORIGINS ); $theme_vars = static::compute_theme_vars( $settings ); $vars = array_reduce( array_merge( $preset_vars, $theme_vars ), function ( $carry, $item ) { $name = $item['name']; $carry[ "var({$name})" ] = $item['value']; return $carry; }, array() ); $theme_json->theme_json['styles'] = self::convert_variables_to_value( $styles, $vars ); return $theme_json; } /** * Generates a selector for a block style variation. * * @since 6.5.0 * * @param string $variation_name Name of the block style variation. * @param string $block_selector CSS selector for the block. * @return string Block selector with block style variation selector added to it. */ protected static function get_block_style_variation_selector( $variation_name, $block_selector ) { $variation_class = ".is-style-$variation_name"; if ( ! $block_selector ) { return $variation_class; } $limit = 1; $selector_parts = explode( ',', $block_selector ); $result = array(); foreach ( $selector_parts as $part ) { $result[] = preg_replace_callback( '/((?::\([^)]+\))?\s*)([^\s:]+)/', function ( $matches ) use ( $variation_class ) { return $matches[1] . $matches[2] . $variation_class; }, $part, $limit ); } return implode( ',', $result ); } /** * Collects valid block style variations keyed by block type. * * @since 6.6.0 * @since 6.8.0 Added the `$blocks_metadata` parameter. * * @param array $blocks_metadata Optional. List of metadata per block. Default is the metadata for all blocks. * @return array Valid block style variations by block type. */ protected static function get_valid_block_style_variations( $blocks_metadata = array() ) { $valid_variations = array(); $blocks_metadata = empty( $blocks_metadata ) ? static::get_blocks_metadata() : $blocks_metadata; foreach ( $blocks_metadata as $block_name => $block_meta ) { if ( ! isset( $block_meta['styleVariations'] ) ) { continue; } $valid_variations[ $block_name ] = array_keys( $block_meta['styleVariations'] ); } return $valid_variations; } } HTTP/https-detection-20260606100517.php 0000666 00000013341 15226703613 0012546 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606074753.php 0000666 00000013341 15226703613 0012562 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Psr7Response.php 0000666 00000004201 15226703613 0010414 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use Psr\Http\Message\ResponseInterface; /** * HTTP Response based on a PSR-7 response * * This interface must be interoperable with Psr\Http\Message\ResponseInterface * @see https://www.php-fig.org/psr/psr-7/#33-psrhttpmessageresponseinterface * * @internal */ final class Psr7Response implements Response { /** * @var ResponseInterface */ private $response; /** * @var string */ private $permanent_url; /** * @var string */ private $requested_url; public function __construct(ResponseInterface $response, string $permanent_url, string $requested_url) { $this->response = $response; $this->permanent_url = $permanent_url; $this->requested_url = $requested_url; } public function get_permanent_uri(): string { return $this->permanent_url; } public function get_final_requested_uri(): string { return $this->requested_url; } public function get_status_code(): int { return $this->response->getStatusCode(); } public function get_headers(): array { // The filtering is probably redundant but let’s make PHPStan happy. return array_filter($this->response->getHeaders(), function (array $header): bool { return count($header) >= 1; }); } public function has_header(string $name): bool { return $this->response->hasHeader($name); } public function with_header(string $name, $value) { return new self($this->response->withHeader($name, $value), $this->permanent_url, $this->requested_url); } public function get_header(string $name): array { return $this->response->getHeader($name); } public function get_header_line(string $name): string { return $this->response->getHeaderLine($name); } public function get_body_content(): string { return $this->response->getBody()->__toString(); } } HTTP/https-migration-20260606102945-20260609010956.php 0000666 00000011205 15226703613 0014160 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-script-modules-20260605052019.php 0000666 00000100225 15226703613 0014131 0 ustar 00 <?php /** * Script Modules API: WP_Script_Modules class. * * Native support for ES Modules and Import Maps. * * @package WordPress * @subpackage Script Modules */ /** * Core class used to register script modules. * * @since 6.5.0 */ class WP_Script_Modules { /** * Holds the registered script modules, keyed by script module identifier. * * @since 6.5.0 * @var array<string, array<string, mixed>> */ private $registered = array(); /** * An array of IDs for queued script modules. * * @since 6.9.0 * @var string[] */ private $queue = array(); /** * Holds the script module identifiers that have been printed. * * @since 6.9.0 * @var string[] */ private $done = array(); /** * Tracks whether the @wordpress/a11y script module is available. * * Some additional HTML is required on the page for the module to work. Track * whether it's available to print at the appropriate time. * * @since 6.7.0 * @var bool */ private $a11y_available = false; /** * Holds a mapping of dependents (as IDs) for a given script ID. * Used to optimize recursive dependency tree checks. * * @since 6.9.0 * @var array<string, string[]> */ private $dependents_map = array(); /** * Holds the valid values for fetchpriority. * * @since 6.9.0 * @var string[] */ private $priorities = array( 'low', 'auto', 'high', ); /** * List of IDs for script modules encountered which have missing dependencies. * * An ID is added to this list when it is discovered to have missing dependencies. At this time, a warning is * emitted with {@see _doing_it_wrong()}. The ID is then added to this list, so that duplicate warnings don't occur. * * @since 6.9.1 * @var string[] */ private $modules_with_missing_dependencies = array(); /** * Registers the script module if no script module with that script module * identifier has already been registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ public function register( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) { if ( '' === $id ) { _doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' ); return; } if ( ! isset( $this->registered[ $id ] ) ) { $dependencies = array(); foreach ( $deps as $dependency ) { if ( is_array( $dependency ) ) { if ( ! isset( $dependency['id'] ) || ! is_string( $dependency['id'] ) ) { _doing_it_wrong( __METHOD__, __( 'Missing required id key in entry among dependencies array.' ), '6.5.0' ); continue; } $dependencies[] = array( 'id' => $dependency['id'], 'import' => isset( $dependency['import'] ) && 'dynamic' === $dependency['import'] ? 'dynamic' : 'static', ); } elseif ( is_string( $dependency ) ) { $dependencies[] = array( 'id' => $dependency, 'import' => 'static', ); } else { _doing_it_wrong( __METHOD__, __( 'Entries in dependencies array must be either strings or arrays with an id key.' ), '6.5.0' ); } } $in_footer = isset( $args['in_footer'] ) && (bool) $args['in_footer']; $fetchpriority = 'auto'; if ( isset( $args['fetchpriority'] ) ) { if ( $this->is_valid_fetchpriority( $args['fetchpriority'] ) ) { $fetchpriority = $args['fetchpriority']; } else { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $id */ __( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ), is_string( $args['fetchpriority'] ) ? $args['fetchpriority'] : gettype( $args['fetchpriority'] ), $id ), '6.9.0' ); } } $this->registered[ $id ] = array( 'src' => $src, 'version' => $version, 'dependencies' => $dependencies, 'in_footer' => $in_footer, 'fetchpriority' => $fetchpriority, ); } } /** * Gets IDs for queued script modules. * * @since 6.9.0 * * @return string[] Script module IDs. */ public function get_queue(): array { return $this->queue; } /** * Checks if the provided fetchpriority is valid. * * @since 6.9.0 * * @param string|mixed $priority Fetch priority. * @return bool Whether valid fetchpriority. */ private function is_valid_fetchpriority( $priority ): bool { return in_array( $priority, $this->priorities, true ); } /** * Sets the fetch priority for a script module. * * @since 6.9.0 * * @param string $id Script module identifier. * @param 'auto'|'low'|'high' $priority Fetch priority for the script module. * @return bool Whether setting the fetchpriority was successful. */ public function set_fetchpriority( string $id, string $priority ): bool { if ( ! isset( $this->registered[ $id ] ) ) { return false; } if ( '' === $priority ) { $priority = 'auto'; } if ( ! $this->is_valid_fetchpriority( $priority ) ) { _doing_it_wrong( __METHOD__, /* translators: %s: Invalid fetchpriority. */ sprintf( __( 'Invalid fetchpriority: %s' ), $priority ), '6.9.0' ); return false; } $this->registered[ $id ]['fetchpriority'] = $priority; return true; } /** * Sets whether a script module should be printed in the footer. * * This is only relevant in block themes. * * @since 6.9.0 * * @param string $id Script module identifier. * @param bool $in_footer Whether to print in the footer. * @return bool Whether setting the printing location was successful. */ public function set_in_footer( string $id, bool $in_footer ): bool { if ( ! isset( $this->registered[ $id ] ) ) { return false; } $this->registered[ $id ]['in_footer'] = $in_footer; return true; } /** * Marks the script module to be enqueued in the page. * * If a src is provided and the script module has not been registered yet, it * will be registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ public function enqueue( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) { if ( '' === $id ) { _doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' ); return; } if ( ! in_array( $id, $this->queue, true ) ) { $this->queue[] = $id; } if ( ! isset( $this->registered[ $id ] ) && $src ) { $this->register( $id, $src, $deps, $version, $args ); } } /** * Unmarks the script module so it will no longer be enqueued in the page. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ public function dequeue( string $id ) { $this->queue = array_values( array_diff( $this->queue, array( $id ) ) ); } /** * Removes a registered script module. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ public function deregister( string $id ) { $this->dequeue( $id ); unset( $this->registered[ $id ] ); } /** * Adds the hooks to print the import map, enqueued script modules and script * module preloads. * * In classic themes, the script modules used by the blocks are not yet known * when the `wp_head` actions is fired, so it needs to print everything in the * footer. * * @since 6.5.0 */ public function add_hooks() { $is_block_theme = wp_is_block_theme(); $position = $is_block_theme ? 'wp_head' : 'wp_footer'; add_action( $position, array( $this, 'print_import_map' ) ); if ( $is_block_theme ) { /* * Modules can only be printed in the head for block themes because only with * block themes will import map be fully populated by modules discovered by * rendering the block template. In classic themes, modules are enqueued during * template rendering, thus the import map must be printed in the footer, * followed by all enqueued modules. */ add_action( 'wp_head', array( $this, 'print_head_enqueued_script_modules' ) ); } add_action( 'wp_footer', array( $this, 'print_enqueued_script_modules' ) ); add_action( $position, array( $this, 'print_script_module_preloads' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_import_map' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_enqueued_script_modules' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_preloads' ) ); add_action( 'wp_footer', array( $this, 'print_script_module_data' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_data' ) ); add_action( 'wp_footer', array( $this, 'print_a11y_script_module_html' ), 20 ); add_action( 'admin_print_footer_scripts', array( $this, 'print_a11y_script_module_html' ), 20 ); } /** * Gets the highest fetch priority for the provided script IDs. * * @since 6.9.0 * * @param string[] $ids Script module IDs. * @return 'auto'|'low'|'high' Highest fetch priority for the provided script module IDs. */ private function get_highest_fetchpriority( array $ids ): string { static $high_priority_index = null; if ( null === $high_priority_index ) { $high_priority_index = count( $this->priorities ) - 1; } $highest_priority_index = 0; foreach ( $ids as $id ) { if ( isset( $this->registered[ $id ] ) ) { $highest_priority_index = (int) max( $highest_priority_index, (int) array_search( $this->registered[ $id ]['fetchpriority'], $this->priorities, true ) ); if ( $high_priority_index === $highest_priority_index ) { break; } } } return $this->priorities[ $highest_priority_index ]; } /** * Prints the enqueued script modules in head. * * This is only used in block themes. * * @since 6.9.0 */ public function print_head_enqueued_script_modules() { foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) { if ( isset( $this->registered[ $id ] ) && ! $this->registered[ $id ]['in_footer'] ) { // If any dependency is set to be printed in footer, skip printing this module in head. $dependencies = array_keys( $this->get_dependencies( array( $id ) ) ); foreach ( $dependencies as $dependency_id ) { if ( in_array( $dependency_id, $this->queue, true ) && isset( $this->registered[ $dependency_id ] ) && $this->registered[ $dependency_id ]['in_footer'] ) { continue 2; } } $this->print_script_module( $id ); } } } /** * Prints the enqueued script modules in footer. * * @since 6.5.0 */ public function print_enqueued_script_modules() { foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) { $this->print_script_module( $id ); } } /** * Prints the enqueued script module using script tags with type="module" * attributes. * * @since 6.9.0 * * @param string $id The script module identifier. */ private function print_script_module( string $id ) { if ( in_array( $id, $this->done, true ) || ! in_array( $id, $this->queue, true ) ) { return; } $this->done[] = $id; $src = $this->get_src( $id ); if ( '' === $src ) { return; } $attributes = array( 'type' => 'module', 'src' => $src, 'id' => $id . '-js-module', ); $script_module = $this->registered[ $id ]; $queued_dependents = array_intersect( $this->queue, $this->get_recursive_dependents( $id ) ); $fetchpriority = $this->get_highest_fetchpriority( array_merge( array( $id ), $queued_dependents ) ); if ( 'auto' !== $fetchpriority ) { $attributes['fetchpriority'] = $fetchpriority; } if ( $fetchpriority !== $script_module['fetchpriority'] ) { $attributes['data-wp-fetchpriority'] = $script_module['fetchpriority']; } wp_print_script_tag( $attributes ); } /** * Prints the static dependencies of the enqueued script modules using * link tags with rel="modulepreload" attributes. * * If a script module is marked for enqueue, it will not be preloaded. * * @since 6.5.0 */ public function print_script_module_preloads() { $dependency_ids = $this->get_sorted_dependencies( $this->queue, array( 'static' ) ); foreach ( $dependency_ids as $id ) { // Don't preload if it's marked for enqueue. if ( in_array( $id, $this->queue, true ) ) { continue; } $src = $this->get_src( $id ); if ( '' === $src ) { continue; } $enqueued_dependents = array_intersect( $this->get_recursive_dependents( $id ), $this->queue ); $highest_fetchpriority = $this->get_highest_fetchpriority( $enqueued_dependents ); printf( '<link rel="modulepreload" href="%s" id="%s"', esc_url( $src ), esc_attr( $id . '-js-modulepreload' ) ); if ( 'auto' !== $highest_fetchpriority ) { printf( ' fetchpriority="%s"', esc_attr( $highest_fetchpriority ) ); } if ( $highest_fetchpriority !== $this->registered[ $id ]['fetchpriority'] && 'auto' !== $this->registered[ $id ]['fetchpriority'] ) { printf( ' data-wp-fetchpriority="%s"', esc_attr( $this->registered[ $id ]['fetchpriority'] ) ); } echo ">\n"; } } /** * Prints the import map using a script tag with a type="importmap" attribute. * * @since 6.5.0 */ public function print_import_map() { $import_map = $this->get_import_map(); if ( ! empty( $import_map['imports'] ) ) { wp_print_inline_script_tag( (string) wp_json_encode( $import_map, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), array( 'type' => 'importmap', 'id' => 'wp-importmap', ) ); } } /** * Returns the import map array. * * @since 6.5.0 * * @return array Array with an `imports` key mapping to an array of script module identifiers and their respective * URLs, including the version query. */ private function get_import_map(): array { $imports = array(); foreach ( array_keys( $this->get_dependencies( $this->queue ) ) as $id ) { $src = $this->get_src( $id ); if ( '' !== $src ) { $imports[ $id ] = $src; } } return array( 'imports' => $imports ); } /** * Retrieves the list of script modules marked for enqueue. * * Even though this is a private method and is unused in core, there are ecosystem plugins accessing it via the * Reflection API. The ecosystem should rather use {@see self::get_queue()}. * * @since 6.5.0 * * @return array<string, array> Script modules marked for enqueue, keyed by script module identifier. */ private function get_marked_for_enqueue(): array { return wp_array_slice_assoc( $this->registered, $this->queue ); } /** * Retrieves all the dependencies for the given script module identifiers, filtered by import types. * * It will consolidate an array containing a set of unique dependencies based * on the requested import types: 'static', 'dynamic', or both. This method is * recursive and also retrieves dependencies of the dependencies. * * @since 6.5.0 * * @param string[] $ids The identifiers of the script modules for which to gather dependencies. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * Default is both. * @return array<string, array> List of dependencies, keyed by script module identifier. */ private function get_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array { $all_dependencies = array(); $id_queue = $ids; while ( ! empty( $id_queue ) ) { $id = array_shift( $id_queue ); if ( ! isset( $this->registered[ $id ] ) ) { continue; } foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) { if ( ! isset( $all_dependencies[ $dependency['id'] ] ) && in_array( $dependency['import'], $import_types, true ) && isset( $this->registered[ $dependency['id'] ] ) ) { $all_dependencies[ $dependency['id'] ] = $this->registered[ $dependency['id'] ]; // Add this dependency to the list to get dependencies for. $id_queue[] = $dependency['id']; } } } return $all_dependencies; } /** * Gets all dependents of a script module. * * This is not recursive. * * @since 6.9.0 * * @see WP_Scripts::get_dependents() * * @param string $id The script ID. * @return string[] Script module IDs. */ private function get_dependents( string $id ): array { // Check if dependents map for the handle in question is present. If so, use it. if ( isset( $this->dependents_map[ $id ] ) ) { return $this->dependents_map[ $id ]; } $dependents = array(); // Iterate over all registered scripts, finding dependents of the script passed to this method. foreach ( $this->registered as $registered_id => $args ) { if ( in_array( $id, wp_list_pluck( $args['dependencies'], 'id' ), true ) ) { $dependents[] = $registered_id; } } // Add the module's dependents to the map to ease future lookups. $this->dependents_map[ $id ] = $dependents; return $dependents; } /** * Gets all recursive dependents of a script module. * * @since 6.9.0 * * @see WP_Scripts::get_dependents() * * @param string $id The script ID. * @return string[] Script module IDs. */ private function get_recursive_dependents( string $id ): array { $dependents = array(); $id_queue = array( $id ); $processed = array(); while ( ! empty( $id_queue ) ) { $current_id = array_shift( $id_queue ); // Skip unregistered or already-processed script modules. if ( ! isset( $this->registered[ $current_id ] ) || isset( $processed[ $current_id ] ) ) { continue; } // Mark as processed to guard against infinite loops from circular dependencies. $processed[ $current_id ] = true; // Find the direct dependents of the current script. foreach ( $this->get_dependents( $current_id ) as $dependent_id ) { // Only add the dependent if we haven't found it before. if ( ! isset( $dependents[ $dependent_id ] ) ) { $dependents[ $dependent_id ] = true; // Add dependency to the queue. $id_queue[] = $dependent_id; } } } return array_keys( $dependents ); } /** * Sorts the given script module identifiers based on their dependencies. * * It will return a list of script module identifiers sorted in the order * they should be printed, so that dependencies are printed before the script * modules that depend on them. * * @since 6.9.0 * * @param string[] $ids The identifiers of the script modules to sort. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * Default is both. * @return string[] Sorted list of script module identifiers. */ private function get_sorted_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array { $sorted = array(); foreach ( $ids as $id ) { $this->sort_item_dependencies( $id, $import_types, $sorted ); } return array_unique( $sorted ); } /** * Recursively sorts the dependencies for a single script module identifier. * * @since 6.9.0 * * @param string $id The identifier of the script module to sort. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * @param string[] &$sorted The array of sorted identifiers, passed by reference. * @return bool True on success, false on failure (e.g., missing dependency). */ private function sort_item_dependencies( string $id, array $import_types, array &$sorted ): bool { // If already processed, don't do it again. if ( in_array( $id, $sorted, true ) ) { return true; } // If the item doesn't exist, fail. if ( ! isset( $this->registered[ $id ] ) ) { return false; } $dependency_ids = array(); foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) { if ( in_array( $dependency['import'], $import_types, true ) ) { $dependency_ids[] = $dependency['id']; } } // If the item requires dependencies that do not exist, fail. $missing_dependencies = array_diff( $dependency_ids, array_keys( $this->registered ) ); if ( count( $missing_dependencies ) > 0 ) { if ( ! in_array( $id, $this->modules_with_missing_dependencies, true ) ) { _doing_it_wrong( get_class( $this ) . '::register', sprintf( /* translators: 1: Script module ID, 2: List of missing dependency IDs. */ __( 'The script module with the ID "%1$s" was enqueued with dependencies that are not registered: %2$s.' ), $id, implode( wp_get_list_item_separator(), $missing_dependencies ) ), '6.9.1' ); $this->modules_with_missing_dependencies[] = $id; } return false; } // Recursively process dependencies. foreach ( $dependency_ids as $dependency_id ) { if ( ! $this->sort_item_dependencies( $dependency_id, $import_types, $sorted ) ) { // A dependency failed to resolve, so this branch fails. return false; } } // All dependencies are sorted, so we can now add the current item. $sorted[] = $id; return true; } /** * Gets the versioned URL for a script module src. * * If $version is set to false, the version number is the currently installed * WordPress version. If $version is set to null, no version is added. * Otherwise, the string passed in $version is used. * * @since 6.5.0 * * @param string $id The script module identifier. * @return string The script module src with a version if relevant. */ private function get_src( string $id ): string { if ( ! isset( $this->registered[ $id ] ) ) { return ''; } $script_module = $this->registered[ $id ]; $src = $script_module['src']; if ( '' !== $src ) { if ( false === $script_module['version'] ) { $src = add_query_arg( 'ver', get_bloginfo( 'version' ), $src ); } elseif ( null !== $script_module['version'] ) { $src = add_query_arg( 'ver', $script_module['version'], $src ); } } /** * Filters the script module source. * * @since 6.5.0 * * @param string $src Module source URL. * @param string $id Module identifier. */ $src = apply_filters( 'script_module_loader_src', $src, $id ); if ( ! is_string( $src ) ) { $src = ''; } return $src; } /** * Print data associated with Script Modules. * * The data will be embedded in the page HTML and can be read by Script Modules on page load. * * @since 6.7.0 * * Data can be associated with a Script Module via the * {@see "script_module_data_{$module_id}"} filter. * * The data for a Script Module will be serialized as JSON in a script tag with an ID of the * form `wp-script-module-data-{$module_id}`. */ public function print_script_module_data(): void { $modules = array(); foreach ( array_unique( $this->queue ) as $id ) { if ( '@wordpress/a11y' === $id ) { $this->a11y_available = true; } $modules[ $id ] = true; } foreach ( array_keys( $this->get_import_map()['imports'] ) as $id ) { if ( '@wordpress/a11y' === $id ) { $this->a11y_available = true; } $modules[ $id ] = true; } foreach ( array_keys( $modules ) as $module_id ) { /** * Filters data associated with a given Script Module. * * Script Modules may require data that is required for initialization or is essential * to have immediately available on page load. These are suitable use cases for * this data. * * The dynamic portion of the hook name, `$module_id`, refers to the Script Module ID * that the data is associated with. * * This is best suited to pass essential data that must be available to the module for * initialization or immediately on page load. It does not replace the REST API or * fetching data from the client. * * Example: * * add_filter( * 'script_module_data_MyScriptModuleID', * function ( array $data ): array { * $data['dataForClient'] = 'ok'; * return $data; * } * ); * * If the filter returns no data (an empty array), nothing will be embedded in the page. * * The data for a given Script Module, if provided, will be JSON serialized in a script * tag with an ID of the form `wp-script-module-data-{$module_id}`. * * The data can be read on the client with a pattern like this: * * Example: * * const dataContainer = document.getElementById( 'wp-script-module-data-MyScriptModuleID' ); * let data = {}; * if ( dataContainer ) { * try { * data = JSON.parse( dataContainer.textContent ); * } catch {} * } * // data.dataForClient === 'ok'; * initMyScriptModuleWithData( data ); * * @since 6.7.0 * * @param array $data The data associated with the Script Module. */ $data = apply_filters( "script_module_data_{$module_id}", array() ); if ( is_array( $data ) && array() !== $data ) { /* * This data will be printed as JSON inside a script tag like this: * <script type="application/json"></script> * * A script tag must be closed by a sequence beginning with `</`. It's impossible to * close a script tag without using `<`. We ensure that `<` is escaped and `/` can * remain unescaped, so `</script>` will be printed as `\u003C/script\u00E3`. * * - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E. * - JSON_UNESCAPED_SLASHES: Don't escape /. * * If the page will use UTF-8 encoding, it's safe to print unescaped unicode: * * - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`). * - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when * JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was * before PHP 7.1 without this constant. Available as of PHP 7.1.0. * * The JSON specification requires encoding in UTF-8, so if the generated HTML page * is not encoded in UTF-8 then it's not safe to include those literals. They must * be escaped to avoid encoding issues. * * @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements. * @see https://www.php.net/manual/en/json.constants.php for details on these constants. * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing. */ $json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS; if ( ! is_utf8_charset() ) { $json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES; } wp_print_inline_script_tag( (string) wp_json_encode( $data, $json_encode_flags ), array( 'type' => 'application/json', 'id' => "wp-script-module-data-{$module_id}", ) ); } } } /** * @access private This is only intended to be called by the registered actions. * * @since 6.7.0 */ public function print_a11y_script_module_html() { if ( ! $this->a11y_available ) { return; } echo '<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;">' . '<p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden>' . esc_html__( 'Notifications' ) . '</p>' . '<div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div>' . '<div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div>' . '</div>'; } } HTTP/https-detection-20260605113855.php 0000666 00000013341 15226703613 0012556 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606102911-20260610192753.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605122225.php 0000666 00000013341 15226703613 0012545 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/functions.wp-scripts-20260605105520.php 0000666 00000035717 15226703613 0013563 0 ustar 00 <?php /** * Dependencies API: Scripts functions * * @since 2.6.0 * * @package WordPress * @subpackage Dependencies */ /** * Initializes $wp_scripts if it has not been set. * * @since 4.2.0 * * @global WP_Scripts $wp_scripts * * @return WP_Scripts WP_Scripts instance. */ function wp_scripts() { global $wp_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { $wp_scripts = new WP_Scripts(); } return $wp_scripts; } /** * Helper function to output a _doing_it_wrong message when applicable. * * @ignore * @since 4.2.0 * @since 5.5.0 Added the `$handle` parameter. * * @param string $function_name Function name. * @param string $handle Optional. Name of the script or stylesheet that was * registered or enqueued too early. Default empty. */ function _wp_scripts_maybe_doing_it_wrong( $function_name, $handle = '' ) { if ( did_action( 'init' ) || did_action( 'wp_enqueue_scripts' ) || did_action( 'admin_enqueue_scripts' ) || did_action( 'login_enqueue_scripts' ) ) { return; } $message = sprintf( /* translators: 1: wp_enqueue_scripts, 2: admin_enqueue_scripts, 3: login_enqueue_scripts */ __( 'Scripts and styles should not be registered or enqueued until the %1$s, %2$s, or %3$s hooks.' ), '<code>wp_enqueue_scripts</code>', '<code>admin_enqueue_scripts</code>', '<code>login_enqueue_scripts</code>' ); if ( $handle ) { $message .= ' ' . sprintf( /* translators: %s: Name of the script or stylesheet. */ __( 'This notice was triggered by the %s handle.' ), '<code>' . $handle . '</code>' ); } _doing_it_wrong( $function_name, $message, '3.3.0' ); } /** * Prints scripts in document head that are in the $handles queue. * * Called by admin-header.php and {@see 'wp_head'} hook. Since it is called by wp_head on every page load, * the function does not instantiate the WP_Scripts object unless script names are explicitly passed. * Makes use of already-instantiated `$wp_scripts` global if present. Use provided {@see 'wp_print_scripts'} * hook to register/enqueue new scripts. * * @see WP_Scripts::do_item() * @since 2.1.0 * * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * * @param string|string[]|false $handles Optional. Scripts to be printed. Default 'false'. * @return string[] On success, an array of handles of processed WP_Dependencies items; otherwise, an empty array. */ function wp_print_scripts( $handles = false ) { global $wp_scripts; /** * Fires before scripts in the $handles queue are printed. * * @since 2.1.0 */ do_action( 'wp_print_scripts' ); if ( '' === $handles ) { // For 'wp_head'. $handles = false; } _wp_scripts_maybe_doing_it_wrong( __FUNCTION__ ); if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { if ( ! $handles ) { return array(); // No need to instantiate if nothing is there. } } return wp_scripts()->do_items( $handles ); } /** * Adds extra code to a registered script. * * Code will only be added if the script is already in the queue. * Accepts a string `$data` containing the code. If two or more code blocks * are added to the same script `$handle`, they will be printed in the order * they were added, i.e. the latter added code can redeclare the previous. * * @since 4.5.0 * * @see WP_Scripts::add_inline_script() * * @param string $handle Name of the script to add the inline script to. * @param string $data String containing the JavaScript to be added. * @param string $position Optional. Whether to add the inline script before the handle * or after. Default 'after'. * @return bool True on success, false on failure. */ function wp_add_inline_script( $handle, $data, $position = 'after' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); if ( false !== stripos( $data, '</script>' ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: <script>, 2: wp_add_inline_script() */ __( 'Do not pass %1$s tags to %2$s.' ), '<code><script></code>', '<code>wp_add_inline_script()</code>' ), '4.5.0' ); $data = trim( preg_replace( '#<script[^>]*>(.*)</script>#is', '$1', $data ) ); } return wp_scripts()->add_inline_script( $handle, $data, $position ); } /** * Registers a new script. * * Registers a script to be enqueued later using the wp_enqueue_script() function. * * @see WP_Dependencies::add() * @see WP_Dependencies::add_data() * * @since 2.1.0 * @since 4.3.0 A return value was added. * @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array. * @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array. * * @param string $handle Name of the script. Should be unique. * @param string|false $src Full URL of the script, or path of the script relative to the WordPress root directory. * If source is set to false, script is an alias of other scripts it depends on. * @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param array|bool $args { * Optional. An array of additional script loading strategies. Default empty array. * Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false. * * @type string $strategy Optional. If provided, may be either 'defer' or 'async'. * @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'. * @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'. * } * @return bool Whether the script has been registered. True on success, false on failure. */ function wp_register_script( $handle, $src, $deps = array(), $ver = false, $args = array() ) { if ( ! is_array( $args ) ) { $args = array( 'in_footer' => (bool) $args, ); } _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); $wp_scripts = wp_scripts(); $registered = $wp_scripts->add( $handle, $src, $deps, $ver ); if ( ! empty( $args['in_footer'] ) ) { $wp_scripts->add_data( $handle, 'group', 1 ); } if ( ! empty( $args['strategy'] ) ) { $wp_scripts->add_data( $handle, 'strategy', $args['strategy'] ); } if ( ! empty( $args['fetchpriority'] ) ) { $wp_scripts->add_data( $handle, 'fetchpriority', $args['fetchpriority'] ); } return $registered; } /** * Localizes a script. * * Works only if the script has already been registered. * * Accepts an associative array `$l10n` and creates a JavaScript object: * * "$object_name": { * key: value, * key: value, * ... * } * * @see WP_Scripts::localize() * @link https://core.trac.wordpress.org/ticket/11520 * * @since 2.2.0 * * @todo Documentation cleanup * * @param string $handle Script handle the data will be attached to. * @param string $object_name Name for the JavaScript object. Passed directly, so it should be qualified JS variable. * Example: '/[a-zA-Z0-9_]+/'. * @param array $l10n The data itself. The data can be either a single or multi-dimensional array. * @return bool True if the script was successfully localized, false otherwise. */ function wp_localize_script( $handle, $object_name, $l10n ) { $wp_scripts = wp_scripts(); return $wp_scripts->localize( $handle, $object_name, $l10n ); } /** * Sets translated strings for a script. * * Works only if the script has already been registered. * * @see WP_Scripts::set_translations() * @since 5.0.0 * @since 5.1.0 The `$domain` parameter was made optional. * * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * * @param string $handle Script handle the textdomain will be attached to. * @param string $domain Optional. Text domain. Default 'default'. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool True if the text domain was successfully localized, false otherwise. */ function wp_set_script_translations( $handle, $domain = 'default', $path = '' ) { global $wp_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return false; } return $wp_scripts->set_translations( $handle, $domain, $path ); } /** * Removes a registered script. * * Note: there are intentional safeguards in place to prevent critical admin scripts, * such as jQuery core, from being unregistered. * * @see WP_Dependencies::remove() * * @since 2.1.0 * * @global string $pagenow The filename of the current screen. * * @param string $handle Name of the script to be removed. */ function wp_deregister_script( $handle ) { global $pagenow; _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); /** * Do not allow accidental or negligent de-registering of critical scripts in the admin. * Show minimal remorse if the correct hook is used. */ $current_filter = current_filter(); if ( ( is_admin() && 'admin_enqueue_scripts' !== $current_filter ) || ( 'wp-login.php' === $pagenow && 'login_enqueue_scripts' !== $current_filter ) ) { $not_allowed = array( 'jquery', 'jquery-core', 'jquery-migrate', 'jquery-ui-core', 'jquery-ui-accordion', 'jquery-ui-autocomplete', 'jquery-ui-button', 'jquery-ui-datepicker', 'jquery-ui-dialog', 'jquery-ui-draggable', 'jquery-ui-droppable', 'jquery-ui-menu', 'jquery-ui-mouse', 'jquery-ui-position', 'jquery-ui-progressbar', 'jquery-ui-resizable', 'jquery-ui-selectable', 'jquery-ui-slider', 'jquery-ui-sortable', 'jquery-ui-spinner', 'jquery-ui-tabs', 'jquery-ui-tooltip', 'jquery-ui-widget', 'underscore', 'backbone', ); if ( in_array( $handle, $not_allowed, true ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: Script name, 2: wp_enqueue_scripts */ __( 'Do not deregister the %1$s script in the administration area. To target the front-end theme, use the %2$s hook.' ), "<code>$handle</code>", '<code>wp_enqueue_scripts</code>' ), '3.6.0' ); return; } } wp_scripts()->remove( $handle ); } /** * Enqueues a script. * * Registers the script if `$src` provided (does NOT overwrite), and enqueues it. * * @see WP_Dependencies::add() * @see WP_Dependencies::add_data() * @see WP_Dependencies::enqueue() * * @since 2.1.0 * @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array. * @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array. * * @param string $handle Name of the script. Should be unique. * @param string $src Full URL of the script, or path of the script relative to the WordPress root directory. * Default empty. * @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param array|bool $args { * Optional. An array of additional script loading strategies. Default empty array. * Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false. * * @type string $strategy Optional. If provided, may be either 'defer' or 'async'. * @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'. * @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'. * } */ function wp_enqueue_script( $handle, $src = '', $deps = array(), $ver = false, $args = array() ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); $wp_scripts = wp_scripts(); if ( $src || ! empty( $args ) ) { $_handle = explode( '?', $handle ); if ( ! is_array( $args ) ) { $args = array( 'in_footer' => (bool) $args, ); } if ( $src ) { $wp_scripts->add( $_handle[0], $src, $deps, $ver ); } if ( ! empty( $args['in_footer'] ) ) { $wp_scripts->add_data( $_handle[0], 'group', 1 ); } if ( ! empty( $args['strategy'] ) ) { $wp_scripts->add_data( $_handle[0], 'strategy', $args['strategy'] ); } if ( ! empty( $args['fetchpriority'] ) ) { $wp_scripts->add_data( $_handle[0], 'fetchpriority', $args['fetchpriority'] ); } } $wp_scripts->enqueue( $handle ); } /** * Removes a previously enqueued script. * * @see WP_Dependencies::dequeue() * * @since 3.1.0 * * @param string $handle Name of the script to be removed. */ function wp_dequeue_script( $handle ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); wp_scripts()->dequeue( $handle ); } /** * Determines whether a script has been added to the queue. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.8.0 * @since 3.5.0 'enqueued' added as an alias of the 'queue' list. * * @param string $handle Name of the script. * @param string $status Optional. Status of the script to check. Default 'enqueued'. * Accepts 'enqueued', 'registered', 'queue', 'to_do', and 'done'. * @return bool Whether the script is queued. */ function wp_script_is( $handle, $status = 'enqueued' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return (bool) wp_scripts()->query( $handle, $status ); } /** * Adds metadata to a script. * * Works only if the script has already been registered. * * Possible values for $key and $value: * 'strategy' string 'defer' or 'async'. * * @since 4.2.0 * @since 6.9.0 Updated possible values to remove reference to 'conditional' and add 'strategy'. * * @see WP_Dependencies::add_data() * * @param string $handle Name of the script. * @param string $key Name of data point for which we're storing a value. * @param mixed $value String containing the data to be added. * @return bool True on success, false on failure. */ function wp_script_add_data( $handle, $key, $value ) { return wp_scripts()->add_data( $handle, $key, $value ); } HTTP/https-detection-20260606103613-20260610011915.php 0000666 00000013341 15226703613 0014125 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605222433.php 0000666 00000013341 15226703613 0012547 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606015631-20260610134703.php 0000666 00000011205 15226703613 0014140 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260607025520-20260609025055.php 0000666 00000013341 15226703613 0014136 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605133608.php 0000666 00000013341 15226703613 0012554 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606165331-20260606232328.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606042318-20260608114336.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605132207.php 0000666 00000013341 15226703613 0012546 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606142425.php 0000666 00000013341 15226703613 0012552 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Parser-20260605024207.php 0000666 00000035551 15226703613 0010673 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Response Parser * @template Psr7Compatible of bool */ class Parser { /** * HTTP Version * * @var float */ public $http_version = 0.0; /** * Status code * * @var int */ public $status_code = 0; /** * Reason phrase * * @var string */ public $reason = ''; /** * @var Psr7Compatible whether headers are compatible with PSR-7 format. */ private $psr7Compatible; /** * Key/value pairs of the headers * * @var (Psr7Compatible is true ? array<string, non-empty-array<string>> : array<string, string>) */ public $headers = []; /** * Body of the response * * @var string */ public $body = ''; private const STATE_HTTP_VERSION = 'http_version'; private const STATE_STATUS = 'status'; private const STATE_REASON = 'reason'; private const STATE_NEW_LINE = 'new_line'; private const STATE_BODY = 'body'; private const STATE_NAME = 'name'; private const STATE_VALUE = 'value'; private const STATE_VALUE_CHAR = 'value_char'; private const STATE_QUOTE = 'quote'; private const STATE_QUOTE_ESCAPED = 'quote_escaped'; private const STATE_QUOTE_CHAR = 'quote_char'; private const STATE_CHUNKED = 'chunked'; private const STATE_EMIT = 'emit'; private const STATE_ERROR = false; /** * Current state of the state machine * * @var self::STATE_* */ protected $state = self::STATE_HTTP_VERSION; /** * Input data * * @var string */ protected $data = ''; /** * Input data length (to avoid calling strlen() everytime this is needed) * * @var int */ protected $data_length = 0; /** * Current position of the pointer * * @var int */ protected $position = 0; /** * Name of the header currently being parsed * * @var string */ protected $name = ''; /** * Value of the header currently being parsed * * @var string */ protected $value = ''; /** * Create an instance of the class with the input data * * @param string $data Input data * @param Psr7Compatible $psr7Compatible Whether the data types are in format compatible with PSR-7. */ public function __construct(string $data, bool $psr7Compatible = false) { $this->data = $data; $this->data_length = strlen($this->data); $this->psr7Compatible = $psr7Compatible; } /** * Parse the input data * * @return bool true on success, false on failure */ public function parse() { while ($this->state && $this->state !== self::STATE_EMIT && $this->has_data()) { $state = $this->state; $this->$state(); } $this->data = ''; if ($this->state === self::STATE_EMIT || $this->state === self::STATE_BODY) { return true; } // Reset the parser state. $this->http_version = 0.0; $this->status_code = 0; $this->reason = ''; $this->headers = []; $this->body = ''; return false; } /** * Check whether there is data beyond the pointer * * @return bool true if there is further data, false if not */ protected function has_data() { return (bool) ($this->position < $this->data_length); } /** * See if the next character is LWS * * @return bool true if the next character is LWS, false if not */ protected function is_linear_whitespace() { return (bool) ($this->data[$this->position] === "\x09" || $this->data[$this->position] === "\x20" || ($this->data[$this->position] === "\x0A" && isset($this->data[$this->position + 1]) && ($this->data[$this->position + 1] === "\x09" || $this->data[$this->position + 1] === "\x20"))); } /** * Parse the HTTP version * @return void */ protected function http_version() { if (strpos($this->data, "\x0A") !== false && strtoupper(substr($this->data, 0, 5)) === 'HTTP/') { $len = strspn($this->data, '0123456789.', 5); $http_version = substr($this->data, 5, $len); $this->position += 5 + $len; if (substr_count($http_version, '.') <= 1) { $this->http_version = (float) $http_version; $this->position += strspn($this->data, "\x09\x20", $this->position); $this->state = self::STATE_STATUS; } else { $this->state = self::STATE_ERROR; } } else { $this->state = self::STATE_ERROR; } } /** * Parse the status code * @return void */ protected function status() { if ($len = strspn($this->data, '0123456789', $this->position)) { $this->status_code = (int) substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_REASON; } else { $this->state = self::STATE_ERROR; } } /** * Parse the reason phrase * @return void */ protected function reason() { $len = strcspn($this->data, "\x0A", $this->position); $this->reason = trim(substr($this->data, $this->position, $len), "\x09\x0D\x20"); $this->position += $len + 1; $this->state = self::STATE_NEW_LINE; } private function add_header(string $name, string $value): void { if ($this->psr7Compatible) { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, non-empty-array<string>> */ $headers = &$this->headers; $headers[$name][] = $value; } else { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, string>) */ $headers = &$this->headers; $headers[$name] .= ', ' . $value; } } private function replace_header(string $name, string $value): void { if ($this->psr7Compatible) { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, non-empty-array<string>> */ $headers = &$this->headers; $headers[$name] = [$value]; } else { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, string>) */ $headers = &$this->headers; $headers[$name] = $value; } } /** * Deal with a new line, shifting data around as needed * @return void */ protected function new_line() { $this->value = trim($this->value, "\x0D\x20"); if ($this->name !== '' && $this->value !== '') { $this->name = strtolower($this->name); // We should only use the last Content-Type header. c.f. issue #1 if (isset($this->headers[$this->name]) && $this->name !== 'content-type') { $this->add_header($this->name, $this->value); } else { $this->replace_header($this->name, $this->value); } } $this->name = ''; $this->value = ''; if (substr($this->data[$this->position], 0, 2) === "\x0D\x0A") { $this->position += 2; $this->state = self::STATE_BODY; } elseif ($this->data[$this->position] === "\x0A") { $this->position++; $this->state = self::STATE_BODY; } else { $this->state = self::STATE_NAME; } } /** * Parse a header name * @return void */ protected function name() { $len = strcspn($this->data, "\x0A:", $this->position); if (isset($this->data[$this->position + $len])) { if ($this->data[$this->position + $len] === "\x0A") { $this->position += $len; $this->state = self::STATE_NEW_LINE; } else { $this->name = substr($this->data, $this->position, $len); $this->position += $len + 1; $this->state = self::STATE_VALUE; } } else { $this->state = self::STATE_ERROR; } } /** * Parse LWS, replacing consecutive LWS characters with a single space * @return void */ protected function linear_whitespace() { do { if (substr($this->data, $this->position, 2) === "\x0D\x0A") { $this->position += 2; } elseif ($this->data[$this->position] === "\x0A") { $this->position++; } $this->position += strspn($this->data, "\x09\x20", $this->position); } while ($this->has_data() && $this->is_linear_whitespace()); $this->value .= "\x20"; } /** * See what state to move to while within non-quoted header values * @return void */ protected function value() { if ($this->is_linear_whitespace()) { $this->linear_whitespace(); } else { switch ($this->data[$this->position]) { case '"': // Workaround for ETags: we have to include the quotes as // part of the tag. if (strtolower($this->name) === 'etag') { $this->value .= '"'; $this->position++; $this->state = self::STATE_VALUE_CHAR; break; } $this->position++; $this->state = self::STATE_QUOTE; break; case "\x0A": $this->position++; $this->state = self::STATE_NEW_LINE; break; default: $this->state = self::STATE_VALUE_CHAR; break; } } } /** * Parse a header value while outside quotes * @return void */ protected function value_char() { $len = strcspn($this->data, "\x09\x20\x0A\"", $this->position); $this->value .= substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_VALUE; } /** * See what state to move to while within quoted header values * @return void */ protected function quote() { if ($this->is_linear_whitespace()) { $this->linear_whitespace(); } else { switch ($this->data[$this->position]) { case '"': $this->position++; $this->state = self::STATE_VALUE; break; case "\x0A": $this->position++; $this->state = self::STATE_NEW_LINE; break; case '\\': $this->position++; $this->state = self::STATE_QUOTE_ESCAPED; break; default: $this->state = self::STATE_QUOTE_CHAR; break; } } } /** * Parse a header value while within quotes * @return void */ protected function quote_char() { $len = strcspn($this->data, "\x09\x20\x0A\"\\", $this->position); $this->value .= substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_VALUE; } /** * Parse an escaped character within quotes * @return void */ protected function quote_escaped() { $this->value .= $this->data[$this->position]; $this->position++; $this->state = self::STATE_QUOTE; } /** * Parse the body * @return void */ protected function body() { $this->body = substr($this->data, $this->position); if (!empty($this->headers['transfer-encoding'])) { unset($this->headers['transfer-encoding']); $this->state = self::STATE_CHUNKED; } else { $this->state = self::STATE_EMIT; } } /** * Parsed a "Transfer-Encoding: chunked" body * @return void */ protected function chunked() { if (!preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', trim($this->body))) { $this->state = self::STATE_EMIT; return; } $decoded = ''; $encoded = $this->body; while (true) { $is_chunked = (bool) preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', $encoded, $matches); if (!$is_chunked) { // Looks like it's not chunked after all $this->state = self::STATE_EMIT; return; } $length = hexdec(trim($matches[1])); // For PHPStan: this will only be float when larger than PHP_INT_MAX. // But even on 32-bit systems, it would mean 2GiB chunk, which sounds unlikely. \assert(\is_int($length), "Length needs to be shorter than PHP_INT_MAX"); if ($length === 0) { // Ignore trailer headers $this->state = self::STATE_EMIT; $this->body = $decoded; return; } $chunk_length = strlen($matches[0]); $decoded .= substr($encoded, $chunk_length, $length); $encoded = substr($encoded, $chunk_length + $length + 2); // BC for PHP < 8.0: substr() can return bool instead of string $encoded = ($encoded === false) ? '' : $encoded; if (trim($encoded) === '0' || empty($encoded)) { $this->state = self::STATE_EMIT; $this->body = $decoded; return; } } } /** * Prepare headers (take care of proxies headers) * * @param string $headers Raw headers * @param non-negative-int $count Redirection count. Default to 1. * * @return string */ public static function prepareHeaders(string $headers, int $count = 1) { $data = explode("\r\n\r\n", $headers, $count); $data = array_pop($data); if (false !== stripos($data, "HTTP/1.0 200 Connection established\r\n")) { $exploded = explode("\r\n\r\n", $data, 2); $data = end($exploded); } if (false !== stripos($data, "HTTP/1.1 200 Connection established\r\n")) { $exploded = explode("\r\n\r\n", $data, 2); $data = end($exploded); } return $data; } } class_alias('SimplePie\HTTP\Parser', 'SimplePie_HTTP_Parser'); HTTP/https-migration-20260607013104.php 0000666 00000011205 15226703613 0012552 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/block-editor-20260605075227.php 0000666 00000071142 15226703613 0012021 0 ustar 00 <?php /** * Block Editor API. * * @package WordPress * @subpackage Editor * @since 5.8.0 */ /** * Returns the list of default categories for block types. * * @since 5.8.0 * @since 6.3.0 Reusable Blocks renamed to Patterns. * * @return array[] Array of categories for block types. */ function get_default_block_categories() { return array( array( 'slug' => 'text', 'title' => _x( 'Text', 'block category' ), 'icon' => null, ), array( 'slug' => 'media', 'title' => _x( 'Media', 'block category' ), 'icon' => null, ), array( 'slug' => 'design', 'title' => _x( 'Design', 'block category' ), 'icon' => null, ), array( 'slug' => 'widgets', 'title' => _x( 'Widgets', 'block category' ), 'icon' => null, ), array( 'slug' => 'theme', 'title' => _x( 'Theme', 'block category' ), 'icon' => null, ), array( 'slug' => 'embed', 'title' => _x( 'Embeds', 'block category' ), 'icon' => null, ), array( 'slug' => 'reusable', 'title' => _x( 'Patterns', 'block category' ), 'icon' => null, ), ); } /** * Returns all the categories for block types that will be shown in the block editor. * * @since 5.0.0 * @since 5.8.0 It is possible to pass the block editor context as param. * * @param WP_Post|WP_Block_Editor_Context $post_or_block_editor_context The current post object or * the block editor context. * * @return array[] Array of categories for block types. */ function get_block_categories( $post_or_block_editor_context ) { $block_categories = get_default_block_categories(); $block_editor_context = $post_or_block_editor_context instanceof WP_Post ? new WP_Block_Editor_Context( array( 'post' => $post_or_block_editor_context, ) ) : $post_or_block_editor_context; /** * Filters the default array of categories for block types. * * @since 5.8.0 * * @param array[] $block_categories Array of categories for block types. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $block_categories = apply_filters( 'block_categories_all', $block_categories, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the default array of categories for block types. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_categories_all'} filter instead. * * @param array[] $block_categories Array of categories for block types. * @param WP_Post $post Post being loaded. */ $block_categories = apply_filters_deprecated( 'block_categories', array( $block_categories, $post ), '5.8.0', 'block_categories_all' ); } return $block_categories; } /** * Gets the list of allowed block types to use in the block editor. * * @since 5.8.0 * * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return bool|string[] Array of block type slugs, or boolean to enable/disable all. */ function get_allowed_block_types( $block_editor_context ) { $allowed_block_types = true; /** * Filters the allowed block types for all editor types. * * @since 5.8.0 * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported). * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $allowed_block_types = apply_filters( 'allowed_block_types_all', $allowed_block_types, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the allowed block types for the editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'allowed_block_types_all'} filter instead. * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported) * @param WP_Post $post The post resource data. */ $allowed_block_types = apply_filters_deprecated( 'allowed_block_types', array( $allowed_block_types, $post ), '5.8.0', 'allowed_block_types_all' ); } return $allowed_block_types; } /** * Returns the default block editor settings. * * @since 5.8.0 * * @return array The default block editor settings. */ function get_default_block_editor_settings() { // Media settings. // wp_max_upload_size() can be expensive, so only call it when relevant for the current user. $max_upload_size = 0; if ( current_user_can( 'upload_files' ) ) { $max_upload_size = wp_max_upload_size(); if ( ! $max_upload_size ) { $max_upload_size = 0; } } /** This filter is documented in wp-admin/includes/media.php */ $image_size_names = apply_filters( 'image_size_names_choose', array( 'thumbnail' => __( 'Thumbnail' ), 'medium' => __( 'Medium' ), 'large' => __( 'Large' ), 'full' => __( 'Full Size' ), ) ); $available_image_sizes = array(); foreach ( $image_size_names as $image_size_slug => $image_size_name ) { $available_image_sizes[] = array( 'slug' => $image_size_slug, 'name' => $image_size_name, ); } $default_size = get_option( 'image_default_size', 'large' ); $image_default_size = in_array( $default_size, array_keys( $image_size_names ), true ) ? $default_size : 'large'; $image_dimensions = array(); $all_sizes = wp_get_registered_image_subsizes(); foreach ( $available_image_sizes as $size ) { $key = $size['slug']; if ( isset( $all_sizes[ $key ] ) ) { $image_dimensions[ $key ] = $all_sizes[ $key ]; } } // These styles are used if the "no theme styles" options is triggered or on // themes without their own editor styles. $default_editor_styles_file = ABSPATH . WPINC . '/css/dist/block-editor/default-editor-styles.css'; static $default_editor_styles_file_contents = false; if ( ! $default_editor_styles_file_contents && file_exists( $default_editor_styles_file ) ) { $default_editor_styles_file_contents = file_get_contents( $default_editor_styles_file ); } $default_editor_styles = array(); if ( $default_editor_styles_file_contents ) { $default_editor_styles = array( array( 'css' => $default_editor_styles_file_contents ), ); } $editor_settings = array( 'alignWide' => get_theme_support( 'align-wide' ), 'allowedBlockTypes' => true, 'allowedMimeTypes' => get_allowed_mime_types(), 'defaultEditorStyles' => $default_editor_styles, 'blockCategories' => get_default_block_categories(), 'isRTL' => is_rtl(), 'imageDefaultSize' => $image_default_size, 'imageDimensions' => $image_dimensions, 'imageEditing' => true, 'imageSizes' => $available_image_sizes, 'maxUploadFileSize' => $max_upload_size, '__experimentalDashboardLink' => admin_url( '/' ), // The following flag is required to enable the new Gallery block format on the mobile apps in 5.9. '__unstableGalleryWithImageBlocks' => true, ); $theme_settings = get_classic_theme_supports_block_editor_settings(); foreach ( $theme_settings as $key => $value ) { $editor_settings[ $key ] = $value; } return $editor_settings; } /** * Returns the block editor settings needed to use the Legacy Widget block which * is not registered by default. * * @since 5.8.0 * * @return array Settings to be used with get_block_editor_settings(). */ function get_legacy_widget_block_editor_settings() { $editor_settings = array(); /** * Filters the list of widget-type IDs that should **not** be offered by the * Legacy Widget block. * * Returning an empty array will make all widgets available. * * @since 5.8.0 * * @param string[] $widgets An array of excluded widget-type IDs. */ $editor_settings['widgetTypesToHideFromLegacyWidgetBlock'] = apply_filters( 'widget_types_to_hide_from_legacy_widget_block', array( 'pages', 'calendar', 'archives', 'media_audio', 'media_image', 'media_gallery', 'media_video', 'search', 'text', 'categories', 'recent-posts', 'recent-comments', 'rss', 'tag_cloud', 'custom_html', 'block', ) ); return $editor_settings; } /** * Collect the block editor assets that need to be loaded into the editor's iframe. * * @since 6.0.0 * @access private * * @global WP_Styles $wp_styles The WP_Styles current instance. * @global WP_Scripts $wp_scripts The WP_Scripts current instance. * * @return array { * The block editor assets. * * @type string|false $styles String containing the HTML for styles. * @type string|false $scripts String containing the HTML for scripts. * } */ function _wp_get_iframed_editor_assets() { global $wp_styles, $wp_scripts; // Keep track of the styles and scripts instance to restore later. $current_wp_styles = $wp_styles; $current_wp_scripts = $wp_scripts; // Create new instances to collect the assets. $wp_styles = new WP_Styles(); $wp_scripts = new WP_Scripts(); /* * Register all currently registered styles and scripts. The actions that * follow enqueue assets, but don't necessarily register them. */ $wp_styles->registered = $current_wp_styles->registered; $wp_scripts->registered = $current_wp_scripts->registered; /* * We generally do not need reset styles for the iframed editor. * However, if it's a classic theme, margins will be added to every block, * which is reset specifically for list items, so classic themes rely on * these reset styles. */ $wp_styles->done = wp_theme_has_theme_json() ? array( 'wp-reset-editor-styles' ) : array(); wp_enqueue_script( 'wp-polyfill' ); // Enqueue the `editorStyle` handles for all core block, and dependencies. wp_enqueue_style( 'wp-edit-blocks' ); if ( current_theme_supports( 'wp-block-styles' ) ) { wp_enqueue_style( 'wp-block-library-theme' ); } /* * We don't want to load EDITOR scripts in the iframe, only enqueue * front-end assets for the content. */ add_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); do_action( 'enqueue_block_assets' ); remove_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Additionally, do enqueue `editorStyle` assets for all blocks, which * contains editor-only styling for blocks (editor content). */ foreach ( $block_registry->get_all_registered() as $block_type ) { if ( isset( $block_type->editor_style_handles ) && is_array( $block_type->editor_style_handles ) ) { foreach ( $block_type->editor_style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } } } /** * Remove the deprecated `print_emoji_styles` handler. * It avoids breaking style generation with a deprecation message. */ $has_emoji_styles = has_action( 'wp_print_styles', 'print_emoji_styles' ); if ( $has_emoji_styles ) { remove_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_styles(); wp_print_font_faces(); wp_print_font_faces_from_style_variations(); $styles = ob_get_clean(); if ( $has_emoji_styles ) { add_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_head_scripts(); wp_print_footer_scripts(); $scripts = ob_get_clean(); // Restore the original instances. $wp_styles = $current_wp_styles; $wp_scripts = $current_wp_scripts; return array( 'styles' => $styles, 'scripts' => $scripts, ); } /** * Finds the first occurrence of a specific block in an array of blocks. * * @since 6.3.0 * * @param array $blocks Array of blocks. * @param string $block_name Name of the block to find. * @return array Found block, or empty array if none found. */ function wp_get_first_block( $blocks, $block_name ) { foreach ( $blocks as $block ) { if ( $block_name === $block['blockName'] ) { return $block; } if ( ! empty( $block['innerBlocks'] ) ) { $found_block = wp_get_first_block( $block['innerBlocks'], $block_name ); if ( ! empty( $found_block ) ) { return $found_block; } } } return array(); } /** * Retrieves Post Content block attributes from the current post template. * * @since 6.3.0 * @since 6.4.0 Return null if there is no post content block. * @access private * * @global int $post_ID * * @return array|null Post Content block attributes array or null if Post Content block doesn't exist. */ function wp_get_post_content_block_attributes() { global $post_ID; $is_block_theme = wp_is_block_theme(); if ( ! $is_block_theme || ! $post_ID ) { return null; } $template_slug = get_page_template_slug( $post_ID ); if ( ! $template_slug ) { $post_slug = 'singular'; $page_slug = 'singular'; $template_types = get_block_templates(); foreach ( $template_types as $template_type ) { if ( 'page' === $template_type->slug ) { $page_slug = 'page'; } if ( 'single' === $template_type->slug ) { $post_slug = 'single'; } } $what_post_type = get_post_type( $post_ID ); switch ( $what_post_type ) { case 'page': $template_slug = $page_slug; break; default: $template_slug = $post_slug; break; } } $current_template = get_block_templates( array( 'slug__in' => array( $template_slug ) ) ); if ( ! empty( $current_template ) ) { $template_blocks = parse_blocks( $current_template[0]->content ); $post_content_block = wp_get_first_block( $template_blocks, 'core/post-content' ); if ( isset( $post_content_block['attrs'] ) ) { return $post_content_block['attrs']; } } return null; } /** * Returns the contextualized block editor settings for a selected editor context. * * @since 5.8.0 * * @param array $custom_settings Custom settings to use with the given editor type. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return array The contextualized block editor settings. */ function get_block_editor_settings( array $custom_settings, $block_editor_context ) { $editor_settings = array_merge( get_default_block_editor_settings(), array( 'allowedBlockTypes' => get_allowed_block_types( $block_editor_context ), 'blockCategories' => get_block_categories( $block_editor_context ), ), $custom_settings ); $editor_settings['__experimentalBlockBindingsSupportedAttributes'] = array(); foreach ( array_keys( WP_Block_Type_Registry::get_instance()->get_all_registered() ) as $block_type ) { $supported_block_attributes = get_block_bindings_supported_attributes( $block_type ); if ( ! empty( $supported_block_attributes ) ) { $editor_settings['__experimentalBlockBindingsSupportedAttributes'][ $block_type ] = $supported_block_attributes; } } $global_styles = array(); $presets = array( array( 'css' => 'variables', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), array( 'css' => 'presets', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), ); foreach ( $presets as $preset_style ) { $actual_css = wp_get_global_stylesheet( array( $preset_style['css'] ) ); if ( '' !== $actual_css ) { $preset_style['css'] = $actual_css; $global_styles[] = $preset_style; } } if ( wp_theme_has_theme_json() ) { $block_classes = array( 'css' => 'styles', '__unstableType' => 'theme', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } /* * Add the custom CSS as a separate stylesheet so any invalid CSS * entered by users does not break other global styles. */ $global_styles[] = array( 'css' => wp_get_global_stylesheet( array( 'custom-css' ) ), '__unstableType' => 'user', 'isGlobalStyles' => true, ); } else { // If there is no `theme.json` file, ensure base layout styles are still available. $block_classes = array( 'css' => 'base-layout-styles', '__unstableType' => 'base-layout', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } } $editor_settings['styles'] = array_merge( $global_styles, get_block_editor_theme_styles() ); $editor_settings['__experimentalFeatures'] = wp_get_global_settings(); // These settings may need to be updated based on data coming from theme.json sources. if ( isset( $editor_settings['__experimentalFeatures']['color']['palette'] ) ) { $colors_by_origin = $editor_settings['__experimentalFeatures']['color']['palette']; $editor_settings['colors'] = isset( $colors_by_origin['custom'] ) ? $colors_by_origin['custom'] : ( isset( $colors_by_origin['theme'] ) ? $colors_by_origin['theme'] : $colors_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['gradients'] ) ) { $gradients_by_origin = $editor_settings['__experimentalFeatures']['color']['gradients']; $editor_settings['gradients'] = isset( $gradients_by_origin['custom'] ) ? $gradients_by_origin['custom'] : ( isset( $gradients_by_origin['theme'] ) ? $gradients_by_origin['theme'] : $gradients_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['fontSizes'] ) ) { $font_sizes_by_origin = $editor_settings['__experimentalFeatures']['typography']['fontSizes']; $editor_settings['fontSizes'] = isset( $font_sizes_by_origin['custom'] ) ? $font_sizes_by_origin['custom'] : ( isset( $font_sizes_by_origin['theme'] ) ? $font_sizes_by_origin['theme'] : $font_sizes_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['custom'] ) ) { $editor_settings['disableCustomColors'] = ! $editor_settings['__experimentalFeatures']['color']['custom']; unset( $editor_settings['__experimentalFeatures']['color']['custom'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ) ) { $editor_settings['disableCustomGradients'] = ! $editor_settings['__experimentalFeatures']['color']['customGradient']; unset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ) ) { $editor_settings['disableCustomFontSizes'] = ! $editor_settings['__experimentalFeatures']['typography']['customFontSize']; unset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ) ) { $editor_settings['enableCustomLineHeight'] = $editor_settings['__experimentalFeatures']['typography']['lineHeight']; unset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['units'] ) ) { $editor_settings['enableCustomUnits'] = $editor_settings['__experimentalFeatures']['spacing']['units']; unset( $editor_settings['__experimentalFeatures']['spacing']['units'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ) ) { $editor_settings['enableCustomSpacing'] = $editor_settings['__experimentalFeatures']['spacing']['padding']; unset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ) ) { $editor_settings['disableCustomSpacingSizes'] = ! $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize']; unset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['spacingSizes'] ) ) { $spacing_sizes_by_origin = $editor_settings['__experimentalFeatures']['spacing']['spacingSizes']; $editor_settings['spacingSizes'] = isset( $spacing_sizes_by_origin['custom'] ) ? $spacing_sizes_by_origin['custom'] : ( isset( $spacing_sizes_by_origin['theme'] ) ? $spacing_sizes_by_origin['theme'] : $spacing_sizes_by_origin['default'] ); } $editor_settings['__unstableResolvedAssets'] = _wp_get_iframed_editor_assets(); $editor_settings['__unstableIsBlockBasedTheme'] = wp_is_block_theme(); $editor_settings['localAutosaveInterval'] = 15; $editor_settings['disableLayoutStyles'] = current_theme_supports( 'disable-layout-styles' ); $editor_settings['__experimentalDiscussionSettings'] = array( 'commentOrder' => get_option( 'comment_order' ), 'commentsPerPage' => get_option( 'comments_per_page' ), 'defaultCommentsPage' => get_option( 'default_comments_page' ), 'pageComments' => get_option( 'page_comments' ), 'threadComments' => get_option( 'thread_comments' ), 'threadCommentsDepth' => get_option( 'thread_comments_depth' ), 'defaultCommentStatus' => get_option( 'default_comment_status' ), 'avatarURL' => get_avatar_url( '', array( 'size' => 96, 'force_default' => true, 'default' => get_option( 'avatar_default' ), ) ), ); $post_content_block_attributes = wp_get_post_content_block_attributes(); if ( isset( $post_content_block_attributes ) ) { $editor_settings['postContentAttributes'] = $post_content_block_attributes; } $editor_settings['canUpdateBlockBindings'] = current_user_can( 'edit_block_binding', $block_editor_context ); /** * Filters the settings to pass to the block editor for all editor type. * * @since 5.8.0 * * @param array $editor_settings Default editor settings. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $editor_settings = apply_filters( 'block_editor_settings_all', $editor_settings, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the settings to pass to the block editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_settings_all'} filter instead. * * @param array $editor_settings Default editor settings. * @param WP_Post $post Post being edited. */ $editor_settings = apply_filters_deprecated( 'block_editor_settings', array( $editor_settings, $post ), '5.8.0', 'block_editor_settings_all' ); } return $editor_settings; } /** * Preloads common data used with the block editor by specifying an array of * REST API paths that will be preloaded for a given block editor context. * * @since 5.8.0 * * @global WP_Post $post Global post object. * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * @global WP_Styles $wp_styles The WP_Styles object for printing styles. * * @param (string|string[])[] $preload_paths List of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ function block_editor_rest_api_preload( array $preload_paths, $block_editor_context ) { global $post, $wp_scripts, $wp_styles; /** * Filters the array of REST API paths that will be used to preloaded common data for the block editor. * * @since 5.8.0 * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $preload_paths = apply_filters( 'block_editor_rest_api_preload_paths', $preload_paths, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $selected_post = $block_editor_context->post; /** * Filters the array of paths that will be preloaded. * * Preload common data by specifying an array of REST API paths that will be preloaded. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_rest_api_preload_paths'} filter instead. * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Post $selected_post Post being edited. */ $preload_paths = apply_filters_deprecated( 'block_editor_preload_paths', array( $preload_paths, $selected_post ), '5.8.0', 'block_editor_rest_api_preload_paths' ); } if ( empty( $preload_paths ) ) { return; } /* * Ensure the global $post, $wp_scripts, and $wp_styles remain the same after * API data is preloaded. * Because API preloading can call the_content and other filters, plugins * can unexpectedly modify the global $post or enqueue assets which are not * intended for the block editor. */ $backup_global_post = ! empty( $post ) ? clone $post : $post; $backup_wp_scripts = ! empty( $wp_scripts ) ? clone $wp_scripts : $wp_scripts; $backup_wp_styles = ! empty( $wp_styles ) ? clone $wp_styles : $wp_styles; foreach ( $preload_paths as &$path ) { if ( is_string( $path ) && ! str_starts_with( $path, '/' ) ) { $path = '/' . $path; continue; } if ( is_array( $path ) && is_string( $path[0] ) && ! str_starts_with( $path[0], '/' ) ) { $path[0] = '/' . $path[0]; } } unset( $path ); $preload_data = array_reduce( $preload_paths, 'rest_preload_api_request', array() ); // Restore the global $post, $wp_scripts, and $wp_styles as they were before API preloading. $post = $backup_global_post; $wp_scripts = $backup_wp_scripts; $wp_styles = $backup_wp_styles; wp_add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createPreloadingMiddleware( %s ) );', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Creates an array of theme styles to load into the block editor. * * @since 5.8.0 * * @global array $editor_styles * * @return array An array of theme styles for the block editor. */ function get_block_editor_theme_styles() { global $editor_styles; $styles = array(); if ( $editor_styles && current_theme_supports( 'editor-styles' ) ) { foreach ( $editor_styles as $style ) { if ( preg_match( '~^(https?:)?//~', $style ) ) { $response = wp_remote_get( $style ); if ( ! is_wp_error( $response ) ) { $styles[] = array( 'css' => wp_remote_retrieve_body( $response ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } else { $file = get_theme_file_path( $style ); if ( is_file( $file ) ) { $styles[] = array( 'css' => file_get_contents( $file ), 'baseURL' => get_theme_file_uri( $style ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } } } return $styles; } /** * Returns the classic theme supports settings for block editor. * * @since 6.2.0 * @since 6.6.0 Add support for 'editor-spacing-sizes' theme support. * * @return array The classic theme supports settings. */ function get_classic_theme_supports_block_editor_settings() { $theme_settings = array( 'disableCustomColors' => get_theme_support( 'disable-custom-colors' ), 'disableCustomFontSizes' => get_theme_support( 'disable-custom-font-sizes' ), 'disableCustomGradients' => get_theme_support( 'disable-custom-gradients' ), 'disableLayoutStyles' => get_theme_support( 'disable-layout-styles' ), 'enableCustomLineHeight' => get_theme_support( 'custom-line-height' ), 'enableCustomSpacing' => get_theme_support( 'custom-spacing' ), 'enableCustomUnits' => get_theme_support( 'custom-units' ), ); // Theme settings. $color_palette = current( (array) get_theme_support( 'editor-color-palette' ) ); if ( false !== $color_palette ) { $theme_settings['colors'] = $color_palette; } $font_sizes = current( (array) get_theme_support( 'editor-font-sizes' ) ); if ( false !== $font_sizes ) { $theme_settings['fontSizes'] = $font_sizes; } $gradient_presets = current( (array) get_theme_support( 'editor-gradient-presets' ) ); if ( false !== $gradient_presets ) { $theme_settings['gradients'] = $gradient_presets; } $spacing_sizes = current( (array) get_theme_support( 'editor-spacing-sizes' ) ); if ( false !== $spacing_sizes ) { $theme_settings['spacingSizes'] = $spacing_sizes; } return $theme_settings; } /** * Initialize site preview. * * This function sets IFRAME_REQUEST to true if the site preview parameter is set. * * @since 6.8.0 */ function wp_initialize_site_preview_hooks() { if ( ! defined( 'IFRAME_REQUEST' ) && isset( $_GET['wp_site_preview'] ) && 1 === (int) $_GET['wp_site_preview'] && current_user_can( 'edit_theme_options' ) ) { define( 'IFRAME_REQUEST', true ); } } HTTP/https-migration-20260607015444-20260608145631.php 0000666 00000011205 15226703613 0014154 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/script-loader-react-refresh-runtime.min.php 0000666 00000000124 15226703613 0015605 0 ustar 00 <?php return array('dependencies' => array(), 'version' => '8f1acdfb845f670b0ef2'); HTTP/https-migration-20260605171955.php 0000666 00000011205 15226703613 0012573 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605140327-20260610014532.php 0000666 00000011205 15226703613 0014135 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260607025520-20260609172536.php 0000666 00000013341 15226703613 0014145 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-theme-json-20260605041122.php 0000666 00000500773 15226703613 0013235 0 ustar 00 <?php /** * WP_Theme_JSON class * * @package WordPress * @subpackage Theme * @since 5.8.0 */ /** * Class that encapsulates the processing of structures that adhere to the theme.json spec. * * This class is for internal core usage and is not supposed to be used by extenders (plugins and/or themes). * This is a low-level API that may need to do breaking changes. Please, * use get_global_settings, get_global_styles, and get_global_stylesheet instead. * * @access private */ #[AllowDynamicProperties] class WP_Theme_JSON { /** * Container of data in theme.json format. * * @since 5.8.0 * @var array */ protected $theme_json = null; /** * Holds block metadata extracted from block.json * to be shared among all instances so we don't * process it twice. * * @since 5.8.0 * @since 6.1.0 Initialize as an empty array. * @var array */ protected static $blocks_metadata = array(); /** * The CSS selector for the top-level preset settings. * * @since 6.6.0 * @var string */ const ROOT_CSS_PROPERTIES_SELECTOR = ':root'; /** * The CSS selector for the top-level styles. * * @since 5.8.0 * @var string */ const ROOT_BLOCK_SELECTOR = 'body'; /** * The sources of data this object can represent. * * @since 5.8.0 * @since 6.1.0 Added 'blocks'. * @var string[] */ const VALID_ORIGINS = array( 'default', 'blocks', 'theme', 'custom', ); /** * Presets are a set of values that serve * to bootstrap some styles: colors, font sizes, etc. * * They are a unkeyed array of values such as: * * array( * array( * 'slug' => 'unique-name-within-the-set', * 'name' => 'Name for the UI', * <value_key> => 'value' * ), * ) * * This contains the necessary metadata to process them: * * - path => Where to find the preset within the settings section. * - prevent_override => Disables override of default presets by theme presets. * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults by setting this false. * - use_default_names => whether to use the default names * - value_key => the key that represents the value * - value_func => optionally, instead of value_key, a function to generate * the value that takes a preset as an argument * (either value_key or value_func should be present) * - css_vars => template string to use in generating the CSS Custom Property. * Example output: "--wp--preset--duotone--blue: <value>" will generate as many CSS Custom Properties as presets defined * substituting the $slug for the slug's value for each preset value. * - classes => array containing a structure with the classes to * generate for the presets, where for each array item * the key is the class name and the value the property name. * The "$slug" substring will be replaced by the slug of each preset. * For example: * 'classes' => array( * '.has-$slug-color' => 'color', * '.has-$slug-background-color' => 'background-color', * '.has-$slug-border-color' => 'border-color', * ) * - properties => array of CSS properties to be used by kses to * validate the content of each preset * by means of the remove_insecure_properties method. * * @since 5.8.0 * @since 5.9.0 Added the `color.duotone` and `typography.fontFamilies` presets, * `use_default_names` preset key, and simplified the metadata structure. * @since 6.0.0 Replaced `override` with `prevent_override` and updated the * `prevent_override` value for `color.duotone` to use `color.defaultDuotone`. * @since 6.2.0 Added 'shadow' presets. * @since 6.3.0 Replaced value_func for duotone with `null`. Custom properties are handled by class-wp-duotone.php. * @since 6.6.0 Added the `dimensions.aspectRatios` and `dimensions.defaultAspectRatios` presets. * Updated the 'prevent_override' value for font size presets to use 'typography.defaultFontSizes' * and spacing size presets to use `spacing.defaultSpacingSizes`. * @since 6.9.0 Added `border.radiusSizes`. * @var array */ const PRESETS_METADATA = array( array( 'path' => array( 'dimensions', 'aspectRatios' ), 'prevent_override' => array( 'dimensions', 'defaultAspectRatios' ), 'use_default_names' => false, 'value_key' => 'ratio', 'css_vars' => '--wp--preset--aspect-ratio--$slug', 'classes' => array(), 'properties' => array( 'aspect-ratio' ), ), array( 'path' => array( 'color', 'palette' ), 'prevent_override' => array( 'color', 'defaultPalette' ), 'use_default_names' => false, 'value_key' => 'color', 'css_vars' => '--wp--preset--color--$slug', 'classes' => array( '.has-$slug-color' => 'color', '.has-$slug-background-color' => 'background-color', '.has-$slug-border-color' => 'border-color', ), 'properties' => array( 'color', 'background-color', 'border-color' ), ), array( 'path' => array( 'color', 'gradients' ), 'prevent_override' => array( 'color', 'defaultGradients' ), 'use_default_names' => false, 'value_key' => 'gradient', 'css_vars' => '--wp--preset--gradient--$slug', 'classes' => array( '.has-$slug-gradient-background' => 'background' ), 'properties' => array( 'background' ), ), array( 'path' => array( 'color', 'duotone' ), 'prevent_override' => array( 'color', 'defaultDuotone' ), 'use_default_names' => false, 'value_func' => null, // CSS Custom Properties for duotone are handled by block supports in class-wp-duotone.php. 'css_vars' => null, 'classes' => array(), 'properties' => array( 'filter' ), ), array( 'path' => array( 'typography', 'fontSizes' ), 'prevent_override' => array( 'typography', 'defaultFontSizes' ), 'use_default_names' => true, 'value_func' => 'wp_get_typography_font_size_value', 'css_vars' => '--wp--preset--font-size--$slug', 'classes' => array( '.has-$slug-font-size' => 'font-size' ), 'properties' => array( 'font-size' ), ), array( 'path' => array( 'typography', 'fontFamilies' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'fontFamily', 'css_vars' => '--wp--preset--font-family--$slug', 'classes' => array( '.has-$slug-font-family' => 'font-family' ), 'properties' => array( 'font-family' ), ), array( 'path' => array( 'spacing', 'spacingSizes' ), 'prevent_override' => array( 'spacing', 'defaultSpacingSizes' ), 'use_default_names' => true, 'value_key' => 'size', 'css_vars' => '--wp--preset--spacing--$slug', 'classes' => array(), 'properties' => array( 'padding', 'margin' ), ), array( 'path' => array( 'shadow', 'presets' ), 'prevent_override' => array( 'shadow', 'defaultPresets' ), 'use_default_names' => false, 'value_key' => 'shadow', 'css_vars' => '--wp--preset--shadow--$slug', 'classes' => array(), 'properties' => array( 'box-shadow' ), ), array( 'path' => array( 'border', 'radiusSizes' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'size', 'css_vars' => '--wp--preset--border-radius--$slug', 'classes' => array(), 'properties' => array( 'border-radius' ), ), ); /** * Metadata for style properties. * * Each element is a direct mapping from the CSS property name to the * path to the value in theme.json & block attributes. * * @since 5.8.0 * @since 5.9.0 Added the `border-*`, `font-family`, `font-style`, `font-weight`, * `letter-spacing`, `margin-*`, `padding-*`, `--wp--style--block-gap`, * `text-decoration`, `text-transform`, and `filter` properties, * simplified the metadata structure. * @since 6.1.0 Added the `border-*-color`, `border-*-width`, `border-*-style`, * `--wp--style--root--padding-*`, and `box-shadow` properties, * removed the `--wp--style--block-gap` property. * @since 6.2.0 Added `outline-*`, and `min-height` properties. * @since 6.3.0 Added `column-count` property. * @since 6.4.0 Added `writing-mode` property. * @since 6.5.0 Added `aspect-ratio` property. * @since 6.6.0 Added `background-[image|position|repeat|size]` properties. * @since 6.7.0 Added `background-attachment` property. * @var array */ const PROPERTIES_METADATA = array( 'aspect-ratio' => array( 'dimensions', 'aspectRatio' ), 'background' => array( 'color', 'gradient' ), 'background-color' => array( 'color', 'background' ), 'background-image' => array( 'background', 'backgroundImage' ), 'background-position' => array( 'background', 'backgroundPosition' ), 'background-repeat' => array( 'background', 'backgroundRepeat' ), 'background-size' => array( 'background', 'backgroundSize' ), 'background-attachment' => array( 'background', 'backgroundAttachment' ), 'border-radius' => array( 'border', 'radius' ), 'border-top-left-radius' => array( 'border', 'radius', 'topLeft' ), 'border-top-right-radius' => array( 'border', 'radius', 'topRight' ), 'border-bottom-left-radius' => array( 'border', 'radius', 'bottomLeft' ), 'border-bottom-right-radius' => array( 'border', 'radius', 'bottomRight' ), 'border-color' => array( 'border', 'color' ), 'border-width' => array( 'border', 'width' ), 'border-style' => array( 'border', 'style' ), 'border-top-color' => array( 'border', 'top', 'color' ), 'border-top-width' => array( 'border', 'top', 'width' ), 'border-top-style' => array( 'border', 'top', 'style' ), 'border-right-color' => array( 'border', 'right', 'color' ), 'border-right-width' => array( 'border', 'right', 'width' ), 'border-right-style' => array( 'border', 'right', 'style' ), 'border-bottom-color' => array( 'border', 'bottom', 'color' ), 'border-bottom-width' => array( 'border', 'bottom', 'width' ), 'border-bottom-style' => array( 'border', 'bottom', 'style' ), 'border-left-color' => array( 'border', 'left', 'color' ), 'border-left-width' => array( 'border', 'left', 'width' ), 'border-left-style' => array( 'border', 'left', 'style' ), 'color' => array( 'color', 'text' ), 'text-align' => array( 'typography', 'textAlign' ), 'column-count' => array( 'typography', 'textColumns' ), 'font-family' => array( 'typography', 'fontFamily' ), 'font-size' => array( 'typography', 'fontSize' ), 'font-style' => array( 'typography', 'fontStyle' ), 'font-weight' => array( 'typography', 'fontWeight' ), 'letter-spacing' => array( 'typography', 'letterSpacing' ), 'line-height' => array( 'typography', 'lineHeight' ), 'margin' => array( 'spacing', 'margin' ), 'margin-top' => array( 'spacing', 'margin', 'top' ), 'margin-right' => array( 'spacing', 'margin', 'right' ), 'margin-bottom' => array( 'spacing', 'margin', 'bottom' ), 'margin-left' => array( 'spacing', 'margin', 'left' ), 'min-height' => array( 'dimensions', 'minHeight' ), 'outline-color' => array( 'outline', 'color' ), 'outline-offset' => array( 'outline', 'offset' ), 'outline-style' => array( 'outline', 'style' ), 'outline-width' => array( 'outline', 'width' ), 'padding' => array( 'spacing', 'padding' ), 'padding-top' => array( 'spacing', 'padding', 'top' ), 'padding-right' => array( 'spacing', 'padding', 'right' ), 'padding-bottom' => array( 'spacing', 'padding', 'bottom' ), 'padding-left' => array( 'spacing', 'padding', 'left' ), '--wp--style--root--padding' => array( 'spacing', 'padding' ), '--wp--style--root--padding-top' => array( 'spacing', 'padding', 'top' ), '--wp--style--root--padding-right' => array( 'spacing', 'padding', 'right' ), '--wp--style--root--padding-bottom' => array( 'spacing', 'padding', 'bottom' ), '--wp--style--root--padding-left' => array( 'spacing', 'padding', 'left' ), 'text-decoration' => array( 'typography', 'textDecoration' ), 'text-transform' => array( 'typography', 'textTransform' ), 'filter' => array( 'filter', 'duotone' ), 'box-shadow' => array( 'shadow' ), 'writing-mode' => array( 'typography', 'writingMode' ), ); /** * Indirect metadata for style properties that are not directly output. * * Each element maps from a CSS property name to an array of * paths to the value in theme.json & block attributes. * * Indirect properties are not output directly by `compute_style_properties`, * but are used elsewhere in the processing of global styles. The indirect * property is used to validate whether a style value is allowed. * * @since 6.2.0 * @since 6.6.0 Added background-image properties. * @var array */ const INDIRECT_PROPERTIES_METADATA = array( 'gap' => array( array( 'spacing', 'blockGap' ), ), 'column-gap' => array( array( 'spacing', 'blockGap', 'left' ), ), 'row-gap' => array( array( 'spacing', 'blockGap', 'top' ), ), 'max-width' => array( array( 'layout', 'contentSize' ), array( 'layout', 'wideSize' ), ), 'background-image' => array( array( 'background', 'backgroundImage', 'url' ), ), ); /** * Protected style properties. * * These style properties are only rendered if a setting enables it * via a value other than `null`. * * Each element maps the style property to the corresponding theme.json * setting key. * * @since 5.9.0 * @var array */ const PROTECTED_PROPERTIES = array( 'spacing.blockGap' => array( 'spacing', 'blockGap' ), ); /** * The top-level keys a theme.json can have. * * @since 5.8.0 As `ALLOWED_TOP_LEVEL_KEYS`. * @since 5.9.0 Renamed from `ALLOWED_TOP_LEVEL_KEYS` to `VALID_TOP_LEVEL_KEYS`, * added the `customTemplates` and `templateParts` values. * @since 6.3.0 Added the `description` value. * @since 6.6.0 Added `blockTypes` to support block style variation theme.json partials. * @var string[] */ const VALID_TOP_LEVEL_KEYS = array( 'blockTypes', 'customTemplates', 'description', 'patterns', 'settings', 'slug', 'styles', 'templateParts', 'title', 'version', ); /** * The valid properties under the settings key. * * @since 5.8.0 As `ALLOWED_SETTINGS`. * @since 5.9.0 Renamed from `ALLOWED_SETTINGS` to `VALID_SETTINGS`, * added new properties for `border`, `color`, `spacing`, * and `typography`, and renamed others according to the new schema. * @since 6.0.0 Added `color.defaultDuotone`. * @since 6.1.0 Added `layout.definitions` and `useRootPaddingAwareAlignments`. * @since 6.2.0 Added `dimensions.minHeight`, 'shadow.presets', 'shadow.defaultPresets', * `position.fixed` and `position.sticky`. * @since 6.3.0 Added support for `typography.textColumns`, removed `layout.definitions`. * @since 6.4.0 Added support for `layout.allowEditing`, `background.backgroundImage`, * `typography.writingMode`, `lightbox.enabled` and `lightbox.allowEditing`. * @since 6.5.0 Added support for `layout.allowCustomContentAndWideSize`, * `background.backgroundSize` and `dimensions.aspectRatio`. * @since 6.6.0 Added support for 'dimensions.aspectRatios', 'dimensions.defaultAspectRatios', * 'typography.defaultFontSizes', and 'spacing.defaultSpacingSizes'. * @since 6.9.0 Added support for `border.radiusSizes`. * @var array */ const VALID_SETTINGS = array( 'appearanceTools' => null, 'useRootPaddingAwareAlignments' => null, 'background' => array( 'backgroundImage' => null, 'backgroundSize' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'radiusSizes' => null, 'style' => null, 'width' => null, ), 'color' => array( 'background' => null, 'custom' => null, 'customDuotone' => null, 'customGradient' => null, 'defaultDuotone' => null, 'defaultGradients' => null, 'defaultPalette' => null, 'duotone' => null, 'gradients' => null, 'link' => null, 'heading' => null, 'button' => null, 'caption' => null, 'palette' => null, 'text' => null, ), 'custom' => null, 'dimensions' => array( 'aspectRatio' => null, 'aspectRatios' => null, 'defaultAspectRatios' => null, 'minHeight' => null, ), 'layout' => array( 'contentSize' => null, 'wideSize' => null, 'allowEditing' => null, 'allowCustomContentAndWideSize' => null, ), 'lightbox' => array( 'enabled' => null, 'allowEditing' => null, ), 'position' => array( 'fixed' => null, 'sticky' => null, ), 'spacing' => array( 'customSpacingSize' => null, 'defaultSpacingSizes' => null, 'spacingSizes' => null, 'spacingScale' => null, 'blockGap' => null, 'margin' => null, 'padding' => null, 'units' => null, ), 'shadow' => array( 'presets' => null, 'defaultPresets' => null, ), 'typography' => array( 'fluid' => null, 'customFontSize' => null, 'defaultFontSizes' => null, 'dropCap' => null, 'fontFamilies' => null, 'fontSizes' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), ); /** * The valid properties for fontFamilies under settings key. * * @since 6.5.0 * @var array */ const FONT_FAMILY_SCHEMA = array( array( 'fontFamily' => null, 'name' => null, 'slug' => null, 'fontFace' => array( array( 'ascentOverride' => null, 'descentOverride' => null, 'fontDisplay' => null, 'fontFamily' => null, 'fontFeatureSettings' => null, 'fontStyle' => null, 'fontStretch' => null, 'fontVariationSettings' => null, 'fontWeight' => null, 'lineGapOverride' => null, 'sizeAdjust' => null, 'src' => null, 'unicodeRange' => null, ), ), ), ); /** * The valid properties under the styles key. * * @since 5.8.0 As `ALLOWED_STYLES`. * @since 5.9.0 Renamed from `ALLOWED_STYLES` to `VALID_STYLES`, * added new properties for `border`, `filter`, `spacing`, * and `typography`. * @since 6.1.0 Added new side properties for `border`, * added new property `shadow`, * updated `blockGap` to be allowed at any level. * @since 6.2.0 Added `outline`, and `minHeight` properties. * @since 6.3.0 Added support for `typography.textColumns`. * @since 6.5.0 Added support for `dimensions.aspectRatio`. * @since 6.6.0 Added `background` sub properties to top-level only. * @var array */ const VALID_STYLES = array( 'background' => array( 'backgroundImage' => null, 'backgroundPosition' => null, 'backgroundRepeat' => null, 'backgroundSize' => null, 'backgroundAttachment' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'style' => null, 'width' => null, 'top' => null, 'right' => null, 'bottom' => null, 'left' => null, ), 'color' => array( 'background' => null, 'gradient' => null, 'text' => null, ), 'dimensions' => array( 'aspectRatio' => null, 'minHeight' => null, ), 'filter' => array( 'duotone' => null, ), 'outline' => array( 'color' => null, 'offset' => null, 'style' => null, 'width' => null, ), 'shadow' => null, 'spacing' => array( 'margin' => null, 'padding' => null, 'blockGap' => null, ), 'typography' => array( 'fontFamily' => null, 'fontSize' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), 'css' => null, ); /** * Defines which pseudo selectors are enabled for which elements. * * The order of the selectors should be: link, any-link, visited, hover, focus, focus-visible, active. * This is to ensure the user action (hover, focus and active) styles have a higher * specificity than the visited styles, which in turn have a higher specificity than * the unvisited styles. * * See https://core.trac.wordpress.org/ticket/56928. * Note: this will affect both top-level and block-level elements. * * @since 6.1.0 * @since 6.2.0 Added support for ':link' and ':any-link'. * @since 6.8.0 Added support for ':focus-visible'. * @since 6.9.0 Added `textInput` and `select` elements. * @var array */ const VALID_ELEMENT_PSEUDO_SELECTORS = array( 'link' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), 'button' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), ); /** * The valid elements that can be found under styles. * * @since 5.8.0 * @since 6.1.0 Added `heading`, `button`, and `caption` elements. * @var string[] */ const ELEMENTS = array( 'link' => 'a:where(:not(.wp-element-button))', // The `where` is needed to lower the specificity. 'heading' => 'h1, h2, h3, h4, h5, h6', 'h1' => 'h1', 'h2' => 'h2', 'h3' => 'h3', 'h4' => 'h4', 'h5' => 'h5', 'h6' => 'h6', // We have the .wp-block-button__link class so that this will target older buttons that have been serialized. 'button' => '.wp-element-button, .wp-block-button__link', // The block classes are necessary to target older content that won't use the new class names. 'caption' => '.wp-element-caption, .wp-block-audio figcaption, .wp-block-embed figcaption, .wp-block-gallery figcaption, .wp-block-image figcaption, .wp-block-table figcaption, .wp-block-video figcaption', 'cite' => 'cite', 'textInput' => 'textarea, input:where([type=email],[type=number],[type=password],[type=search],[type=text],[type=tel],[type=url])', 'select' => 'select', ); const __EXPERIMENTAL_ELEMENT_CLASS_NAMES = array( 'button' => 'wp-element-button', 'caption' => 'wp-element-caption', ); /** * List of block support features that can have their related styles * generated under their own feature level selector rather than the block's. * * @since 6.1.0 * @var string[] */ const BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS = array( '__experimentalBorder' => 'border', 'color' => 'color', 'spacing' => 'spacing', 'typography' => 'typography', ); /** * Return the input schema at the root and per origin. * * @since 6.5.0 * * @param array $schema The base schema. * @return array The schema at the root and per origin. * * Example: * schema_in_root_and_per_origin( * array( * 'fontFamily' => null, * 'slug' => null, * ) * ) * * Returns: * array( * 'fontFamily' => null, * 'slug' => null, * 'default' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'blocks' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'theme' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'custom' => array( * 'fontFamily' => null, * 'slug' => null, * ), * ) */ protected static function schema_in_root_and_per_origin( $schema ) { $schema_in_root_and_per_origin = $schema; foreach ( static::VALID_ORIGINS as $origin ) { $schema_in_root_and_per_origin[ $origin ] = $schema; } return $schema_in_root_and_per_origin; } /** * Returns a class name by an element name. * * @since 6.1.0 * * @param string $element The name of the element. * @return string The name of the class. */ public static function get_element_class_name( $element ) { $class_name = ''; if ( isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ] ) ) { $class_name = static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ]; } return $class_name; } /** * Options that settings.appearanceTools enables. * * @since 6.0.0 * @since 6.2.0 Added `dimensions.minHeight` and `position.sticky`. * @since 6.4.0 Added `background.backgroundImage`. * @since 6.5.0 Added `background.backgroundSize` and `dimensions.aspectRatio`. * @var array */ const APPEARANCE_TOOLS_OPT_INS = array( array( 'background', 'backgroundImage' ), array( 'background', 'backgroundSize' ), array( 'border', 'color' ), array( 'border', 'radius' ), array( 'border', 'style' ), array( 'border', 'width' ), array( 'color', 'link' ), array( 'color', 'heading' ), array( 'color', 'button' ), array( 'color', 'caption' ), array( 'dimensions', 'aspectRatio' ), array( 'dimensions', 'minHeight' ), array( 'position', 'sticky' ), array( 'spacing', 'blockGap' ), array( 'spacing', 'margin' ), array( 'spacing', 'padding' ), array( 'typography', 'lineHeight' ), ); /** * The latest version of the schema in use. * * @since 5.8.0 * @since 5.9.0 Changed value from 1 to 2. * @since 6.6.0 Changed value from 2 to 3. * @var int */ const LATEST_SCHEMA = 3; /** * Constructor. * * @since 5.8.0 * @since 6.6.0 Key spacingScale by origin, and Pre-generate the spacingSizes from spacingScale. * Added unwrapping of shared block style variations into block type variations if registered. * * @param array $theme_json A structure that follows the theme.json schema. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. */ public function __construct( $theme_json = array( 'version' => self::LATEST_SCHEMA ), $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $this->theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $this->theme_json = static::unwrap_shared_block_style_variations( $this->theme_json, $valid_variations ); $this->theme_json = static::sanitize( $this->theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $this->theme_json = static::maybe_opt_in_into_settings( $this->theme_json ); // Internally, presets are keyed by origin. $nodes = static::get_setting_nodes( $this->theme_json ); foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $subpath ) { $path[] = $subpath; } $preset = _wp_array_get( $this->theme_json, $path, null ); if ( null !== $preset ) { // If the preset is not already keyed by origin. if ( isset( $preset[0] ) || empty( $preset ) ) { _wp_array_set( $this->theme_json, $path, array( $origin => $preset ) ); } } } } // In addition to presets, spacingScale (which generates presets) is also keyed by origin. $scale_path = array( 'settings', 'spacing', 'spacingScale' ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( null !== $spacing_scale ) { // If the spacingScale is not already keyed by origin. if ( empty( array_intersect( array_keys( $spacing_scale ), static::VALID_ORIGINS ) ) ) { _wp_array_set( $this->theme_json, $scale_path, array( $origin => $spacing_scale ) ); } } // Pre-generate the spacingSizes from spacingScale. $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( isset( $spacing_scale ) ) { $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $this->theme_json, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $this->theme_json, $sizes_path, $merged_spacing_sizes ); } } /** * Unwraps shared block style variations. * * It takes the shared variations (styles.variations.variationName) and * applies them to all the blocks that have the given variation registered * (styles.blocks.blockType.variations.variationName). * * For example, given the `core/paragraph` and `core/group` blocks have * registered the `section-a` style variation, and given the following input: * * { * "styles": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * * It returns the following output: * * { * "styles": { * "blocks": { * "core/paragraph": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * }, * }, * "core/group": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * } * } * * @since 6.6.0 * * @param array $theme_json A structure that follows the theme.json schema. * @param array $valid_variations Valid block style variations. * @return array Theme json data with shared variation definitions unwrapped under appropriate block types. */ private static function unwrap_shared_block_style_variations( $theme_json, $valid_variations ) { if ( empty( $theme_json['styles']['variations'] ) || empty( $valid_variations ) ) { return $theme_json; } $new_theme_json = $theme_json; $variations = $new_theme_json['styles']['variations']; foreach ( $valid_variations as $block_type => $registered_variations ) { foreach ( $registered_variations as $variation_name ) { $block_level_data = $new_theme_json['styles']['blocks'][ $block_type ]['variations'][ $variation_name ] ?? array(); $top_level_data = $variations[ $variation_name ] ?? array(); $merged_data = array_replace_recursive( $top_level_data, $block_level_data ); if ( ! empty( $merged_data ) ) { _wp_array_set( $new_theme_json, array( 'styles', 'blocks', $block_type, 'variations', $variation_name ), $merged_data ); } } } unset( $new_theme_json['styles']['variations'] ); return $new_theme_json; } /** * Enables some opt-in settings if theme declared support. * * @since 5.9.0 * * @param array $theme_json A theme.json structure to modify. * @return array The modified theme.json structure. */ protected static function maybe_opt_in_into_settings( $theme_json ) { $new_theme_json = $theme_json; if ( isset( $new_theme_json['settings']['appearanceTools'] ) && true === $new_theme_json['settings']['appearanceTools'] ) { static::do_opt_in_into_settings( $new_theme_json['settings'] ); } if ( isset( $new_theme_json['settings']['blocks'] ) && is_array( $new_theme_json['settings']['blocks'] ) ) { foreach ( $new_theme_json['settings']['blocks'] as &$block ) { if ( isset( $block['appearanceTools'] ) && ( true === $block['appearanceTools'] ) ) { static::do_opt_in_into_settings( $block ); } } } return $new_theme_json; } /** * Enables some settings. * * @since 5.9.0 * * @param array $context The context to which the settings belong. */ protected static function do_opt_in_into_settings( &$context ) { foreach ( static::APPEARANCE_TOOLS_OPT_INS as $path ) { /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ if ( 'unset prop' === _wp_array_get( $context, $path, 'unset prop' ) ) { _wp_array_set( $context, $path, true ); } } unset( $context['appearanceTools'] ); } /** * Sanitizes the input according to the schemas. * * @since 5.8.0 * @since 5.9.0 Added the `$valid_block_names` and `$valid_element_name` parameters. * @since 6.3.0 Added the `$valid_variations` parameter. * @since 6.6.0 Updated schema to allow extended block style variations. * * @param array $input Structure to sanitize. * @param array $valid_block_names List of valid block names. * @param array $valid_element_names List of valid element names. * @param array $valid_variations List of valid variations per block. * @return array The sanitized output. */ protected static function sanitize( $input, $valid_block_names, $valid_element_names, $valid_variations ) { $output = array(); if ( ! is_array( $input ) ) { return $output; } // Preserve only the top most level keys. $output = array_intersect_key( $input, array_flip( static::VALID_TOP_LEVEL_KEYS ) ); /* * Remove any rules that are annotated as "top" in VALID_STYLES constant. * Some styles are only meant to be available at the top-level (e.g.: blockGap), * hence, the schema for blocks & elements should not have them. */ $styles_non_top_level = static::VALID_STYLES; foreach ( array_keys( $styles_non_top_level ) as $section ) { // array_key_exists() needs to be used instead of isset() because the value can be null. if ( array_key_exists( $section, $styles_non_top_level ) && is_array( $styles_non_top_level[ $section ] ) ) { foreach ( array_keys( $styles_non_top_level[ $section ] ) as $prop ) { if ( 'top' === $styles_non_top_level[ $section ][ $prop ] ) { unset( $styles_non_top_level[ $section ][ $prop ] ); } } } } // Build the schema based on valid block & element names. $schema = array(); $schema_styles_elements = array(); /* * Set allowed element pseudo selectors based on per element allow list. * Target data structure in schema: * e.g. * - top level elements: `$schema['styles']['elements']['link'][':hover']`. * - block level elements: `$schema['styles']['blocks']['core/button']['elements']['link'][':hover']`. */ foreach ( $valid_element_names as $element ) { $schema_styles_elements[ $element ] = $styles_non_top_level; if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { $schema_styles_elements[ $element ][ $pseudo_selector ] = $styles_non_top_level; } } } $schema_styles_blocks = array(); $schema_settings_blocks = array(); /* * Generate a schema for blocks. * - Block styles can contain `elements` & `variations` definitions. * - Variations definitions cannot be nested. * - Variations can contain styles for inner `blocks`. * - Variation inner `blocks` styles can contain `elements`. * * As each variation needs a `blocks` schema but further nested * inner `blocks`, the overall schema will be generated in multiple passes. */ foreach ( $valid_block_names as $block ) { $schema_settings_blocks[ $block ] = static::VALID_SETTINGS; $schema_styles_blocks[ $block ] = $styles_non_top_level; $schema_styles_blocks[ $block ]['elements'] = $schema_styles_elements; } $block_style_variation_styles = static::VALID_STYLES; $block_style_variation_styles['blocks'] = $schema_styles_blocks; $block_style_variation_styles['elements'] = $schema_styles_elements; foreach ( $valid_block_names as $block ) { // Build the schema for each block style variation. $style_variation_names = array(); if ( ! empty( $input['styles']['blocks'][ $block ]['variations'] ) && is_array( $input['styles']['blocks'][ $block ]['variations'] ) && isset( $valid_variations[ $block ] ) ) { $style_variation_names = array_intersect( array_keys( $input['styles']['blocks'][ $block ]['variations'] ), $valid_variations[ $block ] ); } $schema_styles_variations = array(); if ( ! empty( $style_variation_names ) ) { $schema_styles_variations = array_fill_keys( $style_variation_names, $block_style_variation_styles ); } $schema_styles_blocks[ $block ]['variations'] = $schema_styles_variations; } $schema['styles'] = static::VALID_STYLES; $schema['styles']['blocks'] = $schema_styles_blocks; $schema['styles']['elements'] = $schema_styles_elements; $schema['settings'] = static::VALID_SETTINGS; $schema['settings']['blocks'] = $schema_settings_blocks; $schema['settings']['typography']['fontFamilies'] = static::schema_in_root_and_per_origin( static::FONT_FAMILY_SCHEMA ); // Remove anything that's not present in the schema. foreach ( array( 'styles', 'settings' ) as $subtree ) { if ( ! isset( $input[ $subtree ] ) ) { continue; } if ( ! is_array( $input[ $subtree ] ) ) { unset( $output[ $subtree ] ); continue; } $result = static::remove_keys_not_in_schema( $input[ $subtree ], $schema[ $subtree ] ); if ( empty( $result ) ) { unset( $output[ $subtree ] ); } else { $output[ $subtree ] = static::resolve_custom_css_format( $result ); } } return $output; } /** * Appends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_append selector ".some-class" the result will be * "h1.some-class, h2.some-class, h3.some-class". * * @since 5.8.0 * @since 6.1.0 Added append position. * @since 6.3.0 Removed append position parameter. * * @param string $selector Original selector. * @param string $to_append Selector to append. * @return string The new selector. */ protected static function append_to_selector( $selector, $to_append ) { if ( ! str_contains( $selector, ',' ) ) { return $selector . $to_append; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $sel . $to_append; } return implode( ',', $new_selectors ); } /** * Prepends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_prepend selector ".some-class " the result will be * ".some-class h1, .some-class h2, .some-class h3". * * @since 6.3.0 * * @param string $selector Original selector. * @param string $to_prepend Selector to prepend. * @return string The new selector. */ protected static function prepend_to_selector( $selector, $to_prepend ) { if ( ! str_contains( $selector, ',' ) ) { return $to_prepend . $selector; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $to_prepend . $sel; } return implode( ',', $new_selectors ); } /** * Returns the metadata for each block. * * Example: * * { * 'core/paragraph': { * 'selector': 'p', * 'elements': { * 'link' => 'link selector', * 'etc' => 'element selector' * } * }, * 'core/heading': { * 'selector': 'h1', * 'elements': {} * }, * 'core/image': { * 'selector': '.wp-block-image', * 'duotone': 'img', * 'elements': {} * } * } * * @since 5.8.0 * @since 5.9.0 Added `duotone` key with CSS selector. * @since 6.1.0 Added `features` key with block support feature level selectors. * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Updated to include block style variations from the block styles registry. * * @return array Block metadata. */ protected static function get_blocks_metadata() { $registry = WP_Block_Type_Registry::get_instance(); $blocks = $registry->get_all_registered(); $style_registry = WP_Block_Styles_Registry::get_instance(); // Is there metadata for all currently registered blocks? $blocks = array_diff_key( $blocks, static::$blocks_metadata ); if ( empty( $blocks ) ) { /* * New block styles may have been registered within WP_Block_Styles_Registry. * Update block metadata for any new block style variations. */ $registered_styles = $style_registry->get_all_registered(); foreach ( static::$blocks_metadata as $block_name => $block_metadata ) { if ( ! empty( $registered_styles[ $block_name ] ) ) { $style_selectors = $block_metadata['styleVariations'] ?? array(); foreach ( $registered_styles[ $block_name ] as $block_style ) { if ( ! isset( $style_selectors[ $block_style['name'] ] ) ) { $style_selectors[ $block_style['name'] ] = static::get_block_style_variation_selector( $block_style['name'], $block_metadata['selector'] ); } } static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } foreach ( $blocks as $block_name => $block_type ) { $root_selector = wp_get_block_css_selector( $block_type ); static::$blocks_metadata[ $block_name ]['selector'] = $root_selector; static::$blocks_metadata[ $block_name ]['selectors'] = static::get_block_selectors( $block_type, $root_selector ); $elements = static::get_block_element_selectors( $root_selector ); if ( ! empty( $elements ) ) { static::$blocks_metadata[ $block_name ]['elements'] = $elements; } // The block may or may not have a duotone selector. $duotone_selector = wp_get_block_css_selector( $block_type, 'filter.duotone' ); // Keep backwards compatibility for support.color.__experimentalDuotone. if ( null === $duotone_selector ) { $duotone_support = isset( $block_type->supports['color']['__experimentalDuotone'] ) ? $block_type->supports['color']['__experimentalDuotone'] : null; if ( $duotone_support ) { $root_selector = wp_get_block_css_selector( $block_type ); $duotone_selector = static::scope_selector( $root_selector, $duotone_support ); } } if ( null !== $duotone_selector ) { static::$blocks_metadata[ $block_name ]['duotone'] = $duotone_selector; } // If the block has style variations, append their selectors to the block metadata. $style_selectors = array(); if ( ! empty( $block_type->styles ) ) { foreach ( $block_type->styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } } // Block style variations can be registered through the WP_Block_Styles_Registry as well as block.json. $registered_styles = $style_registry->get_registered_styles_for_block( $block_name ); foreach ( $registered_styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } if ( ! empty( $style_selectors ) ) { static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } /** * Given a tree, removes the keys that are not present in the schema. * * It is recursive and modifies the input in-place. * * @since 5.8.0 * * @param array $tree Input to process. * @param array $schema Schema to adhere to. * @return array The modified $tree. */ protected static function remove_keys_not_in_schema( $tree, $schema ) { if ( ! is_array( $tree ) ) { return $tree; } foreach ( $tree as $key => $value ) { // Remove keys not in the schema or with null/empty values. if ( ! array_key_exists( $key, $schema ) ) { unset( $tree[ $key ] ); continue; } if ( is_array( $schema[ $key ] ) ) { if ( ! is_array( $value ) ) { unset( $tree[ $key ] ); } elseif ( wp_is_numeric_array( $value ) ) { // If indexed, process each item in the array. foreach ( $value as $item_key => $item_value ) { if ( isset( $schema[ $key ][0] ) && is_array( $schema[ $key ][0] ) ) { $tree[ $key ][ $item_key ] = self::remove_keys_not_in_schema( $item_value, $schema[ $key ][0] ); } else { // If the schema does not define a further structure, keep the value as is. $tree[ $key ][ $item_key ] = $item_value; } } } else { // If associative, process as a single object. $tree[ $key ] = self::remove_keys_not_in_schema( $value, $schema[ $key ] ); if ( empty( $tree[ $key ] ) ) { unset( $tree[ $key ] ); } } } } return $tree; } /** * Returns the existing settings for each block. * * Example: * * { * 'root': { * 'color': { * 'custom': true * } * }, * 'core/paragraph': { * 'spacing': { * 'customPadding': true * } * } * } * * @since 5.8.0 * * @return array Settings per block. */ public function get_settings() { if ( ! isset( $this->theme_json['settings'] ) ) { return array(); } else { return $this->theme_json['settings']; } } /** * Returns the stylesheet that results of processing * the theme.json structure this object represents. * * @since 5.8.0 * @since 5.9.0 Removed the `$type` parameter, added the `$types` and `$origins` parameters. * @since 6.3.0 Add fallback layout styles for Post Template when block gap support isn't available. * @since 6.6.0 Added boolean `skip_root_layout_styles` and `include_block_style_variations` options * to control styles output as desired. * * @param string[] $types Types of styles to load. Will load all by default. It accepts: * - `variables`: only the CSS Custom Properties for presets & custom ones. * - `styles`: only the styles section in theme.json. * - `presets`: only the classes for the presets. * - `base-layout-styles`: only the base layout styles. * - `custom-css`: only the custom CSS. * @param string[] $origins A list of origins to include. By default it includes VALID_ORIGINS. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type string $scope Makes sure all style are scoped to a given selector * @type string $root_selector Overwrites and forces a given selector to be used on the root node * @type bool $skip_root_layout_styles Omits root layout styles from the generated stylesheet. Default false. * @type bool $include_block_style_variations Includes styles for block style variations in the generated stylesheet. Default false. * } * @return string The resulting stylesheet. */ public function get_stylesheet( $types = array( 'variables', 'styles', 'presets' ), $origins = null, $options = array() ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } if ( is_string( $types ) ) { // Dispatch error and map old arguments to new ones. _deprecated_argument( __FUNCTION__, '5.9.0' ); if ( 'block_styles' === $types ) { $types = array( 'styles', 'presets' ); } elseif ( 'css_variables' === $types ) { $types = array( 'variables' ); } else { $types = array( 'variables', 'styles', 'presets' ); } } $blocks_metadata = static::get_blocks_metadata(); $style_nodes = static::get_style_nodes( $this->theme_json, $blocks_metadata, $options ); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $root_style_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $style_nodes, 'selector' ), true ); $root_settings_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $setting_nodes, 'selector' ), true ); if ( ! empty( $options['scope'] ) ) { foreach ( $setting_nodes as &$node ) { $node['selector'] = static::scope_selector( $options['scope'], $node['selector'] ); } foreach ( $style_nodes as &$node ) { $node = static::scope_style_node_selectors( $options['scope'], $node ); } unset( $node ); } if ( ! empty( $options['root_selector'] ) ) { if ( false !== $root_settings_key ) { $setting_nodes[ $root_settings_key ]['selector'] = $options['root_selector']; } if ( false !== $root_style_key ) { $style_nodes[ $root_style_key ]['selector'] = $options['root_selector']; } } $stylesheet = ''; if ( in_array( 'variables', $types, true ) ) { $stylesheet .= $this->get_css_variables( $setting_nodes, $origins ); } if ( in_array( 'styles', $types, true ) ) { if ( false !== $root_style_key && empty( $options['skip_root_layout_styles'] ) ) { $stylesheet .= $this->get_root_layout_rules( $style_nodes[ $root_style_key ]['selector'], $style_nodes[ $root_style_key ] ); } $stylesheet .= $this->get_block_classes( $style_nodes ); } elseif ( in_array( 'base-layout-styles', $types, true ) ) { $root_selector = static::ROOT_BLOCK_SELECTOR; $columns_selector = '.wp-block-columns'; $post_template_selector = '.wp-block-post-template'; if ( ! empty( $options['scope'] ) ) { $root_selector = static::scope_selector( $options['scope'], $root_selector ); $columns_selector = static::scope_selector( $options['scope'], $columns_selector ); $post_template_selector = static::scope_selector( $options['scope'], $post_template_selector ); } if ( ! empty( $options['root_selector'] ) ) { $root_selector = $options['root_selector']; } /* * Base layout styles are provided as part of `styles`, so only output separately if explicitly requested. * For backwards compatibility, the Columns block is explicitly included, to support a different default gap value. */ $base_styles_nodes = array( array( 'path' => array( 'styles' ), 'selector' => $root_selector, ), array( 'path' => array( 'styles', 'blocks', 'core/columns' ), 'selector' => $columns_selector, 'name' => 'core/columns', ), array( 'path' => array( 'styles', 'blocks', 'core/post-template' ), 'selector' => $post_template_selector, 'name' => 'core/post-template', ), ); foreach ( $base_styles_nodes as $base_style_node ) { $stylesheet .= $this->get_layout_styles( $base_style_node, $types ); } } if ( in_array( 'presets', $types, true ) ) { $stylesheet .= $this->get_preset_classes( $setting_nodes, $origins ); } // Load the custom CSS last so it has the highest specificity. if ( in_array( 'custom-css', $types, true ) ) { // Add the global styles root CSS. $stylesheet .= _wp_array_get( $this->theme_json, array( 'styles', 'css' ) ); } return $stylesheet; } /** * Processes the CSS, to apply nesting. * * @since 6.2.0 * @since 6.6.0 Enforced 0-1-0 specificity for block custom CSS selectors. * * @param string $css The CSS to process. * @param string $selector The selector to nest. * @return string The processed CSS. */ protected function process_blocks_custom_css( $css, $selector ) { $processed_css = ''; if ( empty( $css ) ) { return $processed_css; } // Split CSS nested rules. $parts = explode( '&', $css ); foreach ( $parts as $part ) { if ( empty( $part ) ) { continue; } $is_root_css = ( ! str_contains( $part, '{' ) ); if ( $is_root_css ) { // If the part doesn't contain braces, it applies to the root level. $processed_css .= ':root :where(' . trim( $selector ) . '){' . trim( $part ) . '}'; } else { // If the part contains braces, it's a nested CSS rule. $part = explode( '{', str_replace( '}', '', $part ) ); if ( count( $part ) !== 2 ) { continue; } $nested_selector = $part[0]; $css_value = $part[1]; /* * Handle pseudo elements such as ::before, ::after etc. Regex will also * capture any leading combinator such as >, +, or ~, as well as spaces. * This allows pseudo elements as descendants e.g. `.parent ::before`. */ $matches = array(); $has_pseudo_element = preg_match( '/([>+~\s]*::[a-zA-Z-]+)/', $nested_selector, $matches ); $pseudo_part = $has_pseudo_element ? $matches[1] : ''; $nested_selector = $has_pseudo_element ? str_replace( $pseudo_part, '', $nested_selector ) : $nested_selector; // Finalize selector and re-append pseudo element if required. $part_selector = str_starts_with( $nested_selector, ' ' ) ? static::scope_selector( $selector, $nested_selector ) : static::append_to_selector( $selector, $nested_selector ); $final_selector = ":root :where($part_selector)$pseudo_part"; $processed_css .= $final_selector . '{' . trim( $css_value ) . '}'; } } return $processed_css; } /** * Returns the global styles custom CSS. * * @since 6.2.0 * @deprecated 6.7.0 Use {@see 'get_stylesheet'} instead. * * @return string The global styles custom CSS. */ public function get_custom_css() { _deprecated_function( __METHOD__, '6.7.0', 'get_stylesheet' ); // Add the global styles root CSS. $stylesheet = isset( $this->theme_json['styles']['css'] ) ? $this->theme_json['styles']['css'] : ''; // Add the global styles block CSS. if ( isset( $this->theme_json['styles']['blocks'] ) ) { foreach ( $this->theme_json['styles']['blocks'] as $name => $node ) { $custom_block_css = isset( $this->theme_json['styles']['blocks'][ $name ]['css'] ) ? $this->theme_json['styles']['blocks'][ $name ]['css'] : null; if ( $custom_block_css ) { $selector = static::$blocks_metadata[ $name ]['selector']; $stylesheet .= $this->process_blocks_custom_css( $custom_block_css, $selector ); } } } return $stylesheet; } /** * Returns the page templates of the active theme. * * @since 5.9.0 * * @return array */ public function get_custom_templates() { $custom_templates = array(); if ( ! isset( $this->theme_json['customTemplates'] ) || ! is_array( $this->theme_json['customTemplates'] ) ) { return $custom_templates; } foreach ( $this->theme_json['customTemplates'] as $item ) { if ( isset( $item['name'] ) ) { $custom_templates[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'postTypes' => isset( $item['postTypes'] ) ? $item['postTypes'] : array( 'page' ), ); } } return $custom_templates; } /** * Returns the template part data of active theme. * * @since 5.9.0 * * @return array */ public function get_template_parts() { $template_parts = array(); if ( ! isset( $this->theme_json['templateParts'] ) || ! is_array( $this->theme_json['templateParts'] ) ) { return $template_parts; } foreach ( $this->theme_json['templateParts'] as $item ) { if ( isset( $item['name'] ) ) { $template_parts[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'area' => isset( $item['area'] ) ? $item['area'] : '', ); } } return $template_parts; } /** * Converts each style section into a list of rulesets * containing the block styles to be appended to the stylesheet. * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * style-property-one: value; * } * * @since 5.8.0 As `get_block_styles()`. * @since 5.9.0 Renamed from `get_block_styles()` to `get_block_classes()` * and no longer returns preset classes. * Removed the `$setting_nodes` parameter. * @since 6.1.0 Moved most internal logic to `get_styles_for_block()`. * * @param array $style_nodes Nodes with styles. * @return string The new stylesheet. */ protected function get_block_classes( $style_nodes ) { $block_rules = ''; foreach ( $style_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $block_rules .= static::get_styles_for_block( $metadata ); } return $block_rules; } /** * Gets the CSS layout rules for a particular block from theme.json layout definitions. * * @since 6.1.0 * @since 6.3.0 Reduced specificity for layout margin rules. * @since 6.5.1 Only output rules referencing content and wide sizes when values exist. * @since 6.5.3 Add types parameter to check if only base layout styles are needed. * @since 6.6.0 Updated layout style specificity to be compatible with overall 0-1-0 specificity in global styles. * * @param array $block_metadata Metadata about the block to get styles for. * @param array $types Optional. Types of styles to output. If empty, all styles will be output. * @return string Layout styles for the block. */ protected function get_layout_styles( $block_metadata, $types = array() ) { $block_rules = ''; $block_type = null; // Skip outputting layout styles if explicitly disabled. if ( current_theme_supports( 'disable-layout-styles' ) ) { return $block_rules; } if ( isset( $block_metadata['name'] ) ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block_metadata['name'] ); if ( ! block_has_support( $block_type, 'layout', false ) && ! block_has_support( $block_type, '__experimentalLayout', false ) ) { return $block_rules; } } $selector = isset( $block_metadata['selector'] ) ? $block_metadata['selector'] : ''; $has_block_gap_support = isset( $this->theme_json['settings']['spacing']['blockGap'] ); $has_fallback_gap_support = ! $has_block_gap_support; // This setting isn't useful yet: it exists as a placeholder for a future explicit fallback gap styles support. $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $layout_definitions = wp_get_layout_definitions(); $layout_selector_pattern = '/^[a-zA-Z0-9\-\.\,\ *+>:\(\)]*$/'; // Allow alphanumeric classnames, spaces, wildcard, sibling, child combinator and pseudo class selectors. /* * Gap styles will only be output if the theme has block gap support, or supports a fallback gap. * Default layout gap styles will be skipped for themes that do not explicitly opt-in to blockGap with a `true` or `false` value. */ if ( $has_block_gap_support || $has_fallback_gap_support ) { $block_gap_value = null; // Use a fallback gap value if block gap support is not available. if ( ! $has_block_gap_support ) { $block_gap_value = static::ROOT_BLOCK_SELECTOR === $selector ? '0.5em' : null; if ( ! empty( $block_type ) ) { $block_gap_value = isset( $block_type->supports['spacing']['blockGap']['__experimentalDefault'] ) ? $block_type->supports['spacing']['blockGap']['__experimentalDefault'] : null; } } else { $block_gap_value = static::get_property_value( $node, array( 'spacing', 'blockGap' ) ); } // Support split row / column values and concatenate to a shorthand value. if ( is_array( $block_gap_value ) ) { if ( isset( $block_gap_value['top'] ) && isset( $block_gap_value['left'] ) ) { $gap_row = static::get_property_value( $node, array( 'spacing', 'blockGap', 'top' ) ); $gap_column = static::get_property_value( $node, array( 'spacing', 'blockGap', 'left' ) ); $block_gap_value = $gap_row === $gap_column ? $gap_row : $gap_row . ' ' . $gap_column; } else { // Skip outputting gap value if not all sides are provided. $block_gap_value = null; } } // If the block should have custom gap, add the gap styles. if ( null !== $block_gap_value && false !== $block_gap_value && '' !== $block_gap_value ) { foreach ( $layout_definitions as $layout_definition_key => $layout_definition ) { // Allow outputting fallback gap styles for flex and grid layout types when block gap support isn't available. if ( ! $has_block_gap_support && 'flex' !== $layout_definition_key && 'grid' !== $layout_definition_key ) { continue; } $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $spacing_rules = isset( $layout_definition['spacingStyles'] ) ? $layout_definition['spacingStyles'] : array(); if ( ! empty( $class_name ) && ! empty( $spacing_rules ) ) { foreach ( $spacing_rules as $spacing_rule ) { $declarations = array(); if ( isset( $spacing_rule['selector'] ) && preg_match( $layout_selector_pattern, $spacing_rule['selector'] ) && ! empty( $spacing_rule['rules'] ) ) { // Iterate over each of the styling rules and substitute non-string values such as `null` with the real `blockGap` value. foreach ( $spacing_rule['rules'] as $css_property => $css_value ) { $current_css_value = is_string( $css_value ) ? $css_value : $block_gap_value; if ( static::is_safe_css_declaration( $css_property, $current_css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $current_css_value, ); } } if ( ! $has_block_gap_support ) { // For fallback gap styles, use lower specificity, to ensure styles do not unintentionally override theme styles. $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':where(.%2$s%3$s)' : ':where(%1$s.%2$s%3$s)'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } else { $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':root :where(.%2$s)%3$s' : ':root :where(%1$s-%2$s)%3$s'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } } // Output base styles. if ( static::ROOT_BLOCK_SELECTOR === $selector ) { $valid_display_modes = array( 'block', 'flex', 'grid' ); foreach ( $layout_definitions as $layout_definition ) { $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $base_style_rules = isset( $layout_definition['baseStyles'] ) ? $layout_definition['baseStyles'] : array(); if ( ! empty( $class_name ) && is_array( $base_style_rules ) ) { // Output display mode. This requires special handling as `display` is not exposed in `safe_style_css_filter`. if ( ! empty( $layout_definition['displayMode'] ) && is_string( $layout_definition['displayMode'] ) && in_array( $layout_definition['displayMode'], $valid_display_modes, true ) ) { $layout_selector = sprintf( '%s .%s', $selector, $class_name ); $block_rules .= static::to_ruleset( $layout_selector, array( array( 'name' => 'display', 'value' => $layout_definition['displayMode'], ), ) ); } foreach ( $base_style_rules as $base_style_rule ) { $declarations = array(); // Skip outputting base styles for flow and constrained layout types if theme doesn't support theme.json. The 'base-layout-styles' type flags this. if ( in_array( 'base-layout-styles', $types, true ) && ( 'default' === $layout_definition['name'] || 'constrained' === $layout_definition['name'] ) ) { continue; } if ( isset( $base_style_rule['selector'] ) && preg_match( $layout_selector_pattern, $base_style_rule['selector'] ) && ! empty( $base_style_rule['rules'] ) ) { foreach ( $base_style_rule['rules'] as $css_property => $css_value ) { // Skip rules that reference content size or wide size if they are not defined in the theme.json. if ( is_string( $css_value ) && ( str_contains( $css_value, '--global--content-size' ) || str_contains( $css_value, '--global--wide-size' ) ) && ! isset( $this->theme_json['settings']['layout']['contentSize'] ) && ! isset( $this->theme_json['settings']['layout']['wideSize'] ) ) { continue; } if ( static::is_safe_css_declaration( $css_property, $css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $css_value, ); } } $layout_selector = sprintf( '.%s%s', $class_name, $base_style_rule['selector'] ); $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } return $block_rules; } /** * Creates new rulesets as classes for each preset value such as: * * .has-value-color { * color: value; * } * * .has-value-background-color { * background-color: value; * } * * .has-value-font-size { * font-size: value; * } * * .has-value-gradient-background { * background: value; * } * * p.has-value-gradient-background { * background: value; * } * * @since 5.9.0 * * @param array $setting_nodes Nodes with settings. * @param string[] $origins List of origins to process presets from. * @return string The new stylesheet. */ protected function get_preset_classes( $setting_nodes, $origins ) { $preset_rules = ''; foreach ( $setting_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $preset_rules .= static::compute_preset_classes( $node, $selector, $origins ); } return $preset_rules; } /** * Converts each styles section into a list of rulesets * to be appended to the stylesheet. * These rulesets contain all the css variables (custom variables and preset variables). * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * --wp--preset--category--slug: value; * --wp--custom--variable: value; * } * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $nodes Nodes with settings. * @param string[] $origins List of origins to process. * @return string The new stylesheet. */ protected function get_css_variables( $nodes, $origins ) { $stylesheet = ''; foreach ( $nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $declarations = static::compute_preset_vars( $node, $origins ); $theme_vars_declarations = static::compute_theme_vars( $node ); foreach ( $theme_vars_declarations as $theme_vars_declaration ) { $declarations[] = $theme_vars_declaration; } $stylesheet .= static::to_ruleset( $selector, $declarations ); } return $stylesheet; } /** * Given a selector and a declaration list, * creates the corresponding ruleset. * * @since 5.8.0 * * @param string $selector CSS selector. * @param array $declarations List of declarations. * @return string The resulting CSS ruleset. */ protected static function to_ruleset( $selector, $declarations ) { if ( empty( $declarations ) ) { return ''; } $declaration_block = array_reduce( $declarations, static function ( $carry, $element ) { return $carry .= $element['name'] . ': ' . $element['value'] . ';'; }, '' ); return $selector . '{' . $declaration_block . '}'; } /** * Given a settings array, returns the generated rulesets * for the preset classes. * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * @since 6.6.0 Added check for root CSS properties selector. * * @param array $settings Settings to process. * @param string $selector Selector wrapping the classes. * @param string[] $origins List of origins to process. * @return string The result of processing the presets. */ protected static function compute_preset_classes( $settings, $selector, $origins ) { if ( static::ROOT_BLOCK_SELECTOR === $selector || static::ROOT_CSS_PROPERTIES_SELECTOR === $selector ) { /* * Classes at the global level do not need any CSS prefixed, * and we don't want to increase its specificity. */ $selector = ''; } $stylesheet = ''; foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['classes'] ) ) { continue; } $slugs = static::get_settings_slugs( $settings, $preset_metadata, $origins ); foreach ( $preset_metadata['classes'] as $class => $property ) { foreach ( $slugs as $slug ) { $css_var = static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ); $class_name = static::replace_slug_in_string( $class, $slug ); // $selector is often empty, so we can save ourselves the `append_to_selector()` call then. $new_selector = '' === $selector ? $class_name : static::append_to_selector( $selector, $class_name ); $stylesheet .= static::to_ruleset( $new_selector, array( array( 'name' => $property, 'value' => 'var(' . $css_var . ') !important', ), ) ); } } } return $stylesheet; } /** * Function that scopes a selector with another one. This works a bit like * SCSS nesting except the `&` operator isn't supported. * * <code> * $scope = '.a, .b .c'; * $selector = '> .x, .y'; * $merged = scope_selector( $scope, $selector ); * // $merged is '.a > .x, .a .y, .b .c > .x, .b .c .y' * </code> * * @since 5.9.0 * @since 6.6.0 Added early return if missing scope or selector. * * @param string $scope Selector to scope to. * @param string $selector Original selector. * @return string Scoped selector. */ public static function scope_selector( $scope, $selector ) { if ( ! $scope || ! $selector ) { return $selector; } $scopes = explode( ',', $scope ); $selectors = explode( ',', $selector ); $selectors_scoped = array(); foreach ( $scopes as $outer ) { foreach ( $selectors as $inner ) { $outer = trim( $outer ); $inner = trim( $inner ); if ( ! empty( $outer ) && ! empty( $inner ) ) { $selectors_scoped[] = $outer . ' ' . $inner; } elseif ( empty( $outer ) ) { $selectors_scoped[] = $inner; } elseif ( empty( $inner ) ) { $selectors_scoped[] = $outer; } } } $result = implode( ', ', $selectors_scoped ); return $result; } /** * Scopes the selectors for a given style node. * * This includes the primary selector, i.e. `$node['selector']`, as well as any custom * selectors for features and subfeatures, e.g. `$node['selectors']['border']` etc. * * @since 6.6.0 * * @param string $scope Selector to scope to. * @param array $node Style node with selectors to scope. * @return array Node with updated selectors. */ protected static function scope_style_node_selectors( $scope, $node ) { $node['selector'] = static::scope_selector( $scope, $node['selector'] ); if ( empty( $node['selectors'] ) ) { return $node; } foreach ( $node['selectors'] as $feature => $selector ) { if ( is_string( $selector ) ) { $node['selectors'][ $feature ] = static::scope_selector( $scope, $selector ); } if ( is_array( $selector ) ) { foreach ( $selector as $subfeature => $subfeature_selector ) { $node['selectors'][ $feature ][ $subfeature ] = static::scope_selector( $scope, $subfeature_selector ); } } } return $node; } /** * Gets preset values keyed by slugs based on settings and metadata. * * <code> * $settings = array( * 'typography' => array( * 'fontFamilies' => array( * array( * 'slug' => 'sansSerif', * 'fontFamily' => '"Helvetica Neue", sans-serif', * ), * array( * 'slug' => 'serif', * 'colors' => 'Georgia, serif', * ) * ), * ), * ); * $meta = array( * 'path' => array( 'typography', 'fontFamilies' ), * 'value_key' => 'fontFamily', * ); * $values_by_slug = get_settings_values_by_slug(); * // $values_by_slug === array( * // 'sans-serif' => '"Helvetica Neue", sans-serif', * // 'serif' => 'Georgia, serif', * // ); * </code> * * @since 5.9.0 * @since 6.6.0 Passing $settings to the callbacks defined in static::PRESETS_METADATA. * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where each key is a slug and each value is the preset value. */ protected static function get_settings_values_by_slug( $settings, $preset_metadata, $origins ) { $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); $value = ''; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value_key = $preset_metadata['value_key']; $value = $preset[ $value_key ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value_func = $preset_metadata['value_func']; $value = call_user_func( $value_func, $preset, $settings ); } else { // If we don't have a value, then don't add it to the result. continue; } $result[ $slug ] = $value; } } return $result; } /** * Similar to get_settings_values_by_slug, but doesn't compute the value. * * @since 5.9.0 * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where the key and value are both the slug. */ protected static function get_settings_slugs( $settings, $preset_metadata, $origins = null ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); // Use the array as a set so we don't get duplicates. $result[ $slug ] = $slug; } } return $result; } /** * Transforms a slug into a CSS Custom Property. * * @since 5.9.0 * * @param string $input String to replace. * @param string $slug The slug value to use to generate the custom property. * @return string The CSS Custom Property. Something along the lines of `--wp--preset--color--black`. */ protected static function replace_slug_in_string( $input, $slug ) { return strtr( $input, array( '$slug' => $slug ) ); } /** * Given the block settings, extracts the CSS Custom Properties * for the presets and adds them to the $declarations array * following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $settings Settings to process. * @param string[] $origins List of origins to process. * @return array The modified $declarations. */ protected static function compute_preset_vars( $settings, $origins ) { $declarations = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['css_vars'] ) ) { continue; } $values_by_slug = static::get_settings_values_by_slug( $settings, $preset_metadata, $origins ); foreach ( $values_by_slug as $slug => $value ) { $declarations[] = array( 'name' => static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ), 'value' => $value, ); } } return $declarations; } /** * Given an array of settings, extracts the CSS Custom Properties * for the custom values and adds them to the $declarations * array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * * @param array $settings Settings to process. * @return array The modified $declarations. */ protected static function compute_theme_vars( $settings ) { $declarations = array(); $custom_values = isset( $settings['custom'] ) ? $settings['custom'] : array(); $css_vars = static::flatten_tree( $custom_values ); foreach ( $css_vars as $key => $value ) { $declarations[] = array( 'name' => '--wp--custom--' . $key, 'value' => $value, ); } return $declarations; } /** * Given a tree, it creates a flattened one * by merging the keys and binding the leaf values * to the new keys. * * It also transforms camelCase names into kebab-case * and substitutes '/' by '-'. * * This is thought to be useful to generate * CSS Custom Properties from a tree, * although there's nothing in the implementation * of this function that requires that format. * * For example, assuming the given prefix is '--wp' * and the token is '--', for this input tree: * * { * 'some/property': 'value', * 'nestedProperty': { * 'sub-property': 'value' * } * } * * it'll return this output: * * { * '--wp--some-property': 'value', * '--wp--nested-property--sub-property': 'value' * } * * @since 5.8.0 * * @param array $tree Input tree to process. * @param string $prefix Optional. Prefix to prepend to each variable. Default empty string. * @param string $token Optional. Token to use between levels. Default '--'. * @return array The flattened tree. */ protected static function flatten_tree( $tree, $prefix = '', $token = '--' ) { $result = array(); foreach ( $tree as $property => $value ) { $new_key = $prefix . str_replace( '/', '-', strtolower( _wp_to_kebab_case( $property ) ) ); if ( is_array( $value ) ) { $new_prefix = $new_key . $token; $flattened_subtree = static::flatten_tree( $value, $new_prefix, $token ); foreach ( $flattened_subtree as $subtree_key => $subtree_value ) { $result[ $subtree_key ] = $subtree_value; } } else { $result[ $new_key ] = $value; } } return $result; } /** * Given a styles array, it extracts the style properties * and adds them to the $declarations array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value', * ) * * @since 5.8.0 * @since 5.9.0 Added the `$settings` and `$properties` parameters. * @since 6.1.0 Added `$theme_json`, `$selector`, and `$use_root_padding` parameters. * @since 6.5.0 Output a `min-height: unset` rule when `aspect-ratio` is set. * @since 6.6.0 Pass current theme JSON settings to wp_get_typography_font_size_value(), and process background properties. * @since 6.7.0 `ref` resolution of background properties, and assigning custom default values. * * @param array $styles Styles to process. * @param array $settings Theme settings. * @param array $properties Properties metadata. * @param array $theme_json Theme JSON array. * @param string $selector The style block selector. * @param boolean $use_root_padding Whether to add custom properties at root level. * @return array Returns the modified $declarations. */ protected static function compute_style_properties( $styles, $settings = array(), $properties = null, $theme_json = null, $selector = null, $use_root_padding = null ) { if ( empty( $styles ) ) { return array(); } if ( null === $properties ) { $properties = static::PROPERTIES_METADATA; } $declarations = array(); $root_variable_duplicates = array(); $root_style_length = strlen( '--wp--style--root--' ); foreach ( $properties as $css_property => $value_path ) { if ( ! is_array( $value_path ) ) { continue; } $is_root_style = str_starts_with( $css_property, '--wp--style--root--' ); if ( $is_root_style && ( static::ROOT_BLOCK_SELECTOR !== $selector || ! $use_root_padding ) ) { continue; } $value = static::get_property_value( $styles, $value_path, $theme_json ); /* * Root-level padding styles don't currently support strings with CSS shorthand values. * This may change: https://github.com/WordPress/gutenberg/issues/40132. */ if ( '--wp--style--root--padding' === $css_property && is_string( $value ) ) { continue; } if ( $is_root_style && $use_root_padding ) { $root_variable_duplicates[] = substr( $css_property, $root_style_length ); } /* * Processes background image styles. * If the value is a URL, it will be converted to a CSS `url()` value. * For uploaded image (images with a database ID), apply size and position defaults, * equal to those applied in block supports in lib/background.php. */ if ( 'background-image' === $css_property && ! empty( $value ) ) { $background_styles = wp_style_engine_get_styles( array( 'background' => array( 'backgroundImage' => $value ) ) ); $value = $background_styles['declarations'][ $css_property ]; } if ( empty( $value ) && static::ROOT_BLOCK_SELECTOR !== $selector && ! empty( $styles['background']['backgroundImage']['id'] ) ) { if ( 'background-size' === $css_property ) { $value = 'cover'; } // If the background size is set to `contain` and no position is set, set the position to `center`. if ( 'background-position' === $css_property ) { $background_size = $styles['background']['backgroundSize'] ?? null; $value = 'contain' === $background_size ? '50% 50%' : null; } } // Skip if empty and not "0" or value represents array of longhand values. $has_missing_value = empty( $value ) && ! is_numeric( $value ); if ( $has_missing_value || is_array( $value ) ) { continue; } /* * Look up protected properties, keyed by value path. * Skip protected properties that are explicitly set to `null`. */ $path_string = implode( '.', $value_path ); if ( isset( static::PROTECTED_PROPERTIES[ $path_string ] ) && _wp_array_get( $settings, static::PROTECTED_PROPERTIES[ $path_string ], null ) === null ) { continue; } // Calculates fluid typography rules where available. if ( 'font-size' === $css_property ) { /* * wp_get_typography_font_size_value() will check * if fluid typography has been activated and also * whether the incoming value can be converted to a fluid value. * Values that already have a clamp() function will not pass the test, * and therefore the original $value will be returned. * Pass the current theme_json settings to override any global settings. */ $value = wp_get_typography_font_size_value( array( 'size' => $value ), $settings ); } if ( 'aspect-ratio' === $css_property ) { // For aspect ratio to work, other dimensions rules must be unset. // This ensures that a fixed height does not override the aspect ratio. $declarations[] = array( 'name' => 'min-height', 'value' => 'unset', ); } $declarations[] = array( 'name' => $css_property, 'value' => $value, ); } // If a variable value is added to the root, the corresponding property should be removed. foreach ( $root_variable_duplicates as $duplicate ) { $discard = array_search( $duplicate, array_column( $declarations, 'name' ), true ); if ( is_numeric( $discard ) ) { array_splice( $declarations, $discard, 1 ); } } return $declarations; } /** * Returns the style property for the given path. * * It also converts references to a path to the value * stored at that location, e.g. * { "ref": "style.color.background" } => "#fff". * * @since 5.8.0 * @since 5.9.0 Added support for values of array type, which are returned as is. * @since 6.1.0 Added the `$theme_json` parameter. * @since 6.3.0 It no longer converts the internal format "var:preset|color|secondary" * to the standard form "--wp--preset--color--secondary". * This is already done by the sanitize method, * so every property will be in the standard form. * @since 6.7.0 Added support for background image refs. * * @param array $styles Styles subtree. * @param array $path Which property to process. * @param array $theme_json Theme JSON array. * @return string|array Style property value. */ protected static function get_property_value( $styles, $path, $theme_json = null ) { $value = _wp_array_get( $styles, $path, '' ); if ( '' === $value || null === $value ) { // No need to process the value further. return ''; } /* * This converts references to a path to the value at that path * where the value is an array with a "ref" key, pointing to a path. * For example: { "ref": "style.color.background" } => "#fff". * In the case of backgroundImage, if both a ref and a URL are present in the value, * the URL takes precedence and the ref is ignored. */ if ( is_array( $value ) && isset( $value['ref'] ) ) { $value_path = explode( '.', $value['ref'] ); $ref_value = _wp_array_get( $theme_json, $value_path ); // Background Image refs can refer to a string or an array containing a URL string. $ref_value_url = $ref_value['url'] ?? null; // Only use the ref value if we find anything. if ( ! empty( $ref_value ) && ( is_string( $ref_value ) || is_string( $ref_value_url ) ) ) { $value = $ref_value; } if ( is_array( $ref_value ) && isset( $ref_value['ref'] ) ) { $path_string = json_encode( $path ); $ref_value_string = json_encode( $ref_value ); _doing_it_wrong( 'get_property_value', sprintf( /* translators: 1: theme.json, 2: Value name, 3: Value path, 4: Another value name. */ __( 'Your %1$s file uses a dynamic value (%2$s) for the path at %3$s. However, the value at %3$s is also a dynamic value (pointing to %4$s) and pointing to another dynamic value is not supported. Please update %3$s to point directly to %4$s.' ), 'theme.json', $ref_value_string, $path_string, $ref_value['ref'] ), '6.1.0' ); } } if ( is_array( $value ) ) { return $value; } return $value; } /** * Builds metadata for the setting nodes, which returns in the form of: * * [ * [ * 'path' => ['path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node' * ], * [ * 'path' => [ 'path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node' * ], * ] * * @since 5.8.0 * * @param array $theme_json The tree to extract setting nodes from. * @param array $selectors List of selectors per block. * @return array An array of setting nodes metadata. */ protected static function get_setting_nodes( $theme_json, $selectors = array() ) { $nodes = array(); if ( ! isset( $theme_json['settings'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'settings' ), 'selector' => static::ROOT_CSS_PROPERTIES_SELECTOR, ); // Calculate paths for blocks. if ( ! isset( $theme_json['settings']['blocks'] ) ) { return $nodes; } foreach ( $theme_json['settings']['blocks'] as $name => $node ) { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $nodes[] = array( 'path' => array( 'settings', 'blocks', $name ), 'selector' => $selector, ); } return $nodes; } /** * Builds metadata for the style nodes, which returns in the form of: * * [ * [ * 'path' => [ 'path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node', * 'duotone' => 'CSS selector for duotone for some node' * ], * [ * 'path' => ['path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node', * 'duotone' => null * ], * ] * * @since 5.8.0 * @since 6.6.0 Added options array for modifying generated nodes. * * @param array $theme_json The tree to extract style nodes from. * @param array $selectors List of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Includes style nodes for block style variations. Default false. * } * @return array An array of style nodes metadata. */ protected static function get_style_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'styles' ), 'selector' => static::ROOT_BLOCK_SELECTOR, ); if ( isset( $theme_json['styles']['elements'] ) ) { foreach ( self::ELEMENTS as $element => $selector ) { if ( ! isset( $theme_json['styles']['elements'][ $element ] ) ) { continue; } $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::ELEMENTS[ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['elements'][ $element ][ $pseudo_selector ] ) ) { $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::append_to_selector( static::ELEMENTS[ $element ], $pseudo_selector ), ); } } } } } // Blocks. if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $block_nodes = static::get_block_nodes( $theme_json, $selectors, $options ); foreach ( $block_nodes as $block_node ) { $nodes[] = $block_node; } /** * Filters the list of style nodes with metadata. * * This allows for things like loading block CSS independently. * * @since 6.1.0 * * @param array $nodes Style nodes with metadata. */ return apply_filters( 'wp_theme_json_get_style_nodes', $nodes ); } /** * A public helper to get the block nodes from a theme.json file. * * @since 6.1.0 * * @return array The block nodes in theme.json. */ public function get_styles_block_nodes() { return static::get_block_nodes( $this->theme_json ); } /** * Returns a filtered declarations array if there is a separator block with only a background * style defined in theme.json by adding a color attribute to reflect the changes in the front. * * @since 6.1.1 * * @param array $declarations List of declarations. * @return array $declarations List of declarations filtered. */ private static function update_separator_declarations( $declarations ) { $background_color = ''; $border_color_matches = false; $text_color_matches = false; foreach ( $declarations as $declaration ) { if ( 'background-color' === $declaration['name'] && ! $background_color && isset( $declaration['value'] ) ) { $background_color = $declaration['value']; } elseif ( 'border-color' === $declaration['name'] ) { $border_color_matches = true; } elseif ( 'color' === $declaration['name'] ) { $text_color_matches = true; } if ( $background_color && $border_color_matches && $text_color_matches ) { break; } } if ( $background_color && ! $border_color_matches && ! $text_color_matches ) { $declarations[] = array( 'name' => 'color', 'value' => $background_color, ); } return $declarations; } /** * An internal method to get the block nodes from a theme.json file. * * @since 6.1.0 * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Added optional selectors and options for generating block nodes. * @since 6.7.0 Added $include_node_paths_only option. * * @param array $theme_json The theme.json converted to an array. * @param array $selectors Optional list of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Include nodes for block style variations. Default false. * @type bool $include_node_paths_only Return only block nodes node paths. Default false. * } * @return array The block nodes in theme.json. */ private static function get_block_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $include_variations = $options['include_block_style_variations'] ?? false; $include_node_paths_only = $options['include_node_paths_only'] ?? false; // If only node paths are to be returned, skip selector assignment. if ( ! $include_node_paths_only ) { $selectors = empty( $selectors ) ? static::get_blocks_metadata() : $selectors; } foreach ( $theme_json['styles']['blocks'] as $name => $node ) { $node_path = array( 'styles', 'blocks', $name ); if ( $include_node_paths_only ) { $variation_paths = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $variation_node ) { $variation_paths[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), ); } } $node = array( 'path' => $node_path, ); if ( ! empty( $variation_paths ) ) { $node['variations'] = $variation_paths; } $nodes[] = $node; } else { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $duotone_selector = null; if ( isset( $selectors[ $name ]['duotone'] ) ) { $duotone_selector = $selectors[ $name ]['duotone']; } $feature_selectors = null; if ( isset( $selectors[ $name ]['selectors'] ) ) { $feature_selectors = $selectors[ $name ]['selectors']; } $variation_selectors = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $node ) { $variation_selectors[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), 'selector' => $selectors[ $name ]['styleVariations'][ $variation ], ); } } $nodes[] = array( 'name' => $name, 'path' => $node_path, 'selector' => $selector, 'selectors' => $feature_selectors, 'duotone' => $duotone_selector, 'features' => $feature_selectors, 'variations' => $variation_selectors, 'css' => $selector, ); } if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'] ) ) { foreach ( $theme_json['styles']['blocks'][ $name ]['elements'] as $element => $node ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); if ( $include_node_paths_only ) { $nodes[] = array( 'path' => $node_path, ); continue; } $nodes[] = array( 'path' => $node_path, 'selector' => $selectors[ $name ]['elements'][ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'][ $element ][ $pseudo_selector ] ) ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); $nodes[] = array( 'path' => $node_path, 'selector' => static::append_to_selector( $selectors[ $name ]['elements'][ $element ], $pseudo_selector ), ); } } } } } } return $nodes; } /** * Gets the CSS rules for a particular block from theme.json. * * @since 6.1.0 * @since 6.6.0 Setting a min-height of HTML when root styles have a background gradient or image. * Updated general global styles specificity to 0-1-0. * Fixed custom CSS output in block style variations. * * @param array $block_metadata Metadata about the block to get styles for. * @return string Styles for the block. */ public function get_styles_for_block( $block_metadata ) { $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; $selector = $block_metadata['selector']; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $feature_declarations = static::get_feature_declarations_for_node( $block_metadata, $node ); $is_root_selector = static::ROOT_BLOCK_SELECTOR === $selector; // If there are style variations, generate the declarations for them, including any feature selectors the block may have. $style_variation_declarations = array(); $style_variation_custom_css = array(); if ( ! empty( $block_metadata['variations'] ) ) { foreach ( $block_metadata['variations'] as $style_variation ) { $style_variation_node = _wp_array_get( $this->theme_json, $style_variation['path'], array() ); $clean_style_variation_selector = trim( $style_variation['selector'] ); // Generate any feature/subfeature style declarations for the current style variation. $variation_declarations = static::get_feature_declarations_for_node( $block_metadata, $style_variation_node ); // Combine selectors with style variation's selector and add to overall style variation declarations. foreach ( $variation_declarations as $current_selector => $new_declarations ) { /* * Clean up any whitespace between comma separated selectors. * This prevents these spaces breaking compound selectors such as: * - `.wp-block-list:not(.wp-block-list .wp-block-list)` * - `.wp-block-image img, .wp-block-image.my-class img` */ $clean_current_selector = preg_replace( '/,\s+/', ',', $current_selector ); $shortened_selector = str_replace( $block_metadata['selector'], '', $clean_current_selector ); // Prepend the variation selector to the current selector. $split_selectors = explode( ',', $shortened_selector ); $updated_selectors = array_map( static function ( $split_selector ) use ( $clean_style_variation_selector ) { return $clean_style_variation_selector . $split_selector; }, $split_selectors ); $combined_selectors = implode( ',', $updated_selectors ); // Add the new declarations to the overall results under the modified selector. $style_variation_declarations[ $combined_selectors ] = $new_declarations; } // Compute declarations for remaining styles not covered by feature level selectors. $style_variation_declarations[ $style_variation['selector'] ] = static::compute_style_properties( $style_variation_node, $settings, null, $this->theme_json ); // Store custom CSS for the style variation. if ( isset( $style_variation_node['css'] ) ) { $style_variation_custom_css[ $style_variation['selector'] ] = $this->process_blocks_custom_css( $style_variation_node['css'], $style_variation['selector'] ); } } } /* * Get a reference to element name from path. * $block_metadata['path'] = array( 'styles','elements','link' ); * Make sure that $block_metadata['path'] describes an element node, like [ 'styles', 'element', 'link' ]. * Skip non-element paths like just ['styles']. */ $is_processing_element = in_array( 'elements', $block_metadata['path'], true ); $current_element = $is_processing_element ? $block_metadata['path'][ count( $block_metadata['path'] ) - 1 ] : null; $element_pseudo_allowed = array(); if ( isset( $current_element, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { $element_pseudo_allowed = static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ]; } /* * Check for allowed pseudo classes (e.g. ":hover") from the $selector ("a:hover"). * This also resets the array keys. */ $pseudo_matches = array_values( array_filter( $element_pseudo_allowed, static function ( $pseudo_selector ) use ( $selector ) { /* * Check if the pseudo selector is in the current selector, * ensuring it is not followed by a dash (e.g., :focus should not match :focus-visible). */ return preg_match( '/' . preg_quote( $pseudo_selector, '/' ) . '(?!-)/', $selector ) === 1; } ) ); $pseudo_selector = isset( $pseudo_matches[0] ) ? $pseudo_matches[0] : null; /* * If the current selector is a pseudo selector that's defined in the allow list for the current * element then compute the style properties for it. * Otherwise just compute the styles for the default selector as normal. */ if ( $pseudo_selector && isset( $node[ $pseudo_selector ] ) && isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) && in_array( $pseudo_selector, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ], true ) ) { $declarations = static::compute_style_properties( $node[ $pseudo_selector ], $settings, null, $this->theme_json, $selector, $use_root_padding ); } else { $declarations = static::compute_style_properties( $node, $settings, null, $this->theme_json, $selector, $use_root_padding ); } $block_rules = ''; /* * 1. Bespoke declaration modifiers: * - 'filter': Separate the declarations that use the general selector * from the ones using the duotone selector. * - 'background|background-image': set the html min-height to 100% * to ensure the background covers the entire viewport. */ $declarations_duotone = array(); $should_set_root_min_height = false; foreach ( $declarations as $index => $declaration ) { if ( 'filter' === $declaration['name'] ) { /* * 'unset' filters happen when a filter is unset * in the site-editor UI. Because the 'unset' value * in the user origin overrides the value in the * theme origin, we can skip rendering anything * here as no filter needs to be applied anymore. * So only add declarations to with values other * than 'unset'. */ if ( 'unset' !== $declaration['value'] ) { $declarations_duotone[] = $declaration; } unset( $declarations[ $index ] ); } if ( $is_root_selector && ( 'background-image' === $declaration['name'] || 'background' === $declaration['name'] ) ) { $should_set_root_min_height = true; } } /* * If root styles has a background-image or a background (gradient) set, * set the min-height to '100%'. Minus `--wp-admin--admin-bar--height` for logged-in view. * Setting the CSS rule on the HTML tag ensures background gradients and images behave similarly, * and matches the behavior of the site editor. */ if ( $should_set_root_min_height ) { $block_rules .= static::to_ruleset( 'html', array( array( 'name' => 'min-height', 'value' => 'calc(100% - var(--wp-admin--admin-bar--height, 0px))', ), ) ); } // Update declarations if there are separators with only background color defined. if ( '.wp-block-separator' === $selector ) { $declarations = static::update_separator_declarations( $declarations ); } /* * Root selector (body) styles should not be wrapped in `:root where()` to keep * specificity at (0,0,1) and maintain backwards compatibility. * * Top-level element styles using element-only specificity selectors should * not get wrapped in `:root :where()` to maintain backwards compatibility. * * Pseudo classes, e.g. :hover, :focus etc., are a class-level selector so * still need to be wrapped in `:root :where` to cap specificity for nested * variations etc. Pseudo selectors won't match the ELEMENTS selector exactly. */ $element_only_selector = $is_root_selector || ( $current_element && isset( static::ELEMENTS[ $current_element ] ) && // buttons, captions etc. still need `:root :where()` as they are class based selectors. ! isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $current_element ] ) && static::ELEMENTS[ $current_element ] === $selector ); // 2. Generate and append the rules that use the general selector. $general_selector = $element_only_selector ? $selector : ":root :where($selector)"; $block_rules .= static::to_ruleset( $general_selector, $declarations ); // 3. Generate and append the rules that use the duotone selector. if ( isset( $block_metadata['duotone'] ) && ! empty( $declarations_duotone ) ) { $block_rules .= static::to_ruleset( $block_metadata['duotone'], $declarations_duotone ); } // 4. Generate Layout block gap styles. if ( ! $is_root_selector && ! empty( $block_metadata['name'] ) ) { $block_rules .= $this->get_layout_styles( $block_metadata ); } // 5. Generate and append the feature level rulesets. foreach ( $feature_declarations as $feature_selector => $individual_feature_declarations ) { $block_rules .= static::to_ruleset( ":root :where($feature_selector)", $individual_feature_declarations ); } // 6. Generate and append the style variation rulesets. foreach ( $style_variation_declarations as $style_variation_selector => $individual_style_variation_declarations ) { $block_rules .= static::to_ruleset( ":root :where($style_variation_selector)", $individual_style_variation_declarations ); if ( isset( $style_variation_custom_css[ $style_variation_selector ] ) ) { $block_rules .= $style_variation_custom_css[ $style_variation_selector ]; } } // 7. Generate and append any custom CSS rules. if ( isset( $node['css'] ) && ! $is_root_selector ) { $block_rules .= $this->process_blocks_custom_css( $node['css'], $selector ); } return $block_rules; } /** * Outputs the CSS for layout rules on the root. * * @since 6.1.0 * @since 6.6.0 Use `ROOT_CSS_PROPERTIES_SELECTOR` for CSS custom properties and improved consistency of root padding rules. * Updated specificity of body margin reset and first/last child selectors. * * @param string $selector The root node selector. * @param array $block_metadata The metadata for the root block. * @return string The additional root rules CSS. */ public function get_root_layout_rules( $selector, $block_metadata ) { $css = ''; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; /* * If there are content and wide widths in theme.json, output them * as custom properties on the body element so all blocks can use them. */ if ( isset( $settings['layout']['contentSize'] ) || isset( $settings['layout']['wideSize'] ) ) { $content_size = isset( $settings['layout']['contentSize'] ) ? $settings['layout']['contentSize'] : $settings['layout']['wideSize']; $content_size = static::is_safe_css_declaration( 'max-width', $content_size ) ? $content_size : 'initial'; $wide_size = isset( $settings['layout']['wideSize'] ) ? $settings['layout']['wideSize'] : $settings['layout']['contentSize']; $wide_size = static::is_safe_css_declaration( 'max-width', $wide_size ) ? $wide_size : 'initial'; $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . ' { --wp--style--global--content-size: ' . $content_size . ';'; $css .= '--wp--style--global--wide-size: ' . $wide_size . '; }'; } /* * Reset default browser margin on the body element. * This is set on the body selector **before** generating the ruleset * from the `theme.json`. This is to ensure that if the `theme.json` declares * `margin` in its `spacing` declaration for the `body` element then these * user-generated values take precedence in the CSS cascade. * @link https://github.com/WordPress/gutenberg/issues/36147. */ $css .= ':where(body) { margin: 0; }'; if ( $use_root_padding ) { // Top and bottom padding are applied to the outer block container. $css .= '.wp-site-blocks { padding-top: var(--wp--style--root--padding-top); padding-bottom: var(--wp--style--root--padding-bottom); }'; // Right and left padding are applied to the first container with `.has-global-padding` class. $css .= '.has-global-padding { padding-right: var(--wp--style--root--padding-right); padding-left: var(--wp--style--root--padding-left); }'; // Alignfull children of the container with left and right padding have negative margins so they can still be full width. $css .= '.has-global-padding > .alignfull { margin-right: calc(var(--wp--style--root--padding-right) * -1); margin-left: calc(var(--wp--style--root--padding-left) * -1); }'; // Nested children of the container with left and right padding that are not full aligned do not get padding, unless they are direct children of an alignfull flow container. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) { padding-right: 0; padding-left: 0; }'; // Alignfull direct children of the containers that are targeted by the rule above do not need negative margins. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) > .alignfull { margin-left: 0; margin-right: 0; }'; } $css .= '.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }'; $css .= '.wp-site-blocks > .alignright { float: right; margin-left: 2em; }'; $css .= '.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }'; // Block gap styles will be output unless explicitly set to `null`. See static::PROTECTED_PROPERTIES. if ( isset( $this->theme_json['settings']['spacing']['blockGap'] ) ) { $block_gap_value = static::get_property_value( $this->theme_json, array( 'styles', 'spacing', 'blockGap' ) ); $css .= ":where(.wp-site-blocks) > * { margin-block-start: $block_gap_value; margin-block-end: 0; }"; $css .= ':where(.wp-site-blocks) > :first-child { margin-block-start: 0; }'; $css .= ':where(.wp-site-blocks) > :last-child { margin-block-end: 0; }'; // For backwards compatibility, ensure the legacy block gap CSS variable is still available. $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . " { --wp--style--block-gap: $block_gap_value; }"; } $css .= $this->get_layout_styles( $block_metadata ); return $css; } /** * For metadata values that can either be booleans or paths to booleans, gets the value. * * $data = array( * 'color' => array( * 'defaultPalette' => true * ) * ); * * static::get_metadata_boolean( $data, false ); * // => false * * static::get_metadata_boolean( $data, array( 'color', 'defaultPalette' ) ); * // => true * * @since 6.0.0 * * @param array $data The data to inspect. * @param bool|array $path Boolean or path to a boolean. * @param bool $default_value Default value if the referenced path is missing. * Default false. * @return bool Value of boolean metadata. */ protected static function get_metadata_boolean( $data, $path, $default_value = false ) { if ( is_bool( $path ) ) { return $path; } if ( is_array( $path ) ) { $value = _wp_array_get( $data, $path ); if ( null !== $value ) { return $value; } } return $default_value; } /** * Merges new incoming data. * * @since 5.8.0 * @since 5.9.0 Duotone preset also has origins. * @since 6.7.0 Replace background image objects during merge. * * @param WP_Theme_JSON $incoming Data to merge. */ public function merge( $incoming ) { $incoming_data = $incoming->get_raw_data(); $this->theme_json = array_replace_recursive( $this->theme_json, $incoming_data ); /* * Recompute all the spacing sizes based on the new hierarchy of data. In the constructor * spacingScale and spacingSizes are both keyed by origin and VALID_ORIGINS is ordered, so * we can allow partial spacingScale data to inherit missing data from earlier layers when * computing the spacing sizes. * * This happens before the presets are merged to ensure that default spacing sizes can be * removed from the theme origin if $prevent_override is true. */ $flattened_spacing_scale = array(); foreach ( static::VALID_ORIGINS as $origin ) { $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); // Apply the base spacing scale to the current layer. $base_spacing_scale = _wp_array_get( $this->theme_json, $scale_path, array() ); $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $base_spacing_scale ); $spacing_scale = _wp_array_get( $incoming_data, $scale_path, null ); if ( ! isset( $spacing_scale ) ) { continue; } // Allow partial scale settings by merging with lower layers. $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $spacing_scale ); // Generate and merge the scales for this layer. $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $incoming_data, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $flattened_spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $incoming_data, $sizes_path, $merged_spacing_sizes ); } /* * The array_replace_recursive algorithm merges at the leaf level, * but we don't want leaf arrays to be merged, so we overwrite it. * * For leaf values that are sequential arrays it will use the numeric indexes for replacement. * We rather replace the existing with the incoming value, if it exists. * This is the case of spacing.units. * * For leaf values that are associative arrays it will merge them as expected. * This is also not the behavior we want for the current associative arrays (presets). * We rather replace the existing with the incoming value, if it exists. * This happens, for example, when we merge data from theme.json upon existing * theme supports or when we merge anything coming from the same source twice. * This is the case of color.palette, color.gradients, color.duotone, * typography.fontSizes, or typography.fontFamilies. * * Additionally, for some preset types, we also want to make sure the * values they introduce don't conflict with default values. We do so * by checking the incoming slugs for theme presets and compare them * with the equivalent default presets: if a slug is present as a default * we remove it from the theme presets. */ $nodes = static::get_setting_nodes( $incoming_data ); $slugs_global = static::get_default_slugs( $this->theme_json, array( 'settings' ) ); foreach ( $nodes as $node ) { // Replace the spacing.units. $path = $node['path']; $path[] = 'spacing'; $path[] = 'units'; $content = _wp_array_get( $incoming_data, $path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $path, $content ); } // Replace the presets. foreach ( static::PRESETS_METADATA as $preset_metadata ) { $prevent_override = $preset_metadata['prevent_override']; if ( is_array( $prevent_override ) ) { $global_path = array_merge( array( 'settings' ), $prevent_override ); $global_value = _wp_array_get( $this->theme_json, $global_path, null ); $node_level_path = array_merge( $node['path'], $prevent_override ); $prevent_override = _wp_array_get( $this->theme_json, $node_level_path, $global_value ); } foreach ( static::VALID_ORIGINS as $origin ) { $base_path = $node['path']; foreach ( $preset_metadata['path'] as $leaf ) { $base_path[] = $leaf; } $path = $base_path; $path[] = $origin; $content = _wp_array_get( $incoming_data, $path, null ); if ( ! isset( $content ) ) { continue; } // Set names for theme presets based on the slug if they are not set and can use default names. if ( 'theme' === $origin && $preset_metadata['use_default_names'] ) { foreach ( $content as $key => $item ) { if ( ! isset( $item['name'] ) ) { $name = static::get_name_from_defaults( $item['slug'], $base_path ); if ( null !== $name ) { $content[ $key ]['name'] = $name; } } } } // Filter out default slugs from theme presets when defaults should not be overridden. if ( 'theme' === $origin && $prevent_override ) { $slugs_node = static::get_default_slugs( $this->theme_json, $node['path'] ); $preset_global = _wp_array_get( $slugs_global, $preset_metadata['path'], array() ); $preset_node = _wp_array_get( $slugs_node, $preset_metadata['path'], array() ); $preset_slugs = array_merge_recursive( $preset_global, $preset_node ); $content = static::filter_slugs( $content, $preset_slugs ); } _wp_array_set( $this->theme_json, $path, $content ); } } } /* * Style values are merged at the leaf level, however * some values provide exceptions, namely style values that are * objects and represent unique definitions for the style. */ $style_nodes = static::get_block_nodes( $this->theme_json, array(), array( 'include_node_paths_only' => true ) ); // Add top-level styles. $style_nodes[] = array( 'path' => array( 'styles' ) ); foreach ( $style_nodes as $style_node ) { $path = $style_node['path']; /* * Background image styles should be replaced, not merged, * as they themselves are specific object definitions for the style. */ $background_image_path = array_merge( $path, static::PROPERTIES_METADATA['background-image'] ); $content = _wp_array_get( $incoming_data, $background_image_path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $background_image_path, $content ); } } } /** * Converts all filter (duotone) presets into SVGs. * * @since 5.9.1 * * @param array $origins List of origins to process. * @return string SVG filters. */ public function get_svg_filters( $origins ) { $blocks_metadata = static::get_blocks_metadata(); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $filters = ''; foreach ( $setting_nodes as $metadata ) { $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); if ( empty( $node['color']['duotone'] ) ) { continue; } $duotone_presets = $node['color']['duotone']; foreach ( $origins as $origin ) { if ( ! isset( $duotone_presets[ $origin ] ) ) { continue; } foreach ( $duotone_presets[ $origin ] as $duotone_preset ) { $filters .= WP_Duotone::get_filter_svg_from_preset( $duotone_preset ); } } } return $filters; } /** * Determines whether a presets should be overridden or not. * * @since 5.9.0 * @deprecated 6.0.0 Use {@see 'get_metadata_boolean'} instead. * * @param array $theme_json The theme.json like structure to inspect. * @param array $path Path to inspect. * @param bool|array $override Data to compute whether to override the preset. * @return bool */ protected static function should_override_preset( $theme_json, $path, $override ) { _deprecated_function( __METHOD__, '6.0.0', 'get_metadata_boolean' ); if ( is_bool( $override ) ) { return $override; } /* * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults. */ if ( is_array( $override ) ) { $value = _wp_array_get( $theme_json, array_merge( $path, $override ) ); if ( isset( $value ) ) { return ! $value; } // Search the top-level key if none was found for this node. $value = _wp_array_get( $theme_json, array_merge( array( 'settings' ), $override ) ); if ( isset( $value ) ) { return ! $value; } return true; } } /** * Returns the default slugs for all the presets in an associative array * whose keys are the preset paths and the leaves is the list of slugs. * * For example: * * array( * 'color' => array( * 'palette' => array( 'slug-1', 'slug-2' ), * 'gradients' => array( 'slug-3', 'slug-4' ), * ), * ) * * @since 5.9.0 * * @param array $data A theme.json like structure. * @param array $node_path The path to inspect. It's 'settings' by default. * @return array */ protected static function get_default_slugs( $data, $node_path ) { $slugs = array(); foreach ( static::PRESETS_METADATA as $metadata ) { $path = $node_path; foreach ( $metadata['path'] as $leaf ) { $path[] = $leaf; } $path[] = 'default'; $preset = _wp_array_get( $data, $path, null ); if ( ! isset( $preset ) ) { continue; } $slugs_for_preset = array(); foreach ( $preset as $item ) { if ( isset( $item['slug'] ) ) { $slugs_for_preset[] = $item['slug']; } } _wp_array_set( $slugs, $metadata['path'], $slugs_for_preset ); } return $slugs; } /** * Gets a `default`'s preset name by a provided slug. * * @since 5.9.0 * * @param string $slug The slug we want to find a match from default presets. * @param array $base_path The path to inspect. It's 'settings' by default. * @return string|null */ protected function get_name_from_defaults( $slug, $base_path ) { $path = $base_path; $path[] = 'default'; $default_content = _wp_array_get( $this->theme_json, $path, null ); if ( ! $default_content ) { return null; } foreach ( $default_content as $item ) { if ( $slug === $item['slug'] ) { return $item['name']; } } return null; } /** * Removes the preset values whose slug is equal to any of given slugs. * * @since 5.9.0 * * @param array $node The node with the presets to validate. * @param array $slugs The slugs that should not be overridden. * @return array The new node. */ protected static function filter_slugs( $node, $slugs ) { if ( empty( $slugs ) ) { return $node; } $new_node = array(); foreach ( $node as $value ) { if ( isset( $value['slug'] ) && ! in_array( $value['slug'], $slugs, true ) ) { $new_node[] = $value; } } return $new_node; } /** * Removes insecure data from theme.json. * * @since 5.9.0 * @since 6.3.2 Preserves global styles block variations when securing styles. * @since 6.6.0 Updated to allow variation element styles and $origin parameter. * * @param array $theme_json Structure to sanitize. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. * @return array Sanitized structure. */ public static function remove_insecure_properties( $theme_json, $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $sanitized = array(); $theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $theme_json = static::sanitize( $theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $blocks_metadata = static::get_blocks_metadata(); $style_options = array( 'include_block_style_variations' => true ); // Allow variations data. $style_nodes = static::get_style_nodes( $theme_json, $blocks_metadata, $style_options ); foreach ( $style_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } // The global styles custom CSS is not sanitized, but can only be edited by users with 'edit_css' capability. if ( isset( $input['css'] ) && current_user_can( 'edit_css' ) ) { $output = $input; } else { $output = static::remove_insecure_styles( $input ); } /* * Get a reference to element name from path. * $metadata['path'] = array( 'styles', 'elements', 'link' ); */ $current_element = $metadata['path'][ count( $metadata['path'] ) - 1 ]; /* * $output is stripped of pseudo selectors. Re-add and process them * or insecure styles here. */ if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] as $pseudo_selector ) { if ( isset( $input[ $pseudo_selector ] ) ) { $output[ $pseudo_selector ] = static::remove_insecure_styles( $input[ $pseudo_selector ] ); } } } if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } if ( isset( $metadata['variations'] ) ) { foreach ( $metadata['variations'] as $variation ) { $variation_input = _wp_array_get( $theme_json, $variation['path'], array() ); if ( empty( $variation_input ) ) { continue; } $variation_output = static::remove_insecure_styles( $variation_input ); if ( isset( $variation_input['blocks'] ) ) { $variation_output['blocks'] = static::remove_insecure_inner_block_styles( $variation_input['blocks'] ); } if ( isset( $variation_input['elements'] ) ) { $variation_output['elements'] = static::remove_insecure_element_styles( $variation_input['elements'] ); } if ( ! empty( $variation_output ) ) { _wp_array_set( $sanitized, $variation['path'], $variation_output ); } } } } $setting_nodes = static::get_setting_nodes( $theme_json ); foreach ( $setting_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } $output = static::remove_insecure_settings( $input ); if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } } if ( empty( $sanitized['styles'] ) ) { unset( $theme_json['styles'] ); } else { $theme_json['styles'] = $sanitized['styles']; } if ( empty( $sanitized['settings'] ) ) { unset( $theme_json['settings'] ); } else { $theme_json['settings'] = $sanitized['settings']; } return $theme_json; } /** * Remove insecure element styles within a variation or block. * * @since 6.8.0 * * @param array $elements The elements to process. * @return array The sanitized elements styles. */ protected static function remove_insecure_element_styles( $elements ) { $sanitized = array(); $valid_element_names = array_keys( static::ELEMENTS ); foreach ( $valid_element_names as $element_name ) { $element_input = $elements[ $element_name ] ?? null; if ( $element_input ) { $element_output = static::remove_insecure_styles( $element_input ); if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] as $pseudo_selector ) { if ( isset( $element_input[ $pseudo_selector ] ) ) { $element_output[ $pseudo_selector ] = static::remove_insecure_styles( $element_input[ $pseudo_selector ] ); } } } $sanitized[ $element_name ] = $element_output; } } return $sanitized; } /** * Remove insecure styles from inner blocks and their elements. * * @since 6.8.0 * * @param array $blocks The block styles to process. * @return array Sanitized block type styles. */ protected static function remove_insecure_inner_block_styles( $blocks ) { $sanitized = array(); foreach ( $blocks as $block_type => $block_input ) { $block_output = static::remove_insecure_styles( $block_input ); if ( isset( $block_input['elements'] ) ) { $block_output['elements'] = static::remove_insecure_element_styles( $block_input['elements'] ); } $sanitized[ $block_type ] = $block_output; } return $sanitized; } /** * Processes a setting node and returns the same node * without the insecure settings. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_settings( $input ) { $output = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { foreach ( static::VALID_ORIGINS as $origin ) { $path_with_origin = $preset_metadata['path']; $path_with_origin[] = $origin; $presets = _wp_array_get( $input, $path_with_origin, null ); if ( null === $presets ) { continue; } $escaped_preset = array(); foreach ( $presets as $preset ) { if ( esc_attr( esc_html( $preset['name'] ) ) === $preset['name'] && sanitize_html_class( $preset['slug'] ) === $preset['slug'] ) { $value = null; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value = $preset[ $preset_metadata['value_key'] ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value = call_user_func( $preset_metadata['value_func'], $preset ); } $preset_is_valid = true; foreach ( $preset_metadata['properties'] as $property ) { if ( ! static::is_safe_css_declaration( $property, $value ) ) { $preset_is_valid = false; break; } } if ( $preset_is_valid ) { $escaped_preset[] = $preset; } } } if ( ! empty( $escaped_preset ) ) { _wp_array_set( $output, $path_with_origin, $escaped_preset ); } } } // Ensure indirect properties not included in any `PRESETS_METADATA` value are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Processes a style node and returns the same node * without the insecure styles. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_styles( $input ) { $output = array(); $declarations = static::compute_style_properties( $input ); foreach ( $declarations as $declaration ) { if ( static::is_safe_css_declaration( $declaration['name'], $declaration['value'] ) ) { $path = static::PROPERTIES_METADATA[ $declaration['name'] ]; /* * Check the value isn't an array before adding so as to not * double up shorthand and longhand styles. */ $value = _wp_array_get( $input, $path, array() ); if ( ! is_array( $value ) ) { _wp_array_set( $output, $path, $value ); } } } // Ensure indirect properties not handled by `compute_style_properties` are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Checks that a declaration provided by the user is safe. * * @since 5.9.0 * * @param string $property_name Property name in a CSS declaration, i.e. the `color` in `color: red`. * @param string $property_value Value in a CSS declaration, i.e. the `red` in `color: red`. * @return bool */ protected static function is_safe_css_declaration( $property_name, $property_value ) { $style_to_validate = $property_name . ': ' . $property_value; $filtered = esc_html( safecss_filter_attr( $style_to_validate ) ); return ! empty( trim( $filtered ) ); } /** * Removes indirect properties from the given input node and * sets in the given output node. * * @since 6.2.0 * * @param array $input Node to process. * @param array $output The processed node. Passed by reference. */ private static function remove_indirect_properties( $input, &$output ) { foreach ( static::INDIRECT_PROPERTIES_METADATA as $property => $paths ) { foreach ( $paths as $path ) { $value = _wp_array_get( $input, $path ); if ( is_string( $value ) && static::is_safe_css_declaration( $property, $value ) ) { _wp_array_set( $output, $path, $value ); } } } } /** * Returns the raw data. * * @since 5.8.0 * * @return array Raw data. */ public function get_raw_data() { return $this->theme_json; } /** * Transforms the given editor settings according the * add_theme_support format to the theme.json format. * * @since 5.8.0 * * @param array $settings Existing editor settings. * @return array Config that adheres to the theme.json schema. */ public static function get_from_editor_settings( $settings ) { $theme_settings = array( 'version' => static::LATEST_SCHEMA, 'settings' => array(), ); // Deprecated theme supports. if ( isset( $settings['disableCustomColors'] ) ) { $theme_settings['settings']['color']['custom'] = ! $settings['disableCustomColors']; } if ( isset( $settings['disableCustomGradients'] ) ) { $theme_settings['settings']['color']['customGradient'] = ! $settings['disableCustomGradients']; } if ( isset( $settings['disableCustomFontSizes'] ) ) { $theme_settings['settings']['typography']['customFontSize'] = ! $settings['disableCustomFontSizes']; } if ( isset( $settings['enableCustomLineHeight'] ) ) { $theme_settings['settings']['typography']['lineHeight'] = $settings['enableCustomLineHeight']; } if ( isset( $settings['enableCustomUnits'] ) ) { $theme_settings['settings']['spacing']['units'] = ( true === $settings['enableCustomUnits'] ) ? array( 'px', 'em', 'rem', 'vh', 'vw', '%' ) : $settings['enableCustomUnits']; } if ( isset( $settings['colors'] ) ) { $theme_settings['settings']['color']['palette'] = $settings['colors']; } if ( isset( $settings['gradients'] ) ) { $theme_settings['settings']['color']['gradients'] = $settings['gradients']; } if ( isset( $settings['fontSizes'] ) ) { $font_sizes = $settings['fontSizes']; // Back-compatibility for presets without units. foreach ( $font_sizes as $key => $font_size ) { if ( is_numeric( $font_size['size'] ) ) { $font_sizes[ $key ]['size'] = $font_size['size'] . 'px'; } } $theme_settings['settings']['typography']['fontSizes'] = $font_sizes; } if ( isset( $settings['enableCustomSpacing'] ) ) { $theme_settings['settings']['spacing']['padding'] = $settings['enableCustomSpacing']; } if ( isset( $settings['spacingSizes'] ) ) { $theme_settings['settings']['spacing']['spacingSizes'] = $settings['spacingSizes']; } return $theme_settings; } /** * Returns the current theme's wanted patterns(slugs) to be * registered from Pattern Directory. * * @since 6.0.0 * * @return string[] */ public function get_patterns() { if ( isset( $this->theme_json['patterns'] ) && is_array( $this->theme_json['patterns'] ) ) { return $this->theme_json['patterns']; } return array(); } /** * Returns a valid theme.json as provided by a theme. * * Unlike get_raw_data() this returns the presets flattened, as provided by a theme. * This also uses appearanceTools instead of their opt-ins if all of them are true. * * @since 6.0.0 * * @return array */ public function get_data() { $output = $this->theme_json; $nodes = static::get_setting_nodes( $output ); /** * Flatten the theme & custom origins into a single one. * * For example, the following: * * { * "settings": { * "color": { * "palette": { * "theme": [ {} ], * "custom": [ {} ] * } * } * } * } * * will be converted to: * * { * "settings": { * "color": { * "palette": [ {} ] * } * } * } */ foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $preset_metadata_path ) { $path[] = $preset_metadata_path; } $preset = _wp_array_get( $output, $path, null ); if ( null === $preset ) { continue; } $items = array(); if ( isset( $preset['theme'] ) ) { foreach ( $preset['theme'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } if ( isset( $preset['custom'] ) ) { foreach ( $preset['custom'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } $flattened_preset = array(); foreach ( $items as $slug => $value ) { $flattened_preset[] = array_merge( array( 'slug' => (string) $slug ), $value ); } _wp_array_set( $output, $path, $flattened_preset ); } } /* * If all of the static::APPEARANCE_TOOLS_OPT_INS are true, * this code unsets them and sets 'appearanceTools' instead. */ foreach ( $nodes as $node ) { $all_opt_ins_are_set = true; foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( 'unset prop' === $opt_in_value ) { $all_opt_ins_are_set = false; break; } } if ( $all_opt_ins_are_set ) { $node_path_with_appearance_tools = $node['path']; $node_path_with_appearance_tools[] = 'appearanceTools'; _wp_array_set( $output, $node_path_with_appearance_tools, true ); foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( true !== $opt_in_value ) { continue; } /* * The following could be improved to be path independent. * At the moment it relies on a couple of assumptions: * * - all opt-ins having a path of size 2. * - there's two sources of settings: the top-level and the block-level. */ if ( ( 1 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) ) { // Top-level settings. unset( $output['settings'][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings'][ $opt_in_path[0] ] ) ) { unset( $output['settings'][ $opt_in_path[0] ] ); } } elseif ( ( 3 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) && ( 'blocks' === $node['path'][1] ) ) { // Block-level settings. $block_name = $node['path'][2]; unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ) ) { unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ); } } } } } wp_recursive_ksort( $output ); return $output; } /** * Sets the spacingSizes array based on the spacingScale values from theme.json. * * @since 6.1.0 * @deprecated 6.6.0 No longer used as the spacingSizes are automatically * generated in the constructor and merge methods instead * of manually after instantiation. * * @return null|void */ public function set_spacing_sizes() { _deprecated_function( __METHOD__, '6.6.0' ); $spacing_scale = isset( $this->theme_json['settings']['spacing']['spacingScale'] ) ? $this->theme_json['settings']['spacing']['spacingScale'] : array(); if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || ! isset( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) ) { if ( ! empty( $spacing_scale ) ) { wp_trigger_error( __METHOD__, sprintf( /* translators: 1: theme.json, 2: settings.spacing.spacingScale */ __( 'Some of the %1$s %2$s values are invalid' ), 'theme.json', 'settings.spacing.spacingScale' ), E_USER_NOTICE ); } return null; } // If theme authors want to prevent the generation of the core spacing scale they can set their theme.json spacingScale.steps to 0. if ( 0 === $spacing_scale['steps'] ) { return null; } $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); // If there are 7 or fewer steps in the scale revert to numbers for labels instead of t-shirt sizes. if ( $spacing_scale['steps'] <= 7 ) { for ( $spacing_sizes_count = 0; $spacing_sizes_count < count( $spacing_sizes ); $spacing_sizes_count++ ) { $spacing_sizes[ $spacing_sizes_count ]['name'] = (string) ( $spacing_sizes_count + 1 ); } } _wp_array_set( $this->theme_json, array( 'settings', 'spacing', 'spacingSizes', 'default' ), $spacing_sizes ); } /** * Merges two sets of spacing size presets. * * @since 6.6.0 * * @param array $base The base set of spacing sizes. * @param array $incoming The set of spacing sizes to merge with the base. Duplicate slugs will override the base values. * @return array The merged set of spacing sizes. */ private static function merge_spacing_sizes( $base, $incoming ) { // Preserve the order if there are no base (spacingScale) values. if ( empty( $base ) ) { return $incoming; } $merged = array(); foreach ( $base as $item ) { $merged[ $item['slug'] ] = $item; } foreach ( $incoming as $item ) { $merged[ $item['slug'] ] = $item; } ksort( $merged, SORT_NUMERIC ); return array_values( $merged ); } /** * Generates a set of spacing sizes by starting with a medium size and * applying an operator with an increment value to generate the rest of the * sizes outward from the medium size. The medium slug is '50' with the rest * of the slugs being 10 apart. The generated names use t-shirt sizing. * * Example: * * $spacing_scale = array( * 'steps' => 4, * 'mediumStep' => 16, * 'unit' => 'px', * 'operator' => '+', * 'increment' => 2, * ); * $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); * // -> array( * // array( 'name' => 'Small', 'slug' => '40', 'size' => '14px' ), * // array( 'name' => 'Medium', 'slug' => '50', 'size' => '16px' ), * // array( 'name' => 'Large', 'slug' => '60', 'size' => '18px' ), * // array( 'name' => 'X-Large', 'slug' => '70', 'size' => '20px' ), * // ) * * @since 6.6.0 * * @param array $spacing_scale { * The spacing scale values. All are required. * * @type int $steps The number of steps in the scale. (up to 10 steps are supported.) * @type float $mediumStep The middle value that gets the slug '50'. (For even number of steps, this becomes the first middle value.) * @type string $unit The CSS unit to use for the sizes. * @type string $operator The mathematical operator to apply to generate the other sizes. Either '+' or '*'. * @type float $increment The value used with the operator to generate the other sizes. * } * @return array The spacing sizes presets or an empty array if some spacing scale values are missing or invalid. */ private static function compute_spacing_sizes( $spacing_scale ) { /* * This condition is intentionally missing some checks on ranges for the values in order to * keep backwards compatibility with the previous implementation. */ if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || 0 === $spacing_scale['steps'] || ! isset( $spacing_scale['mediumStep'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['increment'] ) ) { return array(); } $unit = '%' === $spacing_scale['unit'] ? '%' : sanitize_title( $spacing_scale['unit'] ); $current_step = $spacing_scale['mediumStep']; $steps_mid_point = round( $spacing_scale['steps'] / 2, 0 ); $x_small_count = null; $below_sizes = array(); $slug = 40; $remainder = 0; for ( $below_midpoint_count = $steps_mid_point - 1; $spacing_scale['steps'] > 1 && $slug > 0 && $below_midpoint_count > 0; $below_midpoint_count-- ) { if ( '+' === $spacing_scale['operator'] ) { $current_step -= $spacing_scale['increment']; } elseif ( $spacing_scale['increment'] > 1 ) { $current_step /= $spacing_scale['increment']; } else { $current_step *= $spacing_scale['increment']; } if ( $current_step <= 0 ) { $remainder = $below_midpoint_count; break; } $below_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Small. */ 'name' => $below_midpoint_count === $steps_mid_point - 1 ? __( 'Small' ) : sprintf( __( '%sX-Small' ), (string) $x_small_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( $below_midpoint_count === $steps_mid_point - 2 ) { $x_small_count = 2; } if ( $below_midpoint_count < $steps_mid_point - 2 ) { ++$x_small_count; } $slug -= 10; } $below_sizes = array_reverse( $below_sizes ); $below_sizes[] = array( 'name' => __( 'Medium' ), 'slug' => '50', 'size' => $spacing_scale['mediumStep'] . $unit, ); $current_step = $spacing_scale['mediumStep']; $x_large_count = null; $above_sizes = array(); $slug = 60; $steps_above = ( $spacing_scale['steps'] - $steps_mid_point ) + $remainder; for ( $above_midpoint_count = 0; $above_midpoint_count < $steps_above; $above_midpoint_count++ ) { $current_step = '+' === $spacing_scale['operator'] ? $current_step + $spacing_scale['increment'] : ( $spacing_scale['increment'] >= 1 ? $current_step * $spacing_scale['increment'] : $current_step / $spacing_scale['increment'] ); $above_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Large. */ 'name' => 0 === $above_midpoint_count ? __( 'Large' ) : sprintf( __( '%sX-Large' ), (string) $x_large_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( 1 === $above_midpoint_count ) { $x_large_count = 2; } if ( $above_midpoint_count > 1 ) { ++$x_large_count; } $slug += 10; } $spacing_sizes = $below_sizes; foreach ( $above_sizes as $above_sizes_item ) { $spacing_sizes[] = $above_sizes_item; } return $spacing_sizes; } /** * This is used to convert the internal representation of variables to the CSS representation. * For example, `var:preset|color|vivid-green-cyan` becomes `var(--wp--preset--color--vivid-green-cyan)`. * * @since 6.3.0 * * @param string $value The variable such as var:preset|color|vivid-green-cyan to convert. * @return string The converted variable. */ private static function convert_custom_properties( $value ) { $prefix = 'var:'; $prefix_len = strlen( $prefix ); $token_in = '|'; $token_out = '--'; if ( str_starts_with( $value, $prefix ) ) { $unwrapped_name = str_replace( $token_in, $token_out, substr( $value, $prefix_len ) ); $value = "var(--wp--$unwrapped_name)"; } return $value; } /** * Given a tree, converts the internal representation of variables to the CSS representation. * It is recursive and modifies the input in-place. * * @since 6.3.0 * * @param array $tree Input to process. * @return array The modified $tree. */ private static function resolve_custom_css_format( $tree ) { $prefix = 'var:'; foreach ( $tree as $key => $data ) { if ( is_string( $data ) && str_starts_with( $data, $prefix ) ) { $tree[ $key ] = self::convert_custom_properties( $data ); } elseif ( is_array( $data ) ) { $tree[ $key ] = self::resolve_custom_css_format( $data ); } } return $tree; } /** * Returns the selectors metadata for a block. * * @since 6.3.0 * * @param object $block_type The block type. * @param string $root_selector The block's root selector. * @return array The custom selectors set by the block. */ protected static function get_block_selectors( $block_type, $root_selector ) { if ( ! empty( $block_type->selectors ) ) { return $block_type->selectors; } $selectors = array( 'root' => $root_selector ); foreach ( static::BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS as $key => $feature ) { $feature_selector = wp_get_block_css_selector( $block_type, $key ); if ( null !== $feature_selector ) { $selectors[ $feature ] = array( 'root' => $feature_selector ); } } return $selectors; } /** * Generates all the element selectors for a block. * * @since 6.3.0 * * @param string $root_selector The block's root CSS selector. * @return array The block's element selectors. */ protected static function get_block_element_selectors( $root_selector ) { /* * Assign defaults, then override those that the block sets by itself. * If the block selector is compounded, will append the element to each * individual block selector. */ $block_selectors = explode( ',', $root_selector ); $element_selectors = array(); foreach ( static::ELEMENTS as $el_name => $el_selector ) { $element_selector = array(); foreach ( $block_selectors as $selector ) { if ( $selector === $el_selector ) { $element_selector = array( $el_selector ); break; } $element_selector[] = static::prepend_to_selector( $el_selector, $selector . ' ' ); } $element_selectors[ $el_name ] = implode( ',', $element_selector ); } return $element_selectors; } /** * Generates style declarations for a node's features e.g., color, border, * typography etc. that have custom selectors in their related block's * metadata. * * @since 6.3.0 * * @param object $metadata The related block metadata containing selectors. * @param object $node A merged theme.json node for block or variation. * @return array The style declarations for the node's features with custom * selectors. */ protected function get_feature_declarations_for_node( $metadata, &$node ) { $declarations = array(); if ( ! isset( $metadata['selectors'] ) ) { return $declarations; } $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); foreach ( $metadata['selectors'] as $feature => $feature_selectors ) { /* * Skip if this is the block's root selector or the block doesn't * have any styles for the feature. */ if ( 'root' === $feature || empty( $node[ $feature ] ) ) { continue; } if ( is_array( $feature_selectors ) ) { foreach ( $feature_selectors as $subfeature => $subfeature_selector ) { if ( 'root' === $subfeature || empty( $node[ $feature ][ $subfeature ] ) ) { continue; } /* * Create temporary node containing only the subfeature data * to leverage existing `compute_style_properties` function. */ $subfeature_node = array( $feature => array( $subfeature => $node[ $feature ][ $subfeature ], ), ); // Generate style declarations. $new_declarations = static::compute_style_properties( $subfeature_node, $settings, null, $this->theme_json ); // Merge subfeature declarations into feature declarations. if ( isset( $declarations[ $subfeature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $subfeature_selector ][] = $new_declaration; } } else { $declarations[ $subfeature_selector ] = $new_declarations; } /* * Remove the subfeature from the block's node now its * styles will be included under its own selector not the * block's. */ unset( $node[ $feature ][ $subfeature ] ); } } /* * Now subfeatures have been processed and removed we can process * feature root selector or simple string selector. */ if ( is_string( $feature_selectors ) || ( isset( $feature_selectors['root'] ) && $feature_selectors['root'] ) ) { $feature_selector = is_string( $feature_selectors ) ? $feature_selectors : $feature_selectors['root']; /* * Create temporary node containing only the feature data * to leverage existing `compute_style_properties` function. */ $feature_node = array( $feature => $node[ $feature ] ); // Generate the style declarations. $new_declarations = static::compute_style_properties( $feature_node, $settings, null, $this->theme_json ); /* * Merge new declarations with any that already exist for * the feature selector. This may occur when multiple block * support features use the same custom selector. */ if ( isset( $declarations[ $feature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $feature_selector ][] = $new_declaration; } } else { $declarations[ $feature_selector ] = $new_declarations; } /* * Remove the feature from the block's node now its styles * will be included under its own selector not the block's. */ unset( $node[ $feature ] ); } } return $declarations; } /** * Replaces CSS variables with their values in place. * * @since 6.3.0 * @since 6.5.0 Check for empty style before processing its value. * * @param array $styles CSS declarations to convert. * @param array $values key => value pairs to use for replacement. * @return array */ private static function convert_variables_to_value( $styles, $values ) { foreach ( $styles as $key => $style ) { if ( empty( $style ) ) { continue; } if ( is_array( $style ) ) { $styles[ $key ] = self::convert_variables_to_value( $style, $values ); continue; } if ( 0 <= strpos( $style, 'var(' ) ) { // find all the variables in the string in the form of var(--variable-name, fallback), with fallback in the second capture group. $has_matches = preg_match_all( '/var\(([^),]+)?,?\s?(\S+)?\)/', $style, $var_parts ); if ( $has_matches ) { $resolved_style = $styles[ $key ]; foreach ( $var_parts[1] as $index => $var_part ) { $key_in_values = 'var(' . $var_part . ')'; $rule_to_replace = $var_parts[0][ $index ]; // the css rule to replace e.g. var(--wp--preset--color--vivid-green-cyan). $fallback = $var_parts[2][ $index ]; // the fallback value. $resolved_style = str_replace( array( $rule_to_replace, $fallback, ), array( isset( $values[ $key_in_values ] ) ? $values[ $key_in_values ] : $rule_to_replace, isset( $values[ $fallback ] ) ? $values[ $fallback ] : $fallback, ), $resolved_style ); } $styles[ $key ] = $resolved_style; } } } return $styles; } /** * Resolves the values of CSS variables in the given styles. * * @since 6.3.0 * * @param WP_Theme_JSON $theme_json The theme json resolver. * @return WP_Theme_JSON The $theme_json with resolved variables. */ public static function resolve_variables( $theme_json ) { $settings = $theme_json->get_settings(); $styles = $theme_json->get_raw_data()['styles']; $preset_vars = static::compute_preset_vars( $settings, static::VALID_ORIGINS ); $theme_vars = static::compute_theme_vars( $settings ); $vars = array_reduce( array_merge( $preset_vars, $theme_vars ), function ( $carry, $item ) { $name = $item['name']; $carry[ "var({$name})" ] = $item['value']; return $carry; }, array() ); $theme_json->theme_json['styles'] = self::convert_variables_to_value( $styles, $vars ); return $theme_json; } /** * Generates a selector for a block style variation. * * @since 6.5.0 * * @param string $variation_name Name of the block style variation. * @param string $block_selector CSS selector for the block. * @return string Block selector with block style variation selector added to it. */ protected static function get_block_style_variation_selector( $variation_name, $block_selector ) { $variation_class = ".is-style-$variation_name"; if ( ! $block_selector ) { return $variation_class; } $limit = 1; $selector_parts = explode( ',', $block_selector ); $result = array(); foreach ( $selector_parts as $part ) { $result[] = preg_replace_callback( '/((?::\([^)]+\))?\s*)([^\s:]+)/', function ( $matches ) use ( $variation_class ) { return $matches[1] . $matches[2] . $variation_class; }, $part, $limit ); } return implode( ',', $result ); } /** * Collects valid block style variations keyed by block type. * * @since 6.6.0 * @since 6.8.0 Added the `$blocks_metadata` parameter. * * @param array $blocks_metadata Optional. List of metadata per block. Default is the metadata for all blocks. * @return array Valid block style variations by block type. */ protected static function get_valid_block_style_variations( $blocks_metadata = array() ) { $valid_variations = array(); $blocks_metadata = empty( $blocks_metadata ) ? static::get_blocks_metadata() : $blocks_metadata; foreach ( $blocks_metadata as $block_name => $block_meta ) { if ( ! isset( $block_meta['styleVariations'] ) ) { continue; } $valid_variations[ $block_name ] = array_keys( $block_meta['styleVariations'] ); } return $valid_variations; } } HTTP/https-migration-20260605144611-20260609155642.php 0000666 00000011205 15226703613 0014155 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605125016-20260609004110.php 0000666 00000011205 15226703613 0014132 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605102734-20260606220935.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260608070514-20260610035649.php 0000666 00000011205 15226703613 0014154 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-block-processor-20260605080036.php 0000666 00000210507 15226703613 0014273 0 ustar 00 <?php /** * Efficiently scan through block structure in document without parsing * the entire block tree and all of its JSON attributes into memory. * * @package WordPress * @subpackage Blocks * @since 6.9.0 */ /** * Class for efficiently scanning through block structure in a document * without parsing the entire block tree and JSON attributes into memory. * * ## Overview * * This class is designed to help analyze and modify block structure in a * streaming fashion and to bridge the gap between parsed block trees and * the text representing them. * * Use-cases for this class include but are not limited to: * * - Counting block types in a document. * - Queuing stylesheets based on the presence of various block types. * - Modifying blocks of a given type, i.e. migrations, updates, and styling. * - Searching for content of specific kinds, e.g. checking for blocks * with certain theme support attributes, or block bindings. * - Adding CSS class names to the element wrapping a block’s inner blocks. * * > *Note!* If a fully-parsed block tree of a document is necessary, including * > all the parsed JSON attributes, nested blocks, and HTML, consider * > using {@see \parse_blocks()} instead which will parse the document * > in one swift pass. * * For typical usage, jump first to the methods {@see self::next_block()}, * {@see self::next_delimiter()}, or {@see self::next_token()}. * * ### Values * * As a lower-level interface than {@see parse_blocks()} this class follows * different performance-focused values: * * - Minimize allocations so that documents of any size may be processed * on a fixed or marginal amount of memory. * - Make hidden costs explicit so that calling code only has to pay the * performance penalty for features it needs. * - Operate with a streaming and re-entrant design to make it possible * to operate on chunks of a document and to resume after pausing. * * This means that some operations might appear more cumbersome than one * might expect. This design tradeoff opens up opportunity to wrap this in * a convenience class to add higher-level functionality. * * ## Concepts * * All text documents can be considered a block document containing a combination * of “freeform HTML” and explicit block structure. Block structure forms through * special HTML comments called _delimiters_ which include a block type and, * optionally, block attributes encoded as a JSON object payload. * * This processor is designed to scan through a block document from delimiter to * delimiter, tracking how the delimiters impact the structure of the document. * Spans of HTML appear between delimiters. If these spans exist at the top level * of the document, meaning there is no containing block around them, they are * considered freeform HTML content. If, however, they appear _inside_ block * structure they are interpreted as `innerHTML` for the containing block. * * ### Tokens and scanning * * As the processor scans through a document is reports information about the token * on which is pauses. Tokens represent spans of text in the input comprising block * delimiters and spans of HTML. * * - {@see self::next_token()} visits every contiguous subspan of text in the * input document. This includes all explicit block comment delimiters and spans * of HTML content (whether freeform or inner HTML). * - {@see self::next_delimiter()} visits every explicit block comment delimiter * unless passed a block type which covers freeform HTML content. In these cases * it will stop at top-level spans of HTML and report a `null` block type. * - {@see self::next_block()} visits every block delimiter which _opens_ a block. * This includes opening block delimiters as well as void block delimiters. With * the same exception as above for freeform HTML block types, this will visit * top-level spans of HTML content. * * When matched on a particular token, the following methods provide structural * and textual information about it: * * - {@see self::get_delimiter_type()} reports whether the delimiter is an opener, * a closer, or if it represents a whole void block. * - {@see self::get_block_type()} reports the fully-qualified block type which * the delimiter represents. * - {@see self::get_printable_block_type()} reports the fully-qualified block type, * but returns `core/freeform` instead of `null` for top-level freeform HTML content. * - {@see self::is_block_type()} indicates if the delimiter represents a block of * the given block type, or wildcard or pseudo-block type described below. * - {@see self::opens_block()} indicates if the delimiter opens a block of one * of the provided block types. Opening, void, and top-level freeform HTML content * all open blocks. * - {@see static::get_attributes()} is currently reserved for a future streaming * JSON parser class. * - {@see self::allocate_and_return_parsed_attributes()} extracts the JSON attributes * for delimiters which open blocks and return the fully-parsed attributes as an * associative array. {@see static::get_last_json_error()} for when this fails. * - {@see self::is_html()} indicates if the token is a span of HTML which might * be top-level freeform content or a block’s inner HTML. * - {@see self::get_html_content()} returns the span of HTML. * - {@see self::get_span()} for the byte offset and length into the input document * representing the token. * * It’s possible for the processor to fail to scan forward if the input document ends * in a proper prefix of an explicit block comment delimiter. For example, if the input * ends in `<!-- wp:` then it _might_ be the start of another delimiter. The parser * cannot know, however, and therefore refuses to proceed. {@see static::get_last_error()} * to distinguish between a failure to find the next token and an incomplete input. * * ### Block types * * A block’s “type” comprises an optional _namespace_ and _name_. If the namespace * isn’t provided it will be interpreted as the implicit `core` namespace. For example, * the type `gallery` is the name of the block in the `core` namespace, but the type * `abc/gallery` is the _fully-qualified_ block type for the block whose name is still * `gallery`, but in the `abc` namespace. * * Methods on this class are aware of this block naming semantic and anywhere a block * type is an argument to a method it will be normalized to account for implicit namespaces. * Passing `paragraph` is the same as passing `core/paragraph`. On the contrary, anywhere * this class returns a block type, it will return the fully-qualified and normalized form. * For example, for the `<!-- wp:group -->` delimiter it will return `core/group` as the * block type. * * There are two special block types that change the behavior of the processor: * * - The wildcard `*` represents _any block_. In addition to matching all block types, * it also represents top-level freeform HTML whose block type is reported as `null`. * * - The `core/freeform` block type is a pseudo-block type which explicitly matches * top-level freeform HTML. * * These special block types can be passed into any method which searches for blocks. * * There is one additional special block type which may be returned from * {@see self::get_printable_block_type()}. This is the `#innerHTML` type, which * indicates that the HTML span on which the processor is paused is inner HTML for * a containing block. * * ### Spans of HTML * * Non-block content plays a complicated role in processing block documents. This * processor exposes tools to help work with these spans of HTML. * * - {@see self::is_html()} indicates if the processor is paused at a span of * HTML but does not differentiate between top-level freeform content and inner HTML. * - {@see self::is_non_whitespace_html()} indicates not only if the processor * is paused at a span of HTML, but also whether that span incorporates more than * whitespace characters. Because block serialization often inserts newlines between * block comment delimiters, this is useful for distinguishing “real” freeform * content from purely aesthetic syntax. * - {@see self::is_block_type()} matches top-level freeform HTML content when * provided one of the special block types described above. * * ### Block structure * * As the processor traverses block delimiters it maintains a stack of which blocks are * open at the given place in the document where it’s paused. This stack represents the * block structure of a document and is used to determine where blocks end, which blocks * represent inner blocks, whether a span of HTML is top-level freeform content, and * more. Investigate the stack with {@see self::get_breadcrumbs()}, which returns an * array of block types starting at the outermost-open block and descending to the * currently-visited block. * * Unlike {@parse_blocks()}, spans of HTML appear in this structure as the special * reported block type `#html`. Such a span represents inner HTML for a block if the * depth reported by {@see self::get_depth()} is greater than one. * * It will generally not be necessary to inspect the stack of open blocks, though * depth may be important for finding where blocks end. When visiting a block opener, * the depth will have been increased before pausing; in contrast the depth is * decremented before visiting a closer. This makes the following an easy way to * determine if a block is still open. * * Example: * * $depth = $processor->get_depth(); * while ( $processor->next_token() && $processor->get_depth() > $depth ) { * continue * } * // Processor is now paused at the token immediately following the closed block. * * #### Extracting blocks * * A unique feature of this processor is the ability to return the same output as * {@see \parse_blocks()} would produce, but for a subset of the input document. * For example, it’s possible to extract an image block, manipulate that parsed * block, and re-serialize it into the original document. It’s possible to do so * while skipping over the parse of the rest of the document. * * {@see self::extract_full_block_and_advance()} will scan forward from the current block opener * and build the parsed block structure until the current block is closed. It will * include all inner HTML and inner blocks, and parse all of the inner blocks. It * can be used to extract a block at any depth in the document, helpful for operating * on blocks within nested structure. * * Example: * * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery_block = $processor->extract_full_block_and_advance(); * $after_gallery = $processor->get_span()->start; * return ( * substr( $post_content, 0, $gallery_at ) . * serialize_block( modify_gallery( $gallery_block ) . * substr( $post_content, $after_gallery ) * ); * * #### Handling of malformed structure * * There are situations where closing block delimiters appear for which no open block * exists, or where a document ends before a block is closed, or where a closing block * delimiter appears but references a different block type than the most-recently * opened block does. In all of these cases, the stack of open blocks should mirror * the behavior in {@see \parse_blocks()}. * * Unlike {@see \parse_blocks()}, however, this processor can still operate on the * invalid block delimiters. It provides a few functions which can be used for building * custom and non-spec-compliant error handling. * * - {@see self::has_closing_flag()} indicates if the block delimiter contains the * closing flag at the end. Some invalid block delimiters might contain both the * void and closing flag, in which case {@see self::get_delimiter_type()} will * report that it’s a void block. * - {@see static::get_last_error()} indicates if the processor reached an invalid * block closing. Depending on the context, {@see \parse_blocks()} might instead * ignore the token or treat it as freeform HTML content. * * ## Static helpers * * This class provides helpers for performing semantic block-related operations. * * - {@see self::normalize_block_type()} takes a block type with or without the * implicit `core` namespace and returns a fully-qualified block type. * - {@see self::are_equal_block_types()} indicates if two spans across one or * more input texts represent the same fully-qualified block type. * * ## Subclassing * * This processor is designed to accurately parse a block document. Therefore, many * of its methods are not meant for subclassing. However, overall this class supports * building higher-level convenience classes which may choose to subclass it. For those * classes, avoid re-implementing methods except for the list below. Instead, create * new names representing the higher-level concepts being introduced. For example, instead * of creating a new method named `next_block()` which only advances to blocks of a given * kind, consider creating a new method named something like `next_layout_block()` which * won’t interfere with the base class method. * * - {@see static::get_last_error()} may be reimplemented to report new errors in the subclass * which aren’t intrinsic to block parsing. * - {@see static::get_attributes()} may be reimplemented to provide a streaming interface * to reading and modifying a block’s JSON attributes. It should be fast and memory efficient. * - {@see static::get_last_json_error()} may be reimplemented to report new errors introduced * with a reimplementation of {@see static::get_attributes()}. * * @since 6.9.0 */ class WP_Block_Processor { /** * Indicates if the last operation failed, otherwise * will be `null` for success. * * @since 6.9.0 * * @var string|null */ private $last_error = null; /** * Indicates failures from decoding JSON attributes. * * @since 6.9.0 * * @see \json_last_error() * * @var int */ private $last_json_error = JSON_ERROR_NONE; /** * Source text provided to processor. * * @since 6.9.0 * * @var string */ protected $source_text; /** * Byte offset into source text where a matched delimiter starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰─ Starts at byte offset 17. * * @since 6.9.0 * * @var int */ private $matched_delimiter_at = 0; /** * Byte length of full span of a matched delimiter. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $matched_delimiter_length = 0; /** * First byte offset into source text following any previously-matched delimiter. * Used to indicate where an HTML span starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 55 * <!-- wp:paragraph --><p>Content</p><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨ * │ ╰─ This delimiter was matched, and after matching, * │ revealed the preceding HTML span. * │ * ╰─ The first byte offset after the previous matched delimiter * is 21. Because the matched delimiter starts at 55, which is after * this, a span of HTML must exist between these boundaries. * * @since 6.9.0 * * @var int */ private $after_previous_delimiter = 0; /** * Byte offset where namespace span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block name. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $namespace_at = 0; /** * Byte offset where block name span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block namespace. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $name_at = 0; /** * Byte length of block name span. * * Example: * * 5 10 15 20 25 * <!-- wp:core/gallery --> * ╰─────╯ * 7 bytes long. * * @since 6.9.0 * * @var int */ private $name_length = 0; /** * Whether the delimiter contains the block-closing flag. * * This may be erroneous if present within a void block, * therefore the {@see self::has_closing_flag()} can be used by * calling code to perform custom error-handling. * * @since 6.9.0 * * @var bool */ private $has_closing_flag = false; /** * Byte offset where JSON attributes span begins. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰─ Starts at byte offset 18. * * @since 6.9.0 * * @var int */ private $json_at; /** * Byte length of JSON attributes span, or 0 if none are present. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $json_length = 0; /** * Internal parser state, differentiating whether the instance is currently matched, * on an implicit freeform node, in error, or ready to begin parsing. * * @see self::READY * @see self::MATCHED * @see self::HTML_SPAN * @see self::INCOMPLETE_INPUT * @see self::COMPLETE * * @since 6.9.0 * * @var string */ protected $state = self::READY; /** * Indicates what kind of block comment delimiter was matched. * * One of: * * - {@see self::OPENER} If the delimiter is opening a block. * - {@see self::CLOSER} If the delimiter is closing an open block. * - {@see self::VOID} If the delimiter represents a void block with no inner content. * * If a parsed comment delimiter contains both the closing and the void * flags then it will be interpreted as a void block to match the behavior * of the official block parser, however, this is a syntax error and probably * the block ought to close an open block of the same name, if one is open. * * @since 6.9.0 * * @var string */ private $type; /** * Whether the last-matched delimiter acts like a void block and should be * popped from the stack of open blocks as soon as the parser advances. * * This applies to void block delimiters and to HTML spans. * * @since 6.9.0 * * @var bool */ private $was_void = false; /** * For every open block, in hierarchical order, this stores the byte offset * into the source text where the block type starts, including for HTML spans. * * To avoid allocating and normalizing block names when they aren’t requested, * the stack of open blocks is stored as the byte offsets and byte lengths of * each open block’s block type. This allows for minimal tracking and quick * reading or comparison of block types when requested. * * @since 6.9.0 * * @see self::$open_blocks_length * * @var int[] */ private $open_blocks_at = array(); /** * For every open block, in hierarchical order, this stores the byte length * of the block’s block type in the source text. For HTML spans this is 0. * * @since 6.9.0 * * @see self::$open_blocks_at * * @var int[] */ private $open_blocks_length = array(); /** * Indicates which operation should apply to the stack of open blocks after * processing any pending spans of HTML. * * Since HTML spans are discovered after matching block delimiters, those * delimiters need to defer modifying the stack of open blocks. This value, * if set, indicates what operation should be applied. The properties * associated with token boundaries still point to the delimiters even * when processing HTML spans, so there’s no need to track them independently. * * @var 'push'|'void'|'pop'|null */ private $next_stack_op = null; /** * Creates a new block processor. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( $processor->next_block( 'core/image' ) ) { * echo "Found an image!\n"; * } * * @see self::next_block() to advance to the start of the next block (skips closers). * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @since 6.9.0 * * @param string $source_text Input document potentially containing block content. */ public function __construct( string $source_text ) { $this->source_text = $source_text; } /** * Advance to the next block delimiter which opens a block, indicating if one was found. * * Delimiters which open blocks include opening and void block delimiters. To visit * freeform HTML content, pass the wildcard “*” as the block type. * * Use this function to walk through the blocks in a document, pausing where they open. * * Example blocks: * * // The first delimiter opens the paragraph block. * <⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨<p>Content</p><!-- /wp:paragraph--> * * // The void block is the first opener in this sequence of closers. * <!-- /wp:group --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨s⃨p⃨a⃨c⃨e⃨r⃨ ⃨{⃨"⃨h⃨e⃨i⃨g⃨h⃨t⃨"⃨:⃨"⃨2⃨0⃨0⃨p⃨x⃨"⃨}⃨ ⃨/⃨-⃨-⃨>⃨<!-- /wp:group --> * * // If, however, `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * <!-- /wp:list-item --></ul><!-- /wp:list --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨>⃨<p> * * Example: * * // Find all textual ranges of image block opening delimiters. * $images = array(); * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( 'core/image' ) ) { * $images[] = $processor->get_span(); * } * * In some cases it may be useful to conditionally visit the implicit freeform * blocks, such as when determining if a post contains freeform content that * isn’t purely whitespace. * * Example: * * $seen_block_types = []; * $block_type = '*'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( $block_type ) { * // Stop wasting time visiting freeform blocks after one has been found. * if ( * '*' === $block_type && * null === $processor->get_block_type() && * $processor->is_non_whitespace_html() * ) { * $block_type = null; * $seen_block_types['core/freeform'] = true; * continue; * } * * $seen_block_types[ $processor->get_block_type() ] = true; * } * * @since 6.9.0 * * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @param string|null $block_type Optional. If provided, advance until a block of this type is found. * Default is to stop at any block regardless of its type. * @return bool Whether an opening delimiter for a block was found. */ public function next_block( ?string $block_type = null ): bool { while ( $this->next_delimiter( $block_type ) ) { if ( self::CLOSER !== $this->get_delimiter_type() ) { return true; } } return false; } /** * Advance to the next block delimiter in a document, indicating if one was found. * * Delimiters may include invalid JSON. This parser does not attempt to parse the * JSON attributes until requested; when invalid, the attributes will be null. This * matches the behavior of {@see \parse_blocks()}. To visit freeform HTML content, * pass the wildcard “*” as the block type. * * Use this function to walk through the block delimiters in a document. * * Example delimiters: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * * // If the wildcard `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * ...</ul><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨l⃨i⃨s⃨t⃨ ⃨-⃨-⃨>⃨<!-- wp:paragraph --><p> * * Example: * * $html = '<!-- wp:void /-->\n<!-- wp:void /-->'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() { * // Runs twice, seeing both void blocks of type “core/void.” * } * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter( '*' ) ) { * // Runs thrice, seeing the void block, the newline span, and the void block. * } * * @since 6.9.0 * * @param string|null $block_name Optional. Keep searching until a block of this name is found. * Defaults to visit every block regardless of type. * @return bool Whether a block delimiter was matched. */ public function next_delimiter( ?string $block_name = null ): bool { if ( ! isset( $block_name ) ) { while ( $this->next_token() ) { if ( ! $this->is_html() ) { return true; } } return false; } while ( $this->next_token() ) { if ( $this->is_block_type( $block_name ) ) { return true; } } return false; } /** * Advance to the next block delimiter or HTML span in a document, indicating if one was found. * * This function steps through every syntactic chunk in a document. This includes explicit * block comment delimiters, freeform non-block content, and inner HTML segments. * * Example tokens: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * <p>Normal HTML content</p> * Plaintext content too! * * Example: * * // Find span containing wrapping HTML element surrounding inner blocks. * $processor = new WP_Block_Processor( $html ); * if ( ! $processor->next_block( 'gallery' ) ) { * return null; * } * * $containing_span = null; * while ( $processor->next_token() && $processor->is_html() ) { * $containing_span = $processor->get_span(); * } * * This method will visit all HTML spans including those forming freeform non-block * content as well as those which are part of a block’s inner HTML. * * @since 6.9.0 * * @return bool Whether a token was matched or the end of the document was reached without finding any. */ public function next_token(): bool { if ( $this->last_error || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return false; } // Void tokens automatically pop off the stack of open blocks. if ( $this->was_void ) { array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); $this->was_void = false; } $text = $this->source_text; $end = strlen( $text ); /* * Because HTML spans are inferred after finding the next delimiter, it means that * the parser must transition out of that HTML state and reuse the token boundaries * it found after the HTML span. If those boundaries are before the end of the * document it implies that a real delimiter was found; otherwise this must be the * terminating HTML span and the parsing is complete. */ if ( self::HTML_SPAN === $this->state ) { if ( $this->matched_delimiter_at >= $end ) { $this->state = self::COMPLETE; return false; } switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'push': $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; $this->state = self::MATCHED; return true; } $this->state = self::READY; $after_prev_delimiter = $this->matched_delimiter_at + $this->matched_delimiter_length; $at = $after_prev_delimiter; while ( $at < $end ) { /* * Find the next possible start of a delimiter. * * This follows the behavior in the official block parser, which segments a post * by the block comment delimiters. It is possible for an HTML attribute to contain * what looks like a block comment delimiter but which is actually an HTML attribute * value. In such a case, the parser here will break apart the HTML and create the * block boundary inside the HTML attribute. In other words, the block parser * isolates sections of HTML from each other, even if that leads to malformed markup. * * For a more robust parse, scan through the document with the HTML API and parse * comments once they are matched to see if they are also block delimiters. In * practice, this nuance has not caused any known problems since developing blocks. * * <⃨!⃨-⃨-⃨ /wp:core/paragraph {"dropCap":true} /--> */ $comment_opening_at = strpos( $text, '<!--', $at ); /* * Even if the start of a potential block delimiter is not found, the document * might end in a prefix of such, and in that case there is incomplete input. */ if ( false === $comment_opening_at ) { if ( str_ends_with( $text, '<!-' ) ) { $backup = 3; } elseif ( str_ends_with( $text, '<!' ) ) { $backup = 2; } elseif ( str_ends_with( $text, '<' ) ) { $backup = 1; } else { $backup = 0; } // Whether or not there is a potential delimiter, there might be an HTML span. if ( $after_prev_delimiter < ( $end - $backup ) ) { $this->state = self::HTML_SPAN; $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $end - $backup; $this->matched_delimiter_length = $backup; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } /* * In the case that there is the start of an HTML comment, it means that there * might be a block delimiter, but it’s not possible know, therefore it’s incomplete. */ if ( $backup > 0 ) { goto incomplete; } // Otherwise this is the end. $this->state = self::COMPLETE; return false; } // <!-- ⃨/wp:core/paragraph {"dropCap":true} /--> $opening_whitespace_at = $comment_opening_at + 4; if ( $opening_whitespace_at >= $end ) { goto incomplete; } $opening_whitespace_length = strspn( $text, " \t\f\r\n", $opening_whitespace_at ); /* * The `wp` prefix cannot come before this point, but it may come after it * depending on the presence of the closer. This is detected next. */ $wp_prefix_at = $opening_whitespace_at + $opening_whitespace_length; if ( $wp_prefix_at >= $end ) { goto incomplete; } if ( 0 === $opening_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /⃨wp:core/paragraph {"dropCap":true} /--> $has_closer = false; if ( '/' === $text[ $wp_prefix_at ] ) { $has_closer = true; ++$wp_prefix_at; } // <!-- /w⃨p⃨:⃨core/paragraph {"dropCap":true} /--> if ( $wp_prefix_at < $end && 0 !== substr_compare( $text, 'wp:', $wp_prefix_at, 3 ) ) { if ( ( $wp_prefix_at + 2 >= $end && str_ends_with( $text, 'wp' ) ) || ( $wp_prefix_at + 1 >= $end && str_ends_with( $text, 'w' ) ) ) { goto incomplete; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * If the block contains no namespace, this will end up masquerading with * the block name. It’s easier to first detect the span and then determine * if it’s a namespace of a name. * * <!-- /wp:c⃨o⃨r⃨e⃨/paragraph {"dropCap":true} /--> */ $namespace_at = $wp_prefix_at + 3; if ( $namespace_at >= $end ) { goto incomplete; } $start_of_namespace = $text[ $namespace_at ]; // The namespace must start with a-z. if ( 'a' > $start_of_namespace || 'z' < $start_of_namespace ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $namespace_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $namespace_at + 1 ); $separator_at = $namespace_at + $namespace_length; if ( $separator_at >= $end ) { goto incomplete; } // <!-- /wp:core/⃨paragraph {"dropCap":true} /--> $has_separator = '/' === $text[ $separator_at ]; if ( $has_separator ) { $name_at = $separator_at + 1; if ( $name_at >= $end ) { goto incomplete; } // <!-- /wp:core/p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ {"dropCap":true} /--> $start_of_name = $text[ $name_at ]; if ( 'a' > $start_of_name || 'z' < $start_of_name ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $name_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $name_at + 1 ); } else { $name_at = $namespace_at; $name_length = $namespace_length; } if ( $name_at + $name_length >= $end ) { goto incomplete; } /* * For this next section of the delimiter, it could be the JSON attributes * or it could be the end of the comment. Assume that the JSON is there and * update if it’s not. */ // <!-- /wp:core/paragraph ⃨{"dropCap":true} /--> $after_name_whitespace_at = $name_at + $name_length; $after_name_whitespace_length = strspn( $text, " \t\f\r\n", $after_name_whitespace_at ); $json_at = $after_name_whitespace_at + $after_name_whitespace_length; if ( $json_at >= $end ) { goto incomplete; } if ( 0 === $after_name_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /wp:core/paragraph {⃨"dropCap":true} /--> $has_json = '{' === $text[ $json_at ]; $json_length = 0; /* * For the final span of the delimiter it's most efficient to find the end of the * HTML comment and work backwards. This prevents complicated parsing inside the * JSON span, which is not allowed to contain the HTML comment terminator. * * This also matches the behavior in the official block parser, * even though it allows for matching invalid JSON content. * * <!-- /wp:core/paragraph {"dropCap":true} /-⃨-⃨>⃨ */ $comment_closing_at = strpos( $text, '-->', $json_at ); if ( false === $comment_closing_at ) { goto incomplete; } // <!-- /wp:core/paragraph {"dropCap":true} /⃨--> if ( '/' === $text[ $comment_closing_at - 1 ] ) { $has_void_flag = true; $void_flag_length = 1; } else { $has_void_flag = false; $void_flag_length = 0; } /* * If there's no JSON, then the span of text after the name * until the comment closing must be completely whitespace. * Otherwise it’s a normal HTML comment. */ if ( ! $has_json ) { if ( $after_name_whitespace_at + $after_name_whitespace_length === $comment_closing_at - $void_flag_length ) { // This must be a block delimiter! $this->state = self::MATCHED; break; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * There's JSON, so attempt to find its boundary. * * @todo It’s likely faster to scan forward instead of in reverse. * * <!-- /wp:core/paragraph {"dropCap":true}⃨ ⃨/--> */ $after_json_whitespace_length = 0; for ( $char_at = $comment_closing_at - $void_flag_length - 1; $char_at > $json_at; $char_at-- ) { $char = $text[ $char_at ]; switch ( $char ) { case ' ': case "\t": case "\f": case "\r": case "\n": ++$after_json_whitespace_length; continue 2; case '}': $json_length = $char_at - $json_at + 1; break 2; default: ++$at; continue 3; } } /* * This covers cases where there is no terminating “}” or where * mandatory whitespace is missing. */ if ( 0 === $json_length || 0 === $after_json_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // This must be a block delimiter! $this->state = self::MATCHED; break; } // The end of the document was reached without a match. if ( self::MATCHED !== $this->state ) { $this->state = self::COMPLETE; return false; } /* * From this point forward, a delimiter has been matched. There * might also be an HTML span that appears before the delimiter. */ $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $comment_opening_at; $this->matched_delimiter_length = $comment_closing_at + 3 - $comment_opening_at; $this->namespace_at = $namespace_at; $this->name_at = $name_at; $this->name_length = $name_length; $this->json_at = $json_at; $this->json_length = $json_length; /* * When delimiters contain both the void flag and the closing flag * they shall be interpreted as void blocks, per the spec parser. */ if ( $has_void_flag ) { $this->type = self::VOID; $this->next_stack_op = 'void'; } elseif ( $has_closer ) { $this->type = self::CLOSER; $this->next_stack_op = 'pop'; /* * @todo Check if the name matches and bail according to the spec parser. * The default parser doesn’t examine the names. */ } else { $this->type = self::OPENER; $this->next_stack_op = 'push'; } $this->has_closing_flag = $has_closer; // HTML spans are visited before the delimiter that follows them. if ( $comment_opening_at > $after_prev_delimiter ) { $this->state = self::HTML_SPAN; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } // If there were no HTML spans then flush the enqueued stack operations immediately. switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'push': $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; return true; incomplete: $this->state = self::COMPLETE; $this->last_error = self::INCOMPLETE_INPUT; return false; } /** * Returns an array containing the names of the currently-open blocks, in order * from outermost to innermost, with HTML spans indicated as “#html”. * * Example: * * // Freeform HTML content is an HTML span. * $processor = new WP_Block_Processor( 'Just text' ); * $processor->next_token(); * array( '#text' ) === $processor->get_breadcrumbs(); * * $processor = new WP_Block_Processor( '<!-- wp:a --><!-- wp:b --><!-- wp:c /--><!-- /wp:b --><!-- /wp:a -->' ); * $processor->next_token(); * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array( 'core/a', 'core/b' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Void blocks are only open while visiting them. * array( 'core/a', 'core/b', 'core/c' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Blocks are closed before visiting their closing delimiter. * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array() === $processor->get_breadcrumbs(); * * // Inner HTML is also an HTML span. * $processor = new WP_Block_Processor( '<!-- wp:a -->Inner HTML<!-- /wp:a -->' ); * $processor->next_token(); * $processor->next_token(); * array( 'core/a', '#html' ) === $processor->get_breadcrumbs(); * * @since 6.9.0 * * @return string[] */ public function get_breadcrumbs(): array { $breadcrumbs = array_fill( 0, count( $this->open_blocks_at ), null ); /* * Since HTML spans can only be at the very end, set the normalized block name for * each open element and then work backwards after creating the array. This allows * for the elimination of a conditional on each iteration of the loop. */ foreach ( $this->open_blocks_at as $i => $at ) { $block_type = substr( $this->source_text, $at, $this->open_blocks_length[ $i ] ); $breadcrumbs[ $i ] = self::normalize_block_type( $block_type ); } if ( isset( $i ) && 0 === $this->open_blocks_length[ $i ] ) { $breadcrumbs[ $i ] = '#html'; } return $breadcrumbs; } /** * Returns the depth of the open blocks where the processor is currently matched. * * Depth increases before visiting openers and void blocks and decreases before * visiting closers. HTML spans behave like void blocks. * * @since 6.9.0 * * @return int */ public function get_depth(): int { return count( $this->open_blocks_at ); } /** * Extracts a block object, and all inner content, starting at a matched opening * block delimiter, or at a matched top-level HTML span as freeform HTML content. * * Use this function to extract some blocks within a document, but not all. For example, * one might want to find image galleries, parse them, modify them, and then reserialize * them in place. * * Once this function returns, the parser will be matched on token following the close * of the given block. * * The return type of this method is compatible with the return of {@see \parse_blocks()}. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery = $processor->extract_full_block_and_advance(); * $ends_before = $processor->get_span(); * $ends_before = $ends_before->start ?? strlen( $post_content ); * * $new_gallery = update_gallery( $gallery ); * $new_gallery = serialize_block( $new_gallery ); * * return ( * substr( $post_content, 0, $gallery_at ) . * $new_gallery . * substr( $post_content, $ends_before ) * ); * * @since 6.9.0 * * @return array[]|null { * Array of block structures. * * @type array ...$0 { * An associative array of a single parsed block object. See WP_Block_Parser_Block. * * @type string|null $blockName Name of block. * @type array $attrs Attributes from block comment delimiters. * @type array[] $innerBlocks List of inner blocks. An array of arrays that * have the same structure as this one. * @type string $innerHTML HTML from inside block comment delimiters. * @type array $innerContent List of string fragments and null markers where * inner blocks were found. * } * } */ public function extract_full_block_and_advance(): ?array { if ( $this->is_html() ) { $chunk = $this->get_html_content(); return array( 'blockName' => null, 'attrs' => array(), 'innerBlocks' => array(), 'innerHTML' => $chunk, 'innerContent' => array( $chunk ), ); } $block = array( 'blockName' => $this->get_block_type(), 'attrs' => $this->allocate_and_return_parsed_attributes() ?? array(), 'innerBlocks' => array(), 'innerHTML' => '', 'innerContent' => array(), ); $depth = $this->get_depth(); while ( $this->next_token() && $this->get_depth() > $depth ) { if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; continue; } /** * Inner blocks. * * @todo This is a decent place to call {@link \render_block()} * @todo Use iteration instead of recursion, or at least refactor to tail-call form. */ if ( $this->opens_block() ) { $inner_block = $this->extract_full_block_and_advance(); $block['innerBlocks'][] = $inner_block; $block['innerContent'][] = null; } /* * Because the parser has advanced past the closing block token, it * may be matched on an HTML span. This needs to be processed before * moving on to the next token at the start of the next loop iteration. */ if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; } } return $block; } /** * Returns the byte-offset after the ending character of an HTML comment, * assuming the proper starting byte offset. * * @since 6.9.0 * * @param int $comment_starting_at Where the HTML comment started, the leading `<`. * @param int $search_end Last offset in which to search, for limiting search span. * @return int Offset after the current HTML comment ends, or `$search_end` if no end was found. */ private function find_html_comment_end( int $comment_starting_at, int $search_end ): int { $text = $this->source_text; // Find span-of-dashes comments which look like `<!----->`. $span_of_dashes = strspn( $text, '-', $comment_starting_at + 2 ); if ( $comment_starting_at + 2 + $span_of_dashes < $search_end && '>' === $text[ $comment_starting_at + 2 + $span_of_dashes ] ) { return $comment_starting_at + $span_of_dashes + 1; } // Otherwise, there are other characters inside the comment, find the first `-->` or `--!>`. $now_at = $comment_starting_at + 4; while ( $now_at < $search_end ) { $dashes_at = strpos( $text, '--', $now_at ); if ( false === $dashes_at ) { return $search_end; } $closer_must_be_at = $dashes_at + 2 + strspn( $text, '-', $dashes_at + 2 ); if ( $closer_must_be_at < $search_end && '!' === $text[ $closer_must_be_at ] ) { ++$closer_must_be_at; } if ( $closer_must_be_at < $search_end && '>' === $text[ $closer_must_be_at ] ) { return $closer_must_be_at + 1; } ++$now_at; } return $search_end; } /** * Indicates if the last attempt to parse a block comment delimiter * failed, if set, otherwise `null` if the last attempt succeeded. * * @since 6.9.0 * * @return string|null Error from last attempt at parsing next block delimiter, * or `null` if last attempt succeeded. */ public function get_last_error(): ?string { return $this->last_error; } /** * Indicates if the last attempt to parse a block’s JSON attributes failed. * * @see \json_last_error() * * @since 6.9.0 * * @return int JSON_ERROR_ code from last attempt to parse block JSON attributes. */ public function get_last_json_error(): int { return $this->last_json_error; } /** * Returns the type of the block comment delimiter. * * One of: * * - {@see self::OPENER} * - {@see self::CLOSER} * - {@see self::VOID} * - `null` * * @since 6.9.0 * * @return string|null type of the block comment delimiter, if currently matched. */ public function get_delimiter_type(): ?string { switch ( $this->state ) { case self::HTML_SPAN: return self::VOID; case self::MATCHED: return $this->type; default: return null; } } /** * Returns whether the delimiter contains the closing flag. * * This should be avoided except in cases of custom error-handling * with block closers containing the void flag. For normative use, * {@see self::get_delimiter_type()}. * * @since 6.9.0 * * @return bool Whether the currently-matched block delimiter contains the closing flag. */ public function has_closing_flag(): bool { return $this->has_closing_flag; } /** * Indicates if the block delimiter represents a block of the given type. * * Since the “core” namespace may be implicit, it’s allowable to pass * either the fully-qualified block type with namespace and block name * as well as the shorthand version only containing the block name, if * the desired block is in the “core” namespace. * * Since freeform HTML content is non-block content, it has no block type. * Passing the wildcard “*” will, however, return true for all block types, * even the implicit freeform content, though not for spans of inner HTML. * * Example: * * $is_core_paragraph = $processor->is_block_type( 'paragraph' ); * $is_core_paragraph = $processor->is_block_type( 'core/paragraph' ); * $is_formula = $processor->is_block_type( 'math-block/formula' ); * * @param string $block_type Block type name for the desired block. * E.g. "paragraph", "core/paragraph", "math-blocks/formula". * @return bool Whether this delimiter represents a block of the given type. */ public function is_block_type( string $block_type ): bool { if ( '*' === $block_type ) { return true; } if ( $this->is_html() ) { // This is a core/freeform text block, it’s special. if ( 0 === ( $this->open_blocks_length[0] ?? null ) ) { return ( 'core/freeform' === $block_type || 'freeform' === $block_type ); } // Otherwise this is innerHTML and not a block. return false; } return $this->are_equal_block_types( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length, $block_type, 0, strlen( $block_type ) ); } /** * Given two spans of text, indicate if they represent identical block types. * * This function normalizes block types to account for implicit core namespacing. * * Note! This function only returns valid results when the complete block types are * represented in the span offsets and lengths. This means that the full optional * namespace and block name must be represented in the input arguments. * * Example: * * 0 5 10 15 20 25 30 35 40 * $text = '<!-- wp:block --><!-- /wp:core/block -->'; * * true === WP_Block_Processor::are_equal_block_types( $text, 9, 5, $text, 27, 10 ); * false === WP_Block_Processor::are_equal_block_types( $text, 9, 5, 'my/block', 0, 8 ); * * @since 6.9.0 * * @param string $a_text Text in which first block type appears. * @param int $a_at Byte offset into text in which first block type starts. * @param int $a_length Byte length of first block type. * @param string $b_text Text in which second block type appears (may be the same as the first text). * @param int $b_at Byte offset into text in which second block type starts. * @param int $b_length Byte length of second block type. * @return bool Whether the spans of text represent identical block types, normalized for namespacing. */ public static function are_equal_block_types( string $a_text, int $a_at, int $a_length, string $b_text, int $b_at, int $b_length ): bool { $a_ns_length = strcspn( $a_text, '/', $a_at, $a_length ); $b_ns_length = strcspn( $b_text, '/', $b_at, $b_length ); $a_has_ns = $a_ns_length !== $a_length; $b_has_ns = $b_ns_length !== $b_length; // Both contain namespaces. if ( $a_has_ns && $b_has_ns ) { if ( $a_length !== $b_length ) { return false; } $a_block_type = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ); } if ( $a_has_ns ) { $b_block_type = 'core/' . substr( $b_text, $b_at, $b_length ); return ( strlen( $b_block_type ) === $a_length && 0 === substr_compare( $a_text, $b_block_type, $a_at, $a_length ) ); } if ( $b_has_ns ) { $a_block_type = 'core/' . substr( $a_text, $a_at, $a_length ); return ( strlen( $a_block_type ) === $b_length && 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ) ); } // Neither contains a namespace. if ( $a_length !== $b_length ) { return false; } $a_name = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_name, $b_at, $b_length ); } /** * Indicates if the matched delimiter is an opening or void delimiter of the given type, * if a type is provided, otherwise if it opens any block or implicit freeform HTML content. * * This is a helper method to ease handling of code inspecting where blocks start, and for * checking if the blocks are of a given type. The function is variadic to allow for * checking if the delimiter opens one of many possible block types. * * To advance to the start of a block {@see self::next_block()}. * * Example: * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() ) { * if ( $processor->opens_block( 'core/code', 'syntaxhighlighter/code' ) ) { * echo "Found code!"; * continue; * } * * if ( $processor->opens_block( 'core/image' ) ) { * echo "Found an image!"; * continue; * } * * if ( $processor->opens_block() ) { * echo "Found a new block!"; * } * } * * @since 6.9.0 * * @see self::is_block_type() * * @param string[] $block_type Optional. Is the matched block type one of these? * If none are provided, will not test block type. * @return bool Whether the matched block delimiter opens a block, and whether it * opens a block of one of the given block types, if provided. */ public function opens_block( string ...$block_type ): bool { // HTML spans only open implicit freeform content at the top level. if ( self::HTML_SPAN === $this->state && 1 !== count( $this->open_blocks_at ) ) { return false; } /* * Because HTML spans are discovered after the next delimiter is found, * the delimiter type when visiting HTML spans refers to the type of the * following delimiter. Therefore the HTML case is handled by checking * the state and depth of the stack of open block. */ if ( self::CLOSER === $this->type && ! $this->is_html() ) { return false; } if ( count( $block_type ) === 0 ) { return true; } foreach ( $block_type as $block ) { if ( $this->is_block_type( $block ) ) { return true; } } return false; } /** * Indicates if the matched delimiter is an HTML span. * * @since 6.9.0 * * @see self::is_non_whitespace_html() * * @return bool Whether the processor is matched on an HTML span. */ public function is_html(): bool { return self::HTML_SPAN === $this->state; } /** * Indicates if the matched delimiter is an HTML span and comprises more * than whitespace characters, i.e. contains real content. * * Many block serializers introduce newlines between block delimiters, * so the presence of top-level non-block content does not imply that * there are “real” freeform HTML blocks. Checking if there is content * beyond whitespace is a more certain check, such as for determining * whether to load CSS for the freeform or fallback block type. * * @since 6.9.0 * * @see self::is_html() * * @return bool Whether the currently-matched delimiter is an HTML * span containing non-whitespace text. */ public function is_non_whitespace_html(): bool { if ( ! $this->is_html() ) { return false; } $length = $this->matched_delimiter_at - $this->after_previous_delimiter; $whitespace_length = strspn( $this->source_text, " \t\f\r\n", $this->after_previous_delimiter, $length ); return $whitespace_length !== $length; } /** * Returns the string content of a matched HTML span, or `null` otherwise. * * @since 6.9.0 * * @return string|null Raw HTML content, or `null` if not currently matched on HTML. */ public function get_html_content(): ?string { if ( ! $this->is_html() ) { return null; } return substr( $this->source_text, $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); } /** * Allocates a substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter, otherwise `null`. * * This function is like {@see self::get_printable_block_type()} but when * paused on a freeform HTML block, will return `null` instead of “core/freeform”. * The `null` behavior matches what {@see \parse_blocks()} returns but may not * be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content has no block type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * null === $processor->get_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter, otherwise `null`. */ public function get_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return null; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Allocates a printable substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter or freeform block, otherwise `null`. * * This function is like {@see self::get_block_type()} but when paused on a freeform * HTML block, will return “core/freeform” instead of `null`. The `null` behavior matches * what {@see \parse_blocks()} returns but may not be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_printable_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content is given an implicit type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * 'core/freeform' === $processor->get_printable_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter or freeform block, otherwise `null`. */ public function get_printable_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return 1 === count( $this->open_blocks_at ) ? 'core/freeform' : '#innerHTML'; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Normalizes a block name to ensure that missing implicit “core” namespaces are present. * * Example: * * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'paragraph' ); * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'core/paragraph' ); * 'my/paragraph' === WP_Block_Processor::normalize_block_byte( 'my/paragraph' ); * * @since 6.9.0 * * @param string $block_type Valid block name, potentially without a namespace. * @return string Fully-qualified block type including namespace. */ public static function normalize_block_type( string $block_type ): string { return false === strpos( $block_type, '/' ) ? "core/{$block_type}" : $block_type; } /** * Returns a lazy wrapper around the block attributes, which can be used * for efficiently interacting with the JSON attributes. * * This stub hints that there should be a lazy interface for parsing * block attributes but doesn’t define it. It serves both as a placeholder * for one to come as well as a guard against implementing an eager * function in its place. * * @throws Exception This function is a stub for subclasses to implement * when providing streaming attribute parsing. * * @since 6.9.0 * * @see self::allocate_and_return_parsed_attributes() * * @return never */ public function get_attributes() { throw new Exception( 'Lazy attribute parsing not yet supported' ); } /** * Attempts to parse and return the entire JSON attributes from the delimiter, * allocating memory and processing the JSON span in the process. * * This does not return any parsed attributes for a closing block delimiter * even if there is a span of JSON content; this JSON is a parsing error. * * Consider calling {@see static::get_attributes()} instead if it's not * necessary to read all the attributes at the same time, as that provides * a more efficient mechanism for typical use cases. * * Since the JSON span inside the comment delimiter may not be valid JSON, * this function will return `null` if it cannot parse the span and set the * {@see static::get_last_json_error()} to the appropriate JSON_ERROR_ constant. * * If the delimiter contains no JSON span, it will also return `null`, * but the last error will be set to {@see \JSON_ERROR_NONE}. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * $memory_hungry_and_slow_attributes = $processor->allocate_and_return_parsed_attributes(); * $memory_hungry_and_slow_attributes === array( 'url' => 'https://wordpress.org/favicon.ico' ); * * $processor = new WP_Block_Processor( '<!-- /wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_NONE = $processor->get_last_json_error(); * * $processor = new WP_Block_Processor( '<!-- wp:separator {} /-->' ); * $processor->next_delimiter(); * array() === $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:separator /-->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:image {"url} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_CTRL_CHAR = $processor->get_last_json_error(); * * @since 6.9.0 * * @return array|null Parsed JSON attributes, if present and valid, otherwise `null`. */ public function allocate_and_return_parsed_attributes(): ?array { $this->last_json_error = JSON_ERROR_NONE; if ( self::CLOSER === $this->type || $this->is_html() || 0 === $this->json_length ) { return null; } $json_span = substr( $this->source_text, $this->json_at, $this->json_length ); $parsed = json_decode( $json_span, null, 512, JSON_OBJECT_AS_ARRAY | JSON_INVALID_UTF8_SUBSTITUTE ); $last_error = json_last_error(); $this->last_json_error = $last_error; return ( JSON_ERROR_NONE === $last_error && is_array( $parsed ) ) ? $parsed : null; } /** * Returns the span representing the currently-matched delimiter, if matched, otherwise `null`. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:void /-->' ); * null === $processor->get_span(); * * $processor->next_delimiter(); * WP_HTML_Span( 0, 17 ) === $processor->get_span(); * * @since 6.9.0 * * @return WP_HTML_Span|null Span of text in source text spanning matched delimiter. */ public function get_span(): ?WP_HTML_Span { switch ( $this->state ) { case self::HTML_SPAN: return new WP_HTML_Span( $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); case self::MATCHED: return new WP_HTML_Span( $this->matched_delimiter_at, $this->matched_delimiter_length ); default: return null; } } // // Constant declarations that would otherwise pollute the top of the class. // /** * Indicates that the block comment delimiter closes an open block. * * @see self::$type * * @since 6.9.0 */ const CLOSER = 'closer'; /** * Indicates that the block comment delimiter opens a block. * * @see self::$type * * @since 6.9.0 */ const OPENER = 'opener'; /** * Indicates that the block comment delimiter represents a void block * with no inner content of any kind. * * @see self::$type * * @since 6.9.0 */ const VOID = 'void'; /** * Indicates that the processor is ready to start parsing but hasn’t yet begun. * * @see self::$state * * @since 6.9.0 */ const READY = 'processor-ready'; /** * Indicates that the processor is matched on an explicit block delimiter. * * @see self::$state * * @since 6.9.0 */ const MATCHED = 'processor-matched'; /** * Indicates that the processor is matched on the opening of an implicit freeform delimiter. * * @see self::$state * * @since 6.9.0 */ const HTML_SPAN = 'processor-html-span'; /** * Indicates that the parser started parsing a block comment delimiter, but * the input document ended before it could finish. The document was likely truncated. * * @see self::$state * * @since 6.9.0 */ const INCOMPLETE_INPUT = 'incomplete-input'; /** * Indicates that the processor has finished parsing and has nothing left to scan. * * @see self::$state * * @since 6.9.0 */ const COMPLETE = 'processor-complete'; } HTTP/functions.wp-scripts-20260605085914.php 0000666 00000035717 15226703613 0013601 0 ustar 00 <?php /** * Dependencies API: Scripts functions * * @since 2.6.0 * * @package WordPress * @subpackage Dependencies */ /** * Initializes $wp_scripts if it has not been set. * * @since 4.2.0 * * @global WP_Scripts $wp_scripts * * @return WP_Scripts WP_Scripts instance. */ function wp_scripts() { global $wp_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { $wp_scripts = new WP_Scripts(); } return $wp_scripts; } /** * Helper function to output a _doing_it_wrong message when applicable. * * @ignore * @since 4.2.0 * @since 5.5.0 Added the `$handle` parameter. * * @param string $function_name Function name. * @param string $handle Optional. Name of the script or stylesheet that was * registered or enqueued too early. Default empty. */ function _wp_scripts_maybe_doing_it_wrong( $function_name, $handle = '' ) { if ( did_action( 'init' ) || did_action( 'wp_enqueue_scripts' ) || did_action( 'admin_enqueue_scripts' ) || did_action( 'login_enqueue_scripts' ) ) { return; } $message = sprintf( /* translators: 1: wp_enqueue_scripts, 2: admin_enqueue_scripts, 3: login_enqueue_scripts */ __( 'Scripts and styles should not be registered or enqueued until the %1$s, %2$s, or %3$s hooks.' ), '<code>wp_enqueue_scripts</code>', '<code>admin_enqueue_scripts</code>', '<code>login_enqueue_scripts</code>' ); if ( $handle ) { $message .= ' ' . sprintf( /* translators: %s: Name of the script or stylesheet. */ __( 'This notice was triggered by the %s handle.' ), '<code>' . $handle . '</code>' ); } _doing_it_wrong( $function_name, $message, '3.3.0' ); } /** * Prints scripts in document head that are in the $handles queue. * * Called by admin-header.php and {@see 'wp_head'} hook. Since it is called by wp_head on every page load, * the function does not instantiate the WP_Scripts object unless script names are explicitly passed. * Makes use of already-instantiated `$wp_scripts` global if present. Use provided {@see 'wp_print_scripts'} * hook to register/enqueue new scripts. * * @see WP_Scripts::do_item() * @since 2.1.0 * * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * * @param string|string[]|false $handles Optional. Scripts to be printed. Default 'false'. * @return string[] On success, an array of handles of processed WP_Dependencies items; otherwise, an empty array. */ function wp_print_scripts( $handles = false ) { global $wp_scripts; /** * Fires before scripts in the $handles queue are printed. * * @since 2.1.0 */ do_action( 'wp_print_scripts' ); if ( '' === $handles ) { // For 'wp_head'. $handles = false; } _wp_scripts_maybe_doing_it_wrong( __FUNCTION__ ); if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { if ( ! $handles ) { return array(); // No need to instantiate if nothing is there. } } return wp_scripts()->do_items( $handles ); } /** * Adds extra code to a registered script. * * Code will only be added if the script is already in the queue. * Accepts a string `$data` containing the code. If two or more code blocks * are added to the same script `$handle`, they will be printed in the order * they were added, i.e. the latter added code can redeclare the previous. * * @since 4.5.0 * * @see WP_Scripts::add_inline_script() * * @param string $handle Name of the script to add the inline script to. * @param string $data String containing the JavaScript to be added. * @param string $position Optional. Whether to add the inline script before the handle * or after. Default 'after'. * @return bool True on success, false on failure. */ function wp_add_inline_script( $handle, $data, $position = 'after' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); if ( false !== stripos( $data, '</script>' ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: <script>, 2: wp_add_inline_script() */ __( 'Do not pass %1$s tags to %2$s.' ), '<code><script></code>', '<code>wp_add_inline_script()</code>' ), '4.5.0' ); $data = trim( preg_replace( '#<script[^>]*>(.*)</script>#is', '$1', $data ) ); } return wp_scripts()->add_inline_script( $handle, $data, $position ); } /** * Registers a new script. * * Registers a script to be enqueued later using the wp_enqueue_script() function. * * @see WP_Dependencies::add() * @see WP_Dependencies::add_data() * * @since 2.1.0 * @since 4.3.0 A return value was added. * @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array. * @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array. * * @param string $handle Name of the script. Should be unique. * @param string|false $src Full URL of the script, or path of the script relative to the WordPress root directory. * If source is set to false, script is an alias of other scripts it depends on. * @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param array|bool $args { * Optional. An array of additional script loading strategies. Default empty array. * Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false. * * @type string $strategy Optional. If provided, may be either 'defer' or 'async'. * @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'. * @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'. * } * @return bool Whether the script has been registered. True on success, false on failure. */ function wp_register_script( $handle, $src, $deps = array(), $ver = false, $args = array() ) { if ( ! is_array( $args ) ) { $args = array( 'in_footer' => (bool) $args, ); } _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); $wp_scripts = wp_scripts(); $registered = $wp_scripts->add( $handle, $src, $deps, $ver ); if ( ! empty( $args['in_footer'] ) ) { $wp_scripts->add_data( $handle, 'group', 1 ); } if ( ! empty( $args['strategy'] ) ) { $wp_scripts->add_data( $handle, 'strategy', $args['strategy'] ); } if ( ! empty( $args['fetchpriority'] ) ) { $wp_scripts->add_data( $handle, 'fetchpriority', $args['fetchpriority'] ); } return $registered; } /** * Localizes a script. * * Works only if the script has already been registered. * * Accepts an associative array `$l10n` and creates a JavaScript object: * * "$object_name": { * key: value, * key: value, * ... * } * * @see WP_Scripts::localize() * @link https://core.trac.wordpress.org/ticket/11520 * * @since 2.2.0 * * @todo Documentation cleanup * * @param string $handle Script handle the data will be attached to. * @param string $object_name Name for the JavaScript object. Passed directly, so it should be qualified JS variable. * Example: '/[a-zA-Z0-9_]+/'. * @param array $l10n The data itself. The data can be either a single or multi-dimensional array. * @return bool True if the script was successfully localized, false otherwise. */ function wp_localize_script( $handle, $object_name, $l10n ) { $wp_scripts = wp_scripts(); return $wp_scripts->localize( $handle, $object_name, $l10n ); } /** * Sets translated strings for a script. * * Works only if the script has already been registered. * * @see WP_Scripts::set_translations() * @since 5.0.0 * @since 5.1.0 The `$domain` parameter was made optional. * * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * * @param string $handle Script handle the textdomain will be attached to. * @param string $domain Optional. Text domain. Default 'default'. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool True if the text domain was successfully localized, false otherwise. */ function wp_set_script_translations( $handle, $domain = 'default', $path = '' ) { global $wp_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return false; } return $wp_scripts->set_translations( $handle, $domain, $path ); } /** * Removes a registered script. * * Note: there are intentional safeguards in place to prevent critical admin scripts, * such as jQuery core, from being unregistered. * * @see WP_Dependencies::remove() * * @since 2.1.0 * * @global string $pagenow The filename of the current screen. * * @param string $handle Name of the script to be removed. */ function wp_deregister_script( $handle ) { global $pagenow; _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); /** * Do not allow accidental or negligent de-registering of critical scripts in the admin. * Show minimal remorse if the correct hook is used. */ $current_filter = current_filter(); if ( ( is_admin() && 'admin_enqueue_scripts' !== $current_filter ) || ( 'wp-login.php' === $pagenow && 'login_enqueue_scripts' !== $current_filter ) ) { $not_allowed = array( 'jquery', 'jquery-core', 'jquery-migrate', 'jquery-ui-core', 'jquery-ui-accordion', 'jquery-ui-autocomplete', 'jquery-ui-button', 'jquery-ui-datepicker', 'jquery-ui-dialog', 'jquery-ui-draggable', 'jquery-ui-droppable', 'jquery-ui-menu', 'jquery-ui-mouse', 'jquery-ui-position', 'jquery-ui-progressbar', 'jquery-ui-resizable', 'jquery-ui-selectable', 'jquery-ui-slider', 'jquery-ui-sortable', 'jquery-ui-spinner', 'jquery-ui-tabs', 'jquery-ui-tooltip', 'jquery-ui-widget', 'underscore', 'backbone', ); if ( in_array( $handle, $not_allowed, true ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: Script name, 2: wp_enqueue_scripts */ __( 'Do not deregister the %1$s script in the administration area. To target the front-end theme, use the %2$s hook.' ), "<code>$handle</code>", '<code>wp_enqueue_scripts</code>' ), '3.6.0' ); return; } } wp_scripts()->remove( $handle ); } /** * Enqueues a script. * * Registers the script if `$src` provided (does NOT overwrite), and enqueues it. * * @see WP_Dependencies::add() * @see WP_Dependencies::add_data() * @see WP_Dependencies::enqueue() * * @since 2.1.0 * @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array. * @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array. * * @param string $handle Name of the script. Should be unique. * @param string $src Full URL of the script, or path of the script relative to the WordPress root directory. * Default empty. * @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param array|bool $args { * Optional. An array of additional script loading strategies. Default empty array. * Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false. * * @type string $strategy Optional. If provided, may be either 'defer' or 'async'. * @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'. * @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'. * } */ function wp_enqueue_script( $handle, $src = '', $deps = array(), $ver = false, $args = array() ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); $wp_scripts = wp_scripts(); if ( $src || ! empty( $args ) ) { $_handle = explode( '?', $handle ); if ( ! is_array( $args ) ) { $args = array( 'in_footer' => (bool) $args, ); } if ( $src ) { $wp_scripts->add( $_handle[0], $src, $deps, $ver ); } if ( ! empty( $args['in_footer'] ) ) { $wp_scripts->add_data( $_handle[0], 'group', 1 ); } if ( ! empty( $args['strategy'] ) ) { $wp_scripts->add_data( $_handle[0], 'strategy', $args['strategy'] ); } if ( ! empty( $args['fetchpriority'] ) ) { $wp_scripts->add_data( $_handle[0], 'fetchpriority', $args['fetchpriority'] ); } } $wp_scripts->enqueue( $handle ); } /** * Removes a previously enqueued script. * * @see WP_Dependencies::dequeue() * * @since 3.1.0 * * @param string $handle Name of the script to be removed. */ function wp_dequeue_script( $handle ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); wp_scripts()->dequeue( $handle ); } /** * Determines whether a script has been added to the queue. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.8.0 * @since 3.5.0 'enqueued' added as an alias of the 'queue' list. * * @param string $handle Name of the script. * @param string $status Optional. Status of the script to check. Default 'enqueued'. * Accepts 'enqueued', 'registered', 'queue', 'to_do', and 'done'. * @return bool Whether the script is queued. */ function wp_script_is( $handle, $status = 'enqueued' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return (bool) wp_scripts()->query( $handle, $status ); } /** * Adds metadata to a script. * * Works only if the script has already been registered. * * Possible values for $key and $value: * 'strategy' string 'defer' or 'async'. * * @since 4.2.0 * @since 6.9.0 Updated possible values to remove reference to 'conditional' and add 'strategy'. * * @see WP_Dependencies::add_data() * * @param string $handle Name of the script. * @param string $key Name of data point for which we're storing a value. * @param mixed $value String containing the data to be added. * @return bool True on success, false on failure. */ function wp_script_add_data( $handle, $key, $value ) { return wp_scripts()->add_data( $handle, $key, $value ); } HTTP/plugin.php 0000666 00000107225 15226703613 0007352 0 ustar 00 <?php /** * The plugin API is located in this file, which allows for creating actions * and filters and hooking functions, and methods. The functions or methods will * then be run when the action or filter is called. * * The API callback examples reference functions, but can be methods of classes. * To hook methods, you'll need to pass an array one of two ways. * * Any of the syntaxes explained in the PHP documentation for the * {@link https://www.php.net/manual/en/language.pseudo-types.php#language.types.callback 'callback'} * type are valid. * * Also see the {@link https://developer.wordpress.org/plugins/ Plugin API} for * more information and examples on how to use a lot of these functions. * * This file should have no external dependencies. * * @package WordPress * @subpackage Plugin * @since 1.5.0 */ // Initialize the filter globals. require __DIR__ . '/class-wp-hook.php'; /** @var WP_Hook[] $wp_filter */ global $wp_filter; /** @var int[] $wp_actions */ global $wp_actions; /** @var int[] $wp_filters */ global $wp_filters; /** @var string[] $wp_current_filter */ global $wp_current_filter; if ( $wp_filter ) { $wp_filter = WP_Hook::build_preinitialized_hooks( $wp_filter ); } else { $wp_filter = array(); } if ( ! isset( $wp_actions ) ) { $wp_actions = array(); } if ( ! isset( $wp_filters ) ) { $wp_filters = array(); } if ( ! isset( $wp_current_filter ) ) { $wp_current_filter = array(); } /** * Adds a callback function to a filter hook. * * WordPress offers filter hooks to allow plugins to modify * various types of internal data at runtime. * * A plugin can modify data by binding a callback to a filter hook. When the filter * is later applied, each bound callback is run in order of priority, and given * the opportunity to modify a value by returning a new value. * * The following example shows how a callback function is bound to a filter hook. * * Note that `$example` is passed to the callback, (maybe) modified, then returned: * * function example_callback( $example ) { * // Maybe modify $example in some way. * return $example; * } * add_filter( 'example_filter', 'example_callback' ); * * Bound callbacks can accept from none to the total number of arguments passed as parameters * in the corresponding apply_filters() call. * * In other words, if an apply_filters() call passes four total arguments, callbacks bound to * it can accept none (the same as 1) of the arguments or up to four. The important part is that * the `$accepted_args` value must reflect the number of arguments the bound callback *actually* * opted to accept. If no arguments were accepted by the callback that is considered to be the * same as accepting 1 argument. For example: * * // Filter call. * $value = apply_filters( 'hook', $value, $arg2, $arg3 ); * * // Accepting zero/one arguments. * function example_callback() { * ... * return 'some value'; * } * add_filter( 'hook', 'example_callback' ); // Where $priority is default 10, $accepted_args is default 1. * * // Accepting two arguments (three possible). * function example_callback( $value, $arg2 ) { * ... * return $maybe_modified_value; * } * add_filter( 'hook', 'example_callback', 10, 2 ); // Where $priority is 10, $accepted_args is 2. * * *Note:* The function will return true whether or not the callback is valid. * It is up to you to take care. This is done for optimization purposes, so * everything is as quick as possible. * * @since 0.71 * * @global WP_Hook[] $wp_filter A multidimensional array of all hooks and the callbacks hooked to them. * * @param string $hook_name The name of the filter to add the callback to. * @param callable $callback The callback to be run when the filter is applied. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular filter are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the filter. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_filter( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ] = new WP_Hook(); } $wp_filter[ $hook_name ]->add_filter( $hook_name, $callback, $priority, $accepted_args ); return true; } /** * Calls the callback functions that have been added to a filter hook. * * This function invokes all functions attached to filter hook `$hook_name`. * It is possible to create new filter hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * The function also allows for multiple additional arguments to be passed to hooks. * * Example usage: * * // The filter callback function. * function example_callback( $string, $arg1, $arg2 ) { * // (maybe) modify $string. * return $string; * } * add_filter( 'example_filter', 'example_callback', 10, 3 ); * * /* * * Apply the filters by calling the 'example_callback()' function * * that's hooked onto `example_filter` above. * * * * - 'example_filter' is the filter hook. * * - 'filter me' is the value being filtered. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * $value = apply_filters( 'example_filter', 'filter me', $arg1, $arg2 ); * * @since 0.71 * @since 6.0.0 Formalized the existing and already documented `...$args` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param mixed $value The value to filter. * @param mixed ...$args Optional. Additional parameters to pass to the callback functions. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters( $hook_name, $value, ...$args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $value; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } // Pass the value to WP_Hook. array_unshift( $args, $value ); $filtered = $wp_filter[ $hook_name ]->apply_filters( $value, $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Calls the callback functions that have been added to a filter hook, specifying arguments in an array. * * @since 3.0.0 * * @see apply_filters() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_ref_array( $hook_name, $args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $args[0]; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $filtered = $wp_filter[ $hook_name ]->apply_filters( $args[0], $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Checks if any filter has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The name of the filter hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_filter( $hook_name, $callback = false, $priority = false ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { return false; } return $wp_filter[ $hook_name ]->has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from a filter hook. * * This can be used to remove default functions attached to a specific filter * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter hook to which the function to be removed is hooked. * @param callable|string|array $callback The callback to be removed from running when the filter is applied. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * filter callback. Default 10. * @return bool Whether the function existed before it was removed. */ function remove_filter( $hook_name, $callback, $priority = 10 ) { global $wp_filter; $r = false; if ( isset( $wp_filter[ $hook_name ] ) ) { $r = $wp_filter[ $hook_name ]->remove_filter( $hook_name, $callback, $priority ); if ( ! $wp_filter[ $hook_name ]->callbacks ) { unset( $wp_filter[ $hook_name ] ); } } return $r; } /** * Removes all of the callback functions from a filter hook. * * @since 2.7.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_filters( $hook_name, $priority = false ) { global $wp_filter; if ( isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ]->remove_all_filters( $priority ); if ( ! $wp_filter[ $hook_name ]->has_filters() ) { unset( $wp_filter[ $hook_name ] ); } } return true; } /** * Retrieves the name of the current filter hook. * * @since 2.5.0 * * @global string[] $wp_current_filter Stores the list of current filters with the current one last * * @return string|false Hook name of the current filter, false if no filter is running. */ function current_filter() { global $wp_current_filter; return end( $wp_current_filter ); } /** * Returns whether or not a filter hook is currently being processed. * * The function current_filter() only returns the most recent filter being executed. * did_filter() returns the number of times a filter has been applied during * the current request. * * This function allows detection for any filter currently being executed * (regardless of whether it's the most recent filter to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_filter() * @see did_filter() * @global string[] $wp_current_filter Current filter. * * @param string|null $hook_name Optional. Filter hook to check. Defaults to null, * which checks if any filter is currently being run. * @return bool Whether the filter is currently in the stack. */ function doing_filter( $hook_name = null ) { global $wp_current_filter; if ( null === $hook_name ) { return ! empty( $wp_current_filter ); } return in_array( $hook_name, $wp_current_filter, true ); } /** * Retrieves the number of times a filter has been applied during the current request. * * @since 6.1.0 * * @global int[] $wp_filters Stores the number of times each filter was triggered. * * @param string $hook_name The name of the filter hook. * @return int The number of times the filter hook has been applied. */ function did_filter( $hook_name ) { global $wp_filters; if ( ! isset( $wp_filters[ $hook_name ] ) ) { return 0; } return $wp_filters[ $hook_name ]; } /** * Adds a callback function to an action hook. * * Actions are the hooks that the WordPress core launches at specific points * during execution, or when specific events occur. Plugins can specify that * one or more of its PHP functions are executed at these points, using the * Action API. * * @since 1.2.0 * * @param string $hook_name The name of the action to add the callback to. * @param callable $callback The callback to be run when the action is called. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular action are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the action. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_action( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { return add_filter( $hook_name, $callback, $priority, $accepted_args ); } /** * Calls the callback functions that have been added to an action hook. * * This function invokes all functions attached to action hook `$hook_name`. * It is possible to create new action hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * You can pass extra arguments to the hooks, much like you can with `apply_filters()`. * * Example usage: * * // The action callback function. * function example_callback( $arg1, $arg2 ) { * // (maybe) do something with the args. * } * add_action( 'example_action', 'example_callback', 10, 2 ); * * /* * * Trigger the actions by calling the 'example_callback()' function * * that's hooked onto `example_action` above. * * * * - 'example_action' is the action hook. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * do_action( 'example_action', $arg1, $arg2 ); * * @since 1.2.0 * @since 5.3.0 Formalized the existing and already documented `...$arg` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param mixed ...$arg Optional. Additional arguments which are passed on to the * functions hooked to the action. Default empty. */ function do_action( $hook_name, ...$arg ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } if ( empty( $arg ) ) { $arg[] = ''; } elseif ( is_array( $arg[0] ) && 1 === count( $arg[0] ) && isset( $arg[0][0] ) && is_object( $arg[0][0] ) ) { // Backward compatibility for PHP4-style passing of `array( &$this )` as action `$arg`. $arg[0] = $arg[0][0]; } $wp_filter[ $hook_name ]->do_action( $arg ); array_pop( $wp_current_filter ); } /** * Calls the callback functions that have been added to an action hook, specifying arguments in an array. * * @since 2.1.0 * * @see do_action() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. */ function do_action_ref_array( $hook_name, $args ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $wp_filter[ $hook_name ]->do_action( $args ); array_pop( $wp_current_filter ); } /** * Checks if any action has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @see has_filter() This function is an alias of has_filter(). * * @param string $hook_name The name of the action hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_action( $hook_name, $callback = false, $priority = false ) { return has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from an action hook. * * This can be used to remove default functions attached to a specific action * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @param string $hook_name The action hook to which the function to be removed is hooked. * @param callable|string|array $callback The name of the function which should be removed. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * action callback. Default 10. * @return bool Whether the function is removed. */ function remove_action( $hook_name, $callback, $priority = 10 ) { return remove_filter( $hook_name, $callback, $priority ); } /** * Removes all of the callback functions from an action hook. * * @since 2.7.0 * * @param string $hook_name The action to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_actions( $hook_name, $priority = false ) { return remove_all_filters( $hook_name, $priority ); } /** * Retrieves the name of the current action hook. * * @since 3.9.0 * * @return string|false Hook name of the current action, false if no action is running. */ function current_action() { return current_filter(); } /** * Returns whether or not an action hook is currently being processed. * * The function current_action() only returns the most recent action being executed. * did_action() returns the number of times an action has been fired during * the current request. * * This function allows detection for any action currently being executed * (regardless of whether it's the most recent action to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_action() * @see did_action() * * @param string|null $hook_name Optional. Action hook to check. Defaults to null, * which checks if any action is currently being run. * @return bool Whether the action is currently in the stack. */ function doing_action( $hook_name = null ) { return doing_filter( $hook_name ); } /** * Retrieves the number of times an action has been fired during the current request. * * @since 2.1.0 * * @global int[] $wp_actions Stores the number of times each action was triggered. * * @param string $hook_name The name of the action hook. * @return int The number of times the action hook has been fired. */ function did_action( $hook_name ) { global $wp_actions; if ( ! isset( $wp_actions[ $hook_name ] ) ) { return 0; } return $wp_actions[ $hook_name ]; } /** * Fires functions attached to a deprecated filter hook. * * When a filter hook is deprecated, the apply_filters() call is replaced with * apply_filters_deprecated(), which triggers a deprecation notice and then fires * the original filter hook. * * Note: the value and extra arguments passed to the original apply_filters() call * must be passed here to `$args` as an array. For example: * * // Old filter. * return apply_filters( 'wpdocs_filter', $value, $extra_arg ); * * // Deprecated. * return apply_filters_deprecated( 'wpdocs_filter', array( $value, $extra_arg ), '4.9.0', 'wpdocs_new_filter' ); * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the filter hook. * @param array $args Array of additional function arguments to be passed to apply_filters(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_filter( $hook_name ) ) { return $args[0]; } _deprecated_hook( $hook_name, $version, $replacement, $message ); return apply_filters_ref_array( $hook_name, $args ); } /** * Fires functions attached to a deprecated action hook. * * When an action hook is deprecated, the do_action() call is replaced with * do_action_deprecated(), which triggers a deprecation notice and then fires * the original hook. * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the action hook. * @param array $args Array of additional function arguments to be passed to do_action(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. */ function do_action_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_action( $hook_name ) ) { return; } _deprecated_hook( $hook_name, $version, $replacement, $message ); do_action_ref_array( $hook_name, $args ); } // // Functions for handling plugins. // /** * Gets the basename of a plugin. * * This method extracts the name of a plugin from its filename. * * @since 1.5.0 * * @global array $wp_plugin_paths * * @param string $file The filename of plugin. * @return string The name of a plugin. */ function plugin_basename( $file ) { global $wp_plugin_paths; // $wp_plugin_paths contains normalized paths. $file = wp_normalize_path( $file ); arsort( $wp_plugin_paths ); foreach ( $wp_plugin_paths as $dir => $realdir ) { if ( str_starts_with( $file, $realdir ) ) { $file = $dir . substr( $file, strlen( $realdir ) ); } } $plugin_dir = wp_normalize_path( WP_PLUGIN_DIR ); $mu_plugin_dir = wp_normalize_path( WPMU_PLUGIN_DIR ); // Get relative path from plugins directory. $file = preg_replace( '#^' . preg_quote( $plugin_dir, '#' ) . '/|^' . preg_quote( $mu_plugin_dir, '#' ) . '/#', '', $file ); $file = trim( $file, '/' ); return $file; } /** * Register a plugin's real path. * * This is used in plugin_basename() to resolve symlinked paths. * * @since 3.9.0 * * @see wp_normalize_path() * * @global array $wp_plugin_paths * * @param string $file Known path to the file. * @return bool Whether the path was able to be registered. */ function wp_register_plugin_realpath( $file ) { global $wp_plugin_paths; // Normalize, but store as static to avoid recalculation of a constant value. static $wp_plugin_path = null, $wpmu_plugin_path = null; if ( ! isset( $wp_plugin_path ) ) { $wp_plugin_path = wp_normalize_path( WP_PLUGIN_DIR ); $wpmu_plugin_path = wp_normalize_path( WPMU_PLUGIN_DIR ); } $plugin_path = wp_normalize_path( dirname( $file ) ); $plugin_realpath = wp_normalize_path( dirname( realpath( $file ) ) ); if ( $plugin_path === $wp_plugin_path || $plugin_path === $wpmu_plugin_path ) { return false; } if ( $plugin_path !== $plugin_realpath ) { $wp_plugin_paths[ $plugin_path ] = $plugin_realpath; } return true; } /** * Get the filesystem directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the filesystem path of the directory that contains the plugin. */ function plugin_dir_path( $file ) { return trailingslashit( dirname( $file ) ); } /** * Get the URL directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the URL path of the directory that contains the plugin. */ function plugin_dir_url( $file ) { return trailingslashit( plugins_url( '', $file ) ); } /** * Set the activation hook for a plugin. * * When a plugin is activated, the action 'activate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'activate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'activate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'activate_PLUGIN' action. */ function register_activation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'activate_' . $file, $callback ); } /** * Sets the deactivation hook for a plugin. * * When a plugin is deactivated, the action 'deactivate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'deactivate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'deactivate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'deactivate_PLUGIN' action. */ function register_deactivation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'deactivate_' . $file, $callback ); } /** * Sets the uninstallation hook for a plugin. * * Registers the uninstall hook that will be called when the user clicks on the * uninstall link that calls for the plugin to uninstall itself. The link won't * be active unless the plugin hooks into the action. * * The plugin should not run arbitrary code outside of functions, when * registering the uninstall hook. In order to run using the hook, the plugin * will have to be included, which means that any code laying outside of a * function will be run during the uninstallation process. The plugin should not * hinder the uninstallation process. * * If the plugin can not be written without running code within the plugin, then * the plugin should create a file named 'uninstall.php' in the base plugin * folder. This file will be called, if it exists, during the uninstallation process * bypassing the uninstall hook. The plugin, when using the 'uninstall.php' * should always check for the 'WP_UNINSTALL_PLUGIN' constant, before * executing. * * @since 2.7.0 * * @param string $file Plugin file. * @param callable $callback The callback to run when the hook is called. Must be * a static method or function. */ function register_uninstall_hook( $file, $callback ) { if ( is_array( $callback ) && is_object( $callback[0] ) ) { _doing_it_wrong( __FUNCTION__, __( 'Only a static class method or function can be used in an uninstall hook.' ), '3.1.0' ); return; } /* * The option should not be autoloaded, because it is not needed in most * cases. Emphasis should be put on using the 'uninstall.php' way of * uninstalling the plugin. */ $uninstallable_plugins = (array) get_option( 'uninstall_plugins' ); $plugin_basename = plugin_basename( $file ); if ( ! isset( $uninstallable_plugins[ $plugin_basename ] ) || $uninstallable_plugins[ $plugin_basename ] !== $callback ) { $uninstallable_plugins[ $plugin_basename ] = $callback; update_option( 'uninstall_plugins', $uninstallable_plugins ); } } /** * Calls the 'all' hook, which will process the functions hooked into it. * * The 'all' hook passes all of the arguments or parameters that were used for * the hook, which this function was called for. * * This function is used internally for apply_filters(), do_action(), and * do_action_ref_array() and is not meant to be used from outside those * functions. This function does not check for the existence of the all hook, so * it will fail unless the all hook exists prior to this function call. * * @since 2.5.0 * @access private * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param array $args The collected parameters from the hook that was called. */ function _wp_call_all_hook( $args ) { global $wp_filter; $wp_filter['all']->do_all_hook( $args ); } /** * Builds a unique string ID for a hook callback function. * * Functions and static method callbacks are just returned as strings and * shouldn't have any speed penalty. * * @link https://core.trac.wordpress.org/ticket/3875 * * @since 2.2.3 * @since 5.3.0 Removed workarounds for spl_object_hash(). * `$hook_name` and `$priority` are no longer used, * and the function always returns a string. * * @access private * * @param string $hook_name Unused. The name of the filter to build ID for. * @param callable|string|array $callback The callback to generate ID for. The callback may * or may not exist. * @param int $priority Unused. The order in which the functions * associated with a particular action are executed. * @return string|null Unique function ID for usage as array key. * Null if a valid `$callback` is not passed. */ function _wp_filter_build_unique_id( $hook_name, $callback, $priority ) { if ( is_string( $callback ) ) { return $callback; } if ( is_object( $callback ) ) { // Closures are currently implemented as objects. $callback = array( $callback, '' ); } else { $callback = (array) $callback; } if ( is_object( $callback[0] ) ) { // Object class calling. return spl_object_hash( $callback[0] ) . $callback[1]; } elseif ( is_string( $callback[0] ) ) { // Static calling. return $callback[0] . '::' . $callback[1]; } return null; } HTTP/https-migration-20260607110256.php 0000666 00000011205 15226703613 0012560 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-encoding-20260605093908.php 0000666 00000015041 15226703613 0013737 0 ustar 00 <?php /** * HTTP API: WP_Http_Encoding class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement deflate and gzip transfer encoding support for HTTP requests. * * Includes RFC 1950, RFC 1951, and RFC 1952. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Http_Encoding { /** * Compress raw string using the deflate format. * * Supports the RFC 1951 standard. * * @since 2.8.0 * * @param string $raw String to compress. * @param int $level Optional. Compression level, 9 is highest. Default 9. * @param string $supports Optional, not used. When implemented it will choose * the right compression based on what the server supports. * @return string|false Compressed string on success, false on failure. */ public static function compress( $raw, $level = 9, $supports = null ) { return gzdeflate( $raw, $level ); } /** * Decompression of deflated string. * * Will attempt to decompress using the RFC 1950 standard, and if that fails * then the RFC 1951 standard deflate will be attempted. Finally, the RFC * 1952 standard gzip decode will be attempted. If all fail, then the * original compressed string will be returned. * * @since 2.8.0 * * @param string $compressed String to decompress. * @param int $length The optional length of the compressed data. * @return string|false Decompressed string on success, false on failure. */ public static function decompress( $compressed, $length = null ) { if ( empty( $compressed ) ) { return $compressed; } $decompressed = @gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = self::compatible_gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = @gzuncompress( $compressed ); if ( false !== $decompressed ) { return $decompressed; } if ( function_exists( 'gzdecode' ) ) { $decompressed = @gzdecode( $compressed ); if ( false !== $decompressed ) { return $decompressed; } } return $compressed; } /** * Decompression of deflated string while staying compatible with the majority of servers. * * Certain Servers will return deflated data with headers which PHP's gzinflate() * function cannot handle out of the box. The following function has been created from * various snippets on the gzinflate() PHP documentation. * * Warning: Magic numbers within. Due to the potential different formats that the compressed * data may be returned in, some "magic offsets" are needed to ensure proper decompression * takes place. For a simple pragmatic way to determine the magic offset in use, see: * https://core.trac.wordpress.org/ticket/18273 * * @since 2.8.1 * * @link https://core.trac.wordpress.org/ticket/18273 * @link https://www.php.net/manual/en/function.gzinflate.php#70875 * @link https://www.php.net/manual/en/function.gzinflate.php#77336 * * @param string $gz_data String to decompress. * @return string|false Decompressed string on success, false on failure. */ public static function compatible_gzinflate( $gz_data ) { // Compressed data might contain a full header, if so strip it for gzinflate(). if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) { $i = 10; $flg = ord( substr( $gz_data, 3, 1 ) ); if ( $flg > 0 ) { if ( $flg & 4 ) { list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) ); $i = $i + 2 + $xlen; } if ( $flg & 8 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 16 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 2 ) { $i = $i + 2; } } $decompressed = @gzinflate( substr( $gz_data, $i, -8 ) ); if ( false !== $decompressed ) { return $decompressed; } } // Compressed data from java.util.zip.Deflater amongst others. $decompressed = @gzinflate( substr( $gz_data, 2 ) ); if ( false !== $decompressed ) { return $decompressed; } return false; } /** * What encoding types to accept and their priority values. * * @since 2.8.0 * * @param string $url * @param array $args * @return string Types of encoding to accept. */ public static function accept_encoding( $url, $args ) { $type = array(); $compression_enabled = self::is_available(); if ( ! $args['decompress'] ) { // Decompression specifically disabled. $compression_enabled = false; } elseif ( $args['stream'] ) { // Disable when streaming to file. $compression_enabled = false; } elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it. $compression_enabled = false; } if ( $compression_enabled ) { if ( function_exists( 'gzinflate' ) ) { $type[] = 'deflate;q=1.0'; } if ( function_exists( 'gzuncompress' ) ) { $type[] = 'compress;q=0.5'; } if ( function_exists( 'gzdecode' ) ) { $type[] = 'gzip;q=0.5'; } } /** * Filters the allowed encoding types. * * @since 3.6.0 * * @param string[] $type Array of what encoding types to accept and their priority values. * @param string $url URL of the HTTP request. * @param array $args HTTP request arguments. */ $type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args ); return implode( ', ', $type ); } /** * What encoding the content used when it was compressed to send in the headers. * * @since 2.8.0 * * @return string Content-Encoding string to send in the header. */ public static function content_encoding() { return 'deflate'; } /** * Whether the content be decoded based on the headers. * * @since 2.8.0 * * @param array|string $headers All of the available headers. * @return bool */ public static function should_decode( $headers ) { if ( is_array( $headers ) ) { if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) { return true; } } elseif ( is_string( $headers ) ) { return ( stripos( $headers, 'content-encoding:' ) !== false ); } return false; } /** * Whether decompression and compression are supported by the PHP version. * * Each function is tested instead of checking for the zlib extension, to * ensure that the functions all exist in the PHP version and aren't * disabled. * * @since 2.8.0 * * @return bool */ public static function is_available() { return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) ); } } HTTP/https-migration-20260606042005-20260607174121.php 0000666 00000011205 15226703613 0014137 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605173952-20260608081117.php 0000666 00000011205 15226703613 0014161 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605081053.php 0000666 00000011205 15226703613 0012560 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606064319-20260609103632.php 0000666 00000011205 15226703613 0014154 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606074258.php 0000666 00000013341 15226703613 0012562 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605183318-20260610030535.php 0000666 00000011205 15226703613 0014145 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605225728-20260610070828.php 0000666 00000011205 15226703613 0014160 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/functions.wp-scripts-20260605083209.php 0000666 00000035717 15226703613 0013574 0 ustar 00 <?php /** * Dependencies API: Scripts functions * * @since 2.6.0 * * @package WordPress * @subpackage Dependencies */ /** * Initializes $wp_scripts if it has not been set. * * @since 4.2.0 * * @global WP_Scripts $wp_scripts * * @return WP_Scripts WP_Scripts instance. */ function wp_scripts() { global $wp_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { $wp_scripts = new WP_Scripts(); } return $wp_scripts; } /** * Helper function to output a _doing_it_wrong message when applicable. * * @ignore * @since 4.2.0 * @since 5.5.0 Added the `$handle` parameter. * * @param string $function_name Function name. * @param string $handle Optional. Name of the script or stylesheet that was * registered or enqueued too early. Default empty. */ function _wp_scripts_maybe_doing_it_wrong( $function_name, $handle = '' ) { if ( did_action( 'init' ) || did_action( 'wp_enqueue_scripts' ) || did_action( 'admin_enqueue_scripts' ) || did_action( 'login_enqueue_scripts' ) ) { return; } $message = sprintf( /* translators: 1: wp_enqueue_scripts, 2: admin_enqueue_scripts, 3: login_enqueue_scripts */ __( 'Scripts and styles should not be registered or enqueued until the %1$s, %2$s, or %3$s hooks.' ), '<code>wp_enqueue_scripts</code>', '<code>admin_enqueue_scripts</code>', '<code>login_enqueue_scripts</code>' ); if ( $handle ) { $message .= ' ' . sprintf( /* translators: %s: Name of the script or stylesheet. */ __( 'This notice was triggered by the %s handle.' ), '<code>' . $handle . '</code>' ); } _doing_it_wrong( $function_name, $message, '3.3.0' ); } /** * Prints scripts in document head that are in the $handles queue. * * Called by admin-header.php and {@see 'wp_head'} hook. Since it is called by wp_head on every page load, * the function does not instantiate the WP_Scripts object unless script names are explicitly passed. * Makes use of already-instantiated `$wp_scripts` global if present. Use provided {@see 'wp_print_scripts'} * hook to register/enqueue new scripts. * * @see WP_Scripts::do_item() * @since 2.1.0 * * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * * @param string|string[]|false $handles Optional. Scripts to be printed. Default 'false'. * @return string[] On success, an array of handles of processed WP_Dependencies items; otherwise, an empty array. */ function wp_print_scripts( $handles = false ) { global $wp_scripts; /** * Fires before scripts in the $handles queue are printed. * * @since 2.1.0 */ do_action( 'wp_print_scripts' ); if ( '' === $handles ) { // For 'wp_head'. $handles = false; } _wp_scripts_maybe_doing_it_wrong( __FUNCTION__ ); if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { if ( ! $handles ) { return array(); // No need to instantiate if nothing is there. } } return wp_scripts()->do_items( $handles ); } /** * Adds extra code to a registered script. * * Code will only be added if the script is already in the queue. * Accepts a string `$data` containing the code. If two or more code blocks * are added to the same script `$handle`, they will be printed in the order * they were added, i.e. the latter added code can redeclare the previous. * * @since 4.5.0 * * @see WP_Scripts::add_inline_script() * * @param string $handle Name of the script to add the inline script to. * @param string $data String containing the JavaScript to be added. * @param string $position Optional. Whether to add the inline script before the handle * or after. Default 'after'. * @return bool True on success, false on failure. */ function wp_add_inline_script( $handle, $data, $position = 'after' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); if ( false !== stripos( $data, '</script>' ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: <script>, 2: wp_add_inline_script() */ __( 'Do not pass %1$s tags to %2$s.' ), '<code><script></code>', '<code>wp_add_inline_script()</code>' ), '4.5.0' ); $data = trim( preg_replace( '#<script[^>]*>(.*)</script>#is', '$1', $data ) ); } return wp_scripts()->add_inline_script( $handle, $data, $position ); } /** * Registers a new script. * * Registers a script to be enqueued later using the wp_enqueue_script() function. * * @see WP_Dependencies::add() * @see WP_Dependencies::add_data() * * @since 2.1.0 * @since 4.3.0 A return value was added. * @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array. * @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array. * * @param string $handle Name of the script. Should be unique. * @param string|false $src Full URL of the script, or path of the script relative to the WordPress root directory. * If source is set to false, script is an alias of other scripts it depends on. * @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param array|bool $args { * Optional. An array of additional script loading strategies. Default empty array. * Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false. * * @type string $strategy Optional. If provided, may be either 'defer' or 'async'. * @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'. * @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'. * } * @return bool Whether the script has been registered. True on success, false on failure. */ function wp_register_script( $handle, $src, $deps = array(), $ver = false, $args = array() ) { if ( ! is_array( $args ) ) { $args = array( 'in_footer' => (bool) $args, ); } _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); $wp_scripts = wp_scripts(); $registered = $wp_scripts->add( $handle, $src, $deps, $ver ); if ( ! empty( $args['in_footer'] ) ) { $wp_scripts->add_data( $handle, 'group', 1 ); } if ( ! empty( $args['strategy'] ) ) { $wp_scripts->add_data( $handle, 'strategy', $args['strategy'] ); } if ( ! empty( $args['fetchpriority'] ) ) { $wp_scripts->add_data( $handle, 'fetchpriority', $args['fetchpriority'] ); } return $registered; } /** * Localizes a script. * * Works only if the script has already been registered. * * Accepts an associative array `$l10n` and creates a JavaScript object: * * "$object_name": { * key: value, * key: value, * ... * } * * @see WP_Scripts::localize() * @link https://core.trac.wordpress.org/ticket/11520 * * @since 2.2.0 * * @todo Documentation cleanup * * @param string $handle Script handle the data will be attached to. * @param string $object_name Name for the JavaScript object. Passed directly, so it should be qualified JS variable. * Example: '/[a-zA-Z0-9_]+/'. * @param array $l10n The data itself. The data can be either a single or multi-dimensional array. * @return bool True if the script was successfully localized, false otherwise. */ function wp_localize_script( $handle, $object_name, $l10n ) { $wp_scripts = wp_scripts(); return $wp_scripts->localize( $handle, $object_name, $l10n ); } /** * Sets translated strings for a script. * * Works only if the script has already been registered. * * @see WP_Scripts::set_translations() * @since 5.0.0 * @since 5.1.0 The `$domain` parameter was made optional. * * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * * @param string $handle Script handle the textdomain will be attached to. * @param string $domain Optional. Text domain. Default 'default'. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool True if the text domain was successfully localized, false otherwise. */ function wp_set_script_translations( $handle, $domain = 'default', $path = '' ) { global $wp_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return false; } return $wp_scripts->set_translations( $handle, $domain, $path ); } /** * Removes a registered script. * * Note: there are intentional safeguards in place to prevent critical admin scripts, * such as jQuery core, from being unregistered. * * @see WP_Dependencies::remove() * * @since 2.1.0 * * @global string $pagenow The filename of the current screen. * * @param string $handle Name of the script to be removed. */ function wp_deregister_script( $handle ) { global $pagenow; _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); /** * Do not allow accidental or negligent de-registering of critical scripts in the admin. * Show minimal remorse if the correct hook is used. */ $current_filter = current_filter(); if ( ( is_admin() && 'admin_enqueue_scripts' !== $current_filter ) || ( 'wp-login.php' === $pagenow && 'login_enqueue_scripts' !== $current_filter ) ) { $not_allowed = array( 'jquery', 'jquery-core', 'jquery-migrate', 'jquery-ui-core', 'jquery-ui-accordion', 'jquery-ui-autocomplete', 'jquery-ui-button', 'jquery-ui-datepicker', 'jquery-ui-dialog', 'jquery-ui-draggable', 'jquery-ui-droppable', 'jquery-ui-menu', 'jquery-ui-mouse', 'jquery-ui-position', 'jquery-ui-progressbar', 'jquery-ui-resizable', 'jquery-ui-selectable', 'jquery-ui-slider', 'jquery-ui-sortable', 'jquery-ui-spinner', 'jquery-ui-tabs', 'jquery-ui-tooltip', 'jquery-ui-widget', 'underscore', 'backbone', ); if ( in_array( $handle, $not_allowed, true ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: Script name, 2: wp_enqueue_scripts */ __( 'Do not deregister the %1$s script in the administration area. To target the front-end theme, use the %2$s hook.' ), "<code>$handle</code>", '<code>wp_enqueue_scripts</code>' ), '3.6.0' ); return; } } wp_scripts()->remove( $handle ); } /** * Enqueues a script. * * Registers the script if `$src` provided (does NOT overwrite), and enqueues it. * * @see WP_Dependencies::add() * @see WP_Dependencies::add_data() * @see WP_Dependencies::enqueue() * * @since 2.1.0 * @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array. * @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array. * * @param string $handle Name of the script. Should be unique. * @param string $src Full URL of the script, or path of the script relative to the WordPress root directory. * Default empty. * @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param array|bool $args { * Optional. An array of additional script loading strategies. Default empty array. * Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false. * * @type string $strategy Optional. If provided, may be either 'defer' or 'async'. * @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'. * @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'. * } */ function wp_enqueue_script( $handle, $src = '', $deps = array(), $ver = false, $args = array() ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); $wp_scripts = wp_scripts(); if ( $src || ! empty( $args ) ) { $_handle = explode( '?', $handle ); if ( ! is_array( $args ) ) { $args = array( 'in_footer' => (bool) $args, ); } if ( $src ) { $wp_scripts->add( $_handle[0], $src, $deps, $ver ); } if ( ! empty( $args['in_footer'] ) ) { $wp_scripts->add_data( $_handle[0], 'group', 1 ); } if ( ! empty( $args['strategy'] ) ) { $wp_scripts->add_data( $_handle[0], 'strategy', $args['strategy'] ); } if ( ! empty( $args['fetchpriority'] ) ) { $wp_scripts->add_data( $_handle[0], 'fetchpriority', $args['fetchpriority'] ); } } $wp_scripts->enqueue( $handle ); } /** * Removes a previously enqueued script. * * @see WP_Dependencies::dequeue() * * @since 3.1.0 * * @param string $handle Name of the script to be removed. */ function wp_dequeue_script( $handle ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); wp_scripts()->dequeue( $handle ); } /** * Determines whether a script has been added to the queue. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.8.0 * @since 3.5.0 'enqueued' added as an alias of the 'queue' list. * * @param string $handle Name of the script. * @param string $status Optional. Status of the script to check. Default 'enqueued'. * Accepts 'enqueued', 'registered', 'queue', 'to_do', and 'done'. * @return bool Whether the script is queued. */ function wp_script_is( $handle, $status = 'enqueued' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return (bool) wp_scripts()->query( $handle, $status ); } /** * Adds metadata to a script. * * Works only if the script has already been registered. * * Possible values for $key and $value: * 'strategy' string 'defer' or 'async'. * * @since 4.2.0 * @since 6.9.0 Updated possible values to remove reference to 'conditional' and add 'strategy'. * * @see WP_Dependencies::add_data() * * @param string $handle Name of the script. * @param string $key Name of data point for which we're storing a value. * @param mixed $value String containing the data to be added. * @return bool True on success, false on failure. */ function wp_script_add_data( $handle, $key, $value ) { return wp_scripts()->add_data( $handle, $key, $value ); } HTTP/https-detection-20260605145459-20260606232055.php 0000666 00000013341 15226703613 0014147 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605172057-20260610112054.php 0000666 00000011205 15226703613 0014140 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/RawTextResponse-20260605010744.php 0000666 00000004027 15226703613 0012547 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Response for rax text * * This interface must be interoperable with Psr\Http\Message\ResponseInterface * @see https://www.php-fig.org/psr/psr-7/#33-psrhttpmessageresponseinterface * * @internal */ final class RawTextResponse implements Response { /** * @var string */ private $raw_text; /** * @var string */ private $permanent_url; /** * @var array<non-empty-array<string>> */ private $headers = []; /** * @var string */ private $requested_url; public function __construct(string $raw_text, string $filepath) { $this->raw_text = $raw_text; $this->permanent_url = $filepath; $this->requested_url = $filepath; } public function get_permanent_uri(): string { return $this->permanent_url; } public function get_final_requested_uri(): string { return $this->requested_url; } public function get_status_code(): int { return 200; } public function get_headers(): array { return $this->headers; } public function has_header(string $name): bool { return isset($this->headers[strtolower($name)]); } public function get_header(string $name): array { return isset($this->headers[strtolower($name)]) ? $this->headers[$name] : []; } public function with_header(string $name, $value) { $new = clone $this; $newHeader = [ strtolower($name) => (array) $value, ]; $new->headers = $newHeader + $this->headers; return $new; } public function get_header_line(string $name): string { return isset($this->headers[strtolower($name)]) ? implode(", ", $this->headers[$name]) : ''; } public function get_body_content(): string { return $this->raw_text; } } HTTP/script-loader-20260605055402.php 0000666 00000465210 15226703613 0012207 0 ustar 00 <?php /** * WordPress scripts and styles default loader. * * Several constants are used to manage the loading, concatenating and compression of scripts and CSS: * define('SCRIPT_DEBUG', true); loads the development (non-minified) versions of all scripts and CSS, and disables compression and concatenation, * define('CONCATENATE_SCRIPTS', false); disables compression and concatenation of scripts and CSS, * define('COMPRESS_SCRIPTS', false); disables compression of scripts, * define('COMPRESS_CSS', false); disables compression of CSS, * define('ENFORCE_GZIP', true); forces gzip for compression (default is deflate). * * The globals $concatenate_scripts, $compress_scripts and $compress_css can be set by plugins * to temporarily override the above settings. Also a compression test is run once and the result is saved * as option 'can_compress_scripts' (0/1). The test will run again if that option is deleted. * * @package WordPress */ /** WordPress Dependency Class */ require ABSPATH . WPINC . '/class-wp-dependency.php'; /** WordPress Dependencies Class */ require ABSPATH . WPINC . '/class-wp-dependencies.php'; /** WordPress Scripts Class */ require ABSPATH . WPINC . '/class-wp-scripts.php'; /** WordPress Scripts Functions */ require ABSPATH . WPINC . '/functions.wp-scripts.php'; /** WordPress Styles Class */ require ABSPATH . WPINC . '/class-wp-styles.php'; /** WordPress Styles Functions */ require ABSPATH . WPINC . '/functions.wp-styles.php'; /** * Registers TinyMCE scripts. * * @since 5.0.0 * * @global string $tinymce_version * @global bool $concatenate_scripts * @global bool $compress_scripts * * @param WP_Scripts $scripts WP_Scripts object. * @param bool $force_uncompressed Whether to forcibly prevent gzip compression. Default false. */ function wp_register_tinymce_scripts( $scripts, $force_uncompressed = false ) { global $tinymce_version, $concatenate_scripts, $compress_scripts; $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); script_concat_settings(); $compressed = $compress_scripts && $concatenate_scripts && ! $force_uncompressed; /* * Load tinymce.js when running from /src, otherwise load wp-tinymce.js (in production) * or tinymce.min.js (when SCRIPT_DEBUG is true). */ if ( $compressed ) { $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . 'wp-tinymce.js', array(), $tinymce_version ); } else { $scripts->add( 'wp-tinymce-root', includes_url( 'js/tinymce/' ) . "tinymce$dev_suffix.js", array(), $tinymce_version ); $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . "plugins/compat3x/plugin$dev_suffix.js", array( 'wp-tinymce-root' ), $tinymce_version ); } $scripts->add( 'wp-tinymce-lists', includes_url( "js/tinymce/plugins/lists/plugin$suffix.js" ), array( 'wp-tinymce' ), $tinymce_version ); } /** * Registers all the WordPress vendor scripts that are in the standardized * `js/dist/vendor/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @global WP_Locale $wp_locale WordPress date and time locale object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_vendor( $scripts ) { global $wp_locale; $suffix = wp_scripts_get_suffix(); $vendor_scripts = array( 'react', 'react-dom' => array( 'react' ), 'react-jsx-runtime' => array( 'react' ), 'regenerator-runtime', 'moment', 'lodash', 'wp-polyfill-fetch', 'wp-polyfill-formdata', 'wp-polyfill-node-contains', 'wp-polyfill-url', 'wp-polyfill-dom-rect', 'wp-polyfill-element-closest', 'wp-polyfill-object-fit', 'wp-polyfill-inert', 'wp-polyfill', ); $vendor_scripts_versions = array( 'react' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-dom' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-jsx-runtime' => '18.3.1', 'regenerator-runtime' => '0.14.1', 'moment' => '2.30.1', 'lodash' => '4.17.21', 'wp-polyfill-fetch' => '3.6.20', 'wp-polyfill-formdata' => '4.0.10', 'wp-polyfill-node-contains' => '4.8.0', 'wp-polyfill-url' => '3.6.4', 'wp-polyfill-dom-rect' => '4.8.0', 'wp-polyfill-element-closest' => '3.0.2', 'wp-polyfill-object-fit' => '2.3.5', 'wp-polyfill-inert' => '3.1.3', 'wp-polyfill' => '3.15.0', ); foreach ( $vendor_scripts as $handle => $dependencies ) { if ( is_string( $dependencies ) ) { $handle = $dependencies; $dependencies = array(); } $path = "/wp-includes/js/dist/vendor/$handle$suffix.js"; $version = $vendor_scripts_versions[ $handle ]; $scripts->add( $handle, $path, $dependencies, $version, 1 ); } did_action( 'init' ) && $scripts->add_inline_script( 'lodash', 'window.lodash = _.noConflict();' ); did_action( 'init' ) && $scripts->add_inline_script( 'moment', sprintf( "moment.updateLocale( '%s', %s );", esc_js( get_user_locale() ), wp_json_encode( array( 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'week' => array( 'dow' => (int) get_option( 'start_of_week', 0 ), ), 'longDateFormat' => array( 'LT' => get_option( 'time_format', __( 'g:i a' ) ), 'LTS' => null, 'L' => null, 'LL' => get_option( 'date_format', __( 'F j, Y' ) ), 'LLL' => __( 'F j, Y g:i a' ), 'LLLL' => null, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Returns contents of an inline script used in appending polyfill scripts for * browsers which fail the provided tests. The provided array is a mapping from * a condition to verify feature support to its polyfill script handle. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. * @param string[] $tests Features to detect. * @return string Conditional polyfill inline script. */ function wp_get_script_polyfill( $scripts, $tests ) { $polyfill = ''; foreach ( $tests as $test => $handle ) { if ( ! array_key_exists( $handle, $scripts->registered ) ) { continue; } $src = $scripts->registered[ $handle ]->src; $ver = $scripts->registered[ $handle ]->ver; if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $scripts->content_url && str_starts_with( $src, $scripts->content_url ) ) ) { $src = $scripts->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** This filter is documented in wp-includes/class-wp-scripts.php */ $src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) ); if ( ! $src ) { continue; } $polyfill .= ( // Test presence of feature... '( ' . $test . ' ) || ' . /* * ...appending polyfill on any failures. Cautious viewers may balk * at the `document.write`. Its caveat of synchronous mid-stream * blocking write is exactly the behavior we need though. */ 'document.write( \'<script src="' . $src . '"></scr\' + \'ipt>\' );' ); } return $polyfill; } /** * Registers development scripts that integrate with `@wordpress/scripts`. * * @see https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#start * * @since 6.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_register_development_scripts( $scripts ) { if ( ! defined( 'SCRIPT_DEBUG' ) || ! SCRIPT_DEBUG || empty( $scripts->registered['react'] ) || defined( 'WP_RUN_CORE_TESTS' ) ) { return; } $development_scripts = array( 'react-refresh-entry', 'react-refresh-runtime', ); foreach ( $development_scripts as $script_name ) { $assets = include ABSPATH . WPINC . '/assets/script-loader-' . $script_name . '.php'; if ( ! is_array( $assets ) ) { return; } $scripts->add( 'wp-' . $script_name, '/wp-includes/js/dist/development/' . $script_name . '.js', $assets['dependencies'], $assets['version'] ); } // See https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#externalising-react. $scripts->registered['react']->deps[] = 'wp-react-refresh-entry'; } /** * Registers all the WordPress packages scripts that are in the standardized * `js/dist/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_scripts( $scripts ) { $suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix(); /* * Expects multidimensional array like: * * 'a11y.js' => array('dependencies' => array(...), 'version' => '...'), * 'annotations.js' => array('dependencies' => array(...), 'version' => '...'), * 'api-fetch.js' => array(... */ $assets = include ABSPATH . WPINC . "/assets/script-loader-packages{$suffix}.php"; foreach ( $assets as $file_name => $package_data ) { $basename = str_replace( $suffix . '.js', '', basename( $file_name ) ); $handle = 'wp-' . $basename; $path = "/wp-includes/js/dist/{$basename}{$suffix}.js"; if ( ! empty( $package_data['dependencies'] ) ) { $dependencies = $package_data['dependencies']; } else { $dependencies = array(); } // Add dependencies that cannot be detected and generated by build tools. switch ( $handle ) { case 'wp-block-library': array_push( $dependencies, 'editor' ); break; case 'wp-edit-post': array_push( $dependencies, 'media-models', 'media-views', 'postbox', 'wp-dom-ready' ); break; case 'wp-preferences': array_push( $dependencies, 'wp-preferences-persistence' ); break; } $scripts->add( $handle, $path, $dependencies, $package_data['version'], 1 ); if ( in_array( 'wp-i18n', $dependencies, true ) ) { $scripts->set_translations( $handle ); } /* * Manually set the text direction localization after wp-i18n is printed. * This ensures that wp.i18n.isRTL() returns true in RTL languages. * We cannot use $scripts->set_translations( 'wp-i18n' ) to do this * because WordPress prints a script's translations *before* the script, * which means, in the case of wp-i18n, that wp.i18n.setLocaleData() * is called before wp.i18n is defined. */ if ( 'wp-i18n' === $handle ) { $ltr = _x( 'ltr', 'text direction' ); $script = sprintf( "wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ '%s' ] } );", $ltr ); $scripts->add_inline_script( $handle, $script, 'after' ); } } } /** * Adds inline scripts required for the WordPress JavaScript packages. * * @since 5.0.0 * @since 6.4.0 Added relative time strings for the `wp-date` inline script output. * * @global WP_Locale $wp_locale WordPress date and time locale object. * @global wpdb $wpdb WordPress database abstraction object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_inline_scripts( $scripts ) { global $wp_locale, $wpdb; if ( isset( $scripts->registered['wp-api-fetch'] ) ) { $scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks'; } $scripts->add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );', sanitize_url( get_rest_url() ) ), 'after' ); $scripts->add_inline_script( 'wp-api-fetch', implode( "\n", array( sprintf( 'wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );', wp_installing() ? '' : wp_create_nonce( 'wp_rest' ) ), 'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );', 'wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );', sprintf( 'wp.apiFetch.nonceEndpoint = "%s";', admin_url( 'admin-ajax.php?action=rest-nonce' ) ), ) ), 'after' ); $meta_key = $wpdb->get_blog_prefix() . 'persisted_preferences'; $user_id = get_current_user_id(); $preload_data = get_user_meta( $user_id, $meta_key, true ); $scripts->add_inline_script( 'wp-preferences', sprintf( '( function() { var serverData = %s; var userId = "%d"; var persistenceLayer = wp.preferencesPersistence.__unstableCreatePersistenceLayer( serverData, userId ); var preferencesStore = wp.preferences.store; wp.data.dispatch( preferencesStore ).setPersistenceLayer( persistenceLayer ); } ) ();', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), $user_id ) ); // Backwards compatibility - configure the old wp-data persistence system. $scripts->add_inline_script( 'wp-data', implode( "\n", array( '( function() {', ' var userId = ' . get_current_user_id() . ';', ' var storageKey = "WP_DATA_USER_" + userId;', ' wp.data', ' .use( wp.data.plugins.persistence, { storageKey: storageKey } );', '} )();', ) ) ); // Calculate the timezone abbr (EDT, PST) if possible. $timezone_string = get_option( 'timezone_string', 'UTC' ); $timezone_abbr = ''; if ( ! empty( $timezone_string ) ) { $timezone_date = new DateTime( 'now', new DateTimeZone( $timezone_string ) ); $timezone_abbr = $timezone_date->format( 'T' ); } $gmt_offset = get_option( 'gmt_offset', 0 ); $scripts->add_inline_script( 'wp-date', sprintf( 'wp.date.setSettings( %s );', wp_json_encode( array( 'l10n' => array( 'locale' => get_user_locale(), 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'meridiem' => (object) $wp_locale->meridiem, 'relative' => array( /* translators: %s: Duration. */ 'future' => __( '%s from now' ), /* translators: %s: Duration. */ 'past' => __( '%s ago' ), /* translators: One second from or to a particular datetime, e.g., "a second ago" or "a second from now". */ 's' => __( 'a second' ), /* translators: %d: Duration in seconds from or to a particular datetime, e.g., "4 seconds ago" or "4 seconds from now". */ 'ss' => __( '%d seconds' ), /* translators: One minute from or to a particular datetime, e.g., "a minute ago" or "a minute from now". */ 'm' => __( 'a minute' ), /* translators: %d: Duration in minutes from or to a particular datetime, e.g., "4 minutes ago" or "4 minutes from now". */ 'mm' => __( '%d minutes' ), /* translators: One hour from or to a particular datetime, e.g., "an hour ago" or "an hour from now". */ 'h' => __( 'an hour' ), /* translators: %d: Duration in hours from or to a particular datetime, e.g., "4 hours ago" or "4 hours from now". */ 'hh' => __( '%d hours' ), /* translators: One day from or to a particular datetime, e.g., "a day ago" or "a day from now". */ 'd' => __( 'a day' ), /* translators: %d: Duration in days from or to a particular datetime, e.g., "4 days ago" or "4 days from now". */ 'dd' => __( '%d days' ), /* translators: One month from or to a particular datetime, e.g., "a month ago" or "a month from now". */ 'M' => __( 'a month' ), /* translators: %d: Duration in months from or to a particular datetime, e.g., "4 months ago" or "4 months from now". */ 'MM' => __( '%d months' ), /* translators: One year from or to a particular datetime, e.g., "a year ago" or "a year from now". */ 'y' => __( 'a year' ), /* translators: %d: Duration in years from or to a particular datetime, e.g., "4 years ago" or "4 years from now". */ 'yy' => __( '%d years' ), ), 'startOfWeek' => (int) get_option( 'start_of_week', 0 ), ), 'formats' => array( /* translators: Time format, see https://www.php.net/manual/datetime.format.php */ 'time' => get_option( 'time_format', __( 'g:i a' ) ), /* translators: Date format, see https://www.php.net/manual/datetime.format.php */ 'date' => get_option( 'date_format', __( 'F j, Y' ) ), /* translators: Date/Time format, see https://www.php.net/manual/datetime.format.php */ 'datetime' => __( 'F j, Y g:i a' ), /* translators: Abbreviated date/time format, see https://www.php.net/manual/datetime.format.php */ 'datetimeAbbreviated' => __( 'M j, Y g:i a' ), ), 'timezone' => array( 'offset' => (float) $gmt_offset, 'offsetFormatted' => str_replace( array( '.25', '.5', '.75' ), array( ':15', ':30', ':45' ), (string) $gmt_offset ), 'string' => $timezone_string, 'abbr' => $timezone_abbr, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); // Loading the old editor and its config to ensure the classic block works as expected. $scripts->add_inline_script( 'editor', 'window.wp.oldEditor = window.wp.editor;', 'after' ); /* * wp-editor module is exposed as window.wp.editor. * Problem: there is quite some code expecting window.wp.oldEditor object available under window.wp.editor. * Solution: fuse the two objects together to maintain backward compatibility. * For more context, see https://github.com/WordPress/gutenberg/issues/33203. */ $scripts->add_inline_script( 'wp-editor', 'Object.assign( window.wp.editor, window.wp.oldEditor );', 'after' ); } /** * Adds inline scripts required for the TinyMCE in the block editor. * * These TinyMCE init settings are used to extend and override the default settings * from `_WP_Editors::default_settings()` for the Classic block. * * @since 5.0.0 * * @global WP_Scripts $wp_scripts */ function wp_tinymce_inline_scripts() { global $wp_scripts; /** This filter is documented in wp-includes/class-wp-editor.php */ $editor_settings = apply_filters( 'wp_editor_settings', array( 'tinymce' => true ), 'classic-block' ); $tinymce_plugins = array( 'charmap', 'colorpicker', 'hr', 'lists', 'media', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wpdialogs', 'wptextpattern', 'wpview', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_plugins = apply_filters( 'tiny_mce_plugins', $tinymce_plugins, 'classic-block' ); $tinymce_plugins = array_unique( $tinymce_plugins ); $disable_captions = false; // Runs after `tiny_mce_plugins` but before `mce_buttons`. /** This filter is documented in wp-admin/includes/media.php */ if ( apply_filters( 'disable_captions', '' ) ) { $disable_captions = true; } $toolbar1 = array( 'formatselect', 'bold', 'italic', 'bullist', 'numlist', 'blockquote', 'alignleft', 'aligncenter', 'alignright', 'link', 'unlink', 'wp_more', 'spellchecker', 'wp_add_media', 'wp_adv', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar1 = apply_filters( 'mce_buttons', $toolbar1, 'classic-block' ); $toolbar2 = array( 'strikethrough', 'hr', 'forecolor', 'pastetext', 'removeformat', 'charmap', 'outdent', 'indent', 'undo', 'redo', 'wp_help', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar2 = apply_filters( 'mce_buttons_2', $toolbar2, 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar3 = apply_filters( 'mce_buttons_3', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar4 = apply_filters( 'mce_buttons_4', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $external_plugins = apply_filters( 'mce_external_plugins', array(), 'classic-block' ); $tinymce_settings = array( 'plugins' => implode( ',', $tinymce_plugins ), 'toolbar1' => implode( ',', $toolbar1 ), 'toolbar2' => implode( ',', $toolbar2 ), 'toolbar3' => implode( ',', $toolbar3 ), 'toolbar4' => implode( ',', $toolbar4 ), 'external_plugins' => wp_json_encode( $external_plugins ), 'classic_block_editor' => true, ); if ( $disable_captions ) { $tinymce_settings['wpeditimage_disable_captions'] = true; } if ( ! empty( $editor_settings['tinymce'] ) && is_array( $editor_settings['tinymce'] ) ) { $tinymce_settings = array_merge( $tinymce_settings, $editor_settings['tinymce'] ); } /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_settings = apply_filters( 'tiny_mce_before_init', $tinymce_settings, 'classic-block' ); /* * Do "by hand" translation from PHP array to js object. * Prevents breakage in some custom settings. */ $init_obj = ''; foreach ( $tinymce_settings as $key => $value ) { if ( is_bool( $value ) ) { $val = $value ? 'true' : 'false'; $init_obj .= $key . ':' . $val . ','; continue; } elseif ( ! empty( $value ) && is_string( $value ) && ( ( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) || ( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) || preg_match( '/^\(?function ?\(/', $value ) ) ) { $init_obj .= $key . ':' . $value . ','; continue; } $init_obj .= $key . ':"' . $value . '",'; } $init_obj = '{' . trim( $init_obj, ' ,' ) . '}'; $script = 'window.wpEditorL10n = { tinymce: { baseURL: ' . wp_json_encode( includes_url( 'js/tinymce' ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ', suffix: ' . ( SCRIPT_DEBUG ? '""' : '".min"' ) . ', settings: ' . $init_obj . ', } }'; $wp_scripts->add_inline_script( 'wp-block-library', $script, 'before' ); } /** * Registers all the WordPress packages scripts. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages( $scripts ) { wp_default_packages_vendor( $scripts ); wp_register_development_scripts( $scripts ); wp_register_tinymce_scripts( $scripts ); wp_default_packages_scripts( $scripts ); if ( did_action( 'init' ) ) { wp_default_packages_inline_scripts( $scripts ); } } /** * Returns the suffix that can be used for the scripts. * * There are two suffix types, the normal one and the dev suffix. * * @since 5.0.0 * * @param string $type The type of suffix to retrieve. * @return string The script suffix. */ function wp_scripts_get_suffix( $type = '' ) { static $suffixes; if ( null === $suffixes ) { /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ $develop_src = false !== strpos( $wp_version, '-src' ); if ( ! defined( 'SCRIPT_DEBUG' ) ) { define( 'SCRIPT_DEBUG', $develop_src ); } $suffix = SCRIPT_DEBUG ? '' : '.min'; $dev_suffix = $develop_src ? '' : '.min'; $suffixes = array( 'suffix' => $suffix, 'dev_suffix' => $dev_suffix, ); } if ( 'dev' === $type ) { return $suffixes['dev_suffix']; } return $suffixes['suffix']; } /** * Registers all WordPress scripts. * * Localizes some of them. * args order: `$scripts->add( 'handle', 'url', 'dependencies', 'query-string', 1 );` * when last arg === 1 queues the script for the footer * * @since 2.6.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_scripts( $scripts ) { $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); $guessurl = site_url(); if ( ! $guessurl ) { $guessed_url = true; $guessurl = wp_guess_url(); } $scripts->base_url = $guessurl; $scripts->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $scripts->default_version = get_bloginfo( 'version' ); $scripts->default_dirs = array( '/wp-admin/js/', '/wp-includes/js/' ); $scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" ); did_action( 'init' ) && $scripts->localize( 'utils', 'userSettings', array( 'url' => (string) SITECOOKIEPATH, 'uid' => (string) get_current_user_id(), 'time' => (string) time(), 'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ), ) ); $scripts->add( 'common', "/wp-admin/js/common$suffix.js", array( 'jquery', 'hoverIntent', 'utils', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'common' ); $bulk_action_observer_ids = array( 'bulk_action' => 'action', 'changeit' => 'new_role', ); did_action( 'init' ) && $scripts->localize( 'common', 'bulkActionObserverIds', /** * Filters the array of field name attributes for bulk actions. * * @since 6.8.1 * * @param array $bulk_action_observer_ids { * An array of field name attributes for bulk actions. * * @type string $bulk_action The bulk action field name. Default 'action'. * @type string $changeit The new role field name. Default 'new_role'. * } */ apply_filters( 'bulk_action_observer_ids', $bulk_action_observer_ids ) ); $scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array(), false, 1 ); $scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 ); $scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->localize( 'quicktags', 'quicktagsL10n', array( 'closeAllOpenTags' => __( 'Close all open tags' ), 'closeTags' => __( 'close tags' ), 'enterURL' => __( 'Enter the URL' ), 'enterImageURL' => __( 'Enter the URL of the image' ), 'enterImageDescription' => __( 'Enter a description of the image' ), 'textdirection' => __( 'text direction' ), 'toggleTextdirection' => __( 'Toggle Editor Text Direction' ), 'dfw' => __( 'Distraction-free writing mode' ), 'strong' => __( 'Bold' ), 'strongClose' => __( 'Close bold tag' ), 'em' => __( 'Italic' ), 'emClose' => __( 'Close italic tag' ), 'link' => __( 'Insert link' ), 'blockquote' => __( 'Blockquote' ), 'blockquoteClose' => __( 'Close blockquote tag' ), 'del' => __( 'Deleted text (strikethrough)' ), 'delClose' => __( 'Close deleted text tag' ), 'ins' => __( 'Inserted text' ), 'insClose' => __( 'Close inserted text tag' ), 'image' => __( 'Insert image' ), 'ul' => __( 'Bulleted list' ), 'ulClose' => __( 'Close bulleted list tag' ), 'ol' => __( 'Numbered list' ), 'olClose' => __( 'Close numbered list tag' ), 'li' => __( 'List item' ), 'liClose' => __( 'Close list item tag' ), 'code' => __( 'Code' ), 'codeClose' => __( 'Close code tag' ), 'more' => __( 'Insert Read More tag' ), ) ); $scripts->add( 'colorpicker', "/wp-includes/js/colorpicker$suffix.js", array( 'prototype' ), '3517m' ); $scripts->add( 'editor', "/wp-admin/js/editor$suffix.js", array( 'utils', 'jquery' ), false, 1 ); $scripts->add( 'clipboard', "/wp-includes/js/clipboard$suffix.js", array(), '2.0.11', 1 ); $scripts->add( 'wp-ajax-response', "/wp-includes/js/wp-ajax-response$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-ajax-response', 'wpAjax', array( 'noPerm' => __( 'Sorry, you are not allowed to do that.' ), 'broken' => __( 'An error occurred while processing your request. Please try again later.' ), ) ); $scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 ); // `wpApiSettings` is also used by `wp-api`, which depends on this script. did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array( 'root' => sanitize_url( get_rest_url() ), 'nonce' => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ), 'versionString' => 'wp/v2/', ) ); $scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-core' ), false, 1 ); $scripts->set_translations( 'wp-pointer' ); $scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'heartbeat', 'heartbeatSettings', /** * Filters the Heartbeat settings. * * @since 3.6.0 * * @param array $settings Heartbeat settings array. */ apply_filters( 'heartbeat_settings', array() ) ); $scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->set_translations( 'wp-auth-check' ); $scripts->add( 'wp-lists', "/wp-includes/js/wp-lists$suffix.js", array( 'wp-ajax-response', 'jquery-color' ), false, 1 ); $scripts->add( 'site-icon', '/wp-admin/js/site-icon.js', array( 'jquery' ), false, 1 ); $scripts->set_translations( 'site-icon' ); // WordPress no longer uses or bundles Prototype or script.aculo.us. These are now pulled from an external source. $scripts->add( 'prototype', 'https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js', array(), '1.7.1' ); $scripts->add( 'scriptaculous-root', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js', array( 'prototype' ), '1.9.0' ); $scripts->add( 'scriptaculous-builder', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/builder.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-dragdrop', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/dragdrop.js', array( 'scriptaculous-builder', 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-effects', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/effects.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-slider', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/slider.js', array( 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-sound', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/sound.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-controls', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/controls.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous', false, array( 'scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls' ) ); // Not used in core, replaced by Jcrop.js. $scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array( 'scriptaculous-dragdrop' ) ); /* * jQuery. * The unminified jquery.js and jquery-migrate.js are included to facilitate debugging. */ $scripts->add( 'jquery', false, array( 'jquery-core', 'jquery-migrate' ), '3.7.1' ); $scripts->add( 'jquery-core', "/wp-includes/js/jquery/jquery$suffix.js", array(), '3.7.1' ); $scripts->add( 'jquery-migrate', "/wp-includes/js/jquery/jquery-migrate$suffix.js", array(), '3.4.1' ); /* * Full jQuery UI. * The build process in 1.12.1 has changed significantly. * In order to keep backwards compatibility, and to keep the optimized loading, * the source files were flattened and included with some modifications for AMD loading. * A notable change is that 'jquery-ui-core' now contains 'jquery-ui-position' and 'jquery-ui-widget'. */ $scripts->add( 'jquery-ui-core', "/wp-includes/js/jquery/ui/core$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-core', "/wp-includes/js/jquery/ui/effect$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-blind', "/wp-includes/js/jquery/ui/effect-blind$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-bounce', "/wp-includes/js/jquery/ui/effect-bounce$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-clip', "/wp-includes/js/jquery/ui/effect-clip$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-drop', "/wp-includes/js/jquery/ui/effect-drop$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-explode', "/wp-includes/js/jquery/ui/effect-explode$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fade', "/wp-includes/js/jquery/ui/effect-fade$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fold', "/wp-includes/js/jquery/ui/effect-fold$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-highlight', "/wp-includes/js/jquery/ui/effect-highlight$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$suffix.js", array( 'jquery-effects-core', 'jquery-effects-scale' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-pulsate', "/wp-includes/js/jquery/ui/effect-pulsate$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$suffix.js", array( 'jquery-effects-core', 'jquery-effects-size' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-shake', "/wp-includes/js/jquery/ui/effect-shake$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-size', "/wp-includes/js/jquery/ui/effect-size$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-slide', "/wp-includes/js/jquery/ui/effect-slide$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-transfer', "/wp-includes/js/jquery/ui/effect-transfer$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); // Widgets $scripts->add( 'jquery-ui-accordion', "/wp-includes/js/jquery/ui/accordion$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-autocomplete', "/wp-includes/js/jquery/ui/autocomplete$suffix.js", array( 'jquery-ui-menu', 'wp-a11y' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-button', "/wp-includes/js/jquery/ui/button$suffix.js", array( 'jquery-ui-core', 'jquery-ui-controlgroup', 'jquery-ui-checkboxradio' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-datepicker', "/wp-includes/js/jquery/ui/datepicker$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-dialog', "/wp-includes/js/jquery/ui/dialog$suffix.js", array( 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-menu', "/wp-includes/js/jquery/ui/menu$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-mouse', "/wp-includes/js/jquery/ui/mouse$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-progressbar', "/wp-includes/js/jquery/ui/progressbar$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectmenu', "/wp-includes/js/jquery/ui/selectmenu$suffix.js", array( 'jquery-ui-menu' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-slider', "/wp-includes/js/jquery/ui/slider$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-spinner', "/wp-includes/js/jquery/ui/spinner$suffix.js", array( 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tabs', "/wp-includes/js/jquery/ui/tabs$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tooltip', "/wp-includes/js/jquery/ui/tooltip$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // New in 1.12.1 $scripts->add( 'jquery-ui-checkboxradio', "/wp-includes/js/jquery/ui/checkboxradio$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-controlgroup', "/wp-includes/js/jquery/ui/controlgroup$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // Interactions $scripts->add( 'jquery-ui-draggable', "/wp-includes/js/jquery/ui/draggable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-droppable', "/wp-includes/js/jquery/ui/droppable$suffix.js", array( 'jquery-ui-draggable' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-resizable', "/wp-includes/js/jquery/ui/resizable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectable', "/wp-includes/js/jquery/ui/selectable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-sortable', "/wp-includes/js/jquery/ui/sortable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); /* * As of 1.12.1 `jquery-ui-position` and `jquery-ui-widget` are part of `jquery-ui-core`. * Listed here for back-compat. */ $scripts->add( 'jquery-ui-position', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-widget', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); // Deprecated, not used in core, most functionality is included in jQuery 1.3. $scripts->add( 'jquery-form', "/wp-includes/js/jquery/jquery.form$suffix.js", array( 'jquery' ), '4.3.0', 1 ); // jQuery plugins. $scripts->add( 'jquery-color', '/wp-includes/js/jquery/jquery.color.min.js', array( 'jquery' ), '3.0.0', 1 ); $scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array( 'jquery' ), '20m', 1 ); $scripts->add( 'jquery-query', '/wp-includes/js/jquery/jquery.query.js', array( 'jquery' ), '2.2.3', 1 ); $scripts->add( 'jquery-serialize-object', '/wp-includes/js/jquery/jquery.serialize-object.js', array( 'jquery' ), '0.2-wp', 1 ); $scripts->add( 'jquery-hotkeys', "/wp-includes/js/jquery/jquery.hotkeys$suffix.js", array( 'jquery' ), '0.0.2m', 1 ); $scripts->add( 'jquery-table-hotkeys', "/wp-includes/js/jquery/jquery.table-hotkeys$suffix.js", array( 'jquery', 'jquery-hotkeys' ), false, 1 ); $scripts->add( 'jquery-touch-punch', '/wp-includes/js/jquery/jquery.ui.touch-punch.js', array( 'jquery-ui-core', 'jquery-ui-mouse' ), '0.2.2', 1 ); // Not used any more, registered for backward compatibility. $scripts->add( 'suggest', "/wp-includes/js/jquery/suggest$suffix.js", array( 'jquery' ), '1.1-20110113', 1 ); /* * Masonry v2 depended on jQuery. v3 does not. The older jquery-masonry handle is a shiv. * It sets jQuery as a dependency, as the theme may have been implicitly loading it this way. */ $scripts->add( 'imagesloaded', '/wp-includes/js/imagesloaded.min.js', array(), '5.0.0', 1 ); $scripts->add( 'masonry', '/wp-includes/js/masonry.min.js', array( 'imagesloaded' ), '4.2.2', 1 ); $scripts->add( 'jquery-masonry', '/wp-includes/js/jquery/jquery.masonry.min.js', array( 'jquery', 'masonry' ), '3.1.2b', 1 ); $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array( 'jquery' ), '3.1-20121105', 1 ); did_action( 'init' ) && $scripts->localize( 'thickbox', 'thickboxL10n', array( 'next' => __( 'Next >' ), 'prev' => __( '< Prev' ), 'image' => __( 'Image' ), 'of' => __( 'of' ), 'close' => __( 'Close' ), 'noiframes' => __( 'This feature requires inline frames. You have iframes disabled or your browser does not support them.' ), 'loadingAnimation' => includes_url( 'js/thickbox/loadingAnimation.gif' ), ) ); // Not used in core, replaced by imgAreaSelect. $scripts->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.js', array( 'jquery' ), '0.9.15' ); // Error messages for Plupload. $uploader_l10n = array( 'queue_limit_exceeded' => __( 'You have attempted to queue too many files.' ), /* translators: %s: File name. */ 'file_exceeds_size_limit' => __( '%s exceeds the maximum upload size for this site.' ), 'zero_byte_file' => __( 'This file is empty. Please try another.' ), 'invalid_filetype' => __( 'This file cannot be processed by the web server.' ), 'not_an_image' => __( 'This file is not an image. Please try another.' ), 'image_memory_exceeded' => __( 'Memory exceeded. Please try another smaller file.' ), 'image_dimensions_exceeded' => __( 'This is larger than the maximum size. Please try another.' ), 'default_error' => __( 'An error occurred in the upload. Please try again later.' ), 'missing_upload_url' => __( 'There was a configuration error. Please contact the server administrator.' ), 'upload_limit_exceeded' => __( 'You may only upload 1 file.' ), 'http_error' => __( 'Unexpected response from the server. The file may have been uploaded successfully. Check in the Media Library or reload the page.' ), 'http_error_image' => __( 'The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2560 pixels.' ), 'upload_failed' => __( 'Upload failed.' ), /* translators: 1: Opening link tag, 2: Closing link tag. */ 'big_upload_failed' => __( 'Please try uploading this file with the %1$sbrowser uploader%2$s.' ), /* translators: %s: File name. */ 'big_upload_queued' => __( '%s exceeds the maximum upload size for the multi-file uploader when used in your browser.' ), 'io_error' => __( 'IO error.' ), 'security_error' => __( 'Security error.' ), 'file_cancelled' => __( 'File canceled.' ), 'upload_stopped' => __( 'Upload stopped.' ), 'dismiss' => __( 'Dismiss' ), 'crunching' => __( 'Crunching…' ), 'deleted' => __( 'moved to the Trash.' ), /* translators: %s: File name. */ 'error_uploading' => __( '“%s” has failed to upload.' ), 'unsupported_image' => __( 'This image cannot be displayed in a web browser. For best results convert it to JPEG before uploading.' ), 'noneditable_image' => __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ), 'file_url_copied' => __( 'The file URL has been copied to your clipboard' ), ); $scripts->add( 'moxiejs', "/wp-includes/js/plupload/moxie$suffix.js", array(), '1.3.5.1' ); $scripts->add( 'plupload', "/wp-includes/js/plupload/plupload$suffix.js", array( 'moxiejs' ), '2.1.9' ); // Back compat handles: foreach ( array( 'all', 'html5', 'flash', 'silverlight', 'html4' ) as $handle ) { $scripts->add( "plupload-$handle", false, array( 'plupload' ), '2.1.1' ); } $scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array( 'clipboard', 'jquery', 'plupload', 'underscore', 'wp-a11y', 'wp-i18n' ) ); did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'media-models' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 ); if ( did_action( 'init' ) ) { $scripts->add_data( 'comment-reply', 'strategy', 'async' ); $scripts->add_data( 'comment-reply', 'fetchpriority', 'low' ); // In Chrome this is automatically low due to the async strategy, but in Firefox and Safari the priority is normal/medium. } // Not used in core, obsolete. Registered for backward compatibility. $scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' ); did_action( 'init' ) && $scripts->add_data( 'json2', 'conditional', '_required-conditional-dependency_' ); $scripts->add( 'underscore', "/wp-includes/js/underscore$dev_suffix.js", array(), '1.13.7', 1 ); $scripts->add( 'backbone', "/wp-includes/js/backbone$dev_suffix.js", array( 'underscore', 'jquery' ), '1.6.0', 1 ); $scripts->add( 'wp-util', "/wp-includes/js/wp-util$suffix.js", array( 'underscore', 'jquery' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-util', '_wpUtilSettings', array( 'ajax' => array( 'url' => admin_url( 'admin-ajax.php', 'relative' ), ), ) ); $scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array( 'backbone', 'wp-util' ), false, 1 ); $scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 ); $scripts->add( 'imgareaselect', "/wp-includes/js/imgareaselect/jquery.imgareaselect$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'mediaelement', false, array( 'jquery', 'mediaelement-core', 'mediaelement-migrate' ), '4.2.17', 1 ); $scripts->add( 'mediaelement-core', "/wp-includes/js/mediaelement/mediaelement-and-player$suffix.js", array(), '4.2.17', 1 ); $scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->add_inline_script( 'mediaelement-core', sprintf( 'var mejsL10n = %s;', wp_json_encode( array( 'language' => strtolower( strtok( determine_locale(), '_-' ) ), 'strings' => array( 'mejs.download-file' => __( 'Download File' ), 'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ), 'mejs.fullscreen' => __( 'Fullscreen' ), 'mejs.play' => __( 'Play' ), 'mejs.pause' => __( 'Pause' ), 'mejs.time-slider' => __( 'Time Slider' ), 'mejs.time-help-text' => __( 'Use Left/Right Arrow keys to advance one second, Up/Down arrows to advance ten seconds.' ), 'mejs.live-broadcast' => __( 'Live Broadcast' ), 'mejs.volume-help-text' => __( 'Use Up/Down Arrow keys to increase or decrease volume.' ), 'mejs.unmute' => __( 'Unmute' ), 'mejs.mute' => __( 'Mute' ), 'mejs.volume-slider' => __( 'Volume Slider' ), 'mejs.video-player' => __( 'Video Player' ), 'mejs.audio-player' => __( 'Audio Player' ), 'mejs.captions-subtitles' => __( 'Captions/Subtitles' ), 'mejs.captions-chapters' => __( 'Chapters' ), 'mejs.none' => __( 'None' ), 'mejs.afrikaans' => __( 'Afrikaans' ), 'mejs.albanian' => __( 'Albanian' ), 'mejs.arabic' => __( 'Arabic' ), 'mejs.belarusian' => __( 'Belarusian' ), 'mejs.bulgarian' => __( 'Bulgarian' ), 'mejs.catalan' => __( 'Catalan' ), 'mejs.chinese' => __( 'Chinese' ), 'mejs.chinese-simplified' => __( 'Chinese (Simplified)' ), 'mejs.chinese-traditional' => __( 'Chinese (Traditional)' ), 'mejs.croatian' => __( 'Croatian' ), 'mejs.czech' => __( 'Czech' ), 'mejs.danish' => __( 'Danish' ), 'mejs.dutch' => __( 'Dutch' ), 'mejs.english' => __( 'English' ), 'mejs.estonian' => __( 'Estonian' ), 'mejs.filipino' => __( 'Filipino' ), 'mejs.finnish' => __( 'Finnish' ), 'mejs.french' => __( 'French' ), 'mejs.galician' => __( 'Galician' ), 'mejs.german' => __( 'German' ), 'mejs.greek' => __( 'Greek' ), 'mejs.haitian-creole' => __( 'Haitian Creole' ), 'mejs.hebrew' => __( 'Hebrew' ), 'mejs.hindi' => __( 'Hindi' ), 'mejs.hungarian' => __( 'Hungarian' ), 'mejs.icelandic' => __( 'Icelandic' ), 'mejs.indonesian' => __( 'Indonesian' ), 'mejs.irish' => __( 'Irish' ), 'mejs.italian' => __( 'Italian' ), 'mejs.japanese' => __( 'Japanese' ), 'mejs.korean' => __( 'Korean' ), 'mejs.latvian' => __( 'Latvian' ), 'mejs.lithuanian' => __( 'Lithuanian' ), 'mejs.macedonian' => __( 'Macedonian' ), 'mejs.malay' => __( 'Malay' ), 'mejs.maltese' => __( 'Maltese' ), 'mejs.norwegian' => __( 'Norwegian' ), 'mejs.persian' => __( 'Persian' ), 'mejs.polish' => __( 'Polish' ), 'mejs.portuguese' => __( 'Portuguese' ), 'mejs.romanian' => __( 'Romanian' ), 'mejs.russian' => __( 'Russian' ), 'mejs.serbian' => __( 'Serbian' ), 'mejs.slovak' => __( 'Slovak' ), 'mejs.slovenian' => __( 'Slovenian' ), 'mejs.spanish' => __( 'Spanish' ), 'mejs.swahili' => __( 'Swahili' ), 'mejs.swedish' => __( 'Swedish' ), 'mejs.tagalog' => __( 'Tagalog' ), 'mejs.thai' => __( 'Thai' ), 'mejs.turkish' => __( 'Turkish' ), 'mejs.ukrainian' => __( 'Ukrainian' ), 'mejs.vietnamese' => __( 'Vietnamese' ), 'mejs.welsh' => __( 'Welsh' ), 'mejs.yiddish' => __( 'Yiddish' ), ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'before' ); $scripts->add( 'mediaelement-vimeo', '/wp-includes/js/mediaelement/renderers/vimeo.min.js', array( 'mediaelement' ), '4.2.17', 1 ); $scripts->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.js", array( 'mediaelement' ), false, 1 ); $mejs_settings = array( 'pluginPath' => includes_url( 'js/mediaelement/', 'relative' ), 'classPrefix' => 'mejs-', 'stretching' => 'responsive', /** This filter is documented in wp-includes/media.php */ 'audioShortcodeLibrary' => apply_filters( 'wp_audio_shortcode_library', 'mediaelement' ), /** This filter is documented in wp-includes/media.php */ 'videoShortcodeLibrary' => apply_filters( 'wp_video_shortcode_library', 'mediaelement' ), ); did_action( 'init' ) && $scripts->localize( 'mediaelement', '_wpmejsSettings', /** * Filters the MediaElement configuration settings. * * @since 4.4.0 * * @param array $mejs_settings MediaElement settings array. */ apply_filters( 'mejs_settings', $mejs_settings ) ); $scripts->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.js', array(), '5.29.1-alpha-ee20357' ); $scripts->add( 'csslint', '/wp-includes/js/codemirror/csslint.js', array(), '1.0.5' ); $scripts->add( 'esprima', '/wp-includes/js/codemirror/esprima.js', array(), '4.0.0' ); $scripts->add( 'jshint', '/wp-includes/js/codemirror/fakejshint.js', array( 'esprima' ), '2.9.5' ); $scripts->add( 'jsonlint', '/wp-includes/js/codemirror/jsonlint.js', array(), '1.6.2' ); $scripts->add( 'htmlhint', '/wp-includes/js/codemirror/htmlhint.js', array(), '0.9.14-xwp' ); $scripts->add( 'htmlhint-kses', '/wp-includes/js/codemirror/htmlhint-kses.js', array( 'htmlhint' ) ); $scripts->add( 'code-editor', "/wp-admin/js/code-editor$suffix.js", array( 'jquery', 'wp-codemirror', 'underscore' ) ); $scripts->add( 'wp-theme-plugin-editor', "/wp-admin/js/theme-plugin-editor$suffix.js", array( 'common', 'wp-util', 'wp-sanitize', 'jquery', 'jquery-ui-core', 'wp-a11y', 'underscore' ), false, 1 ); $scripts->set_translations( 'wp-theme-plugin-editor' ); $scripts->add( 'wp-playlist', "/wp-includes/js/mediaelement/wp-playlist$suffix.js", array( 'wp-util', 'backbone', 'mediaelement' ), false, 1 ); $scripts->add( 'zxcvbn-async', "/wp-includes/js/zxcvbn-async$suffix.js", array(), '1.0' ); did_action( 'init' ) && $scripts->localize( 'zxcvbn-async', '_zxcvbnSettings', array( 'src' => empty( $guessed_url ) ? includes_url( '/js/zxcvbn.min.js' ) : $scripts->base_url . '/wp-includes/js/zxcvbn.min.js', ) ); $scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'password-strength-meter', 'pwsL10n', array( 'unknown' => _x( 'Password strength unknown', 'password strength' ), 'short' => _x( 'Very weak', 'password strength' ), 'bad' => _x( 'Weak', 'password strength' ), 'good' => _x( 'Medium', 'password strength' ), 'strong' => _x( 'Strong', 'password strength' ), 'mismatch' => _x( 'Mismatch', 'password mismatch' ), ) ); $scripts->set_translations( 'password-strength-meter' ); $scripts->add( 'password-toggle', "/wp-admin/js/password-toggle$suffix.js", array(), false, 1 ); $scripts->set_translations( 'password-toggle' ); $scripts->add( 'application-passwords', "/wp-admin/js/application-passwords$suffix.js", array( 'jquery', 'wp-util', 'wp-api-request', 'wp-date', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'application-passwords' ); $scripts->add( 'auth-app', "/wp-admin/js/auth-app$suffix.js", array( 'jquery', 'wp-api-request', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'auth-app' ); $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'clipboard', 'jquery', 'password-strength-meter', 'wp-util', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'user-profile' ); $user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0; did_action( 'init' ) && $scripts->localize( 'user-profile', 'userProfileL10n', array( 'user_id' => $user_id, 'nonce' => wp_installing() ? '' : wp_create_nonce( 'reset-password-for-' . $user_id ), ) ); $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'user-suggest', "/wp-admin/js/user-suggest$suffix.js", array( 'jquery-ui-autocomplete' ), false, 1 ); $scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", array( 'hoverintent-js' ), false, 1 ); $scripts->add( 'wplink', "/wp-includes/js/wplink$suffix.js", array( 'common', 'jquery', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'wplink' ); did_action( 'init' ) && $scripts->localize( 'wplink', 'wpLinkL10n', array( 'title' => __( 'Insert/edit link' ), 'update' => __( 'Update' ), 'save' => __( 'Add Link' ), 'noTitle' => __( '(no title)' ), 'noMatchesFound' => __( 'No results found.' ), 'linkSelected' => __( 'Link selected.' ), 'linkInserted' => __( 'Link inserted.' ), /* translators: Minimum input length in characters to start searching posts in the "Insert/edit link" modal. */ 'minInputLength' => (int) _x( '3', 'minimum input length for searching post links' ), ) ); $scripts->add( 'wpdialogs', "/wp-includes/js/wpdialog$suffix.js", array( 'jquery-ui-dialog' ), false, 1 ); $scripts->add( 'word-count', "/wp-admin/js/word-count$suffix.js", array(), false, 1 ); $scripts->add( 'media-upload', "/wp-admin/js/media-upload$suffix.js", array( 'thickbox', 'shortcode' ), false, 1 ); $scripts->add( 'hoverIntent', "/wp-includes/js/hoverIntent$suffix.js", array( 'jquery' ), '1.10.2', 1 ); // JS-only version of hoverintent (no dependencies). $scripts->add( 'hoverintent-js', '/wp-includes/js/hoverintent-js.min.js', array(), '2.2.1', 1 ); $scripts->add( 'customize-base', "/wp-includes/js/customize-base$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'customize-loader', "/wp-includes/js/customize-loader$suffix.js", array( 'customize-base' ), false, 1 ); $scripts->add( 'customize-preview', "/wp-includes/js/customize-preview$suffix.js", array( 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'customize-models', '/wp-includes/js/customize-models.js', array( 'underscore', 'backbone' ), false, 1 ); $scripts->add( 'customize-views', '/wp-includes/js/customize-views.js', array( 'jquery', 'underscore', 'imgareaselect', 'customize-models', 'media-editor', 'media-views' ), false, 1 ); $scripts->add( 'customize-controls', "/wp-admin/js/customize-controls$suffix.js", array( 'customize-base', 'wp-a11y', 'wp-util', 'jquery-ui-core' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'customize-controls', '_wpCustomizeControlsL10n', array( 'activate' => __( 'Activate & Publish' ), 'save' => __( 'Save & Publish' ), // @todo Remove as not required. 'publish' => __( 'Publish' ), 'published' => __( 'Published' ), 'saveDraft' => __( 'Save Draft' ), 'draftSaved' => __( 'Draft Saved' ), 'updating' => __( 'Updating' ), 'schedule' => _x( 'Schedule', 'customizer changeset action/button label' ), 'scheduled' => _x( 'Scheduled', 'customizer changeset status' ), 'invalid' => __( 'Invalid' ), 'saveBeforeShare' => __( 'Please save your changes in order to share the preview.' ), 'futureDateError' => __( 'You must supply a future date to schedule.' ), 'saveAlert' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'saved' => __( 'Saved' ), 'cancel' => __( 'Cancel' ), 'close' => __( 'Close' ), 'action' => __( 'Action' ), 'discardChanges' => __( 'Discard changes' ), 'cheatin' => __( 'An error occurred. Please try again later.' ), 'notAllowedHeading' => __( 'You need a higher level of permission.' ), 'notAllowed' => __( 'Sorry, you are not allowed to customize this site.' ), 'previewIframeTitle' => __( 'Site Preview' ), 'loginIframeTitle' => __( 'Session expired' ), 'collapseSidebar' => _x( 'Hide Controls', 'label for hide controls button without length constraints' ), 'expandSidebar' => _x( 'Show Controls', 'label for hide controls button without length constraints' ), 'untitledBlogName' => __( '(Untitled)' ), 'unknownRequestFail' => __( 'Looks like something’s gone wrong. Wait a couple seconds, and then try again.' ), 'themeDownloading' => __( 'Downloading your new theme…' ), 'themePreviewWait' => __( 'Setting up your live preview. This may take a bit.' ), 'revertingChanges' => __( 'Reverting unpublished changes…' ), 'trashConfirm' => __( 'Are you sure you want to discard your unpublished changes?' ), /* translators: %s: Display name of the user who has taken over the changeset in customizer. */ 'takenOverMessage' => __( '%s has taken over and is currently customizing.' ), /* translators: %s: URL to the Customizer to load the autosaved version. */ 'autosaveNotice' => __( 'There is a more recent autosave of your changes than the one you are previewing. <a href="%s">Restore the autosave</a>' ), 'videoHeaderNotice' => __( 'This theme does not support video headers on this page. Navigate to the front page or another page that supports video headers.' ), // Used for overriding the file types allowed in Plupload. 'allowedFiles' => __( 'Allowed Files' ), 'customCssError' => array( /* translators: %d: Error count. */ 'singular' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 1 ), /* translators: %d: Error count. */ 'plural' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'pageOnFrontError' => __( 'Homepage and posts page must be different.' ), 'saveBlockedError' => array( /* translators: %s: Number of invalid settings. */ 'singular' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 1 ), /* translators: %s: Number of invalid settings. */ 'plural' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'scheduleDescription' => __( 'Schedule your customization changes to publish ("go live") at a future date.' ), 'themePreviewUnavailable' => __( 'Sorry, you cannot preview new themes when you have changes scheduled or saved as a draft. Please publish your changes, or wait until they publish to preview new themes.' ), 'themeInstallUnavailable' => sprintf( /* translators: %s: URL to Add Themes admin screen. */ __( 'You will not be able to install new themes from here yet since your install requires SFTP credentials. For now, please <a href="%s">add themes in the admin</a>.' ), esc_url( admin_url( 'theme-install.php' ) ) ), 'publishSettings' => __( 'Publish Settings' ), 'invalidDate' => __( 'Invalid date.' ), 'invalidValue' => __( 'Invalid value.' ), 'blockThemeNotification' => sprintf( /* translators: 1: Link to Site Editor documentation on HelpHub, 2: HTML button. */ __( 'Hurray! Your theme supports site editing with blocks. <a href="%1$s">Tell me more</a>. %2$s' ), __( 'https://wordpress.org/documentation/article/site-editor/' ), sprintf( '<button type="button" data-action="%1$s" class="button switch-to-editor">%2$s</button>', esc_url( admin_url( 'site-editor.php' ) ), __( 'Use Site Editor' ) ) ), ) ); $scripts->add( 'customize-selective-refresh', "/wp-includes/js/customize-selective-refresh$suffix.js", array( 'jquery', 'wp-util', 'customize-preview' ), false, 1 ); $scripts->add( 'customize-widgets', "/wp-admin/js/customize-widgets$suffix.js", array( 'jquery', 'jquery-ui-sortable', 'jquery-ui-droppable', 'wp-backbone', 'customize-controls' ), false, 1 ); $scripts->add( 'customize-preview-widgets', "/wp-includes/js/customize-preview-widgets$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu', 'wp-sanitize' ), false, 1 ); $scripts->add( 'customize-preview-nav-menus', "/wp-includes/js/customize-preview-nav-menus$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'wp-custom-header', "/wp-includes/js/wp-custom-header$suffix.js", array( 'wp-a11y' ), false, 1 ); $scripts->add( 'accordion', "/wp-admin/js/accordion$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'shortcode', "/wp-includes/js/shortcode$suffix.js", array( 'underscore' ), false, 1 ); $scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'wp-backbone' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array( 'settings' => array( 'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ), 'post' => array( 'id' => 0 ), ), ) ); $scripts->add( 'wp-embed', "/wp-includes/js/wp-embed$suffix.js" ); did_action( 'init' ) && $scripts->add_data( 'wp-embed', 'strategy', 'defer' ); /* * To enqueue media-views or media-editor, call wp_enqueue_media(). * Both rely on numerous settings, styles, and templates to operate correctly. */ $scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request', 'wp-a11y', 'clipboard' ), false, 1 ); $scripts->set_translations( 'media-views' ); $scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 ); $scripts->set_translations( 'media-editor' ); $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 ); $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 ); if ( is_admin() ) { $scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 ); $scripts->set_translations( 'admin-tags' ); $scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array( 'wp-lists', 'quicktags', 'jquery-query', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-comments' ); did_action( 'init' ) && $scripts->localize( 'admin-comments', 'adminCommentsSettings', array( 'hotkeys_highlight_first' => isset( $_GET['hotkeys_highlight_first'] ), 'hotkeys_highlight_last' => isset( $_GET['hotkeys_highlight_last'] ), ) ); $scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array( 'jquery-ui-sortable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'postbox' ); $scripts->add( 'tags-box', "/wp-admin/js/tags-box$suffix.js", array( 'jquery', 'tags-suggest' ), false, 1 ); $scripts->set_translations( 'tags-box' ); $scripts->add( 'tags-suggest', "/wp-admin/js/tags-suggest$suffix.js", array( 'common', 'jquery-ui-autocomplete', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'tags-suggest' ); $scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y', 'wp-sanitize', 'clipboard' ), false, 1 ); $scripts->set_translations( 'post' ); $scripts->add( 'editor-expand', "/wp-admin/js/editor-expand$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'link', "/wp-admin/js/link$suffix.js", array( 'wp-lists', 'postbox' ), false, 1 ); $scripts->add( 'comment', "/wp-admin/js/comment$suffix.js", array( 'jquery', 'postbox' ), false, 1 ); $scripts->set_translations( 'comment' ); $scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) ); $scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-widgets' ); $scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) ); $scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' ); $scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) ); $scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-gallery-widget', "/wp-admin/js/widgets/media-gallery-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) ); $scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) ); $scripts->add( 'custom-html-widgets', "/wp-admin/js/widgets/custom-html-widgets$suffix.js", array( 'jquery', 'backbone', 'wp-util', 'jquery-ui-core', 'wp-a11y' ) ); $scripts->add( 'theme', "/wp-admin/js/theme$suffix.js", array( 'wp-backbone', 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'inline-edit-post', "/wp-admin/js/inline-edit-post$suffix.js", array( 'jquery', 'tags-suggest', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-post' ); $scripts->add( 'inline-edit-tax', "/wp-admin/js/inline-edit-tax$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-tax' ); $scripts->add( 'plugin-install', "/wp-admin/js/plugin-install$suffix.js", array( 'jquery', 'jquery-ui-core', 'thickbox' ), false, 1 ); $scripts->set_translations( 'plugin-install' ); $scripts->add( 'site-health', "/wp-admin/js/site-health$suffix.js", array( 'clipboard', 'jquery', 'wp-util', 'wp-a11y', 'wp-api-request', 'wp-url', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'site-health' ); $scripts->add( 'privacy-tools', "/wp-admin/js/privacy-tools$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'privacy-tools' ); $scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'common', 'jquery', 'wp-util', 'wp-a11y', 'wp-sanitize', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'updates' ); did_action( 'init' ) && $scripts->localize( 'updates', '_wpUpdatesSettings', array( 'ajax_nonce' => wp_installing() ? '' : wp_create_nonce( 'updates' ), ) ); $scripts->add( 'farbtastic', '/wp-admin/js/farbtastic.js', array( 'jquery' ), '1.2' ); $scripts->add( 'iris', '/wp-admin/js/iris.min.js', array( 'jquery-ui-draggable', 'jquery-ui-slider', 'jquery-touch-punch' ), '1.1.1', 1 ); $scripts->add( 'wp-color-picker', "/wp-admin/js/color-picker$suffix.js", array( 'iris' ), false, 1 ); $scripts->set_translations( 'wp-color-picker' ); $scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'common', 'jquery', 'admin-comments', 'postbox', 'wp-util', 'wp-a11y', 'wp-date' ), false, 1 ); $scripts->set_translations( 'dashboard' ); $scripts->add( 'list-revisions', "/wp-includes/js/wp-list-revisions$suffix.js" ); $scripts->add( 'media-grid', "/wp-includes/js/media-grid$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'media', "/wp-admin/js/media$suffix.js", array( 'jquery', 'clipboard', 'wp-i18n', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'media' ); $scripts->add( 'image-edit', "/wp-admin/js/image-edit$suffix.js", array( 'jquery', 'jquery-ui-core', 'imgareaselect', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'image-edit' ); $scripts->add( 'set-post-thumbnail', "/wp-admin/js/set-post-thumbnail$suffix.js", array( 'jquery' ), false, 1 ); $scripts->set_translations( 'set-post-thumbnail' ); /* * Navigation Menus: Adding underscore as a dependency to utilize _.debounce * see https://core.trac.wordpress.org/ticket/42321 */ $scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-lists', 'postbox', 'underscore' ) ); $scripts->set_translations( 'nav-menu' ); $scripts->add( 'custom-header', '/wp-admin/js/custom-header.js', array( 'jquery-masonry' ), false, 1 ); $scripts->add( 'custom-background', "/wp-admin/js/custom-background$suffix.js", array( 'wp-color-picker', 'media-views' ), false, 1 ); $scripts->add( 'media-gallery', "/wp-admin/js/media-gallery$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'svg-painter', '/wp-admin/js/svg-painter.js', array( 'jquery' ), false, 1 ); } } /** * Assigns default styles to $styles object. * * Nothing is returned, because the $styles parameter is passed by reference. * Meaning that whatever object is passed will be updated without having to * reassign the variable that was passed back to the same value. This saves * memory. * * Adding default styles is not the only task, it also assigns the base_url * property, the default version, and text direction for the object. * * @since 2.6.0 * * @global array $editor_styles * * @param WP_Styles $styles */ function wp_default_styles( $styles ) { global $editor_styles; /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; if ( ! defined( 'SCRIPT_DEBUG' ) ) { /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ define( 'SCRIPT_DEBUG', false !== strpos( $wp_version, '-src' ) ); } $guessurl = site_url(); if ( ! $guessurl ) { $guessurl = wp_guess_url(); } $styles->base_url = $guessurl; $styles->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $styles->default_version = get_bloginfo( 'version' ); $styles->text_direction = function_exists( 'is_rtl' ) && is_rtl() ? 'rtl' : 'ltr'; $styles->default_dirs = array( '/wp-admin/', '/wp-includes/css/' ); // Open Sans is no longer used by core, but may be relied upon by themes and plugins. $open_sans_font_url = ''; /* * translators: If there are characters in your language that are not supported * by Open Sans, translate this to 'off'. Do not translate into your own language. */ if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) { $subsets = 'latin,latin-ext'; /* * translators: To add an additional Open Sans character subset specific to your language, * translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language. */ $subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' ); if ( 'cyrillic' === $subset ) { $subsets .= ',cyrillic,cyrillic-ext'; } elseif ( 'greek' === $subset ) { $subsets .= ',greek,greek-ext'; } elseif ( 'vietnamese' === $subset ) { $subsets .= ',vietnamese'; } // Hotlink Open Sans, for now. $open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets&display=fallback"; } // Register a stylesheet for the selected admin color scheme. $styles->add( 'colors', true, array( 'wp-admin', 'buttons' ) ); $suffix = SCRIPT_DEBUG ? '' : '.min'; // Admin CSS. $styles->add( 'common', "/wp-admin/css/common$suffix.css" ); $styles->add( 'forms', "/wp-admin/css/forms$suffix.css" ); $styles->add( 'admin-menu', "/wp-admin/css/admin-menu$suffix.css" ); $styles->add( 'dashboard', "/wp-admin/css/dashboard$suffix.css" ); $styles->add( 'list-tables', "/wp-admin/css/list-tables$suffix.css" ); $styles->add( 'edit', "/wp-admin/css/edit$suffix.css" ); $styles->add( 'revisions', "/wp-admin/css/revisions$suffix.css" ); $styles->add( 'media', "/wp-admin/css/media$suffix.css" ); $styles->add( 'themes', "/wp-admin/css/themes$suffix.css" ); $styles->add( 'about', "/wp-admin/css/about$suffix.css" ); $styles->add( 'nav-menus', "/wp-admin/css/nav-menus$suffix.css" ); $styles->add( 'widgets', "/wp-admin/css/widgets$suffix.css", array( 'wp-pointer' ) ); $styles->add( 'site-icon', "/wp-admin/css/site-icon$suffix.css" ); $styles->add( 'l10n', "/wp-admin/css/l10n$suffix.css" ); $styles->add( 'code-editor', "/wp-admin/css/code-editor$suffix.css", array( 'wp-codemirror' ) ); $styles->add( 'site-health', "/wp-admin/css/site-health$suffix.css" ); $styles->add( 'wp-admin', false, array( 'dashicons', 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n' ) ); $styles->add( 'login', "/wp-admin/css/login$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'install', "/wp-admin/css/install$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'wp-color-picker', "/wp-admin/css/color-picker$suffix.css" ); $styles->add( 'customize-controls', "/wp-admin/css/customize-controls$suffix.css", array( 'wp-admin', 'colors', 'imgareaselect' ) ); $styles->add( 'customize-widgets', "/wp-admin/css/customize-widgets$suffix.css", array( 'wp-admin', 'colors' ) ); $styles->add( 'customize-nav-menus', "/wp-admin/css/customize-nav-menus$suffix.css", array( 'wp-admin', 'colors' ) ); // Common dependencies. $styles->add( 'buttons', "/wp-includes/css/buttons$suffix.css" ); $styles->add( 'dashicons', "/wp-includes/css/dashicons$suffix.css" ); // Includes CSS. $styles->add( 'admin-bar', "/wp-includes/css/admin-bar$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-auth-check', "/wp-includes/css/wp-auth-check$suffix.css", array( 'dashicons' ) ); $styles->add( 'editor-buttons', "/wp-includes/css/editor$suffix.css", array( 'dashicons' ) ); $styles->add( 'media-views', "/wp-includes/css/media-views$suffix.css", array( 'buttons', 'dashicons', 'wp-mediaelement' ) ); $styles->add( 'wp-pointer', "/wp-includes/css/wp-pointer$suffix.css", array( 'dashicons' ) ); $styles->add( 'customize-preview', "/wp-includes/css/customize-preview$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-empty-template-alert', "/wp-includes/css/wp-empty-template-alert$suffix.css" ); // External libraries and friends. $styles->add( 'imgareaselect', '/wp-includes/js/imgareaselect/imgareaselect.css', array(), '0.9.8' ); $styles->add( 'wp-jquery-ui-dialog', "/wp-includes/css/jquery-ui-dialog$suffix.css", array( 'dashicons' ) ); $styles->add( 'mediaelement', '/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css', array(), '4.2.17' ); $styles->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.css", array( 'mediaelement' ) ); $styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ) ); $styles->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.css', array(), '5.29.1-alpha-ee20357' ); // Deprecated CSS. $styles->add( 'deprecated-media', "/wp-admin/css/deprecated-media$suffix.css" ); $styles->add( 'farbtastic', "/wp-admin/css/farbtastic$suffix.css", array(), '1.3u1' ); $styles->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.css', array(), '0.9.15' ); $styles->add( 'colors-fresh', false, array( 'wp-admin', 'buttons' ) ); // Old handle. $styles->add( 'open-sans', $open_sans_font_url ); // No longer used in core as of 4.6. $styles->add( 'wp-embed-template-ie', false ); $styles->add_data( 'wp-embed-template-ie', 'conditional', '_required-conditional-dependency_' ); // Noto Serif is no longer used by core, but may be relied upon by themes and plugins. $fonts_url = ''; /* * translators: Use this to specify the proper Google Font name and variants * to load that is supported by your language. Do not translate. * Set to 'off' to disable loading. */ $font_family = _x( 'Noto Serif:400,400i,700,700i', 'Google Font Name and Variants' ); if ( 'off' !== $font_family ) { $fonts_url = 'https://fonts.googleapis.com/css?family=' . urlencode( $font_family ); } $styles->add( 'wp-editor-font', $fonts_url ); // No longer used in core as of 5.7. $block_library_theme_path = WPINC . "/css/dist/block-library/theme$suffix.css"; $styles->add( 'wp-block-library-theme', "/$block_library_theme_path" ); $styles->add_data( 'wp-block-library-theme', 'path', ABSPATH . $block_library_theme_path ); $classic_theme_styles_path = WPINC . "/css/classic-themes$suffix.css"; $styles->add( 'classic-theme-styles', "/$classic_theme_styles_path" ); $styles->add_data( 'classic-theme-styles', 'path', ABSPATH . $classic_theme_styles_path ); $styles->add( 'wp-reset-editor-styles', "/wp-includes/css/dist/block-library/reset$suffix.css", array( 'common', 'forms' ) // Make sure the reset is loaded after the default WP Admin styles. ); $styles->add( 'wp-editor-classic-layout-styles', "/wp-includes/css/dist/edit-post/classic$suffix.css", array() ); $styles->add( 'wp-block-editor-content', "/wp-includes/css/dist/block-editor/content$suffix.css", array( 'wp-components' ) ); // Only add CONTENT styles here that should be enqueued in the iframe! $wp_edit_blocks_dependencies = array( 'wp-components', /* * This needs to be added before the block library styles, * The block library styles override the "reset" styles. */ 'wp-reset-editor-styles', 'wp-block-library', 'wp-block-editor-content', ); // Only load the default layout and margin styles for themes without theme.json file. if ( ! wp_theme_has_theme_json() ) { $wp_edit_blocks_dependencies[] = 'wp-editor-classic-layout-styles'; } if ( current_theme_supports( 'wp-block-styles' ) && ( ! is_array( $editor_styles ) || count( $editor_styles ) === 0 ) ) { /* * Include opinionated block styles if the theme supports block styles and * no $editor_styles are declared, so the editor never appears broken. */ $wp_edit_blocks_dependencies[] = 'wp-block-library-theme'; } $styles->add( 'wp-edit-blocks', "/wp-includes/css/dist/block-library/editor$suffix.css", $wp_edit_blocks_dependencies ); $package_styles = array( 'block-editor' => array( 'wp-components', 'wp-preferences' ), 'block-library' => array(), 'block-directory' => array(), 'components' => array(), 'commands' => array( 'wp-components' ), 'edit-post' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-commands', 'wp-preferences', ), 'editor' => array( 'wp-components', 'wp-block-editor', 'wp-reusable-blocks', 'wp-patterns', 'wp-preferences', ), 'format-library' => array(), 'list-reusable-blocks' => array( 'wp-components' ), 'reusable-blocks' => array( 'wp-components' ), 'patterns' => array( 'wp-components' ), 'preferences' => array( 'wp-components' ), 'nux' => array( 'wp-components' ), 'widgets' => array( 'wp-components', ), 'edit-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'customize-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'edit-site' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-commands', 'wp-preferences', ), ); foreach ( $package_styles as $package => $dependencies ) { $handle = 'wp-' . $package; $path = "/wp-includes/css/dist/$package/style$suffix.css"; if ( 'block-library' === $package && wp_should_load_separate_core_block_assets() ) { $path = "/wp-includes/css/dist/$package/common$suffix.css"; } $styles->add( $handle, $path, $dependencies ); $styles->add_data( $handle, 'path', ABSPATH . $path ); } // RTL CSS. $rtl_styles = array( // Admin CSS. 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n', 'install', 'wp-color-picker', 'customize-controls', 'customize-widgets', 'customize-nav-menus', 'customize-preview', 'login', 'site-health', 'wp-empty-template-alert', // Includes CSS. 'buttons', 'admin-bar', 'wp-auth-check', 'editor-buttons', 'media-views', 'wp-pointer', 'wp-jquery-ui-dialog', // Package styles. 'wp-reset-editor-styles', 'wp-editor-classic-layout-styles', 'wp-block-library-theme', 'wp-edit-blocks', 'wp-block-editor', 'wp-block-library', 'wp-block-directory', 'wp-commands', 'wp-components', 'wp-customize-widgets', 'wp-edit-post', 'wp-edit-site', 'wp-edit-widgets', 'wp-editor', 'wp-format-library', 'wp-list-reusable-blocks', 'wp-reusable-blocks', 'wp-patterns', 'wp-nux', 'wp-widgets', // Deprecated CSS. 'deprecated-media', 'farbtastic', ); foreach ( $rtl_styles as $rtl_style ) { $styles->add_data( $rtl_style, 'rtl', 'replace' ); if ( $suffix ) { $styles->add_data( $rtl_style, 'suffix', $suffix ); } } } /** * Reorders JavaScript scripts array to place prototype before jQuery. * * @since 2.3.1 * * @param string[] $js_array JavaScript scripts array * @return string[] Reordered array, if needed. */ function wp_prototype_before_jquery( $js_array ) { $prototype = array_search( 'prototype', $js_array, true ); if ( false === $prototype ) { return $js_array; } $jquery = array_search( 'jquery', $js_array, true ); if ( false === $jquery ) { return $js_array; } if ( $prototype < $jquery ) { return $js_array; } unset( $js_array[ $prototype ] ); array_splice( $js_array, $jquery, 0, 'prototype' ); return $js_array; } /** * Loads localized data on print rather than initialization. * * These localizations require information that may not be loaded even by init. * * @since 2.5.0 * * @global array $shortcode_tags */ function wp_just_in_time_script_localization() { wp_localize_script( 'autosave', 'autosaveL10n', array( 'autosaveInterval' => AUTOSAVE_INTERVAL, 'blog_id' => get_current_blog_id(), ) ); wp_localize_script( 'mce-view', 'mceViewL10n', array( 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); wp_localize_script( 'word-count', 'wordCountL10n', array( 'type' => wp_get_word_count_type(), 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); } /** * Localizes the jQuery UI datepicker. * * @since 4.6.0 * * @link https://api.jqueryui.com/datepicker/#options * * @global WP_Locale $wp_locale WordPress date and time locale object. */ function wp_localize_jquery_ui_datepicker() { global $wp_locale; if ( ! wp_script_is( 'jquery-ui-datepicker', 'enqueued' ) ) { return; } // Convert the PHP date format into jQuery UI's format. $datepicker_date_format = str_replace( array( 'd', 'j', 'l', 'z', // Day. 'F', 'M', 'n', 'm', // Month. 'Y', 'y', // Year. ), array( 'dd', 'd', 'DD', 'o', 'MM', 'M', 'm', 'mm', 'yy', 'y', ), get_option( 'date_format' ) ); $datepicker_defaults = wp_json_encode( array( 'closeText' => __( 'Close' ), 'currentText' => __( 'Today' ), 'monthNames' => array_values( $wp_locale->month ), 'monthNamesShort' => array_values( $wp_locale->month_abbrev ), 'nextText' => __( 'Next' ), 'prevText' => __( 'Previous' ), 'dayNames' => array_values( $wp_locale->weekday ), 'dayNamesShort' => array_values( $wp_locale->weekday_abbrev ), 'dayNamesMin' => array_values( $wp_locale->weekday_initial ), 'dateFormat' => $datepicker_date_format, 'firstDay' => absint( get_option( 'start_of_week' ) ), 'isRTL' => $wp_locale->is_rtl(), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); wp_add_inline_script( 'jquery-ui-datepicker', "jQuery(function(jQuery){jQuery.datepicker.setDefaults({$datepicker_defaults});});" ); } /** * Localizes community events data that needs to be passed to dashboard.js. * * @since 4.8.0 */ function wp_localize_community_events() { if ( ! wp_script_is( 'dashboard' ) ) { return; } require_once ABSPATH . 'wp-admin/includes/class-wp-community-events.php'; $user_id = get_current_user_id(); $saved_location = get_user_option( 'community-events-location', $user_id ); $saved_ip_address = isset( $saved_location['ip'] ) ? $saved_location['ip'] : false; $current_ip_address = WP_Community_Events::get_unsafe_client_ip(); /* * If the user's location is based on their IP address, then update their * location when their IP address changes. This allows them to see events * in their current city when travelling. Otherwise, they would always be * shown events in the city where they were when they first loaded the * Dashboard, which could have been months or years ago. */ if ( $saved_ip_address && $current_ip_address && $current_ip_address !== $saved_ip_address ) { $saved_location['ip'] = $current_ip_address; update_user_meta( $user_id, 'community-events-location', $saved_location ); } $events_client = new WP_Community_Events( $user_id, $saved_location ); wp_localize_script( 'dashboard', 'communityEventsData', array( 'nonce' => wp_create_nonce( 'community_events' ), 'cache' => $events_client->get_cached_events(), 'time_format' => get_option( 'time_format' ), ) ); } /** * Administration Screen CSS for changing the styles. * * If installing the 'wp-admin/' directory will be replaced with './'. * * The $_wp_admin_css_colors global manages the Administration Screens CSS * stylesheet that is loaded. The option that is set is 'admin_color' and is the * color and key for the array. The value for the color key is an object with * a 'url' parameter that has the URL path to the CSS file. * * The query from $src parameter will be appended to the URL that is given from * the $_wp_admin_css_colors array value URL. * * @since 2.6.0 * * @global array $_wp_admin_css_colors * * @param string $src Source URL. * @param string $handle Either 'colors' or 'colors-rtl'. * @return string|false URL path to CSS stylesheet for Administration Screens. */ function wp_style_loader_src( $src, $handle ) { global $_wp_admin_css_colors; if ( wp_installing() ) { return preg_replace( '#^wp-admin/#', './', $src ); } if ( 'colors' === $handle ) { $color = get_user_option( 'admin_color' ); if ( empty( $color ) || ! isset( $_wp_admin_css_colors[ $color ] ) ) { $color = 'fresh'; } $color = $_wp_admin_css_colors[ $color ]; $url = $color->url; if ( ! $url ) { return false; } $parsed = parse_url( $src ); if ( isset( $parsed['query'] ) && $parsed['query'] ) { wp_parse_str( $parsed['query'], $qv ); $url = add_query_arg( $qv, $url ); } return $url; } return $src; } /** * Prints the script queue in the HTML head on admin pages. * * Postpones the scripts that were queued for the footer. * print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @see wp_print_scripts() * * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_head_scripts() { global $concatenate_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } $wp_scripts = wp_scripts(); script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_head_items(); /** * Filters whether to print the head scripts. * * @since 2.8.0 * * @param bool $print Whether to print the head scripts. Default true. */ if ( apply_filters( 'print_head_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints the scripts that were queued for the footer or too late for the HTML head. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_footer_scripts() { global $wp_scripts, $concatenate_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if not instantiated. } script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_footer_items(); /** * Filters whether to print the footer scripts. * * @since 2.8.0 * * @param bool $print Whether to print the footer scripts. Default true. */ if ( apply_filters( 'print_footer_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints scripts (internal use only) * * @since 2.8.0 * * @ignore * * @global WP_Scripts $wp_scripts * @global bool $compress_scripts */ function _print_scripts() { global $wp_scripts, $compress_scripts; $zip = $compress_scripts ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_scripts->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'script' ) ? '' : " type='text/javascript'"; if ( $concat ) { if ( ! empty( $wp_scripts->print_code ) ) { echo "\n<script{$type_attr}>\n"; echo "/* <![CDATA[ */\n"; // Not needed in HTML 5. echo $wp_scripts->print_code; echo sprintf( "\n//# sourceURL=%s\n", rawurlencode( 'js-inline-concat-' . $concat ) ); echo "/* ]]> */\n"; echo "</script>\n"; } $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version; echo "<script{$type_attr} src='" . esc_attr( $src ) . "'></script>\n"; } if ( ! empty( $wp_scripts->print_html ) ) { echo $wp_scripts->print_html; } } /** * Prints the script queue in the HTML head on the front end. * * Postpones the scripts that were queued for the footer. * wp_print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * * @return string[] Handles of the scripts that were printed. */ function wp_print_head_scripts() { global $wp_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if nothing is queued. } return print_head_scripts(); } /** * Private, for use in *_footer_scripts hooks * * In classic themes, when block styles are loaded on demand via wp_load_classic_theme_block_styles_on_demand(), * this function is replaced by a closure in wp_hoist_late_printed_styles() which will capture the printing of * two sets of "late" styles to be hoisted to the HEAD by means of the template enhancement output buffer: * * 1. Styles related to blocks are inserted right after the wp-block-library stylesheet. * 2. All other styles are appended to the end of the HEAD. * * The closure calls print_footer_scripts() to print scripts in the footer as usual. * * @since 3.3.0 */ function _wp_footer_scripts() { print_late_styles(); print_footer_scripts(); } /** * Hooks to print the scripts and styles in the footer. * * @since 2.8.0 */ function wp_print_footer_scripts() { /** * Fires when footer scripts are printed. * * @since 2.8.0 */ do_action( 'wp_print_footer_scripts' ); } /** * Wrapper for do_action( 'wp_enqueue_scripts' ). * * Allows plugins to queue scripts for the front end using wp_enqueue_script(). * Runs first in wp_head() where all is_home(), is_page(), etc. functions are available. * * @since 2.8.0 */ function wp_enqueue_scripts() { /** * Fires when scripts and styles are enqueued. * * @since 2.8.0 */ do_action( 'wp_enqueue_scripts' ); } /** * Prints the styles queue in the HTML head on admin pages. * * @since 2.8.0 * * @global bool $concatenate_scripts * * @return string[] Handles of the styles that were printed. */ function print_admin_styles() { global $concatenate_scripts; $wp_styles = wp_styles(); script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_items( false ); /** * Filters whether to print the admin styles. * * @since 2.8.0 * * @param bool $print Whether to print the admin styles. Default true. */ if ( apply_filters( 'print_admin_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints the styles that were queued too late for the HTML head. * * @since 3.3.0 * * @global WP_Styles $wp_styles * @global bool $concatenate_scripts * * @return array|void */ function print_late_styles() { global $wp_styles, $concatenate_scripts; if ( ! ( $wp_styles instanceof WP_Styles ) ) { return; } script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_footer_items(); /** * Filters whether to print the styles queued too late for the HTML head. * * @since 3.3.0 * * @param bool $print Whether to print the 'late' styles. Default true. */ if ( apply_filters( 'print_late_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints styles (internal use only). * * @ignore * @since 3.3.0 * * @global bool $compress_css */ function _print_styles() { global $compress_css; $wp_styles = wp_styles(); $zip = $compress_css ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_styles->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; if ( $concat ) { $dir = $wp_styles->text_direction; $ver = $wp_styles->default_version; $concat_source_url = 'css-inline-concat-' . $concat; $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver; echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "'{$type_attr} media='all' />\n"; if ( ! empty( $wp_styles->print_code ) ) { echo "<style{$type_attr}>\n"; echo $wp_styles->print_code; echo sprintf( "\n/*# sourceURL=%s */", rawurlencode( $concat_source_url ) ); echo "\n</style>\n"; } } if ( ! empty( $wp_styles->print_html ) ) { echo $wp_styles->print_html; } } /** * Determines the concatenation and compression settings for scripts and styles. * * @since 2.8.0 * * @global bool $concatenate_scripts * @global bool $compress_scripts * @global bool $compress_css */ function script_concat_settings() { global $concatenate_scripts, $compress_scripts, $compress_css; $compressed_output = ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' === ini_get( 'output_handler' ) ); $can_compress_scripts = ! wp_installing() && get_site_option( 'can_compress_scripts' ); if ( ! isset( $concatenate_scripts ) ) { $concatenate_scripts = defined( 'CONCATENATE_SCRIPTS' ) ? CONCATENATE_SCRIPTS : true; if ( ( ! is_admin() && ! did_action( 'login_init' ) ) || ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ) { $concatenate_scripts = false; } } if ( ! isset( $compress_scripts ) ) { $compress_scripts = defined( 'COMPRESS_SCRIPTS' ) ? COMPRESS_SCRIPTS : true; if ( $compress_scripts && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_scripts = false; } } if ( ! isset( $compress_css ) ) { $compress_css = defined( 'COMPRESS_CSS' ) ? COMPRESS_CSS : true; if ( $compress_css && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_css = false; } } } /** * Handles the enqueueing of block scripts and styles that are common to both * the editor and the front-end. * * @since 5.0.0 */ function wp_common_block_scripts_and_styles() { if ( is_admin() && ! wp_should_load_block_editor_scripts_and_styles() ) { return; } wp_enqueue_style( 'wp-block-library' ); if ( current_theme_supports( 'wp-block-styles' ) && ! wp_should_load_separate_core_block_assets() ) { wp_enqueue_style( 'wp-block-library-theme' ); } /** * Fires after enqueuing block assets for both editor and front-end. * * Call `add_action` on any hook before 'wp_enqueue_scripts'. * * In the function call you supply, simply use `wp_enqueue_script` and * `wp_enqueue_style` to add your functionality to the Gutenberg editor. * * @since 5.0.0 */ do_action( 'enqueue_block_assets' ); } /** * Applies a filter to the list of style nodes that comes from WP_Theme_JSON::get_style_nodes(). * * This particular filter removes all of the blocks from the array. * * We want WP_Theme_JSON to be ignorant of the implementation details of how the CSS is being used. * This filter allows us to modify the output of WP_Theme_JSON depending on whether or not we are * loading separate assets, without making the class aware of that detail. * * @since 6.1.0 * * @param array $nodes The nodes to filter. * @return array A filtered array of style nodes. */ function wp_filter_out_block_nodes( $nodes ) { return array_filter( $nodes, static function ( $node ) { return ! in_array( 'blocks', $node['path'], true ); }, ARRAY_FILTER_USE_BOTH ); } /** * Enqueues the global styles defined via theme.json. * * @since 5.8.0 */ function wp_enqueue_global_styles() { $assets_on_demand = wp_should_load_block_assets_on_demand(); $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * Global styles should be printed in the head for block themes, or for classic themes when loading assets on * demand is disabled, which is the default. * The footer should only be used for classic themes when loading assets on demand is enabled. * * See https://core.trac.wordpress.org/ticket/53494 and https://core.trac.wordpress.org/ticket/61965. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_footer' ) && ! $assets_on_demand ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) && $assets_on_demand ) ) { return; } /* * If loading the CSS for each block separately, then load the theme.json CSS conditionally. * This removes the CSS from the global-styles stylesheet and adds it to the inline CSS for each block. * This filter must be registered before calling wp_get_global_stylesheet(); */ add_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' ); $stylesheet = wp_get_global_stylesheet(); if ( $is_block_theme ) { /* * Dequeue the Customizer's custom CSS * and add it before the global styles custom CSS. */ remove_action( 'wp_head', 'wp_custom_css_cb', 101 ); /* * Get the custom CSS from the Customizer and add it to the global stylesheet. * Always do this in Customizer preview for the sake of live preview since it be empty. */ $custom_css = trim( wp_get_custom_css() ); if ( $custom_css || is_customize_preview() ) { if ( is_customize_preview() ) { /* * When in the Customizer preview, wrap the Custom CSS in milestone comments to allow customize-preview.js * to locate the CSS to replace for live previewing. Make sure that the milestone comments are omitted from * the stored Custom CSS if by chance someone tried to add them, which would be highly unlikely, but it * would break live previewing. */ $before_milestone = '/*BEGIN_CUSTOMIZER_CUSTOM_CSS*/'; $after_milestone = '/*END_CUSTOMIZER_CUSTOM_CSS*/'; $custom_css = str_replace( array( $before_milestone, $after_milestone ), '', $custom_css ); $custom_css = $before_milestone . "\n" . $custom_css . "\n" . $after_milestone; } $custom_css = "\n" . $custom_css; } $stylesheet .= $custom_css; // Add the global styles custom CSS at the end. $stylesheet .= wp_get_global_stylesheet( array( 'custom-css' ) ); } if ( empty( $stylesheet ) ) { return; } wp_register_style( 'global-styles', false ); wp_add_inline_style( 'global-styles', $stylesheet ); wp_enqueue_style( 'global-styles' ); // Add each block as an inline css. wp_add_global_styles_for_blocks(); } /** * Checks if the editor scripts and styles for all registered block types * should be enqueued on the current screen. * * @since 5.6.0 * * @global WP_Screen $current_screen WordPress current screen object. * * @return bool Whether scripts and styles should be enqueued. */ function wp_should_load_block_editor_scripts_and_styles() { global $current_screen; $is_block_editor_screen = ( $current_screen instanceof WP_Screen ) && $current_screen->is_block_editor(); /** * Filters the flag that decides whether or not block editor scripts and styles * are going to be enqueued on the current screen. * * @since 5.6.0 * * @param bool $is_block_editor_screen Current value of the flag. */ return apply_filters( 'should_load_block_editor_scripts_and_styles', $is_block_editor_screen ); } /** * Checks whether separate styles should be loaded for core blocks. * * When this function returns true, other functions ensure that core blocks use their own separate stylesheets. * When this function returns false, all core blocks will use the single combined 'wp-block-library' stylesheet. * * As a side effect, the return value will by default result in block assets to be loaded on demand, via the * {@see wp_should_load_block_assets_on_demand()} function. This behavior can be separately altered via that function. * * This only affects front end and not the block editor screens. * * @since 5.8.0 * @see @see wp_should_load_block_assets_on_demand() * @see wp_enqueue_registered_block_scripts_and_styles() * @see register_block_style_handle() * * @return bool Whether separate core block assets will be loaded. */ function wp_should_load_separate_core_block_assets() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /** * Filters whether block styles should be loaded separately. * * Returning false loads all core block assets, regardless of whether they are rendered * in a page or not. Returning true loads core block assets only when they are rendered. * * @since 5.8.0 * * @param bool $load_separate_assets Whether separate assets will be loaded. * Default false (all block assets are loaded, even when not used). */ return apply_filters( 'should_load_separate_core_block_assets', false ); } /** * Checks whether block styles should be loaded only on-render. * * When this function returns true, other functions ensure that blocks only load their assets on-render. * When this function returns false, all block assets are loaded regardless of whether they are rendered in a page. * * The default return value depends on the result of {@see wp_should_load_separate_core_block_assets()}, which controls * whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' stylesheet. * * This only affects front end and not the block editor screens. * * @since 6.8.0 * @see wp_should_load_separate_core_block_assets() * * @return bool Whether to load block assets only when they are rendered. */ function wp_should_load_block_assets_on_demand() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /* * For backward compatibility, the default return value for this function is based on the return value of * `wp_should_load_separate_core_block_assets()`. Initially, this function used to control both of these concerns. */ $load_assets_on_demand = wp_should_load_separate_core_block_assets(); /** * Filters whether block styles should be loaded on demand. * * Returning false loads all block assets, regardless of whether they are rendered in a page or not. * Returning true loads block assets only when they are rendered. * * The default value of the filter depends on the result of {@see wp_should_load_separate_core_block_assets()}, * which controls whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' * stylesheet. * * @since 6.8.0 * * @param bool $load_assets_on_demand Whether to load block assets only when they are rendered. */ return apply_filters( 'should_load_block_assets_on_demand', $load_assets_on_demand ); } /** * Enqueues registered block scripts and styles, depending on current rendered * context (only enqueuing editor scripts while in context of the editor). * * @since 5.0.0 */ function wp_enqueue_registered_block_scripts_and_styles() { if ( wp_should_load_block_assets_on_demand() ) { return; } $load_editor_scripts_and_styles = is_admin() && wp_should_load_block_editor_scripts_and_styles(); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Block styles are only enqueued if they're registered. For core blocks, this is only the case if * `wp_should_load_separate_core_block_assets()` returns true. Otherwise they use the single combined * 'wp-block-library` stylesheet. See also `register_core_block_style_handles()`. * Since `wp_enqueue_style()` does not trigger warnings if the style is not registered, it is okay to not cater for * this behavior here and simply call `wp_enqueue_style()` unconditionally. */ foreach ( $block_registry->get_all_registered() as $block_name => $block_type ) { // Front-end and editor styles. foreach ( $block_type->style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } // Front-end and editor scripts. foreach ( $block_type->script_handles as $script_handle ) { wp_enqueue_script( $script_handle ); } if ( $load_editor_scripts_and_styles ) { // Editor styles. foreach ( $block_type->editor_style_handles as $editor_style_handle ) { wp_enqueue_style( $editor_style_handle ); } // Editor scripts. foreach ( $block_type->editor_script_handles as $editor_script_handle ) { wp_enqueue_script( $editor_script_handle ); } } } } /** * Function responsible for enqueuing the styles required for block styles functionality on the editor and on the frontend. * * @since 5.3.0 * * @global WP_Styles $wp_styles */ function enqueue_block_styles_assets() { global $wp_styles; $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { if ( isset( $style_properties['style_handle'] ) ) { // If the site loads block styles on demand, enqueue the stylesheet on render. if ( wp_should_load_block_assets_on_demand() ) { add_filter( 'render_block', static function ( $html, $block ) use ( $block_name, $style_properties ) { if ( $block['blockName'] === $block_name ) { wp_enqueue_style( $style_properties['style_handle'] ); } return $html; }, 10, 2 ); } else { wp_enqueue_style( $style_properties['style_handle'] ); } } if ( isset( $style_properties['inline_style'] ) ) { // Default to "wp-block-library". $handle = 'wp-block-library'; // If the site loads block styles on demand, check if the block has a stylesheet registered. if ( wp_should_load_block_assets_on_demand() ) { $block_stylesheet_handle = generate_block_asset_handle( $block_name, 'style' ); if ( isset( $wp_styles->registered[ $block_stylesheet_handle ] ) ) { $handle = $block_stylesheet_handle; } } // Add inline styles to the calculated handle. wp_add_inline_style( $handle, $style_properties['inline_style'] ); } } } } /** * Function responsible for enqueuing the assets required for block styles functionality on the editor. * * @since 5.3.0 */ function enqueue_editor_block_styles_assets() { $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); $register_script_lines = array( '( function() {' ); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { $block_style = array( 'name' => $style_properties['name'], 'label' => $style_properties['label'], ); if ( isset( $style_properties['is_default'] ) ) { $block_style['isDefault'] = $style_properties['is_default']; } $register_script_lines[] = sprintf( ' wp.blocks.registerBlockStyle( \'%s\', %s );', $block_name, wp_json_encode( $block_style, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); } } $register_script_lines[] = '} )();'; $inline_script = implode( "\n", $register_script_lines ); wp_register_script( 'wp-block-styles', false, array( 'wp-blocks' ), true, array( 'in_footer' => true ) ); wp_add_inline_script( 'wp-block-styles', $inline_script ); wp_enqueue_script( 'wp-block-styles' ); } /** * Enqueues the assets required for the block directory within the block editor. * * @since 5.5.0 */ function wp_enqueue_editor_block_directory_assets() { wp_enqueue_script( 'wp-block-directory' ); wp_enqueue_style( 'wp-block-directory' ); } /** * Enqueues the assets required for the format library within the block editor. * * @since 5.8.0 */ function wp_enqueue_editor_format_library_assets() { wp_enqueue_script( 'wp-format-library' ); wp_enqueue_style( 'wp-format-library' ); } /** * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag. * * Automatically injects type attribute if needed. * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String made of sanitized `<script>` tag attributes. */ function wp_sanitize_script_attributes( $attributes ) { $html5_script_support = is_admin() || current_theme_supports( 'html5', 'script' ); $attributes_string = ''; /* * If HTML5 script tag is supported, only the attribute name is added * to $attributes_string for entries with a boolean value, and that are true. */ foreach ( $attributes as $attribute_name => $attribute_value ) { if ( is_bool( $attribute_value ) ) { if ( $attribute_value ) { $attributes_string .= $html5_script_support ? ' ' . esc_attr( $attribute_name ) : sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ); } } else { $attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) ); } } return $attributes_string; } /** * Formats `<script>` loader tags. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String containing `<script>` opening and closing tags. */ function wp_get_script_tag( $attributes ) { if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. */ $attributes = apply_filters( 'wp_script_attributes', $attributes ); return sprintf( "<script%s></script>\n", wp_sanitize_script_attributes( $attributes ) ); } /** * Prints formatted `<script>` loader tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. */ function wp_print_script_tag( $attributes ) { echo wp_get_script_tag( $attributes ); } /** * Constructs an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. * @return string String containing inline JavaScript code wrapped around `<script>` tag. */ function wp_get_inline_script_tag( $data, $attributes = array() ) { $is_html5 = current_theme_supports( 'html5', 'script' ) || is_admin(); if ( ! isset( $attributes['type'] ) && ! $is_html5 ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /* * XHTML extracts the contents of the SCRIPT element and then the XML parser * decodes character references and other syntax elements. This can lead to * misinterpretation of the script contents or invalid XHTML documents. * * Wrapping the contents in a CDATA section instructs the XML parser not to * transform the contents of the SCRIPT element before passing them to the * JavaScript engine. * * Example: * * <script>console.log('…');</script> * * In an HTML document this would print "…" to the console, * but in an XHTML document it would print "…" to the console. * * <script>console.log('An image is <img> in HTML');</script> * * In an HTML document this would print "An image is <img> in HTML", * but it's an invalid XHTML document because it interprets the `<img>` * as an empty tag missing its closing `/`. * * @see https://www.w3.org/TR/xhtml1/#h-4.8 */ if ( ! $is_html5 && ( ! isset( $attributes['type'] ) || 'module' === $attributes['type'] || str_contains( $attributes['type'], 'javascript' ) || str_contains( $attributes['type'], 'ecmascript' ) || str_contains( $attributes['type'], 'jscript' ) || str_contains( $attributes['type'], 'livescript' ) ) ) { /* * If the string `]]>` exists within the JavaScript it would break * out of any wrapping CDATA section added here, so to start, it's * necessary to escape that sequence which requires splitting the * content into two CDATA sections wherever it's found. * * Note: it's only necessary to escape the closing `]]>` because * an additional `<![CDATA[` leaves the contents unchanged. */ $data = str_replace( ']]>', ']]]]><![CDATA[>', $data ); // Wrap the entire escaped script inside a CDATA section. $data = sprintf( "/* <![CDATA[ */\n%s\n/* ]]> */", $data ); } $data = "\n" . trim( $data, "\n\r " ) . "\n"; /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. * @param string $data Inline data. */ $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $data ); } /** * Prints an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. */ function wp_print_inline_script_tag( $data, $attributes = array() ) { echo wp_get_inline_script_tag( $data, $attributes ); } /** * Allows small styles to be inlined. * * This improves performance and sustainability, and is opt-in. Stylesheets can opt in * by adding `path` data using `wp_style_add_data`, and defining the file's absolute path: * * wp_style_add_data( $style_handle, 'path', $file_path ); * * @since 5.8.0 * * @global WP_Styles $wp_styles */ function wp_maybe_inline_styles() { global $wp_styles; $total_inline_limit = 40000; /** * The maximum size of inlined styles in bytes. * * @since 5.8.0 * @since 6.9.0 The default limit increased from 20K to 40K. * * @param int $total_inline_limit The file-size threshold, in bytes. Default 40000. */ $total_inline_limit = apply_filters( 'styles_inline_size_limit', $total_inline_limit ); $styles = array(); // Build an array of styles that have a path defined. foreach ( $wp_styles->queue as $handle ) { if ( ! isset( $wp_styles->registered[ $handle ] ) ) { continue; } $src = $wp_styles->registered[ $handle ]->src; $path = $wp_styles->get_data( $handle, 'path' ); if ( $path && $src ) { $size = wp_filesize( $path ); if ( ! $size ) { continue; } $styles[] = array( 'handle' => $handle, 'src' => $src, 'path' => $path, 'size' => $size, ); } } if ( ! empty( $styles ) ) { // Reorder styles array based on size. usort( $styles, static function ( $a, $b ) { return ( $a['size'] <= $b['size'] ) ? -1 : 1; } ); /* * The total inlined size. * * On each iteration of the loop, if a style gets added inline the value of this var increases * to reflect the total size of inlined styles. */ $total_inline_size = 0; // Loop styles. foreach ( $styles as $style ) { // Size check. Since styles are ordered by size, we can break the loop. if ( $total_inline_size + $style['size'] > $total_inline_limit ) { break; } // Get the styles if we don't already have them. $style['css'] = file_get_contents( $style['path'] ); /* * Check if the style contains relative URLs that need to be modified. * URLs relative to the stylesheet's path should be converted to relative to the site's root. */ $style['css'] = _wp_normalize_relative_css_links( $style['css'], $style['src'] ); // Keep track of the original `src` for the style that was inlined so that the `sourceURL` comment can be added. $wp_styles->add_data( $style['handle'], 'inlined_src', $style['src'] ); // Set `src` to `false` and add styles inline. $wp_styles->registered[ $style['handle'] ]->src = false; if ( empty( $wp_styles->registered[ $style['handle'] ]->extra['after'] ) ) { $wp_styles->registered[ $style['handle'] ]->extra['after'] = array(); } array_unshift( $wp_styles->registered[ $style['handle'] ]->extra['after'], $style['css'] ); // Add the styles size to the $total_inline_size var. $total_inline_size += (int) $style['size']; } } } /** * Makes URLs relative to the WordPress installation. * * @since 5.9.0 * @access private * * @param string $css The CSS to make URLs relative to the WordPress installation. * @param string $stylesheet_url The URL to the stylesheet. * * @return string The CSS with URLs made relative to the WordPress installation. */ function _wp_normalize_relative_css_links( $css, $stylesheet_url ) { return preg_replace_callback( '#(url\s*\(\s*[\'"]?\s*)([^\'"\)]+)#', static function ( $matches ) use ( $stylesheet_url ) { list( , $prefix, $url ) = $matches; // Short-circuit if the URL does not require normalization. if ( str_starts_with( $url, 'http:' ) || str_starts_with( $url, 'https:' ) || str_starts_with( $url, '/' ) || str_starts_with( $url, '#' ) || str_starts_with( $url, 'data:' ) ) { return $matches[0]; } // Build the absolute URL. $absolute_url = dirname( $stylesheet_url ) . '/' . $url; $absolute_url = str_replace( '/./', '/', $absolute_url ); // Convert to URL related to the site root. $url = wp_make_link_relative( $absolute_url ); return $prefix . $url; }, $css ); } /** * Function that enqueues the CSS Custom Properties coming from theme.json. * * @since 5.9.0 */ function wp_enqueue_global_styles_css_custom_properties() { wp_register_style( 'global-styles-css-custom-properties', false ); wp_add_inline_style( 'global-styles-css-custom-properties', wp_get_global_stylesheet( array( 'variables' ) ) ); wp_enqueue_style( 'global-styles-css-custom-properties' ); } /** * Hooks inline styles in the proper place, depending on the active theme. * * @since 5.9.1 * @since 6.1.0 Added the `$priority` parameter. * * For block themes, styles are loaded in the head. * For classic ones, styles are loaded in the body because the wp_head action happens before render_block. * * @link https://core.trac.wordpress.org/ticket/53494. * * @param string $style String containing the CSS styles to be added. * @param int $priority To set the priority for the add_action. */ function wp_enqueue_block_support_styles( $style, $priority = 10 ) { $action_hook_name = 'wp_footer'; if ( wp_is_block_theme() ) { $action_hook_name = 'wp_head'; } add_action( $action_hook_name, static function () use ( $style ) { echo "<style>$style</style>\n"; }, $priority ); } /** * Fetches, processes and compiles stored core styles, then combines and renders them to the page. * Styles are stored via the style engine API. * * @link https://developer.wordpress.org/block-editor/reference-guides/packages/packages-style-engine/ * * @since 6.1.0 * * @param array $options { * Optional. An array of options to pass to wp_style_engine_get_stylesheet_from_context(). * Default empty array. * * @type bool $optimize Whether to optimize the CSS output, e.g., combine rules. * Default false. * @type bool $prettify Whether to add new lines and indents to output. * Default to whether the `SCRIPT_DEBUG` constant is defined. * } */ function wp_enqueue_stored_styles( $options = array() ) { // Note: Styles printed at wp_footer for classic themes may still end up in the head due to wp_load_classic_theme_block_styles_on_demand(). $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * For block themes, this function prints stored styles in the header. * For classic themes, in the footer. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) ) ) { return; } $core_styles_keys = array( 'block-supports' ); $compiled_core_stylesheet = ''; $style_tag_id = 'core'; // Adds comment if code is prettified to identify core styles sections in debugging. $should_prettify = isset( $options['prettify'] ) ? true === $options['prettify'] : defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG; foreach ( $core_styles_keys as $style_key ) { if ( $should_prettify ) { $compiled_core_stylesheet .= "/**\n * Core styles: $style_key\n */\n"; } // Chains core store ids to signify what the styles contain. $style_tag_id .= '-' . $style_key; $compiled_core_stylesheet .= wp_style_engine_get_stylesheet_from_context( $style_key, $options ); } // Combines Core styles. if ( ! empty( $compiled_core_stylesheet ) ) { wp_register_style( $style_tag_id, false ); wp_add_inline_style( $style_tag_id, $compiled_core_stylesheet ); wp_enqueue_style( $style_tag_id ); } // Prints out any other stores registered by themes or otherwise. $additional_stores = WP_Style_Engine_CSS_Rules_Store::get_stores(); foreach ( array_keys( $additional_stores ) as $store_name ) { if ( in_array( $store_name, $core_styles_keys, true ) ) { continue; } $styles = wp_style_engine_get_stylesheet_from_context( $store_name, $options ); if ( ! empty( $styles ) ) { $key = "wp-style-engine-$store_name"; wp_register_style( $key, false ); wp_add_inline_style( $key, $styles ); wp_enqueue_style( $key ); } } } /** * Enqueues a stylesheet for a specific block. * * If the theme has opted-in to load block styles on demand, * then the stylesheet will be enqueued on-render, * otherwise when the block inits. * * @since 5.9.0 * * @param string $block_name The block-name, including namespace. * @param array $args { * An array of arguments. See wp_register_style() for full information about each argument. * * @type string $handle The handle for the stylesheet. * @type string|false $src The source URL of the stylesheet. * @type string[] $deps Array of registered stylesheet handles this stylesheet depends on. * @type string|bool|null $ver Stylesheet version number. * @type string $media The media for which this stylesheet has been defined. * @type string|null $path Absolute path to the stylesheet, so that it can potentially be inlined. * } */ function wp_enqueue_block_style( $block_name, $args ) { $args = wp_parse_args( $args, array( 'handle' => '', 'src' => '', 'deps' => array(), 'ver' => false, 'media' => 'all', ) ); /** * Callback function to register and enqueue styles. * * @param string $content When the callback is used for the render_block filter, * the content needs to be returned so the function parameter * is to ensure the content exists. * @return string Block content. */ $callback = static function ( $content ) use ( $args ) { // Register the stylesheet. if ( ! empty( $args['src'] ) ) { wp_register_style( $args['handle'], $args['src'], $args['deps'], $args['ver'], $args['media'] ); } // Add `path` data if provided. if ( isset( $args['path'] ) ) { wp_style_add_data( $args['handle'], 'path', $args['path'] ); // Get the RTL file path. $rtl_file_path = str_replace( '.css', '-rtl.css', $args['path'] ); // Add RTL stylesheet. if ( file_exists( $rtl_file_path ) ) { wp_style_add_data( $args['handle'], 'rtl', 'replace' ); if ( is_rtl() ) { wp_style_add_data( $args['handle'], 'path', $rtl_file_path ); } } } // Enqueue the stylesheet. wp_enqueue_style( $args['handle'] ); return $content; }; $hook = did_action( 'wp_enqueue_scripts' ) ? 'wp_footer' : 'wp_enqueue_scripts'; if ( wp_should_load_block_assets_on_demand() ) { /** * Callback function to register and enqueue styles. * * @param string $content The block content. * @param array $block The full block, including name and attributes. * @return string Block content. */ $callback_separate = static function ( $content, $block ) use ( $block_name, $callback ) { if ( ! empty( $block['blockName'] ) && $block_name === $block['blockName'] ) { return $callback( $content ); } return $content; }; /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( 'render_block', $callback_separate, 10, 2 ); return; } /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( $hook, $callback ); // Enqueue assets in the editor. add_action( 'enqueue_block_assets', $callback ); } /** * Loads classic theme styles on classic themes in the frontend. * * This is used for backwards compatibility for Button and File blocks specifically. * * @since 6.1.0 * @since 6.2.0 Added File block styles. * @since 6.8.0 Moved stylesheet registration outside of this function. */ function wp_enqueue_classic_theme_styles() { if ( ! wp_theme_has_theme_json() ) { wp_enqueue_style( 'classic-theme-styles' ); } } /** * Enqueues the assets required for the Command Palette. * * @since 6.9.0 * * @global array $menu * @global array $submenu */ function wp_enqueue_command_palette_assets() { global $menu, $submenu; $command_palette_settings = array( 'is_network_admin' => is_network_admin(), ); if ( $menu ) { $menu_commands = array(); foreach ( $menu as $menu_item ) { if ( empty( $menu_item[0] ) || ! empty( $menu_item[1] ) && ! current_user_can( $menu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $menu_label = $menu_item[0]; while ( preg_match( '/<[^>]*>/', $menu_label ) ) { $menu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $menu_label ); } $menu_label = trim( $menu_label ); $menu_url = ''; $menu_slug = $menu_item[2]; if ( preg_match( '/\.php($|\?)/', $menu_slug ) || wp_http_validate_url( $menu_slug ) ) { $menu_url = $menu_slug; } elseif ( ! empty( menu_page_url( $menu_slug, false ) ) ) { $menu_url = html_entity_decode( menu_page_url( $menu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $menu_url ) { $menu_commands[] = array( 'label' => $menu_label, 'url' => $menu_url, 'name' => $menu_slug, ); } if ( array_key_exists( $menu_slug, $submenu ) ) { foreach ( $submenu[ $menu_slug ] as $submenu_item ) { if ( empty( $submenu_item[0] ) || ! empty( $submenu_item[1] ) && ! current_user_can( $submenu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $submenu_label = $submenu_item[0]; while ( preg_match( '/<[^>]*>/', $submenu_label ) ) { $submenu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $submenu_label ); } $submenu_label = trim( $submenu_label ); $submenu_url = ''; $submenu_slug = $submenu_item[2]; if ( preg_match( '/\.php($|\?)/', $submenu_slug ) || wp_http_validate_url( $submenu_slug ) ) { $submenu_url = $submenu_slug; } elseif ( ! empty( menu_page_url( $submenu_slug, false ) ) ) { $submenu_url = html_entity_decode( menu_page_url( $submenu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $submenu_url ) { $menu_commands[] = array( 'label' => sprintf( /* translators: 1: Menu label, 2: Submenu label. */ __( '%1$s > %2$s' ), $menu_label, $submenu_label ), 'url' => $submenu_url, 'name' => $menu_slug . '-' . $submenu_item[2], ); } } } } $command_palette_settings['menu_commands'] = $menu_commands; } wp_enqueue_script( 'wp-commands' ); wp_enqueue_style( 'wp-commands' ); wp_enqueue_script( 'wp-core-commands' ); wp_add_inline_script( 'wp-core-commands', sprintf( 'wp.coreCommands.initializeCommandPalette( %s );', wp_json_encode( $command_palette_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); } /** * Removes leading and trailing _empty_ script tags. * * This is a helper meant to be used for literal script tag construction * within `wp_get_inline_script_tag()` or `wp_print_inline_script_tag()`. * It removes the literal values of "<script>" and "</script>" from * around an inline script after trimming whitespace. Typically this * is used in conjunction with output buffering, where `ob_get_clean()` * is passed as the `$contents` argument. * * Example: * * // Strips exact literal empty SCRIPT tags. * $js = '<script>sayHello();</script>; * 'sayHello();' === wp_remove_surrounding_empty_script_tags( $js ); * * // Otherwise if anything is different it warns in the JS console. * $js = '<script type="text/javascript">console.log( "hi" );</script>'; * 'console.error( ... )' === wp_remove_surrounding_empty_script_tags( $js ); * * @since 6.4.0 * @access private * * @see wp_print_inline_script_tag() * @see wp_get_inline_script_tag() * * @param string $contents Script body with manually created SCRIPT tag literals. * @return string Script body without surrounding script tag literals, or * original contents if both exact literals aren't present. */ function wp_remove_surrounding_empty_script_tags( $contents ) { $contents = trim( $contents ); $opener = '<SCRIPT>'; $closer = '</SCRIPT>'; if ( strlen( $contents ) > strlen( $opener ) + strlen( $closer ) && strtoupper( substr( $contents, 0, strlen( $opener ) ) ) === $opener && strtoupper( substr( $contents, -strlen( $closer ) ) ) === $closer ) { return substr( $contents, strlen( $opener ), -strlen( $closer ) ); } else { $error_message = __( 'Expected string to start with script tag (without attributes) and end with script tag, with optional whitespace.' ); _doing_it_wrong( __FUNCTION__, $error_message, '6.4' ); return sprintf( 'console.error(%s)', wp_json_encode( sprintf( /* translators: %s: wp_remove_surrounding_empty_script_tags() */ __( 'Function %s used incorrectly in PHP.' ), 'wp_remove_surrounding_empty_script_tags()' ) . ' ' . $error_message ) ); } } /** * Adds hooks to load block styles on demand in classic themes. * * @since 6.9.0 * * @see _add_default_theme_supports() */ function wp_load_classic_theme_block_styles_on_demand() { // This is not relevant to block themes, as they are opted in to loading separate styles on demand via _add_default_theme_supports(). if ( wp_is_block_theme() ) { return; } /* * Make sure that wp_should_output_buffer_template_for_enhancement() returns true even if there aren't any * `wp_template_enhancement_output_buffer` filters added, but do so at priority zero so that applications which * wish to stream responses can more easily turn this off. */ add_filter( 'wp_should_output_buffer_template_for_enhancement', '__return_true', 0 ); // If a site has opted out of the template enhancement output buffer, then bail. if ( ! wp_should_output_buffer_template_for_enhancement() ) { return; } // The following two filters are added by default for block themes in _add_default_theme_supports(). /* * Load separate block styles so that the large block-library stylesheet is not enqueued unconditionally, and so * that block-specific styles will only be enqueued when they are used on the page. A priority of zero allows for * this to be easily overridden by themes which wish to opt out. If a site has explicitly opted out of loading * separate block styles, then abort. */ add_filter( 'should_load_separate_core_block_assets', '__return_true', 0 ); if ( ! wp_should_load_separate_core_block_assets() ) { return; } /* * Also ensure that block assets are loaded on demand (although the default value is from should_load_separate_core_block_assets). * As above, a priority of zero allows for this to be easily overridden by themes which wish to opt out. If a site * has explicitly opted out of loading block styles on demand, then abort. */ add_filter( 'should_load_block_assets_on_demand', '__return_true', 0 ); if ( ! wp_should_load_block_assets_on_demand() ) { return; } // Add hooks which require the presence of the output buffer. Ideally the above two filters could be added here, but they run too early. add_action( 'wp_template_enhancement_output_buffer_started', 'wp_hoist_late_printed_styles' ); } /** * Adds the hooks needed for CSS output to be delayed until after the content of the page has been established. * * @since 6.9.0 * * @see wp_load_classic_theme_block_styles_on_demand() * @see _wp_footer_scripts() */ function wp_hoist_late_printed_styles() { // Skip the embed template on-demand styles aren't relevant, and there is no wp_head action. if ( is_embed() ) { return; } // Capture the styles enqueued at the enqueue_block_assets action, so that non-core block styles and global styles can be inserted afterwards during hoisting. $style_handles_at_enqueue_block_assets = array(); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = wp_styles()->queue; }, PHP_INT_MIN ); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = array_values( array_diff( wp_styles()->queue, $style_handles_at_enqueue_block_assets ) ); }, PHP_INT_MAX ); /* * Add a placeholder comment into the inline styles for wp-block-library, after which the late block styles * can be hoisted from the footer to be printed in the header by means of a filter below on the template enhancement * output buffer. The `wp_print_styles` action is used to ensure that if the inline style gets replaced at * `enqueue_block_assets` or `wp_enqueue_scripts` that the placeholder will be sure to be present. */ $placeholder = sprintf( '/*%s*/', uniqid( 'wp_block_styles_on_demand_placeholder:' ) ); add_action( 'wp_print_styles', static function () use ( $placeholder ) { wp_add_inline_style( 'wp-block-library', $placeholder ); } ); /* * Create a substitute for `print_late_styles()` which is aware of block styles. This substitute does not print * the styles, but it captures what would be printed for block styles and non-block styles so that they can be * later hoisted to the HEAD in the template enhancement output buffer. This will run at `wp_print_footer_scripts` * before `print_footer_scripts()` is called. */ $printed_core_block_styles = ''; $printed_other_block_styles = ''; $printed_global_styles = ''; $printed_late_styles = ''; $capture_late_styles = static function () use ( &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Gather the styles related to on-demand block enqueues. $all_core_block_style_handles = array(); $all_other_block_style_handles = array(); foreach ( WP_Block_Type_Registry::get_instance()->get_all_registered() as $block_type ) { if ( str_starts_with( $block_type->name, 'core/' ) ) { foreach ( $block_type->style_handles as $style_handle ) { $all_core_block_style_handles[] = $style_handle; } } else { foreach ( $block_type->style_handles as $style_handle ) { $all_other_block_style_handles[] = $style_handle; } } } /* * First print all styles related to blocks which should be inserted right after the wp-block-library stylesheet * to preserve the CSS cascade. The logic in this `if` statement is derived from `wp_print_styles()`. */ $enqueued_core_block_styles = array_values( array_intersect( $all_core_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_core_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_core_block_styles ); $printed_core_block_styles = ob_get_clean(); } // Non-core block styles get printed after the classic-theme-styles stylesheet. $enqueued_other_block_styles = array_values( array_intersect( $all_other_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_other_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_other_block_styles ); $printed_other_block_styles = ob_get_clean(); } // Capture the global-styles so that it can be printed separately after classic-theme-styles and other styles enqueued at enqueue_block_assets. if ( wp_style_is( 'global-styles' ) ) { ob_start(); wp_styles()->do_items( array( 'global-styles' ) ); $printed_global_styles = ob_get_clean(); } /* * Print all remaining styles not related to blocks. This contains a subset of the logic from * `print_late_styles()`, without admin-specific logic and the `print_late_styles` filter to control whether * late styles are printed (since they are being hoisted anyway). */ ob_start(); wp_styles()->do_footer_items(); $printed_late_styles = ob_get_clean(); }; /* * If `_wp_footer_scripts()` was unhooked from the `wp_print_footer_scripts` action, or if `wp_print_footer_scripts()` * was unhooked from running at the `wp_footer` action, then only add a callback to `wp_footer` which will capture the * late-printed styles. * * Otherwise, in the normal case where `_wp_footer_scripts()` will run at the `wp_print_footer_scripts` action, then * swap out `_wp_footer_scripts()` with an alternative which captures the printed styles (for hoisting to HEAD) before * proceeding with printing the footer scripts. */ $wp_print_footer_scripts_priority = has_action( 'wp_print_footer_scripts', '_wp_footer_scripts' ); if ( false === $wp_print_footer_scripts_priority || false === has_action( 'wp_footer', 'wp_print_footer_scripts' ) ) { // The normal priority for wp_print_footer_scripts() is to run at 20. add_action( 'wp_footer', $capture_late_styles, 20 ); } else { remove_action( 'wp_print_footer_scripts', '_wp_footer_scripts', $wp_print_footer_scripts_priority ); add_action( 'wp_print_footer_scripts', static function () use ( $capture_late_styles ) { $capture_late_styles(); print_footer_scripts(); }, $wp_print_footer_scripts_priority ); } // Replace placeholder with the captured late styles. add_filter( 'wp_template_enhancement_output_buffer', static function ( $buffer ) use ( $placeholder, &$style_handles_at_enqueue_block_assets, &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Anonymous subclass of WP_HTML_Tag_Processor which exposes underlying bookmark spans. $processor = new class( $buffer ) extends WP_HTML_Tag_Processor { /** * Gets the span for the current token. * * @return WP_HTML_Span Current token span. */ private function get_span(): WP_HTML_Span { // Note: This call will never fail according to the usage of this class, given it is always called after ::next_tag() is true. $this->set_bookmark( 'here' ); return $this->bookmarks['here']; } /** * Inserts text before the current token. * * @param string $text Text to insert. */ public function insert_before( string $text ) { $this->lexical_updates[] = new WP_HTML_Text_Replacement( $this->get_span()->start, 0, $text ); } /** * Inserts text after the current token. * * @param string $text Text to insert. */ public function insert_after( string $text ) { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start + $span->length, 0, $text ); } /** * Removes the current token. */ public function remove() { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start, $span->length, '' ); } }; // Locate the insertion points in the HEAD. while ( $processor->next_tag( array( 'tag_closers' => 'visit' ) ) ) { if ( 'STYLE' === $processor->get_tag() && 'wp-block-library-inline-css' === $processor->get_attribute( 'id' ) ) { $processor->set_bookmark( 'wp_block_library' ); } elseif ( 'HEAD' === $processor->get_tag() && $processor->is_tag_closer() ) { $processor->set_bookmark( 'head_end' ); break; } elseif ( ( 'STYLE' === $processor->get_tag() || 'LINK' === $processor->get_tag() ) && $processor->get_attribute( 'id' ) ) { $id = $processor->get_attribute( 'id' ); $handle = null; if ( 'STYLE' === $processor->get_tag() ) { if ( preg_match( '/^(.+)-inline-css$/', $id, $matches ) ) { $handle = $matches[1]; } } elseif ( preg_match( '/^(.+)-css$/', $id, $matches ) ) { $handle = $matches[1]; } if ( 'classic-theme-styles' === $handle ) { $processor->set_bookmark( 'classic_theme_styles' ); } if ( $handle && in_array( $handle, $style_handles_at_enqueue_block_assets, true ) ) { if ( ! $processor->has_bookmark( 'first_style_at_enqueue_block_assets' ) ) { $processor->set_bookmark( 'first_style_at_enqueue_block_assets' ); } $processor->set_bookmark( 'last_style_at_enqueue_block_assets' ); } } } /* * Insert block styles right after wp-block-library (if it is present). The placeholder CSS comment will * always be added to the wp-block-library inline style since it gets printed at `wp_head` before the blocks * are rendered. This means that there may not actually be any block styles to hoist from the footer to * insert after this inline style. The placeholder CSS comment needs to be added so that the inline style * gets printed, but if the resulting inline style is empty after the placeholder is removed, then the * inline style is removed. */ if ( $processor->has_bookmark( 'wp_block_library' ) ) { $processor->seek( 'wp_block_library' ); $css_text = $processor->get_modifiable_text(); /* * A placeholder CSS comment is added to the inline style in order to force an inline STYLE tag to * be printed. Now that we've located the inline style, the placeholder comment can be removed. If * there is no CSS left in the STYLE tag after removing the placeholder (aside from the sourceURL * comment), then remove the STYLE entirely. */ $css_text = str_replace( $placeholder, '', $css_text ); if ( preg_match( ':^/\*# sourceURL=\S+? \*/$:', trim( $css_text ) ) ) { $processor->remove(); } else { $processor->set_modifiable_text( $css_text ); } $inserted_after = $printed_core_block_styles; $printed_core_block_styles = ''; // If the classic-theme-styles is absent, then the third-party block styles cannot be inserted after it, so they get inserted here. if ( ! $processor->has_bookmark( 'classic_theme_styles' ) ) { if ( '' !== $printed_other_block_styles ) { $inserted_after .= $printed_other_block_styles; } $printed_other_block_styles = ''; // If there aren't any other styles printed at enqueue_block_assets either, then the global styles need to also be printed here. if ( ! $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { if ( '' !== $printed_global_styles ) { $inserted_after .= $printed_global_styles; } $printed_global_styles = ''; } } if ( '' !== $inserted_after ) { $processor->insert_after( "\n" . $inserted_after ); } } // Insert global-styles after the styles enqueued at enqueue_block_assets. if ( '' !== $printed_global_styles && $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { $processor->seek( 'last_style_at_enqueue_block_assets' ); $processor->insert_after( "\n" . $printed_global_styles ); $printed_global_styles = ''; if ( ! $processor->has_bookmark( 'classic_theme_styles' ) && '' !== $printed_other_block_styles ) { $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } } // Insert third-party block styles right after the classic-theme-styles. if ( '' !== $printed_other_block_styles && $processor->has_bookmark( 'classic_theme_styles' ) ) { $processor->seek( 'classic_theme_styles' ); $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } // Print all remaining styles. $remaining_styles = $printed_core_block_styles . $printed_other_block_styles . $printed_global_styles . $printed_late_styles; if ( $remaining_styles && $processor->has_bookmark( 'head_end' ) ) { $processor->seek( 'head_end' ); $processor->insert_before( $remaining_styles . "\n" ); } return $processor->get_updated_html(); } ); } /** * Return the corresponding JavaScript `dataset` name for an attribute * if it represents a custom data attribute, or `null` if not. * * Custom data attributes appear in an element's `dataset` property in a * browser, but there's a specific way the names are translated from HTML * into JavaScript. This function indicates how the name would appear in * JavaScript if a browser would recognize it as a custom data attribute. * * Example: * * // Dash-letter pairs turn into capital letters. * 'postId' === wp_js_dataset_name( 'data-post-id' ); * 'Before' === wp_js_dataset_name( 'data--before' ); * '-One--Two---' === wp_js_dataset_name( 'data---one---two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_js_dataset_name( 'post-id' ); * null === wp_js_dataset_name( 'data' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * '' === wp_js_dataset_name( 'data-' ); * 0 === strlen( wp_js_dataset_name( 'data-' ) ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_html_custom_data_attribute_name() * * @param string $html_attribute_name Raw attribute name as found in the source HTML. * @return string|null Transformed `dataset` name, if interpretable as a custom data attribute, else `null`. */ function wp_js_dataset_name( string $html_attribute_name ): ?string { if ( 0 !== substr_compare( $html_attribute_name, 'data-', 0, 5, true ) ) { return null; } $end = strlen( $html_attribute_name ); /* * If it contains characters which would end the attribute name parsing then * something else is wrong and this contains more than just an attribute name. */ if ( ( $end - 5 ) !== strcspn( $html_attribute_name, "=/> \t\f\r\n", 5 ) ) { return null; } /** * > For each name in list, for each U+002D HYPHEN-MINUS character (-) * > in the name that is followed by an ASCII lower alpha, remove the * > U+002D HYPHEN-MINUS character (-) and replace the character that * > followed it by the same character converted to ASCII uppercase. * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs */ $custom_name = ''; $at = 5; $was_at = $at; while ( $at < $end ) { $next_dash_at = strpos( $html_attribute_name, '-', $at ); if ( false === $next_dash_at || $next_dash_at === $end - 1 ) { break; } // Transform `-a` to `A`, for example. $c = $html_attribute_name[ $next_dash_at + 1 ]; if ( ( $c >= 'A' && $c <= 'Z' ) || ( $c >= 'a' && $c <= 'z' ) ) { $prefix = substr( $html_attribute_name, $was_at, $next_dash_at - $was_at ); $custom_name .= strtolower( $prefix ); $custom_name .= strtoupper( $c ); $at = $next_dash_at + 2; $was_at = $at; continue; } $at = $next_dash_at + 1; } // If nothing has been added it means there are no dash-letter pairs; return the name as-is. return '' === $custom_name ? strtolower( substr( $html_attribute_name, 5 ) ) : ( $custom_name . strtolower( substr( $html_attribute_name, $was_at ) ) ); } /** * Returns a corresponding HTML attribute name for the given name, * if that name were found in a JS element’s `dataset` property. * * Example: * * 'data-post-id' === wp_html_custom_data_attribute_name( 'postId' ); * 'data--before' === wp_html_custom_data_attribute_name( 'Before' ); * 'data---one---two---' === wp_html_custom_data_attribute_name( '-One--Two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_html_custom_data_attribute_name( '/not-an-attribute/' ); * null === wp_html_custom_data_attribute_name( 'no spaces' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * 'data-' === wp_html_custom_data_attribute_name( '' ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_js_dataset_name() * * @param string $js_dataset_name Name of JS `dataset` property to transform. * @return string|null Corresponding name of an HTML custom data attribute for the given dataset name, * if possible to represent in HTML, otherwise `null`. */ function wp_html_custom_data_attribute_name( string $js_dataset_name ): ?string { $end = strlen( $js_dataset_name ); if ( 0 === $end ) { return 'data-'; } /* * If it contains characters which would end the attribute name parsing then * something it’s not possible to represent this in HTML. */ if ( strcspn( $js_dataset_name, "=/> \t\f\r\n" ) !== $end ) { return null; } $html_name = 'data-'; $at = 0; $was_at = $at; while ( $at < $end ) { $next_upper_after = strcspn( $js_dataset_name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', $at ); $next_upper_at = $at + $next_upper_after; if ( $next_upper_at >= $end ) { break; } $prefix = substr( $js_dataset_name, $was_at, $next_upper_at - $was_at ); $html_name .= strtolower( $prefix ); $html_name .= '-' . strtolower( $js_dataset_name[ $next_upper_at ] ); $at = $next_upper_at + 1; $was_at = $at; } if ( $was_at < $end ) { $html_name .= strtolower( substr( $js_dataset_name, $was_at ) ); } return $html_name; } HTTP/https-migration-20260606045104.php 0000666 00000011205 15226703613 0012556 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260612052922.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/script-loader-20260605102243.php 0000666 00000465210 15226703613 0012203 0 ustar 00 <?php /** * WordPress scripts and styles default loader. * * Several constants are used to manage the loading, concatenating and compression of scripts and CSS: * define('SCRIPT_DEBUG', true); loads the development (non-minified) versions of all scripts and CSS, and disables compression and concatenation, * define('CONCATENATE_SCRIPTS', false); disables compression and concatenation of scripts and CSS, * define('COMPRESS_SCRIPTS', false); disables compression of scripts, * define('COMPRESS_CSS', false); disables compression of CSS, * define('ENFORCE_GZIP', true); forces gzip for compression (default is deflate). * * The globals $concatenate_scripts, $compress_scripts and $compress_css can be set by plugins * to temporarily override the above settings. Also a compression test is run once and the result is saved * as option 'can_compress_scripts' (0/1). The test will run again if that option is deleted. * * @package WordPress */ /** WordPress Dependency Class */ require ABSPATH . WPINC . '/class-wp-dependency.php'; /** WordPress Dependencies Class */ require ABSPATH . WPINC . '/class-wp-dependencies.php'; /** WordPress Scripts Class */ require ABSPATH . WPINC . '/class-wp-scripts.php'; /** WordPress Scripts Functions */ require ABSPATH . WPINC . '/functions.wp-scripts.php'; /** WordPress Styles Class */ require ABSPATH . WPINC . '/class-wp-styles.php'; /** WordPress Styles Functions */ require ABSPATH . WPINC . '/functions.wp-styles.php'; /** * Registers TinyMCE scripts. * * @since 5.0.0 * * @global string $tinymce_version * @global bool $concatenate_scripts * @global bool $compress_scripts * * @param WP_Scripts $scripts WP_Scripts object. * @param bool $force_uncompressed Whether to forcibly prevent gzip compression. Default false. */ function wp_register_tinymce_scripts( $scripts, $force_uncompressed = false ) { global $tinymce_version, $concatenate_scripts, $compress_scripts; $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); script_concat_settings(); $compressed = $compress_scripts && $concatenate_scripts && ! $force_uncompressed; /* * Load tinymce.js when running from /src, otherwise load wp-tinymce.js (in production) * or tinymce.min.js (when SCRIPT_DEBUG is true). */ if ( $compressed ) { $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . 'wp-tinymce.js', array(), $tinymce_version ); } else { $scripts->add( 'wp-tinymce-root', includes_url( 'js/tinymce/' ) . "tinymce$dev_suffix.js", array(), $tinymce_version ); $scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . "plugins/compat3x/plugin$dev_suffix.js", array( 'wp-tinymce-root' ), $tinymce_version ); } $scripts->add( 'wp-tinymce-lists', includes_url( "js/tinymce/plugins/lists/plugin$suffix.js" ), array( 'wp-tinymce' ), $tinymce_version ); } /** * Registers all the WordPress vendor scripts that are in the standardized * `js/dist/vendor/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @global WP_Locale $wp_locale WordPress date and time locale object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_vendor( $scripts ) { global $wp_locale; $suffix = wp_scripts_get_suffix(); $vendor_scripts = array( 'react', 'react-dom' => array( 'react' ), 'react-jsx-runtime' => array( 'react' ), 'regenerator-runtime', 'moment', 'lodash', 'wp-polyfill-fetch', 'wp-polyfill-formdata', 'wp-polyfill-node-contains', 'wp-polyfill-url', 'wp-polyfill-dom-rect', 'wp-polyfill-element-closest', 'wp-polyfill-object-fit', 'wp-polyfill-inert', 'wp-polyfill', ); $vendor_scripts_versions = array( 'react' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-dom' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update. 'react-jsx-runtime' => '18.3.1', 'regenerator-runtime' => '0.14.1', 'moment' => '2.30.1', 'lodash' => '4.17.21', 'wp-polyfill-fetch' => '3.6.20', 'wp-polyfill-formdata' => '4.0.10', 'wp-polyfill-node-contains' => '4.8.0', 'wp-polyfill-url' => '3.6.4', 'wp-polyfill-dom-rect' => '4.8.0', 'wp-polyfill-element-closest' => '3.0.2', 'wp-polyfill-object-fit' => '2.3.5', 'wp-polyfill-inert' => '3.1.3', 'wp-polyfill' => '3.15.0', ); foreach ( $vendor_scripts as $handle => $dependencies ) { if ( is_string( $dependencies ) ) { $handle = $dependencies; $dependencies = array(); } $path = "/wp-includes/js/dist/vendor/$handle$suffix.js"; $version = $vendor_scripts_versions[ $handle ]; $scripts->add( $handle, $path, $dependencies, $version, 1 ); } did_action( 'init' ) && $scripts->add_inline_script( 'lodash', 'window.lodash = _.noConflict();' ); did_action( 'init' ) && $scripts->add_inline_script( 'moment', sprintf( "moment.updateLocale( '%s', %s );", esc_js( get_user_locale() ), wp_json_encode( array( 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'week' => array( 'dow' => (int) get_option( 'start_of_week', 0 ), ), 'longDateFormat' => array( 'LT' => get_option( 'time_format', __( 'g:i a' ) ), 'LTS' => null, 'L' => null, 'LL' => get_option( 'date_format', __( 'F j, Y' ) ), 'LLL' => __( 'F j, Y g:i a' ), 'LLLL' => null, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Returns contents of an inline script used in appending polyfill scripts for * browsers which fail the provided tests. The provided array is a mapping from * a condition to verify feature support to its polyfill script handle. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. * @param string[] $tests Features to detect. * @return string Conditional polyfill inline script. */ function wp_get_script_polyfill( $scripts, $tests ) { $polyfill = ''; foreach ( $tests as $test => $handle ) { if ( ! array_key_exists( $handle, $scripts->registered ) ) { continue; } $src = $scripts->registered[ $handle ]->src; $ver = $scripts->registered[ $handle ]->ver; if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $scripts->content_url && str_starts_with( $src, $scripts->content_url ) ) ) { $src = $scripts->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** This filter is documented in wp-includes/class-wp-scripts.php */ $src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) ); if ( ! $src ) { continue; } $polyfill .= ( // Test presence of feature... '( ' . $test . ' ) || ' . /* * ...appending polyfill on any failures. Cautious viewers may balk * at the `document.write`. Its caveat of synchronous mid-stream * blocking write is exactly the behavior we need though. */ 'document.write( \'<script src="' . $src . '"></scr\' + \'ipt>\' );' ); } return $polyfill; } /** * Registers development scripts that integrate with `@wordpress/scripts`. * * @see https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#start * * @since 6.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_register_development_scripts( $scripts ) { if ( ! defined( 'SCRIPT_DEBUG' ) || ! SCRIPT_DEBUG || empty( $scripts->registered['react'] ) || defined( 'WP_RUN_CORE_TESTS' ) ) { return; } $development_scripts = array( 'react-refresh-entry', 'react-refresh-runtime', ); foreach ( $development_scripts as $script_name ) { $assets = include ABSPATH . WPINC . '/assets/script-loader-' . $script_name . '.php'; if ( ! is_array( $assets ) ) { return; } $scripts->add( 'wp-' . $script_name, '/wp-includes/js/dist/development/' . $script_name . '.js', $assets['dependencies'], $assets['version'] ); } // See https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#externalising-react. $scripts->registered['react']->deps[] = 'wp-react-refresh-entry'; } /** * Registers all the WordPress packages scripts that are in the standardized * `js/dist/` location. * * For the order of `$scripts->add` see `wp_default_scripts`. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_scripts( $scripts ) { $suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix(); /* * Expects multidimensional array like: * * 'a11y.js' => array('dependencies' => array(...), 'version' => '...'), * 'annotations.js' => array('dependencies' => array(...), 'version' => '...'), * 'api-fetch.js' => array(... */ $assets = include ABSPATH . WPINC . "/assets/script-loader-packages{$suffix}.php"; foreach ( $assets as $file_name => $package_data ) { $basename = str_replace( $suffix . '.js', '', basename( $file_name ) ); $handle = 'wp-' . $basename; $path = "/wp-includes/js/dist/{$basename}{$suffix}.js"; if ( ! empty( $package_data['dependencies'] ) ) { $dependencies = $package_data['dependencies']; } else { $dependencies = array(); } // Add dependencies that cannot be detected and generated by build tools. switch ( $handle ) { case 'wp-block-library': array_push( $dependencies, 'editor' ); break; case 'wp-edit-post': array_push( $dependencies, 'media-models', 'media-views', 'postbox', 'wp-dom-ready' ); break; case 'wp-preferences': array_push( $dependencies, 'wp-preferences-persistence' ); break; } $scripts->add( $handle, $path, $dependencies, $package_data['version'], 1 ); if ( in_array( 'wp-i18n', $dependencies, true ) ) { $scripts->set_translations( $handle ); } /* * Manually set the text direction localization after wp-i18n is printed. * This ensures that wp.i18n.isRTL() returns true in RTL languages. * We cannot use $scripts->set_translations( 'wp-i18n' ) to do this * because WordPress prints a script's translations *before* the script, * which means, in the case of wp-i18n, that wp.i18n.setLocaleData() * is called before wp.i18n is defined. */ if ( 'wp-i18n' === $handle ) { $ltr = _x( 'ltr', 'text direction' ); $script = sprintf( "wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ '%s' ] } );", $ltr ); $scripts->add_inline_script( $handle, $script, 'after' ); } } } /** * Adds inline scripts required for the WordPress JavaScript packages. * * @since 5.0.0 * @since 6.4.0 Added relative time strings for the `wp-date` inline script output. * * @global WP_Locale $wp_locale WordPress date and time locale object. * @global wpdb $wpdb WordPress database abstraction object. * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages_inline_scripts( $scripts ) { global $wp_locale, $wpdb; if ( isset( $scripts->registered['wp-api-fetch'] ) ) { $scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks'; } $scripts->add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );', sanitize_url( get_rest_url() ) ), 'after' ); $scripts->add_inline_script( 'wp-api-fetch', implode( "\n", array( sprintf( 'wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );', wp_installing() ? '' : wp_create_nonce( 'wp_rest' ) ), 'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );', 'wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );', sprintf( 'wp.apiFetch.nonceEndpoint = "%s";', admin_url( 'admin-ajax.php?action=rest-nonce' ) ), ) ), 'after' ); $meta_key = $wpdb->get_blog_prefix() . 'persisted_preferences'; $user_id = get_current_user_id(); $preload_data = get_user_meta( $user_id, $meta_key, true ); $scripts->add_inline_script( 'wp-preferences', sprintf( '( function() { var serverData = %s; var userId = "%d"; var persistenceLayer = wp.preferencesPersistence.__unstableCreatePersistenceLayer( serverData, userId ); var preferencesStore = wp.preferences.store; wp.data.dispatch( preferencesStore ).setPersistenceLayer( persistenceLayer ); } ) ();', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), $user_id ) ); // Backwards compatibility - configure the old wp-data persistence system. $scripts->add_inline_script( 'wp-data', implode( "\n", array( '( function() {', ' var userId = ' . get_current_user_id() . ';', ' var storageKey = "WP_DATA_USER_" + userId;', ' wp.data', ' .use( wp.data.plugins.persistence, { storageKey: storageKey } );', '} )();', ) ) ); // Calculate the timezone abbr (EDT, PST) if possible. $timezone_string = get_option( 'timezone_string', 'UTC' ); $timezone_abbr = ''; if ( ! empty( $timezone_string ) ) { $timezone_date = new DateTime( 'now', new DateTimeZone( $timezone_string ) ); $timezone_abbr = $timezone_date->format( 'T' ); } $gmt_offset = get_option( 'gmt_offset', 0 ); $scripts->add_inline_script( 'wp-date', sprintf( 'wp.date.setSettings( %s );', wp_json_encode( array( 'l10n' => array( 'locale' => get_user_locale(), 'months' => array_values( $wp_locale->month ), 'monthsShort' => array_values( $wp_locale->month_abbrev ), 'weekdays' => array_values( $wp_locale->weekday ), 'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ), 'meridiem' => (object) $wp_locale->meridiem, 'relative' => array( /* translators: %s: Duration. */ 'future' => __( '%s from now' ), /* translators: %s: Duration. */ 'past' => __( '%s ago' ), /* translators: One second from or to a particular datetime, e.g., "a second ago" or "a second from now". */ 's' => __( 'a second' ), /* translators: %d: Duration in seconds from or to a particular datetime, e.g., "4 seconds ago" or "4 seconds from now". */ 'ss' => __( '%d seconds' ), /* translators: One minute from or to a particular datetime, e.g., "a minute ago" or "a minute from now". */ 'm' => __( 'a minute' ), /* translators: %d: Duration in minutes from or to a particular datetime, e.g., "4 minutes ago" or "4 minutes from now". */ 'mm' => __( '%d minutes' ), /* translators: One hour from or to a particular datetime, e.g., "an hour ago" or "an hour from now". */ 'h' => __( 'an hour' ), /* translators: %d: Duration in hours from or to a particular datetime, e.g., "4 hours ago" or "4 hours from now". */ 'hh' => __( '%d hours' ), /* translators: One day from or to a particular datetime, e.g., "a day ago" or "a day from now". */ 'd' => __( 'a day' ), /* translators: %d: Duration in days from or to a particular datetime, e.g., "4 days ago" or "4 days from now". */ 'dd' => __( '%d days' ), /* translators: One month from or to a particular datetime, e.g., "a month ago" or "a month from now". */ 'M' => __( 'a month' ), /* translators: %d: Duration in months from or to a particular datetime, e.g., "4 months ago" or "4 months from now". */ 'MM' => __( '%d months' ), /* translators: One year from or to a particular datetime, e.g., "a year ago" or "a year from now". */ 'y' => __( 'a year' ), /* translators: %d: Duration in years from or to a particular datetime, e.g., "4 years ago" or "4 years from now". */ 'yy' => __( '%d years' ), ), 'startOfWeek' => (int) get_option( 'start_of_week', 0 ), ), 'formats' => array( /* translators: Time format, see https://www.php.net/manual/datetime.format.php */ 'time' => get_option( 'time_format', __( 'g:i a' ) ), /* translators: Date format, see https://www.php.net/manual/datetime.format.php */ 'date' => get_option( 'date_format', __( 'F j, Y' ) ), /* translators: Date/Time format, see https://www.php.net/manual/datetime.format.php */ 'datetime' => __( 'F j, Y g:i a' ), /* translators: Abbreviated date/time format, see https://www.php.net/manual/datetime.format.php */ 'datetimeAbbreviated' => __( 'M j, Y g:i a' ), ), 'timezone' => array( 'offset' => (float) $gmt_offset, 'offsetFormatted' => str_replace( array( '.25', '.5', '.75' ), array( ':15', ':30', ':45' ), (string) $gmt_offset ), 'string' => $timezone_string, 'abbr' => $timezone_abbr, ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); // Loading the old editor and its config to ensure the classic block works as expected. $scripts->add_inline_script( 'editor', 'window.wp.oldEditor = window.wp.editor;', 'after' ); /* * wp-editor module is exposed as window.wp.editor. * Problem: there is quite some code expecting window.wp.oldEditor object available under window.wp.editor. * Solution: fuse the two objects together to maintain backward compatibility. * For more context, see https://github.com/WordPress/gutenberg/issues/33203. */ $scripts->add_inline_script( 'wp-editor', 'Object.assign( window.wp.editor, window.wp.oldEditor );', 'after' ); } /** * Adds inline scripts required for the TinyMCE in the block editor. * * These TinyMCE init settings are used to extend and override the default settings * from `_WP_Editors::default_settings()` for the Classic block. * * @since 5.0.0 * * @global WP_Scripts $wp_scripts */ function wp_tinymce_inline_scripts() { global $wp_scripts; /** This filter is documented in wp-includes/class-wp-editor.php */ $editor_settings = apply_filters( 'wp_editor_settings', array( 'tinymce' => true ), 'classic-block' ); $tinymce_plugins = array( 'charmap', 'colorpicker', 'hr', 'lists', 'media', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wpdialogs', 'wptextpattern', 'wpview', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_plugins = apply_filters( 'tiny_mce_plugins', $tinymce_plugins, 'classic-block' ); $tinymce_plugins = array_unique( $tinymce_plugins ); $disable_captions = false; // Runs after `tiny_mce_plugins` but before `mce_buttons`. /** This filter is documented in wp-admin/includes/media.php */ if ( apply_filters( 'disable_captions', '' ) ) { $disable_captions = true; } $toolbar1 = array( 'formatselect', 'bold', 'italic', 'bullist', 'numlist', 'blockquote', 'alignleft', 'aligncenter', 'alignright', 'link', 'unlink', 'wp_more', 'spellchecker', 'wp_add_media', 'wp_adv', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar1 = apply_filters( 'mce_buttons', $toolbar1, 'classic-block' ); $toolbar2 = array( 'strikethrough', 'hr', 'forecolor', 'pastetext', 'removeformat', 'charmap', 'outdent', 'indent', 'undo', 'redo', 'wp_help', ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar2 = apply_filters( 'mce_buttons_2', $toolbar2, 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar3 = apply_filters( 'mce_buttons_3', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $toolbar4 = apply_filters( 'mce_buttons_4', array(), 'classic-block' ); /** This filter is documented in wp-includes/class-wp-editor.php */ $external_plugins = apply_filters( 'mce_external_plugins', array(), 'classic-block' ); $tinymce_settings = array( 'plugins' => implode( ',', $tinymce_plugins ), 'toolbar1' => implode( ',', $toolbar1 ), 'toolbar2' => implode( ',', $toolbar2 ), 'toolbar3' => implode( ',', $toolbar3 ), 'toolbar4' => implode( ',', $toolbar4 ), 'external_plugins' => wp_json_encode( $external_plugins ), 'classic_block_editor' => true, ); if ( $disable_captions ) { $tinymce_settings['wpeditimage_disable_captions'] = true; } if ( ! empty( $editor_settings['tinymce'] ) && is_array( $editor_settings['tinymce'] ) ) { $tinymce_settings = array_merge( $tinymce_settings, $editor_settings['tinymce'] ); } /** This filter is documented in wp-includes/class-wp-editor.php */ $tinymce_settings = apply_filters( 'tiny_mce_before_init', $tinymce_settings, 'classic-block' ); /* * Do "by hand" translation from PHP array to js object. * Prevents breakage in some custom settings. */ $init_obj = ''; foreach ( $tinymce_settings as $key => $value ) { if ( is_bool( $value ) ) { $val = $value ? 'true' : 'false'; $init_obj .= $key . ':' . $val . ','; continue; } elseif ( ! empty( $value ) && is_string( $value ) && ( ( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) || ( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) || preg_match( '/^\(?function ?\(/', $value ) ) ) { $init_obj .= $key . ':' . $value . ','; continue; } $init_obj .= $key . ':"' . $value . '",'; } $init_obj = '{' . trim( $init_obj, ' ,' ) . '}'; $script = 'window.wpEditorL10n = { tinymce: { baseURL: ' . wp_json_encode( includes_url( 'js/tinymce' ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ', suffix: ' . ( SCRIPT_DEBUG ? '""' : '".min"' ) . ', settings: ' . $init_obj . ', } }'; $wp_scripts->add_inline_script( 'wp-block-library', $script, 'before' ); } /** * Registers all the WordPress packages scripts. * * @since 5.0.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_packages( $scripts ) { wp_default_packages_vendor( $scripts ); wp_register_development_scripts( $scripts ); wp_register_tinymce_scripts( $scripts ); wp_default_packages_scripts( $scripts ); if ( did_action( 'init' ) ) { wp_default_packages_inline_scripts( $scripts ); } } /** * Returns the suffix that can be used for the scripts. * * There are two suffix types, the normal one and the dev suffix. * * @since 5.0.0 * * @param string $type The type of suffix to retrieve. * @return string The script suffix. */ function wp_scripts_get_suffix( $type = '' ) { static $suffixes; if ( null === $suffixes ) { /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ $develop_src = false !== strpos( $wp_version, '-src' ); if ( ! defined( 'SCRIPT_DEBUG' ) ) { define( 'SCRIPT_DEBUG', $develop_src ); } $suffix = SCRIPT_DEBUG ? '' : '.min'; $dev_suffix = $develop_src ? '' : '.min'; $suffixes = array( 'suffix' => $suffix, 'dev_suffix' => $dev_suffix, ); } if ( 'dev' === $type ) { return $suffixes['dev_suffix']; } return $suffixes['suffix']; } /** * Registers all WordPress scripts. * * Localizes some of them. * args order: `$scripts->add( 'handle', 'url', 'dependencies', 'query-string', 1 );` * when last arg === 1 queues the script for the footer * * @since 2.6.0 * * @param WP_Scripts $scripts WP_Scripts object. */ function wp_default_scripts( $scripts ) { $suffix = wp_scripts_get_suffix(); $dev_suffix = wp_scripts_get_suffix( 'dev' ); $guessurl = site_url(); if ( ! $guessurl ) { $guessed_url = true; $guessurl = wp_guess_url(); } $scripts->base_url = $guessurl; $scripts->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $scripts->default_version = get_bloginfo( 'version' ); $scripts->default_dirs = array( '/wp-admin/js/', '/wp-includes/js/' ); $scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" ); did_action( 'init' ) && $scripts->localize( 'utils', 'userSettings', array( 'url' => (string) SITECOOKIEPATH, 'uid' => (string) get_current_user_id(), 'time' => (string) time(), 'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ), ) ); $scripts->add( 'common', "/wp-admin/js/common$suffix.js", array( 'jquery', 'hoverIntent', 'utils', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'common' ); $bulk_action_observer_ids = array( 'bulk_action' => 'action', 'changeit' => 'new_role', ); did_action( 'init' ) && $scripts->localize( 'common', 'bulkActionObserverIds', /** * Filters the array of field name attributes for bulk actions. * * @since 6.8.1 * * @param array $bulk_action_observer_ids { * An array of field name attributes for bulk actions. * * @type string $bulk_action The bulk action field name. Default 'action'. * @type string $changeit The new role field name. Default 'new_role'. * } */ apply_filters( 'bulk_action_observer_ids', $bulk_action_observer_ids ) ); $scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array(), false, 1 ); $scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 ); $scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->localize( 'quicktags', 'quicktagsL10n', array( 'closeAllOpenTags' => __( 'Close all open tags' ), 'closeTags' => __( 'close tags' ), 'enterURL' => __( 'Enter the URL' ), 'enterImageURL' => __( 'Enter the URL of the image' ), 'enterImageDescription' => __( 'Enter a description of the image' ), 'textdirection' => __( 'text direction' ), 'toggleTextdirection' => __( 'Toggle Editor Text Direction' ), 'dfw' => __( 'Distraction-free writing mode' ), 'strong' => __( 'Bold' ), 'strongClose' => __( 'Close bold tag' ), 'em' => __( 'Italic' ), 'emClose' => __( 'Close italic tag' ), 'link' => __( 'Insert link' ), 'blockquote' => __( 'Blockquote' ), 'blockquoteClose' => __( 'Close blockquote tag' ), 'del' => __( 'Deleted text (strikethrough)' ), 'delClose' => __( 'Close deleted text tag' ), 'ins' => __( 'Inserted text' ), 'insClose' => __( 'Close inserted text tag' ), 'image' => __( 'Insert image' ), 'ul' => __( 'Bulleted list' ), 'ulClose' => __( 'Close bulleted list tag' ), 'ol' => __( 'Numbered list' ), 'olClose' => __( 'Close numbered list tag' ), 'li' => __( 'List item' ), 'liClose' => __( 'Close list item tag' ), 'code' => __( 'Code' ), 'codeClose' => __( 'Close code tag' ), 'more' => __( 'Insert Read More tag' ), ) ); $scripts->add( 'colorpicker', "/wp-includes/js/colorpicker$suffix.js", array( 'prototype' ), '3517m' ); $scripts->add( 'editor', "/wp-admin/js/editor$suffix.js", array( 'utils', 'jquery' ), false, 1 ); $scripts->add( 'clipboard', "/wp-includes/js/clipboard$suffix.js", array(), '2.0.11', 1 ); $scripts->add( 'wp-ajax-response', "/wp-includes/js/wp-ajax-response$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-ajax-response', 'wpAjax', array( 'noPerm' => __( 'Sorry, you are not allowed to do that.' ), 'broken' => __( 'An error occurred while processing your request. Please try again later.' ), ) ); $scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 ); // `wpApiSettings` is also used by `wp-api`, which depends on this script. did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array( 'root' => sanitize_url( get_rest_url() ), 'nonce' => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ), 'versionString' => 'wp/v2/', ) ); $scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-core' ), false, 1 ); $scripts->set_translations( 'wp-pointer' ); $scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'heartbeat', 'heartbeatSettings', /** * Filters the Heartbeat settings. * * @since 3.6.0 * * @param array $settings Heartbeat settings array. */ apply_filters( 'heartbeat_settings', array() ) ); $scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array( 'heartbeat' ), false, 1 ); $scripts->set_translations( 'wp-auth-check' ); $scripts->add( 'wp-lists', "/wp-includes/js/wp-lists$suffix.js", array( 'wp-ajax-response', 'jquery-color' ), false, 1 ); $scripts->add( 'site-icon', '/wp-admin/js/site-icon.js', array( 'jquery' ), false, 1 ); $scripts->set_translations( 'site-icon' ); // WordPress no longer uses or bundles Prototype or script.aculo.us. These are now pulled from an external source. $scripts->add( 'prototype', 'https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js', array(), '1.7.1' ); $scripts->add( 'scriptaculous-root', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js', array( 'prototype' ), '1.9.0' ); $scripts->add( 'scriptaculous-builder', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/builder.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-dragdrop', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/dragdrop.js', array( 'scriptaculous-builder', 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-effects', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/effects.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-slider', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/slider.js', array( 'scriptaculous-effects' ), '1.9.0' ); $scripts->add( 'scriptaculous-sound', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/sound.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous-controls', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/controls.js', array( 'scriptaculous-root' ), '1.9.0' ); $scripts->add( 'scriptaculous', false, array( 'scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls' ) ); // Not used in core, replaced by Jcrop.js. $scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array( 'scriptaculous-dragdrop' ) ); /* * jQuery. * The unminified jquery.js and jquery-migrate.js are included to facilitate debugging. */ $scripts->add( 'jquery', false, array( 'jquery-core', 'jquery-migrate' ), '3.7.1' ); $scripts->add( 'jquery-core', "/wp-includes/js/jquery/jquery$suffix.js", array(), '3.7.1' ); $scripts->add( 'jquery-migrate', "/wp-includes/js/jquery/jquery-migrate$suffix.js", array(), '3.4.1' ); /* * Full jQuery UI. * The build process in 1.12.1 has changed significantly. * In order to keep backwards compatibility, and to keep the optimized loading, * the source files were flattened and included with some modifications for AMD loading. * A notable change is that 'jquery-ui-core' now contains 'jquery-ui-position' and 'jquery-ui-widget'. */ $scripts->add( 'jquery-ui-core', "/wp-includes/js/jquery/ui/core$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-core', "/wp-includes/js/jquery/ui/effect$suffix.js", array( 'jquery' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-blind', "/wp-includes/js/jquery/ui/effect-blind$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-bounce', "/wp-includes/js/jquery/ui/effect-bounce$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-clip', "/wp-includes/js/jquery/ui/effect-clip$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-drop', "/wp-includes/js/jquery/ui/effect-drop$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-explode', "/wp-includes/js/jquery/ui/effect-explode$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fade', "/wp-includes/js/jquery/ui/effect-fade$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-fold', "/wp-includes/js/jquery/ui/effect-fold$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-highlight', "/wp-includes/js/jquery/ui/effect-highlight$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$suffix.js", array( 'jquery-effects-core', 'jquery-effects-scale' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-pulsate', "/wp-includes/js/jquery/ui/effect-pulsate$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$suffix.js", array( 'jquery-effects-core', 'jquery-effects-size' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-shake', "/wp-includes/js/jquery/ui/effect-shake$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-size', "/wp-includes/js/jquery/ui/effect-size$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-slide', "/wp-includes/js/jquery/ui/effect-slide$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-effects-transfer', "/wp-includes/js/jquery/ui/effect-transfer$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 ); // Widgets $scripts->add( 'jquery-ui-accordion', "/wp-includes/js/jquery/ui/accordion$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-autocomplete', "/wp-includes/js/jquery/ui/autocomplete$suffix.js", array( 'jquery-ui-menu', 'wp-a11y' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-button', "/wp-includes/js/jquery/ui/button$suffix.js", array( 'jquery-ui-core', 'jquery-ui-controlgroup', 'jquery-ui-checkboxradio' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-datepicker', "/wp-includes/js/jquery/ui/datepicker$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-dialog', "/wp-includes/js/jquery/ui/dialog$suffix.js", array( 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-menu', "/wp-includes/js/jquery/ui/menu$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-mouse', "/wp-includes/js/jquery/ui/mouse$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-progressbar', "/wp-includes/js/jquery/ui/progressbar$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectmenu', "/wp-includes/js/jquery/ui/selectmenu$suffix.js", array( 'jquery-ui-menu' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-slider', "/wp-includes/js/jquery/ui/slider$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-spinner', "/wp-includes/js/jquery/ui/spinner$suffix.js", array( 'jquery-ui-button' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tabs', "/wp-includes/js/jquery/ui/tabs$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-tooltip', "/wp-includes/js/jquery/ui/tooltip$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // New in 1.12.1 $scripts->add( 'jquery-ui-checkboxradio', "/wp-includes/js/jquery/ui/checkboxradio$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-controlgroup', "/wp-includes/js/jquery/ui/controlgroup$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 ); // Interactions $scripts->add( 'jquery-ui-draggable', "/wp-includes/js/jquery/ui/draggable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-droppable', "/wp-includes/js/jquery/ui/droppable$suffix.js", array( 'jquery-ui-draggable' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-resizable', "/wp-includes/js/jquery/ui/resizable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-selectable', "/wp-includes/js/jquery/ui/selectable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-sortable', "/wp-includes/js/jquery/ui/sortable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 ); /* * As of 1.12.1 `jquery-ui-position` and `jquery-ui-widget` are part of `jquery-ui-core`. * Listed here for back-compat. */ $scripts->add( 'jquery-ui-position', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); $scripts->add( 'jquery-ui-widget', false, array( 'jquery-ui-core' ), '1.13.3', 1 ); // Deprecated, not used in core, most functionality is included in jQuery 1.3. $scripts->add( 'jquery-form', "/wp-includes/js/jquery/jquery.form$suffix.js", array( 'jquery' ), '4.3.0', 1 ); // jQuery plugins. $scripts->add( 'jquery-color', '/wp-includes/js/jquery/jquery.color.min.js', array( 'jquery' ), '3.0.0', 1 ); $scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array( 'jquery' ), '20m', 1 ); $scripts->add( 'jquery-query', '/wp-includes/js/jquery/jquery.query.js', array( 'jquery' ), '2.2.3', 1 ); $scripts->add( 'jquery-serialize-object', '/wp-includes/js/jquery/jquery.serialize-object.js', array( 'jquery' ), '0.2-wp', 1 ); $scripts->add( 'jquery-hotkeys', "/wp-includes/js/jquery/jquery.hotkeys$suffix.js", array( 'jquery' ), '0.0.2m', 1 ); $scripts->add( 'jquery-table-hotkeys', "/wp-includes/js/jquery/jquery.table-hotkeys$suffix.js", array( 'jquery', 'jquery-hotkeys' ), false, 1 ); $scripts->add( 'jquery-touch-punch', '/wp-includes/js/jquery/jquery.ui.touch-punch.js', array( 'jquery-ui-core', 'jquery-ui-mouse' ), '0.2.2', 1 ); // Not used any more, registered for backward compatibility. $scripts->add( 'suggest', "/wp-includes/js/jquery/suggest$suffix.js", array( 'jquery' ), '1.1-20110113', 1 ); /* * Masonry v2 depended on jQuery. v3 does not. The older jquery-masonry handle is a shiv. * It sets jQuery as a dependency, as the theme may have been implicitly loading it this way. */ $scripts->add( 'imagesloaded', '/wp-includes/js/imagesloaded.min.js', array(), '5.0.0', 1 ); $scripts->add( 'masonry', '/wp-includes/js/masonry.min.js', array( 'imagesloaded' ), '4.2.2', 1 ); $scripts->add( 'jquery-masonry', '/wp-includes/js/jquery/jquery.masonry.min.js', array( 'jquery', 'masonry' ), '3.1.2b', 1 ); $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array( 'jquery' ), '3.1-20121105', 1 ); did_action( 'init' ) && $scripts->localize( 'thickbox', 'thickboxL10n', array( 'next' => __( 'Next >' ), 'prev' => __( '< Prev' ), 'image' => __( 'Image' ), 'of' => __( 'of' ), 'close' => __( 'Close' ), 'noiframes' => __( 'This feature requires inline frames. You have iframes disabled or your browser does not support them.' ), 'loadingAnimation' => includes_url( 'js/thickbox/loadingAnimation.gif' ), ) ); // Not used in core, replaced by imgAreaSelect. $scripts->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.js', array( 'jquery' ), '0.9.15' ); // Error messages for Plupload. $uploader_l10n = array( 'queue_limit_exceeded' => __( 'You have attempted to queue too many files.' ), /* translators: %s: File name. */ 'file_exceeds_size_limit' => __( '%s exceeds the maximum upload size for this site.' ), 'zero_byte_file' => __( 'This file is empty. Please try another.' ), 'invalid_filetype' => __( 'This file cannot be processed by the web server.' ), 'not_an_image' => __( 'This file is not an image. Please try another.' ), 'image_memory_exceeded' => __( 'Memory exceeded. Please try another smaller file.' ), 'image_dimensions_exceeded' => __( 'This is larger than the maximum size. Please try another.' ), 'default_error' => __( 'An error occurred in the upload. Please try again later.' ), 'missing_upload_url' => __( 'There was a configuration error. Please contact the server administrator.' ), 'upload_limit_exceeded' => __( 'You may only upload 1 file.' ), 'http_error' => __( 'Unexpected response from the server. The file may have been uploaded successfully. Check in the Media Library or reload the page.' ), 'http_error_image' => __( 'The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2560 pixels.' ), 'upload_failed' => __( 'Upload failed.' ), /* translators: 1: Opening link tag, 2: Closing link tag. */ 'big_upload_failed' => __( 'Please try uploading this file with the %1$sbrowser uploader%2$s.' ), /* translators: %s: File name. */ 'big_upload_queued' => __( '%s exceeds the maximum upload size for the multi-file uploader when used in your browser.' ), 'io_error' => __( 'IO error.' ), 'security_error' => __( 'Security error.' ), 'file_cancelled' => __( 'File canceled.' ), 'upload_stopped' => __( 'Upload stopped.' ), 'dismiss' => __( 'Dismiss' ), 'crunching' => __( 'Crunching…' ), 'deleted' => __( 'moved to the Trash.' ), /* translators: %s: File name. */ 'error_uploading' => __( '“%s” has failed to upload.' ), 'unsupported_image' => __( 'This image cannot be displayed in a web browser. For best results convert it to JPEG before uploading.' ), 'noneditable_image' => __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ), 'file_url_copied' => __( 'The file URL has been copied to your clipboard' ), ); $scripts->add( 'moxiejs', "/wp-includes/js/plupload/moxie$suffix.js", array(), '1.3.5.1' ); $scripts->add( 'plupload', "/wp-includes/js/plupload/plupload$suffix.js", array( 'moxiejs' ), '2.1.9' ); // Back compat handles: foreach ( array( 'all', 'html5', 'flash', 'silverlight', 'html4' ) as $handle ) { $scripts->add( "plupload-$handle", false, array( 'plupload' ), '2.1.1' ); } $scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array( 'clipboard', 'jquery', 'plupload', 'underscore', 'wp-a11y', 'wp-i18n' ) ); did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'media-models' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n ); $scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 ); if ( did_action( 'init' ) ) { $scripts->add_data( 'comment-reply', 'strategy', 'async' ); $scripts->add_data( 'comment-reply', 'fetchpriority', 'low' ); // In Chrome this is automatically low due to the async strategy, but in Firefox and Safari the priority is normal/medium. } // Not used in core, obsolete. Registered for backward compatibility. $scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' ); did_action( 'init' ) && $scripts->add_data( 'json2', 'conditional', '_required-conditional-dependency_' ); $scripts->add( 'underscore', "/wp-includes/js/underscore$dev_suffix.js", array(), '1.13.7', 1 ); $scripts->add( 'backbone', "/wp-includes/js/backbone$dev_suffix.js", array( 'underscore', 'jquery' ), '1.6.0', 1 ); $scripts->add( 'wp-util', "/wp-includes/js/wp-util$suffix.js", array( 'underscore', 'jquery' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-util', '_wpUtilSettings', array( 'ajax' => array( 'url' => admin_url( 'admin-ajax.php', 'relative' ), ), ) ); $scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array( 'backbone', 'wp-util' ), false, 1 ); $scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 ); $scripts->add( 'imgareaselect', "/wp-includes/js/imgareaselect/jquery.imgareaselect$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'mediaelement', false, array( 'jquery', 'mediaelement-core', 'mediaelement-migrate' ), '4.2.17', 1 ); $scripts->add( 'mediaelement-core', "/wp-includes/js/mediaelement/mediaelement-and-player$suffix.js", array(), '4.2.17', 1 ); $scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1 ); did_action( 'init' ) && $scripts->add_inline_script( 'mediaelement-core', sprintf( 'var mejsL10n = %s;', wp_json_encode( array( 'language' => strtolower( strtok( determine_locale(), '_-' ) ), 'strings' => array( 'mejs.download-file' => __( 'Download File' ), 'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ), 'mejs.fullscreen' => __( 'Fullscreen' ), 'mejs.play' => __( 'Play' ), 'mejs.pause' => __( 'Pause' ), 'mejs.time-slider' => __( 'Time Slider' ), 'mejs.time-help-text' => __( 'Use Left/Right Arrow keys to advance one second, Up/Down arrows to advance ten seconds.' ), 'mejs.live-broadcast' => __( 'Live Broadcast' ), 'mejs.volume-help-text' => __( 'Use Up/Down Arrow keys to increase or decrease volume.' ), 'mejs.unmute' => __( 'Unmute' ), 'mejs.mute' => __( 'Mute' ), 'mejs.volume-slider' => __( 'Volume Slider' ), 'mejs.video-player' => __( 'Video Player' ), 'mejs.audio-player' => __( 'Audio Player' ), 'mejs.captions-subtitles' => __( 'Captions/Subtitles' ), 'mejs.captions-chapters' => __( 'Chapters' ), 'mejs.none' => __( 'None' ), 'mejs.afrikaans' => __( 'Afrikaans' ), 'mejs.albanian' => __( 'Albanian' ), 'mejs.arabic' => __( 'Arabic' ), 'mejs.belarusian' => __( 'Belarusian' ), 'mejs.bulgarian' => __( 'Bulgarian' ), 'mejs.catalan' => __( 'Catalan' ), 'mejs.chinese' => __( 'Chinese' ), 'mejs.chinese-simplified' => __( 'Chinese (Simplified)' ), 'mejs.chinese-traditional' => __( 'Chinese (Traditional)' ), 'mejs.croatian' => __( 'Croatian' ), 'mejs.czech' => __( 'Czech' ), 'mejs.danish' => __( 'Danish' ), 'mejs.dutch' => __( 'Dutch' ), 'mejs.english' => __( 'English' ), 'mejs.estonian' => __( 'Estonian' ), 'mejs.filipino' => __( 'Filipino' ), 'mejs.finnish' => __( 'Finnish' ), 'mejs.french' => __( 'French' ), 'mejs.galician' => __( 'Galician' ), 'mejs.german' => __( 'German' ), 'mejs.greek' => __( 'Greek' ), 'mejs.haitian-creole' => __( 'Haitian Creole' ), 'mejs.hebrew' => __( 'Hebrew' ), 'mejs.hindi' => __( 'Hindi' ), 'mejs.hungarian' => __( 'Hungarian' ), 'mejs.icelandic' => __( 'Icelandic' ), 'mejs.indonesian' => __( 'Indonesian' ), 'mejs.irish' => __( 'Irish' ), 'mejs.italian' => __( 'Italian' ), 'mejs.japanese' => __( 'Japanese' ), 'mejs.korean' => __( 'Korean' ), 'mejs.latvian' => __( 'Latvian' ), 'mejs.lithuanian' => __( 'Lithuanian' ), 'mejs.macedonian' => __( 'Macedonian' ), 'mejs.malay' => __( 'Malay' ), 'mejs.maltese' => __( 'Maltese' ), 'mejs.norwegian' => __( 'Norwegian' ), 'mejs.persian' => __( 'Persian' ), 'mejs.polish' => __( 'Polish' ), 'mejs.portuguese' => __( 'Portuguese' ), 'mejs.romanian' => __( 'Romanian' ), 'mejs.russian' => __( 'Russian' ), 'mejs.serbian' => __( 'Serbian' ), 'mejs.slovak' => __( 'Slovak' ), 'mejs.slovenian' => __( 'Slovenian' ), 'mejs.spanish' => __( 'Spanish' ), 'mejs.swahili' => __( 'Swahili' ), 'mejs.swedish' => __( 'Swedish' ), 'mejs.tagalog' => __( 'Tagalog' ), 'mejs.thai' => __( 'Thai' ), 'mejs.turkish' => __( 'Turkish' ), 'mejs.ukrainian' => __( 'Ukrainian' ), 'mejs.vietnamese' => __( 'Vietnamese' ), 'mejs.welsh' => __( 'Welsh' ), 'mejs.yiddish' => __( 'Yiddish' ), ), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'before' ); $scripts->add( 'mediaelement-vimeo', '/wp-includes/js/mediaelement/renderers/vimeo.min.js', array( 'mediaelement' ), '4.2.17', 1 ); $scripts->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.js", array( 'mediaelement' ), false, 1 ); $mejs_settings = array( 'pluginPath' => includes_url( 'js/mediaelement/', 'relative' ), 'classPrefix' => 'mejs-', 'stretching' => 'responsive', /** This filter is documented in wp-includes/media.php */ 'audioShortcodeLibrary' => apply_filters( 'wp_audio_shortcode_library', 'mediaelement' ), /** This filter is documented in wp-includes/media.php */ 'videoShortcodeLibrary' => apply_filters( 'wp_video_shortcode_library', 'mediaelement' ), ); did_action( 'init' ) && $scripts->localize( 'mediaelement', '_wpmejsSettings', /** * Filters the MediaElement configuration settings. * * @since 4.4.0 * * @param array $mejs_settings MediaElement settings array. */ apply_filters( 'mejs_settings', $mejs_settings ) ); $scripts->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.js', array(), '5.29.1-alpha-ee20357' ); $scripts->add( 'csslint', '/wp-includes/js/codemirror/csslint.js', array(), '1.0.5' ); $scripts->add( 'esprima', '/wp-includes/js/codemirror/esprima.js', array(), '4.0.0' ); $scripts->add( 'jshint', '/wp-includes/js/codemirror/fakejshint.js', array( 'esprima' ), '2.9.5' ); $scripts->add( 'jsonlint', '/wp-includes/js/codemirror/jsonlint.js', array(), '1.6.2' ); $scripts->add( 'htmlhint', '/wp-includes/js/codemirror/htmlhint.js', array(), '0.9.14-xwp' ); $scripts->add( 'htmlhint-kses', '/wp-includes/js/codemirror/htmlhint-kses.js', array( 'htmlhint' ) ); $scripts->add( 'code-editor', "/wp-admin/js/code-editor$suffix.js", array( 'jquery', 'wp-codemirror', 'underscore' ) ); $scripts->add( 'wp-theme-plugin-editor', "/wp-admin/js/theme-plugin-editor$suffix.js", array( 'common', 'wp-util', 'wp-sanitize', 'jquery', 'jquery-ui-core', 'wp-a11y', 'underscore' ), false, 1 ); $scripts->set_translations( 'wp-theme-plugin-editor' ); $scripts->add( 'wp-playlist', "/wp-includes/js/mediaelement/wp-playlist$suffix.js", array( 'wp-util', 'backbone', 'mediaelement' ), false, 1 ); $scripts->add( 'zxcvbn-async', "/wp-includes/js/zxcvbn-async$suffix.js", array(), '1.0' ); did_action( 'init' ) && $scripts->localize( 'zxcvbn-async', '_zxcvbnSettings', array( 'src' => empty( $guessed_url ) ? includes_url( '/js/zxcvbn.min.js' ) : $scripts->base_url . '/wp-includes/js/zxcvbn.min.js', ) ); $scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'password-strength-meter', 'pwsL10n', array( 'unknown' => _x( 'Password strength unknown', 'password strength' ), 'short' => _x( 'Very weak', 'password strength' ), 'bad' => _x( 'Weak', 'password strength' ), 'good' => _x( 'Medium', 'password strength' ), 'strong' => _x( 'Strong', 'password strength' ), 'mismatch' => _x( 'Mismatch', 'password mismatch' ), ) ); $scripts->set_translations( 'password-strength-meter' ); $scripts->add( 'password-toggle', "/wp-admin/js/password-toggle$suffix.js", array(), false, 1 ); $scripts->set_translations( 'password-toggle' ); $scripts->add( 'application-passwords', "/wp-admin/js/application-passwords$suffix.js", array( 'jquery', 'wp-util', 'wp-api-request', 'wp-date', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'application-passwords' ); $scripts->add( 'auth-app', "/wp-admin/js/auth-app$suffix.js", array( 'jquery', 'wp-api-request', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'auth-app' ); $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'clipboard', 'jquery', 'password-strength-meter', 'wp-util', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'user-profile' ); $user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0; did_action( 'init' ) && $scripts->localize( 'user-profile', 'userProfileL10n', array( 'user_id' => $user_id, 'nonce' => wp_installing() ? '' : wp_create_nonce( 'reset-password-for-' . $user_id ), ) ); $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'user-suggest', "/wp-admin/js/user-suggest$suffix.js", array( 'jquery-ui-autocomplete' ), false, 1 ); $scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", array( 'hoverintent-js' ), false, 1 ); $scripts->add( 'wplink', "/wp-includes/js/wplink$suffix.js", array( 'common', 'jquery', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'wplink' ); did_action( 'init' ) && $scripts->localize( 'wplink', 'wpLinkL10n', array( 'title' => __( 'Insert/edit link' ), 'update' => __( 'Update' ), 'save' => __( 'Add Link' ), 'noTitle' => __( '(no title)' ), 'noMatchesFound' => __( 'No results found.' ), 'linkSelected' => __( 'Link selected.' ), 'linkInserted' => __( 'Link inserted.' ), /* translators: Minimum input length in characters to start searching posts in the "Insert/edit link" modal. */ 'minInputLength' => (int) _x( '3', 'minimum input length for searching post links' ), ) ); $scripts->add( 'wpdialogs', "/wp-includes/js/wpdialog$suffix.js", array( 'jquery-ui-dialog' ), false, 1 ); $scripts->add( 'word-count', "/wp-admin/js/word-count$suffix.js", array(), false, 1 ); $scripts->add( 'media-upload', "/wp-admin/js/media-upload$suffix.js", array( 'thickbox', 'shortcode' ), false, 1 ); $scripts->add( 'hoverIntent', "/wp-includes/js/hoverIntent$suffix.js", array( 'jquery' ), '1.10.2', 1 ); // JS-only version of hoverintent (no dependencies). $scripts->add( 'hoverintent-js', '/wp-includes/js/hoverintent-js.min.js', array(), '2.2.1', 1 ); $scripts->add( 'customize-base', "/wp-includes/js/customize-base$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'customize-loader', "/wp-includes/js/customize-loader$suffix.js", array( 'customize-base' ), false, 1 ); $scripts->add( 'customize-preview', "/wp-includes/js/customize-preview$suffix.js", array( 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'customize-models', '/wp-includes/js/customize-models.js', array( 'underscore', 'backbone' ), false, 1 ); $scripts->add( 'customize-views', '/wp-includes/js/customize-views.js', array( 'jquery', 'underscore', 'imgareaselect', 'customize-models', 'media-editor', 'media-views' ), false, 1 ); $scripts->add( 'customize-controls', "/wp-admin/js/customize-controls$suffix.js", array( 'customize-base', 'wp-a11y', 'wp-util', 'jquery-ui-core' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'customize-controls', '_wpCustomizeControlsL10n', array( 'activate' => __( 'Activate & Publish' ), 'save' => __( 'Save & Publish' ), // @todo Remove as not required. 'publish' => __( 'Publish' ), 'published' => __( 'Published' ), 'saveDraft' => __( 'Save Draft' ), 'draftSaved' => __( 'Draft Saved' ), 'updating' => __( 'Updating' ), 'schedule' => _x( 'Schedule', 'customizer changeset action/button label' ), 'scheduled' => _x( 'Scheduled', 'customizer changeset status' ), 'invalid' => __( 'Invalid' ), 'saveBeforeShare' => __( 'Please save your changes in order to share the preview.' ), 'futureDateError' => __( 'You must supply a future date to schedule.' ), 'saveAlert' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'saved' => __( 'Saved' ), 'cancel' => __( 'Cancel' ), 'close' => __( 'Close' ), 'action' => __( 'Action' ), 'discardChanges' => __( 'Discard changes' ), 'cheatin' => __( 'An error occurred. Please try again later.' ), 'notAllowedHeading' => __( 'You need a higher level of permission.' ), 'notAllowed' => __( 'Sorry, you are not allowed to customize this site.' ), 'previewIframeTitle' => __( 'Site Preview' ), 'loginIframeTitle' => __( 'Session expired' ), 'collapseSidebar' => _x( 'Hide Controls', 'label for hide controls button without length constraints' ), 'expandSidebar' => _x( 'Show Controls', 'label for hide controls button without length constraints' ), 'untitledBlogName' => __( '(Untitled)' ), 'unknownRequestFail' => __( 'Looks like something’s gone wrong. Wait a couple seconds, and then try again.' ), 'themeDownloading' => __( 'Downloading your new theme…' ), 'themePreviewWait' => __( 'Setting up your live preview. This may take a bit.' ), 'revertingChanges' => __( 'Reverting unpublished changes…' ), 'trashConfirm' => __( 'Are you sure you want to discard your unpublished changes?' ), /* translators: %s: Display name of the user who has taken over the changeset in customizer. */ 'takenOverMessage' => __( '%s has taken over and is currently customizing.' ), /* translators: %s: URL to the Customizer to load the autosaved version. */ 'autosaveNotice' => __( 'There is a more recent autosave of your changes than the one you are previewing. <a href="%s">Restore the autosave</a>' ), 'videoHeaderNotice' => __( 'This theme does not support video headers on this page. Navigate to the front page or another page that supports video headers.' ), // Used for overriding the file types allowed in Plupload. 'allowedFiles' => __( 'Allowed Files' ), 'customCssError' => array( /* translators: %d: Error count. */ 'singular' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 1 ), /* translators: %d: Error count. */ 'plural' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'pageOnFrontError' => __( 'Homepage and posts page must be different.' ), 'saveBlockedError' => array( /* translators: %s: Number of invalid settings. */ 'singular' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 1 ), /* translators: %s: Number of invalid settings. */ 'plural' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 2 ), // @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491. ), 'scheduleDescription' => __( 'Schedule your customization changes to publish ("go live") at a future date.' ), 'themePreviewUnavailable' => __( 'Sorry, you cannot preview new themes when you have changes scheduled or saved as a draft. Please publish your changes, or wait until they publish to preview new themes.' ), 'themeInstallUnavailable' => sprintf( /* translators: %s: URL to Add Themes admin screen. */ __( 'You will not be able to install new themes from here yet since your install requires SFTP credentials. For now, please <a href="%s">add themes in the admin</a>.' ), esc_url( admin_url( 'theme-install.php' ) ) ), 'publishSettings' => __( 'Publish Settings' ), 'invalidDate' => __( 'Invalid date.' ), 'invalidValue' => __( 'Invalid value.' ), 'blockThemeNotification' => sprintf( /* translators: 1: Link to Site Editor documentation on HelpHub, 2: HTML button. */ __( 'Hurray! Your theme supports site editing with blocks. <a href="%1$s">Tell me more</a>. %2$s' ), __( 'https://wordpress.org/documentation/article/site-editor/' ), sprintf( '<button type="button" data-action="%1$s" class="button switch-to-editor">%2$s</button>', esc_url( admin_url( 'site-editor.php' ) ), __( 'Use Site Editor' ) ) ), ) ); $scripts->add( 'customize-selective-refresh', "/wp-includes/js/customize-selective-refresh$suffix.js", array( 'jquery', 'wp-util', 'customize-preview' ), false, 1 ); $scripts->add( 'customize-widgets', "/wp-admin/js/customize-widgets$suffix.js", array( 'jquery', 'jquery-ui-sortable', 'jquery-ui-droppable', 'wp-backbone', 'customize-controls' ), false, 1 ); $scripts->add( 'customize-preview-widgets', "/wp-includes/js/customize-preview-widgets$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu', 'wp-sanitize' ), false, 1 ); $scripts->add( 'customize-preview-nav-menus', "/wp-includes/js/customize-preview-nav-menus$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); $scripts->add( 'wp-custom-header', "/wp-includes/js/wp-custom-header$suffix.js", array( 'wp-a11y' ), false, 1 ); $scripts->add( 'accordion', "/wp-admin/js/accordion$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'shortcode', "/wp-includes/js/shortcode$suffix.js", array( 'underscore' ), false, 1 ); $scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'wp-backbone' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array( 'settings' => array( 'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ), 'post' => array( 'id' => 0 ), ), ) ); $scripts->add( 'wp-embed', "/wp-includes/js/wp-embed$suffix.js" ); did_action( 'init' ) && $scripts->add_data( 'wp-embed', 'strategy', 'defer' ); /* * To enqueue media-views or media-editor, call wp_enqueue_media(). * Both rely on numerous settings, styles, and templates to operate correctly. */ $scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request', 'wp-a11y', 'clipboard' ), false, 1 ); $scripts->set_translations( 'media-views' ); $scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 ); $scripts->set_translations( 'media-editor' ); $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 ); $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 ); if ( is_admin() ) { $scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 ); $scripts->set_translations( 'admin-tags' ); $scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array( 'wp-lists', 'quicktags', 'jquery-query', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-comments' ); did_action( 'init' ) && $scripts->localize( 'admin-comments', 'adminCommentsSettings', array( 'hotkeys_highlight_first' => isset( $_GET['hotkeys_highlight_first'] ), 'hotkeys_highlight_last' => isset( $_GET['hotkeys_highlight_last'] ), ) ); $scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array( 'jquery-ui-sortable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'postbox' ); $scripts->add( 'tags-box', "/wp-admin/js/tags-box$suffix.js", array( 'jquery', 'tags-suggest' ), false, 1 ); $scripts->set_translations( 'tags-box' ); $scripts->add( 'tags-suggest', "/wp-admin/js/tags-suggest$suffix.js", array( 'common', 'jquery-ui-autocomplete', 'wp-a11y', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'tags-suggest' ); $scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y', 'wp-sanitize', 'clipboard' ), false, 1 ); $scripts->set_translations( 'post' ); $scripts->add( 'editor-expand', "/wp-admin/js/editor-expand$suffix.js", array( 'jquery', 'underscore' ), false, 1 ); $scripts->add( 'link', "/wp-admin/js/link$suffix.js", array( 'wp-lists', 'postbox' ), false, 1 ); $scripts->add( 'comment', "/wp-admin/js/comment$suffix.js", array( 'jquery', 'postbox' ), false, 1 ); $scripts->set_translations( 'comment' ); $scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) ); $scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'admin-widgets' ); $scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) ); $scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' ); $scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) ); $scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-gallery-widget', "/wp-admin/js/widgets/media-gallery-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) ); $scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) ); $scripts->add( 'custom-html-widgets', "/wp-admin/js/widgets/custom-html-widgets$suffix.js", array( 'jquery', 'backbone', 'wp-util', 'jquery-ui-core', 'wp-a11y' ) ); $scripts->add( 'theme', "/wp-admin/js/theme$suffix.js", array( 'wp-backbone', 'wp-a11y', 'customize-base' ), false, 1 ); $scripts->add( 'inline-edit-post', "/wp-admin/js/inline-edit-post$suffix.js", array( 'jquery', 'tags-suggest', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-post' ); $scripts->add( 'inline-edit-tax', "/wp-admin/js/inline-edit-tax$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'inline-edit-tax' ); $scripts->add( 'plugin-install', "/wp-admin/js/plugin-install$suffix.js", array( 'jquery', 'jquery-ui-core', 'thickbox' ), false, 1 ); $scripts->set_translations( 'plugin-install' ); $scripts->add( 'site-health', "/wp-admin/js/site-health$suffix.js", array( 'clipboard', 'jquery', 'wp-util', 'wp-a11y', 'wp-api-request', 'wp-url', 'wp-i18n', 'wp-hooks' ), false, 1 ); $scripts->set_translations( 'site-health' ); $scripts->add( 'privacy-tools', "/wp-admin/js/privacy-tools$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'privacy-tools' ); $scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'common', 'jquery', 'wp-util', 'wp-a11y', 'wp-sanitize', 'wp-i18n' ), false, 1 ); $scripts->set_translations( 'updates' ); did_action( 'init' ) && $scripts->localize( 'updates', '_wpUpdatesSettings', array( 'ajax_nonce' => wp_installing() ? '' : wp_create_nonce( 'updates' ), ) ); $scripts->add( 'farbtastic', '/wp-admin/js/farbtastic.js', array( 'jquery' ), '1.2' ); $scripts->add( 'iris', '/wp-admin/js/iris.min.js', array( 'jquery-ui-draggable', 'jquery-ui-slider', 'jquery-touch-punch' ), '1.1.1', 1 ); $scripts->add( 'wp-color-picker', "/wp-admin/js/color-picker$suffix.js", array( 'iris' ), false, 1 ); $scripts->set_translations( 'wp-color-picker' ); $scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'common', 'jquery', 'admin-comments', 'postbox', 'wp-util', 'wp-a11y', 'wp-date' ), false, 1 ); $scripts->set_translations( 'dashboard' ); $scripts->add( 'list-revisions', "/wp-includes/js/wp-list-revisions$suffix.js" ); $scripts->add( 'media-grid', "/wp-includes/js/media-grid$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'media', "/wp-admin/js/media$suffix.js", array( 'jquery', 'clipboard', 'wp-i18n', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'media' ); $scripts->add( 'image-edit', "/wp-admin/js/image-edit$suffix.js", array( 'jquery', 'jquery-ui-core', 'imgareaselect', 'wp-a11y' ), false, 1 ); $scripts->set_translations( 'image-edit' ); $scripts->add( 'set-post-thumbnail', "/wp-admin/js/set-post-thumbnail$suffix.js", array( 'jquery' ), false, 1 ); $scripts->set_translations( 'set-post-thumbnail' ); /* * Navigation Menus: Adding underscore as a dependency to utilize _.debounce * see https://core.trac.wordpress.org/ticket/42321 */ $scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-lists', 'postbox', 'underscore' ) ); $scripts->set_translations( 'nav-menu' ); $scripts->add( 'custom-header', '/wp-admin/js/custom-header.js', array( 'jquery-masonry' ), false, 1 ); $scripts->add( 'custom-background', "/wp-admin/js/custom-background$suffix.js", array( 'wp-color-picker', 'media-views' ), false, 1 ); $scripts->add( 'media-gallery', "/wp-admin/js/media-gallery$suffix.js", array( 'jquery' ), false, 1 ); $scripts->add( 'svg-painter', '/wp-admin/js/svg-painter.js', array( 'jquery' ), false, 1 ); } } /** * Assigns default styles to $styles object. * * Nothing is returned, because the $styles parameter is passed by reference. * Meaning that whatever object is passed will be updated without having to * reassign the variable that was passed back to the same value. This saves * memory. * * Adding default styles is not the only task, it also assigns the base_url * property, the default version, and text direction for the object. * * @since 2.6.0 * * @global array $editor_styles * * @param WP_Styles $styles */ function wp_default_styles( $styles ) { global $editor_styles; /* * Include an unmodified $wp_version. * * Note: wp_get_wp_version() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * wp-includes/functions.php is not loaded. */ require ABSPATH . WPINC . '/version.php'; if ( ! defined( 'SCRIPT_DEBUG' ) ) { /* * Note: str_contains() is not used here, as this file can be included * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case * the polyfills from wp-includes/compat.php are not loaded. */ define( 'SCRIPT_DEBUG', false !== strpos( $wp_version, '-src' ) ); } $guessurl = site_url(); if ( ! $guessurl ) { $guessurl = wp_guess_url(); } $styles->base_url = $guessurl; $styles->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : ''; $styles->default_version = get_bloginfo( 'version' ); $styles->text_direction = function_exists( 'is_rtl' ) && is_rtl() ? 'rtl' : 'ltr'; $styles->default_dirs = array( '/wp-admin/', '/wp-includes/css/' ); // Open Sans is no longer used by core, but may be relied upon by themes and plugins. $open_sans_font_url = ''; /* * translators: If there are characters in your language that are not supported * by Open Sans, translate this to 'off'. Do not translate into your own language. */ if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) { $subsets = 'latin,latin-ext'; /* * translators: To add an additional Open Sans character subset specific to your language, * translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language. */ $subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' ); if ( 'cyrillic' === $subset ) { $subsets .= ',cyrillic,cyrillic-ext'; } elseif ( 'greek' === $subset ) { $subsets .= ',greek,greek-ext'; } elseif ( 'vietnamese' === $subset ) { $subsets .= ',vietnamese'; } // Hotlink Open Sans, for now. $open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets&display=fallback"; } // Register a stylesheet for the selected admin color scheme. $styles->add( 'colors', true, array( 'wp-admin', 'buttons' ) ); $suffix = SCRIPT_DEBUG ? '' : '.min'; // Admin CSS. $styles->add( 'common', "/wp-admin/css/common$suffix.css" ); $styles->add( 'forms', "/wp-admin/css/forms$suffix.css" ); $styles->add( 'admin-menu', "/wp-admin/css/admin-menu$suffix.css" ); $styles->add( 'dashboard', "/wp-admin/css/dashboard$suffix.css" ); $styles->add( 'list-tables', "/wp-admin/css/list-tables$suffix.css" ); $styles->add( 'edit', "/wp-admin/css/edit$suffix.css" ); $styles->add( 'revisions', "/wp-admin/css/revisions$suffix.css" ); $styles->add( 'media', "/wp-admin/css/media$suffix.css" ); $styles->add( 'themes', "/wp-admin/css/themes$suffix.css" ); $styles->add( 'about', "/wp-admin/css/about$suffix.css" ); $styles->add( 'nav-menus', "/wp-admin/css/nav-menus$suffix.css" ); $styles->add( 'widgets', "/wp-admin/css/widgets$suffix.css", array( 'wp-pointer' ) ); $styles->add( 'site-icon', "/wp-admin/css/site-icon$suffix.css" ); $styles->add( 'l10n', "/wp-admin/css/l10n$suffix.css" ); $styles->add( 'code-editor', "/wp-admin/css/code-editor$suffix.css", array( 'wp-codemirror' ) ); $styles->add( 'site-health', "/wp-admin/css/site-health$suffix.css" ); $styles->add( 'wp-admin', false, array( 'dashicons', 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n' ) ); $styles->add( 'login', "/wp-admin/css/login$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'install', "/wp-admin/css/install$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) ); $styles->add( 'wp-color-picker', "/wp-admin/css/color-picker$suffix.css" ); $styles->add( 'customize-controls', "/wp-admin/css/customize-controls$suffix.css", array( 'wp-admin', 'colors', 'imgareaselect' ) ); $styles->add( 'customize-widgets', "/wp-admin/css/customize-widgets$suffix.css", array( 'wp-admin', 'colors' ) ); $styles->add( 'customize-nav-menus', "/wp-admin/css/customize-nav-menus$suffix.css", array( 'wp-admin', 'colors' ) ); // Common dependencies. $styles->add( 'buttons', "/wp-includes/css/buttons$suffix.css" ); $styles->add( 'dashicons', "/wp-includes/css/dashicons$suffix.css" ); // Includes CSS. $styles->add( 'admin-bar', "/wp-includes/css/admin-bar$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-auth-check', "/wp-includes/css/wp-auth-check$suffix.css", array( 'dashicons' ) ); $styles->add( 'editor-buttons', "/wp-includes/css/editor$suffix.css", array( 'dashicons' ) ); $styles->add( 'media-views', "/wp-includes/css/media-views$suffix.css", array( 'buttons', 'dashicons', 'wp-mediaelement' ) ); $styles->add( 'wp-pointer', "/wp-includes/css/wp-pointer$suffix.css", array( 'dashicons' ) ); $styles->add( 'customize-preview', "/wp-includes/css/customize-preview$suffix.css", array( 'dashicons' ) ); $styles->add( 'wp-empty-template-alert', "/wp-includes/css/wp-empty-template-alert$suffix.css" ); // External libraries and friends. $styles->add( 'imgareaselect', '/wp-includes/js/imgareaselect/imgareaselect.css', array(), '0.9.8' ); $styles->add( 'wp-jquery-ui-dialog', "/wp-includes/css/jquery-ui-dialog$suffix.css", array( 'dashicons' ) ); $styles->add( 'mediaelement', '/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css', array(), '4.2.17' ); $styles->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.css", array( 'mediaelement' ) ); $styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ) ); $styles->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.css', array(), '5.29.1-alpha-ee20357' ); // Deprecated CSS. $styles->add( 'deprecated-media', "/wp-admin/css/deprecated-media$suffix.css" ); $styles->add( 'farbtastic', "/wp-admin/css/farbtastic$suffix.css", array(), '1.3u1' ); $styles->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.css', array(), '0.9.15' ); $styles->add( 'colors-fresh', false, array( 'wp-admin', 'buttons' ) ); // Old handle. $styles->add( 'open-sans', $open_sans_font_url ); // No longer used in core as of 4.6. $styles->add( 'wp-embed-template-ie', false ); $styles->add_data( 'wp-embed-template-ie', 'conditional', '_required-conditional-dependency_' ); // Noto Serif is no longer used by core, but may be relied upon by themes and plugins. $fonts_url = ''; /* * translators: Use this to specify the proper Google Font name and variants * to load that is supported by your language. Do not translate. * Set to 'off' to disable loading. */ $font_family = _x( 'Noto Serif:400,400i,700,700i', 'Google Font Name and Variants' ); if ( 'off' !== $font_family ) { $fonts_url = 'https://fonts.googleapis.com/css?family=' . urlencode( $font_family ); } $styles->add( 'wp-editor-font', $fonts_url ); // No longer used in core as of 5.7. $block_library_theme_path = WPINC . "/css/dist/block-library/theme$suffix.css"; $styles->add( 'wp-block-library-theme', "/$block_library_theme_path" ); $styles->add_data( 'wp-block-library-theme', 'path', ABSPATH . $block_library_theme_path ); $classic_theme_styles_path = WPINC . "/css/classic-themes$suffix.css"; $styles->add( 'classic-theme-styles', "/$classic_theme_styles_path" ); $styles->add_data( 'classic-theme-styles', 'path', ABSPATH . $classic_theme_styles_path ); $styles->add( 'wp-reset-editor-styles', "/wp-includes/css/dist/block-library/reset$suffix.css", array( 'common', 'forms' ) // Make sure the reset is loaded after the default WP Admin styles. ); $styles->add( 'wp-editor-classic-layout-styles', "/wp-includes/css/dist/edit-post/classic$suffix.css", array() ); $styles->add( 'wp-block-editor-content', "/wp-includes/css/dist/block-editor/content$suffix.css", array( 'wp-components' ) ); // Only add CONTENT styles here that should be enqueued in the iframe! $wp_edit_blocks_dependencies = array( 'wp-components', /* * This needs to be added before the block library styles, * The block library styles override the "reset" styles. */ 'wp-reset-editor-styles', 'wp-block-library', 'wp-block-editor-content', ); // Only load the default layout and margin styles for themes without theme.json file. if ( ! wp_theme_has_theme_json() ) { $wp_edit_blocks_dependencies[] = 'wp-editor-classic-layout-styles'; } if ( current_theme_supports( 'wp-block-styles' ) && ( ! is_array( $editor_styles ) || count( $editor_styles ) === 0 ) ) { /* * Include opinionated block styles if the theme supports block styles and * no $editor_styles are declared, so the editor never appears broken. */ $wp_edit_blocks_dependencies[] = 'wp-block-library-theme'; } $styles->add( 'wp-edit-blocks', "/wp-includes/css/dist/block-library/editor$suffix.css", $wp_edit_blocks_dependencies ); $package_styles = array( 'block-editor' => array( 'wp-components', 'wp-preferences' ), 'block-library' => array(), 'block-directory' => array(), 'components' => array(), 'commands' => array( 'wp-components' ), 'edit-post' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-commands', 'wp-preferences', ), 'editor' => array( 'wp-components', 'wp-block-editor', 'wp-reusable-blocks', 'wp-patterns', 'wp-preferences', ), 'format-library' => array(), 'list-reusable-blocks' => array( 'wp-components' ), 'reusable-blocks' => array( 'wp-components' ), 'patterns' => array( 'wp-components' ), 'preferences' => array( 'wp-components' ), 'nux' => array( 'wp-components' ), 'widgets' => array( 'wp-components', ), 'edit-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'customize-widgets' => array( 'wp-widgets', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-block-library', 'wp-patterns', 'wp-preferences', ), 'edit-site' => array( 'wp-components', 'wp-block-editor', 'wp-editor', 'wp-edit-blocks', 'wp-commands', 'wp-preferences', ), ); foreach ( $package_styles as $package => $dependencies ) { $handle = 'wp-' . $package; $path = "/wp-includes/css/dist/$package/style$suffix.css"; if ( 'block-library' === $package && wp_should_load_separate_core_block_assets() ) { $path = "/wp-includes/css/dist/$package/common$suffix.css"; } $styles->add( $handle, $path, $dependencies ); $styles->add_data( $handle, 'path', ABSPATH . $path ); } // RTL CSS. $rtl_styles = array( // Admin CSS. 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n', 'install', 'wp-color-picker', 'customize-controls', 'customize-widgets', 'customize-nav-menus', 'customize-preview', 'login', 'site-health', 'wp-empty-template-alert', // Includes CSS. 'buttons', 'admin-bar', 'wp-auth-check', 'editor-buttons', 'media-views', 'wp-pointer', 'wp-jquery-ui-dialog', // Package styles. 'wp-reset-editor-styles', 'wp-editor-classic-layout-styles', 'wp-block-library-theme', 'wp-edit-blocks', 'wp-block-editor', 'wp-block-library', 'wp-block-directory', 'wp-commands', 'wp-components', 'wp-customize-widgets', 'wp-edit-post', 'wp-edit-site', 'wp-edit-widgets', 'wp-editor', 'wp-format-library', 'wp-list-reusable-blocks', 'wp-reusable-blocks', 'wp-patterns', 'wp-nux', 'wp-widgets', // Deprecated CSS. 'deprecated-media', 'farbtastic', ); foreach ( $rtl_styles as $rtl_style ) { $styles->add_data( $rtl_style, 'rtl', 'replace' ); if ( $suffix ) { $styles->add_data( $rtl_style, 'suffix', $suffix ); } } } /** * Reorders JavaScript scripts array to place prototype before jQuery. * * @since 2.3.1 * * @param string[] $js_array JavaScript scripts array * @return string[] Reordered array, if needed. */ function wp_prototype_before_jquery( $js_array ) { $prototype = array_search( 'prototype', $js_array, true ); if ( false === $prototype ) { return $js_array; } $jquery = array_search( 'jquery', $js_array, true ); if ( false === $jquery ) { return $js_array; } if ( $prototype < $jquery ) { return $js_array; } unset( $js_array[ $prototype ] ); array_splice( $js_array, $jquery, 0, 'prototype' ); return $js_array; } /** * Loads localized data on print rather than initialization. * * These localizations require information that may not be loaded even by init. * * @since 2.5.0 * * @global array $shortcode_tags */ function wp_just_in_time_script_localization() { wp_localize_script( 'autosave', 'autosaveL10n', array( 'autosaveInterval' => AUTOSAVE_INTERVAL, 'blog_id' => get_current_blog_id(), ) ); wp_localize_script( 'mce-view', 'mceViewL10n', array( 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); wp_localize_script( 'word-count', 'wordCountL10n', array( 'type' => wp_get_word_count_type(), 'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(), ) ); } /** * Localizes the jQuery UI datepicker. * * @since 4.6.0 * * @link https://api.jqueryui.com/datepicker/#options * * @global WP_Locale $wp_locale WordPress date and time locale object. */ function wp_localize_jquery_ui_datepicker() { global $wp_locale; if ( ! wp_script_is( 'jquery-ui-datepicker', 'enqueued' ) ) { return; } // Convert the PHP date format into jQuery UI's format. $datepicker_date_format = str_replace( array( 'd', 'j', 'l', 'z', // Day. 'F', 'M', 'n', 'm', // Month. 'Y', 'y', // Year. ), array( 'dd', 'd', 'DD', 'o', 'MM', 'M', 'm', 'mm', 'yy', 'y', ), get_option( 'date_format' ) ); $datepicker_defaults = wp_json_encode( array( 'closeText' => __( 'Close' ), 'currentText' => __( 'Today' ), 'monthNames' => array_values( $wp_locale->month ), 'monthNamesShort' => array_values( $wp_locale->month_abbrev ), 'nextText' => __( 'Next' ), 'prevText' => __( 'Previous' ), 'dayNames' => array_values( $wp_locale->weekday ), 'dayNamesShort' => array_values( $wp_locale->weekday_abbrev ), 'dayNamesMin' => array_values( $wp_locale->weekday_initial ), 'dateFormat' => $datepicker_date_format, 'firstDay' => absint( get_option( 'start_of_week' ) ), 'isRTL' => $wp_locale->is_rtl(), ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); wp_add_inline_script( 'jquery-ui-datepicker', "jQuery(function(jQuery){jQuery.datepicker.setDefaults({$datepicker_defaults});});" ); } /** * Localizes community events data that needs to be passed to dashboard.js. * * @since 4.8.0 */ function wp_localize_community_events() { if ( ! wp_script_is( 'dashboard' ) ) { return; } require_once ABSPATH . 'wp-admin/includes/class-wp-community-events.php'; $user_id = get_current_user_id(); $saved_location = get_user_option( 'community-events-location', $user_id ); $saved_ip_address = isset( $saved_location['ip'] ) ? $saved_location['ip'] : false; $current_ip_address = WP_Community_Events::get_unsafe_client_ip(); /* * If the user's location is based on their IP address, then update their * location when their IP address changes. This allows them to see events * in their current city when travelling. Otherwise, they would always be * shown events in the city where they were when they first loaded the * Dashboard, which could have been months or years ago. */ if ( $saved_ip_address && $current_ip_address && $current_ip_address !== $saved_ip_address ) { $saved_location['ip'] = $current_ip_address; update_user_meta( $user_id, 'community-events-location', $saved_location ); } $events_client = new WP_Community_Events( $user_id, $saved_location ); wp_localize_script( 'dashboard', 'communityEventsData', array( 'nonce' => wp_create_nonce( 'community_events' ), 'cache' => $events_client->get_cached_events(), 'time_format' => get_option( 'time_format' ), ) ); } /** * Administration Screen CSS for changing the styles. * * If installing the 'wp-admin/' directory will be replaced with './'. * * The $_wp_admin_css_colors global manages the Administration Screens CSS * stylesheet that is loaded. The option that is set is 'admin_color' and is the * color and key for the array. The value for the color key is an object with * a 'url' parameter that has the URL path to the CSS file. * * The query from $src parameter will be appended to the URL that is given from * the $_wp_admin_css_colors array value URL. * * @since 2.6.0 * * @global array $_wp_admin_css_colors * * @param string $src Source URL. * @param string $handle Either 'colors' or 'colors-rtl'. * @return string|false URL path to CSS stylesheet for Administration Screens. */ function wp_style_loader_src( $src, $handle ) { global $_wp_admin_css_colors; if ( wp_installing() ) { return preg_replace( '#^wp-admin/#', './', $src ); } if ( 'colors' === $handle ) { $color = get_user_option( 'admin_color' ); if ( empty( $color ) || ! isset( $_wp_admin_css_colors[ $color ] ) ) { $color = 'fresh'; } $color = $_wp_admin_css_colors[ $color ]; $url = $color->url; if ( ! $url ) { return false; } $parsed = parse_url( $src ); if ( isset( $parsed['query'] ) && $parsed['query'] ) { wp_parse_str( $parsed['query'], $qv ); $url = add_query_arg( $qv, $url ); } return $url; } return $src; } /** * Prints the script queue in the HTML head on admin pages. * * Postpones the scripts that were queued for the footer. * print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @see wp_print_scripts() * * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_head_scripts() { global $concatenate_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } $wp_scripts = wp_scripts(); script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_head_items(); /** * Filters whether to print the head scripts. * * @since 2.8.0 * * @param bool $print Whether to print the head scripts. Default true. */ if ( apply_filters( 'print_head_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints the scripts that were queued for the footer or too late for the HTML head. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * @global bool $concatenate_scripts * * @return string[] Handles of the scripts that were printed. */ function print_footer_scripts() { global $wp_scripts, $concatenate_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if not instantiated. } script_concat_settings(); $wp_scripts->do_concat = $concatenate_scripts; $wp_scripts->do_footer_items(); /** * Filters whether to print the footer scripts. * * @since 2.8.0 * * @param bool $print Whether to print the footer scripts. Default true. */ if ( apply_filters( 'print_footer_scripts', true ) ) { _print_scripts(); } $wp_scripts->reset(); return $wp_scripts->done; } /** * Prints scripts (internal use only) * * @since 2.8.0 * * @ignore * * @global WP_Scripts $wp_scripts * @global bool $compress_scripts */ function _print_scripts() { global $wp_scripts, $compress_scripts; $zip = $compress_scripts ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_scripts->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'script' ) ? '' : " type='text/javascript'"; if ( $concat ) { if ( ! empty( $wp_scripts->print_code ) ) { echo "\n<script{$type_attr}>\n"; echo "/* <![CDATA[ */\n"; // Not needed in HTML 5. echo $wp_scripts->print_code; echo sprintf( "\n//# sourceURL=%s\n", rawurlencode( 'js-inline-concat-' . $concat ) ); echo "/* ]]> */\n"; echo "</script>\n"; } $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version; echo "<script{$type_attr} src='" . esc_attr( $src ) . "'></script>\n"; } if ( ! empty( $wp_scripts->print_html ) ) { echo $wp_scripts->print_html; } } /** * Prints the script queue in the HTML head on the front end. * * Postpones the scripts that were queued for the footer. * wp_print_footer_scripts() is called in the footer to print these scripts. * * @since 2.8.0 * * @global WP_Scripts $wp_scripts * * @return string[] Handles of the scripts that were printed. */ function wp_print_head_scripts() { global $wp_scripts; if ( ! did_action( 'wp_print_scripts' ) ) { /** This action is documented in wp-includes/functions.wp-scripts.php */ do_action( 'wp_print_scripts' ); } if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { return array(); // No need to run if nothing is queued. } return print_head_scripts(); } /** * Private, for use in *_footer_scripts hooks * * In classic themes, when block styles are loaded on demand via wp_load_classic_theme_block_styles_on_demand(), * this function is replaced by a closure in wp_hoist_late_printed_styles() which will capture the printing of * two sets of "late" styles to be hoisted to the HEAD by means of the template enhancement output buffer: * * 1. Styles related to blocks are inserted right after the wp-block-library stylesheet. * 2. All other styles are appended to the end of the HEAD. * * The closure calls print_footer_scripts() to print scripts in the footer as usual. * * @since 3.3.0 */ function _wp_footer_scripts() { print_late_styles(); print_footer_scripts(); } /** * Hooks to print the scripts and styles in the footer. * * @since 2.8.0 */ function wp_print_footer_scripts() { /** * Fires when footer scripts are printed. * * @since 2.8.0 */ do_action( 'wp_print_footer_scripts' ); } /** * Wrapper for do_action( 'wp_enqueue_scripts' ). * * Allows plugins to queue scripts for the front end using wp_enqueue_script(). * Runs first in wp_head() where all is_home(), is_page(), etc. functions are available. * * @since 2.8.0 */ function wp_enqueue_scripts() { /** * Fires when scripts and styles are enqueued. * * @since 2.8.0 */ do_action( 'wp_enqueue_scripts' ); } /** * Prints the styles queue in the HTML head on admin pages. * * @since 2.8.0 * * @global bool $concatenate_scripts * * @return string[] Handles of the styles that were printed. */ function print_admin_styles() { global $concatenate_scripts; $wp_styles = wp_styles(); script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_items( false ); /** * Filters whether to print the admin styles. * * @since 2.8.0 * * @param bool $print Whether to print the admin styles. Default true. */ if ( apply_filters( 'print_admin_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints the styles that were queued too late for the HTML head. * * @since 3.3.0 * * @global WP_Styles $wp_styles * @global bool $concatenate_scripts * * @return array|void */ function print_late_styles() { global $wp_styles, $concatenate_scripts; if ( ! ( $wp_styles instanceof WP_Styles ) ) { return; } script_concat_settings(); $wp_styles->do_concat = $concatenate_scripts; $wp_styles->do_footer_items(); /** * Filters whether to print the styles queued too late for the HTML head. * * @since 3.3.0 * * @param bool $print Whether to print the 'late' styles. Default true. */ if ( apply_filters( 'print_late_styles', true ) ) { _print_styles(); } $wp_styles->reset(); return $wp_styles->done; } /** * Prints styles (internal use only). * * @ignore * @since 3.3.0 * * @global bool $compress_css */ function _print_styles() { global $compress_css; $wp_styles = wp_styles(); $zip = $compress_css ? 1 : 0; if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) { $zip = 'gzip'; } $concat = trim( $wp_styles->concat, ', ' ); $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; if ( $concat ) { $dir = $wp_styles->text_direction; $ver = $wp_styles->default_version; $concat_source_url = 'css-inline-concat-' . $concat; $concat = str_split( $concat, 128 ); $concatenated = ''; foreach ( $concat as $key => $chunk ) { $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}"; } $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver; echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "'{$type_attr} media='all' />\n"; if ( ! empty( $wp_styles->print_code ) ) { echo "<style{$type_attr}>\n"; echo $wp_styles->print_code; echo sprintf( "\n/*# sourceURL=%s */", rawurlencode( $concat_source_url ) ); echo "\n</style>\n"; } } if ( ! empty( $wp_styles->print_html ) ) { echo $wp_styles->print_html; } } /** * Determines the concatenation and compression settings for scripts and styles. * * @since 2.8.0 * * @global bool $concatenate_scripts * @global bool $compress_scripts * @global bool $compress_css */ function script_concat_settings() { global $concatenate_scripts, $compress_scripts, $compress_css; $compressed_output = ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' === ini_get( 'output_handler' ) ); $can_compress_scripts = ! wp_installing() && get_site_option( 'can_compress_scripts' ); if ( ! isset( $concatenate_scripts ) ) { $concatenate_scripts = defined( 'CONCATENATE_SCRIPTS' ) ? CONCATENATE_SCRIPTS : true; if ( ( ! is_admin() && ! did_action( 'login_init' ) ) || ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ) { $concatenate_scripts = false; } } if ( ! isset( $compress_scripts ) ) { $compress_scripts = defined( 'COMPRESS_SCRIPTS' ) ? COMPRESS_SCRIPTS : true; if ( $compress_scripts && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_scripts = false; } } if ( ! isset( $compress_css ) ) { $compress_css = defined( 'COMPRESS_CSS' ) ? COMPRESS_CSS : true; if ( $compress_css && ( ! $can_compress_scripts || $compressed_output ) ) { $compress_css = false; } } } /** * Handles the enqueueing of block scripts and styles that are common to both * the editor and the front-end. * * @since 5.0.0 */ function wp_common_block_scripts_and_styles() { if ( is_admin() && ! wp_should_load_block_editor_scripts_and_styles() ) { return; } wp_enqueue_style( 'wp-block-library' ); if ( current_theme_supports( 'wp-block-styles' ) && ! wp_should_load_separate_core_block_assets() ) { wp_enqueue_style( 'wp-block-library-theme' ); } /** * Fires after enqueuing block assets for both editor and front-end. * * Call `add_action` on any hook before 'wp_enqueue_scripts'. * * In the function call you supply, simply use `wp_enqueue_script` and * `wp_enqueue_style` to add your functionality to the Gutenberg editor. * * @since 5.0.0 */ do_action( 'enqueue_block_assets' ); } /** * Applies a filter to the list of style nodes that comes from WP_Theme_JSON::get_style_nodes(). * * This particular filter removes all of the blocks from the array. * * We want WP_Theme_JSON to be ignorant of the implementation details of how the CSS is being used. * This filter allows us to modify the output of WP_Theme_JSON depending on whether or not we are * loading separate assets, without making the class aware of that detail. * * @since 6.1.0 * * @param array $nodes The nodes to filter. * @return array A filtered array of style nodes. */ function wp_filter_out_block_nodes( $nodes ) { return array_filter( $nodes, static function ( $node ) { return ! in_array( 'blocks', $node['path'], true ); }, ARRAY_FILTER_USE_BOTH ); } /** * Enqueues the global styles defined via theme.json. * * @since 5.8.0 */ function wp_enqueue_global_styles() { $assets_on_demand = wp_should_load_block_assets_on_demand(); $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * Global styles should be printed in the head for block themes, or for classic themes when loading assets on * demand is disabled, which is the default. * The footer should only be used for classic themes when loading assets on demand is enabled. * * See https://core.trac.wordpress.org/ticket/53494 and https://core.trac.wordpress.org/ticket/61965. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_footer' ) && ! $assets_on_demand ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) && $assets_on_demand ) ) { return; } /* * If loading the CSS for each block separately, then load the theme.json CSS conditionally. * This removes the CSS from the global-styles stylesheet and adds it to the inline CSS for each block. * This filter must be registered before calling wp_get_global_stylesheet(); */ add_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' ); $stylesheet = wp_get_global_stylesheet(); if ( $is_block_theme ) { /* * Dequeue the Customizer's custom CSS * and add it before the global styles custom CSS. */ remove_action( 'wp_head', 'wp_custom_css_cb', 101 ); /* * Get the custom CSS from the Customizer and add it to the global stylesheet. * Always do this in Customizer preview for the sake of live preview since it be empty. */ $custom_css = trim( wp_get_custom_css() ); if ( $custom_css || is_customize_preview() ) { if ( is_customize_preview() ) { /* * When in the Customizer preview, wrap the Custom CSS in milestone comments to allow customize-preview.js * to locate the CSS to replace for live previewing. Make sure that the milestone comments are omitted from * the stored Custom CSS if by chance someone tried to add them, which would be highly unlikely, but it * would break live previewing. */ $before_milestone = '/*BEGIN_CUSTOMIZER_CUSTOM_CSS*/'; $after_milestone = '/*END_CUSTOMIZER_CUSTOM_CSS*/'; $custom_css = str_replace( array( $before_milestone, $after_milestone ), '', $custom_css ); $custom_css = $before_milestone . "\n" . $custom_css . "\n" . $after_milestone; } $custom_css = "\n" . $custom_css; } $stylesheet .= $custom_css; // Add the global styles custom CSS at the end. $stylesheet .= wp_get_global_stylesheet( array( 'custom-css' ) ); } if ( empty( $stylesheet ) ) { return; } wp_register_style( 'global-styles', false ); wp_add_inline_style( 'global-styles', $stylesheet ); wp_enqueue_style( 'global-styles' ); // Add each block as an inline css. wp_add_global_styles_for_blocks(); } /** * Checks if the editor scripts and styles for all registered block types * should be enqueued on the current screen. * * @since 5.6.0 * * @global WP_Screen $current_screen WordPress current screen object. * * @return bool Whether scripts and styles should be enqueued. */ function wp_should_load_block_editor_scripts_and_styles() { global $current_screen; $is_block_editor_screen = ( $current_screen instanceof WP_Screen ) && $current_screen->is_block_editor(); /** * Filters the flag that decides whether or not block editor scripts and styles * are going to be enqueued on the current screen. * * @since 5.6.0 * * @param bool $is_block_editor_screen Current value of the flag. */ return apply_filters( 'should_load_block_editor_scripts_and_styles', $is_block_editor_screen ); } /** * Checks whether separate styles should be loaded for core blocks. * * When this function returns true, other functions ensure that core blocks use their own separate stylesheets. * When this function returns false, all core blocks will use the single combined 'wp-block-library' stylesheet. * * As a side effect, the return value will by default result in block assets to be loaded on demand, via the * {@see wp_should_load_block_assets_on_demand()} function. This behavior can be separately altered via that function. * * This only affects front end and not the block editor screens. * * @since 5.8.0 * @see @see wp_should_load_block_assets_on_demand() * @see wp_enqueue_registered_block_scripts_and_styles() * @see register_block_style_handle() * * @return bool Whether separate core block assets will be loaded. */ function wp_should_load_separate_core_block_assets() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /** * Filters whether block styles should be loaded separately. * * Returning false loads all core block assets, regardless of whether they are rendered * in a page or not. Returning true loads core block assets only when they are rendered. * * @since 5.8.0 * * @param bool $load_separate_assets Whether separate assets will be loaded. * Default false (all block assets are loaded, even when not used). */ return apply_filters( 'should_load_separate_core_block_assets', false ); } /** * Checks whether block styles should be loaded only on-render. * * When this function returns true, other functions ensure that blocks only load their assets on-render. * When this function returns false, all block assets are loaded regardless of whether they are rendered in a page. * * The default return value depends on the result of {@see wp_should_load_separate_core_block_assets()}, which controls * whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' stylesheet. * * This only affects front end and not the block editor screens. * * @since 6.8.0 * @see wp_should_load_separate_core_block_assets() * * @return bool Whether to load block assets only when they are rendered. */ function wp_should_load_block_assets_on_demand() { if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) { return false; } /* * For backward compatibility, the default return value for this function is based on the return value of * `wp_should_load_separate_core_block_assets()`. Initially, this function used to control both of these concerns. */ $load_assets_on_demand = wp_should_load_separate_core_block_assets(); /** * Filters whether block styles should be loaded on demand. * * Returning false loads all block assets, regardless of whether they are rendered in a page or not. * Returning true loads block assets only when they are rendered. * * The default value of the filter depends on the result of {@see wp_should_load_separate_core_block_assets()}, * which controls whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' * stylesheet. * * @since 6.8.0 * * @param bool $load_assets_on_demand Whether to load block assets only when they are rendered. */ return apply_filters( 'should_load_block_assets_on_demand', $load_assets_on_demand ); } /** * Enqueues registered block scripts and styles, depending on current rendered * context (only enqueuing editor scripts while in context of the editor). * * @since 5.0.0 */ function wp_enqueue_registered_block_scripts_and_styles() { if ( wp_should_load_block_assets_on_demand() ) { return; } $load_editor_scripts_and_styles = is_admin() && wp_should_load_block_editor_scripts_and_styles(); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Block styles are only enqueued if they're registered. For core blocks, this is only the case if * `wp_should_load_separate_core_block_assets()` returns true. Otherwise they use the single combined * 'wp-block-library` stylesheet. See also `register_core_block_style_handles()`. * Since `wp_enqueue_style()` does not trigger warnings if the style is not registered, it is okay to not cater for * this behavior here and simply call `wp_enqueue_style()` unconditionally. */ foreach ( $block_registry->get_all_registered() as $block_name => $block_type ) { // Front-end and editor styles. foreach ( $block_type->style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } // Front-end and editor scripts. foreach ( $block_type->script_handles as $script_handle ) { wp_enqueue_script( $script_handle ); } if ( $load_editor_scripts_and_styles ) { // Editor styles. foreach ( $block_type->editor_style_handles as $editor_style_handle ) { wp_enqueue_style( $editor_style_handle ); } // Editor scripts. foreach ( $block_type->editor_script_handles as $editor_script_handle ) { wp_enqueue_script( $editor_script_handle ); } } } } /** * Function responsible for enqueuing the styles required for block styles functionality on the editor and on the frontend. * * @since 5.3.0 * * @global WP_Styles $wp_styles */ function enqueue_block_styles_assets() { global $wp_styles; $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { if ( isset( $style_properties['style_handle'] ) ) { // If the site loads block styles on demand, enqueue the stylesheet on render. if ( wp_should_load_block_assets_on_demand() ) { add_filter( 'render_block', static function ( $html, $block ) use ( $block_name, $style_properties ) { if ( $block['blockName'] === $block_name ) { wp_enqueue_style( $style_properties['style_handle'] ); } return $html; }, 10, 2 ); } else { wp_enqueue_style( $style_properties['style_handle'] ); } } if ( isset( $style_properties['inline_style'] ) ) { // Default to "wp-block-library". $handle = 'wp-block-library'; // If the site loads block styles on demand, check if the block has a stylesheet registered. if ( wp_should_load_block_assets_on_demand() ) { $block_stylesheet_handle = generate_block_asset_handle( $block_name, 'style' ); if ( isset( $wp_styles->registered[ $block_stylesheet_handle ] ) ) { $handle = $block_stylesheet_handle; } } // Add inline styles to the calculated handle. wp_add_inline_style( $handle, $style_properties['inline_style'] ); } } } } /** * Function responsible for enqueuing the assets required for block styles functionality on the editor. * * @since 5.3.0 */ function enqueue_editor_block_styles_assets() { $block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered(); $register_script_lines = array( '( function() {' ); foreach ( $block_styles as $block_name => $styles ) { foreach ( $styles as $style_properties ) { $block_style = array( 'name' => $style_properties['name'], 'label' => $style_properties['label'], ); if ( isset( $style_properties['is_default'] ) ) { $block_style['isDefault'] = $style_properties['is_default']; } $register_script_lines[] = sprintf( ' wp.blocks.registerBlockStyle( \'%s\', %s );', $block_name, wp_json_encode( $block_style, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); } } $register_script_lines[] = '} )();'; $inline_script = implode( "\n", $register_script_lines ); wp_register_script( 'wp-block-styles', false, array( 'wp-blocks' ), true, array( 'in_footer' => true ) ); wp_add_inline_script( 'wp-block-styles', $inline_script ); wp_enqueue_script( 'wp-block-styles' ); } /** * Enqueues the assets required for the block directory within the block editor. * * @since 5.5.0 */ function wp_enqueue_editor_block_directory_assets() { wp_enqueue_script( 'wp-block-directory' ); wp_enqueue_style( 'wp-block-directory' ); } /** * Enqueues the assets required for the format library within the block editor. * * @since 5.8.0 */ function wp_enqueue_editor_format_library_assets() { wp_enqueue_script( 'wp-format-library' ); wp_enqueue_style( 'wp-format-library' ); } /** * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag. * * Automatically injects type attribute if needed. * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String made of sanitized `<script>` tag attributes. */ function wp_sanitize_script_attributes( $attributes ) { $html5_script_support = is_admin() || current_theme_supports( 'html5', 'script' ); $attributes_string = ''; /* * If HTML5 script tag is supported, only the attribute name is added * to $attributes_string for entries with a boolean value, and that are true. */ foreach ( $attributes as $attribute_name => $attribute_value ) { if ( is_bool( $attribute_value ) ) { if ( $attribute_value ) { $attributes_string .= $html5_script_support ? ' ' . esc_attr( $attribute_name ) : sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ); } } else { $attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) ); } } return $attributes_string; } /** * Formats `<script>` loader tags. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * @return string String containing `<script>` opening and closing tags. */ function wp_get_script_tag( $attributes ) { if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. */ $attributes = apply_filters( 'wp_script_attributes', $attributes ); return sprintf( "<script%s></script>\n", wp_sanitize_script_attributes( $attributes ) ); } /** * Prints formatted `<script>` loader tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. */ function wp_print_script_tag( $attributes ) { echo wp_get_script_tag( $attributes ); } /** * Constructs an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. * @return string String containing inline JavaScript code wrapped around `<script>` tag. */ function wp_get_inline_script_tag( $data, $attributes = array() ) { $is_html5 = current_theme_supports( 'html5', 'script' ) || is_admin(); if ( ! isset( $attributes['type'] ) && ! $is_html5 ) { // Keep the type attribute as the first for legacy reasons (it has always been this way in core). $attributes = array_merge( array( 'type' => 'text/javascript' ), $attributes ); } /* * XHTML extracts the contents of the SCRIPT element and then the XML parser * decodes character references and other syntax elements. This can lead to * misinterpretation of the script contents or invalid XHTML documents. * * Wrapping the contents in a CDATA section instructs the XML parser not to * transform the contents of the SCRIPT element before passing them to the * JavaScript engine. * * Example: * * <script>console.log('…');</script> * * In an HTML document this would print "…" to the console, * but in an XHTML document it would print "…" to the console. * * <script>console.log('An image is <img> in HTML');</script> * * In an HTML document this would print "An image is <img> in HTML", * but it's an invalid XHTML document because it interprets the `<img>` * as an empty tag missing its closing `/`. * * @see https://www.w3.org/TR/xhtml1/#h-4.8 */ if ( ! $is_html5 && ( ! isset( $attributes['type'] ) || 'module' === $attributes['type'] || str_contains( $attributes['type'], 'javascript' ) || str_contains( $attributes['type'], 'ecmascript' ) || str_contains( $attributes['type'], 'jscript' ) || str_contains( $attributes['type'], 'livescript' ) ) ) { /* * If the string `]]>` exists within the JavaScript it would break * out of any wrapping CDATA section added here, so to start, it's * necessary to escape that sequence which requires splitting the * content into two CDATA sections wherever it's found. * * Note: it's only necessary to escape the closing `]]>` because * an additional `<![CDATA[` leaves the contents unchanged. */ $data = str_replace( ']]>', ']]]]><![CDATA[>', $data ); // Wrap the entire escaped script inside a CDATA section. $data = sprintf( "/* <![CDATA[ */\n%s\n/* ]]> */", $data ); } $data = "\n" . trim( $data, "\n\r " ) . "\n"; /** * Filters attributes to be added to a script tag. * * @since 5.7.0 * * @param array $attributes Key-value pairs representing `<script>` tag attributes. * Only the attribute name is added to the `<script>` tag for * entries with a boolean value, and that are true. * @param string $data Inline data. */ $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $data ); } /** * Prints an inline script tag. * * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter. * Automatically injects type attribute if needed. * * @since 5.7.0 * * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. * @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes. */ function wp_print_inline_script_tag( $data, $attributes = array() ) { echo wp_get_inline_script_tag( $data, $attributes ); } /** * Allows small styles to be inlined. * * This improves performance and sustainability, and is opt-in. Stylesheets can opt in * by adding `path` data using `wp_style_add_data`, and defining the file's absolute path: * * wp_style_add_data( $style_handle, 'path', $file_path ); * * @since 5.8.0 * * @global WP_Styles $wp_styles */ function wp_maybe_inline_styles() { global $wp_styles; $total_inline_limit = 40000; /** * The maximum size of inlined styles in bytes. * * @since 5.8.0 * @since 6.9.0 The default limit increased from 20K to 40K. * * @param int $total_inline_limit The file-size threshold, in bytes. Default 40000. */ $total_inline_limit = apply_filters( 'styles_inline_size_limit', $total_inline_limit ); $styles = array(); // Build an array of styles that have a path defined. foreach ( $wp_styles->queue as $handle ) { if ( ! isset( $wp_styles->registered[ $handle ] ) ) { continue; } $src = $wp_styles->registered[ $handle ]->src; $path = $wp_styles->get_data( $handle, 'path' ); if ( $path && $src ) { $size = wp_filesize( $path ); if ( ! $size ) { continue; } $styles[] = array( 'handle' => $handle, 'src' => $src, 'path' => $path, 'size' => $size, ); } } if ( ! empty( $styles ) ) { // Reorder styles array based on size. usort( $styles, static function ( $a, $b ) { return ( $a['size'] <= $b['size'] ) ? -1 : 1; } ); /* * The total inlined size. * * On each iteration of the loop, if a style gets added inline the value of this var increases * to reflect the total size of inlined styles. */ $total_inline_size = 0; // Loop styles. foreach ( $styles as $style ) { // Size check. Since styles are ordered by size, we can break the loop. if ( $total_inline_size + $style['size'] > $total_inline_limit ) { break; } // Get the styles if we don't already have them. $style['css'] = file_get_contents( $style['path'] ); /* * Check if the style contains relative URLs that need to be modified. * URLs relative to the stylesheet's path should be converted to relative to the site's root. */ $style['css'] = _wp_normalize_relative_css_links( $style['css'], $style['src'] ); // Keep track of the original `src` for the style that was inlined so that the `sourceURL` comment can be added. $wp_styles->add_data( $style['handle'], 'inlined_src', $style['src'] ); // Set `src` to `false` and add styles inline. $wp_styles->registered[ $style['handle'] ]->src = false; if ( empty( $wp_styles->registered[ $style['handle'] ]->extra['after'] ) ) { $wp_styles->registered[ $style['handle'] ]->extra['after'] = array(); } array_unshift( $wp_styles->registered[ $style['handle'] ]->extra['after'], $style['css'] ); // Add the styles size to the $total_inline_size var. $total_inline_size += (int) $style['size']; } } } /** * Makes URLs relative to the WordPress installation. * * @since 5.9.0 * @access private * * @param string $css The CSS to make URLs relative to the WordPress installation. * @param string $stylesheet_url The URL to the stylesheet. * * @return string The CSS with URLs made relative to the WordPress installation. */ function _wp_normalize_relative_css_links( $css, $stylesheet_url ) { return preg_replace_callback( '#(url\s*\(\s*[\'"]?\s*)([^\'"\)]+)#', static function ( $matches ) use ( $stylesheet_url ) { list( , $prefix, $url ) = $matches; // Short-circuit if the URL does not require normalization. if ( str_starts_with( $url, 'http:' ) || str_starts_with( $url, 'https:' ) || str_starts_with( $url, '/' ) || str_starts_with( $url, '#' ) || str_starts_with( $url, 'data:' ) ) { return $matches[0]; } // Build the absolute URL. $absolute_url = dirname( $stylesheet_url ) . '/' . $url; $absolute_url = str_replace( '/./', '/', $absolute_url ); // Convert to URL related to the site root. $url = wp_make_link_relative( $absolute_url ); return $prefix . $url; }, $css ); } /** * Function that enqueues the CSS Custom Properties coming from theme.json. * * @since 5.9.0 */ function wp_enqueue_global_styles_css_custom_properties() { wp_register_style( 'global-styles-css-custom-properties', false ); wp_add_inline_style( 'global-styles-css-custom-properties', wp_get_global_stylesheet( array( 'variables' ) ) ); wp_enqueue_style( 'global-styles-css-custom-properties' ); } /** * Hooks inline styles in the proper place, depending on the active theme. * * @since 5.9.1 * @since 6.1.0 Added the `$priority` parameter. * * For block themes, styles are loaded in the head. * For classic ones, styles are loaded in the body because the wp_head action happens before render_block. * * @link https://core.trac.wordpress.org/ticket/53494. * * @param string $style String containing the CSS styles to be added. * @param int $priority To set the priority for the add_action. */ function wp_enqueue_block_support_styles( $style, $priority = 10 ) { $action_hook_name = 'wp_footer'; if ( wp_is_block_theme() ) { $action_hook_name = 'wp_head'; } add_action( $action_hook_name, static function () use ( $style ) { echo "<style>$style</style>\n"; }, $priority ); } /** * Fetches, processes and compiles stored core styles, then combines and renders them to the page. * Styles are stored via the style engine API. * * @link https://developer.wordpress.org/block-editor/reference-guides/packages/packages-style-engine/ * * @since 6.1.0 * * @param array $options { * Optional. An array of options to pass to wp_style_engine_get_stylesheet_from_context(). * Default empty array. * * @type bool $optimize Whether to optimize the CSS output, e.g., combine rules. * Default false. * @type bool $prettify Whether to add new lines and indents to output. * Default to whether the `SCRIPT_DEBUG` constant is defined. * } */ function wp_enqueue_stored_styles( $options = array() ) { // Note: Styles printed at wp_footer for classic themes may still end up in the head due to wp_load_classic_theme_block_styles_on_demand(). $is_block_theme = wp_is_block_theme(); $is_classic_theme = ! $is_block_theme; /* * For block themes, this function prints stored styles in the header. * For classic themes, in the footer. */ if ( ( $is_block_theme && doing_action( 'wp_footer' ) ) || ( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) ) ) { return; } $core_styles_keys = array( 'block-supports' ); $compiled_core_stylesheet = ''; $style_tag_id = 'core'; // Adds comment if code is prettified to identify core styles sections in debugging. $should_prettify = isset( $options['prettify'] ) ? true === $options['prettify'] : defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG; foreach ( $core_styles_keys as $style_key ) { if ( $should_prettify ) { $compiled_core_stylesheet .= "/**\n * Core styles: $style_key\n */\n"; } // Chains core store ids to signify what the styles contain. $style_tag_id .= '-' . $style_key; $compiled_core_stylesheet .= wp_style_engine_get_stylesheet_from_context( $style_key, $options ); } // Combines Core styles. if ( ! empty( $compiled_core_stylesheet ) ) { wp_register_style( $style_tag_id, false ); wp_add_inline_style( $style_tag_id, $compiled_core_stylesheet ); wp_enqueue_style( $style_tag_id ); } // Prints out any other stores registered by themes or otherwise. $additional_stores = WP_Style_Engine_CSS_Rules_Store::get_stores(); foreach ( array_keys( $additional_stores ) as $store_name ) { if ( in_array( $store_name, $core_styles_keys, true ) ) { continue; } $styles = wp_style_engine_get_stylesheet_from_context( $store_name, $options ); if ( ! empty( $styles ) ) { $key = "wp-style-engine-$store_name"; wp_register_style( $key, false ); wp_add_inline_style( $key, $styles ); wp_enqueue_style( $key ); } } } /** * Enqueues a stylesheet for a specific block. * * If the theme has opted-in to load block styles on demand, * then the stylesheet will be enqueued on-render, * otherwise when the block inits. * * @since 5.9.0 * * @param string $block_name The block-name, including namespace. * @param array $args { * An array of arguments. See wp_register_style() for full information about each argument. * * @type string $handle The handle for the stylesheet. * @type string|false $src The source URL of the stylesheet. * @type string[] $deps Array of registered stylesheet handles this stylesheet depends on. * @type string|bool|null $ver Stylesheet version number. * @type string $media The media for which this stylesheet has been defined. * @type string|null $path Absolute path to the stylesheet, so that it can potentially be inlined. * } */ function wp_enqueue_block_style( $block_name, $args ) { $args = wp_parse_args( $args, array( 'handle' => '', 'src' => '', 'deps' => array(), 'ver' => false, 'media' => 'all', ) ); /** * Callback function to register and enqueue styles. * * @param string $content When the callback is used for the render_block filter, * the content needs to be returned so the function parameter * is to ensure the content exists. * @return string Block content. */ $callback = static function ( $content ) use ( $args ) { // Register the stylesheet. if ( ! empty( $args['src'] ) ) { wp_register_style( $args['handle'], $args['src'], $args['deps'], $args['ver'], $args['media'] ); } // Add `path` data if provided. if ( isset( $args['path'] ) ) { wp_style_add_data( $args['handle'], 'path', $args['path'] ); // Get the RTL file path. $rtl_file_path = str_replace( '.css', '-rtl.css', $args['path'] ); // Add RTL stylesheet. if ( file_exists( $rtl_file_path ) ) { wp_style_add_data( $args['handle'], 'rtl', 'replace' ); if ( is_rtl() ) { wp_style_add_data( $args['handle'], 'path', $rtl_file_path ); } } } // Enqueue the stylesheet. wp_enqueue_style( $args['handle'] ); return $content; }; $hook = did_action( 'wp_enqueue_scripts' ) ? 'wp_footer' : 'wp_enqueue_scripts'; if ( wp_should_load_block_assets_on_demand() ) { /** * Callback function to register and enqueue styles. * * @param string $content The block content. * @param array $block The full block, including name and attributes. * @return string Block content. */ $callback_separate = static function ( $content, $block ) use ( $block_name, $callback ) { if ( ! empty( $block['blockName'] ) && $block_name === $block['blockName'] ) { return $callback( $content ); } return $content; }; /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( 'render_block', $callback_separate, 10, 2 ); return; } /* * The filter's callback here is an anonymous function because * using a named function in this case is not possible. * * The function cannot be unhooked, however, users are still able * to dequeue the stylesheets registered/enqueued by the callback * which is why in this case, using an anonymous function * was deemed acceptable. */ add_filter( $hook, $callback ); // Enqueue assets in the editor. add_action( 'enqueue_block_assets', $callback ); } /** * Loads classic theme styles on classic themes in the frontend. * * This is used for backwards compatibility for Button and File blocks specifically. * * @since 6.1.0 * @since 6.2.0 Added File block styles. * @since 6.8.0 Moved stylesheet registration outside of this function. */ function wp_enqueue_classic_theme_styles() { if ( ! wp_theme_has_theme_json() ) { wp_enqueue_style( 'classic-theme-styles' ); } } /** * Enqueues the assets required for the Command Palette. * * @since 6.9.0 * * @global array $menu * @global array $submenu */ function wp_enqueue_command_palette_assets() { global $menu, $submenu; $command_palette_settings = array( 'is_network_admin' => is_network_admin(), ); if ( $menu ) { $menu_commands = array(); foreach ( $menu as $menu_item ) { if ( empty( $menu_item[0] ) || ! empty( $menu_item[1] ) && ! current_user_can( $menu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $menu_label = $menu_item[0]; while ( preg_match( '/<[^>]*>/', $menu_label ) ) { $menu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $menu_label ); } $menu_label = trim( $menu_label ); $menu_url = ''; $menu_slug = $menu_item[2]; if ( preg_match( '/\.php($|\?)/', $menu_slug ) || wp_http_validate_url( $menu_slug ) ) { $menu_url = $menu_slug; } elseif ( ! empty( menu_page_url( $menu_slug, false ) ) ) { $menu_url = html_entity_decode( menu_page_url( $menu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $menu_url ) { $menu_commands[] = array( 'label' => $menu_label, 'url' => $menu_url, 'name' => $menu_slug, ); } if ( array_key_exists( $menu_slug, $submenu ) ) { foreach ( $submenu[ $menu_slug ] as $submenu_item ) { if ( empty( $submenu_item[0] ) || ! empty( $submenu_item[1] ) && ! current_user_can( $submenu_item[1] ) ) { continue; } // Remove all HTML tags and their contents. $submenu_label = $submenu_item[0]; while ( preg_match( '/<[^>]*>/', $submenu_label ) ) { $submenu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $submenu_label ); } $submenu_label = trim( $submenu_label ); $submenu_url = ''; $submenu_slug = $submenu_item[2]; if ( preg_match( '/\.php($|\?)/', $submenu_slug ) || wp_http_validate_url( $submenu_slug ) ) { $submenu_url = $submenu_slug; } elseif ( ! empty( menu_page_url( $submenu_slug, false ) ) ) { $submenu_url = html_entity_decode( menu_page_url( $submenu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( $submenu_url ) { $menu_commands[] = array( 'label' => sprintf( /* translators: 1: Menu label, 2: Submenu label. */ __( '%1$s > %2$s' ), $menu_label, $submenu_label ), 'url' => $submenu_url, 'name' => $menu_slug . '-' . $submenu_item[2], ); } } } } $command_palette_settings['menu_commands'] = $menu_commands; } wp_enqueue_script( 'wp-commands' ); wp_enqueue_style( 'wp-commands' ); wp_enqueue_script( 'wp-core-commands' ); wp_add_inline_script( 'wp-core-commands', sprintf( 'wp.coreCommands.initializeCommandPalette( %s );', wp_json_encode( $command_palette_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); } /** * Removes leading and trailing _empty_ script tags. * * This is a helper meant to be used for literal script tag construction * within `wp_get_inline_script_tag()` or `wp_print_inline_script_tag()`. * It removes the literal values of "<script>" and "</script>" from * around an inline script after trimming whitespace. Typically this * is used in conjunction with output buffering, where `ob_get_clean()` * is passed as the `$contents` argument. * * Example: * * // Strips exact literal empty SCRIPT tags. * $js = '<script>sayHello();</script>; * 'sayHello();' === wp_remove_surrounding_empty_script_tags( $js ); * * // Otherwise if anything is different it warns in the JS console. * $js = '<script type="text/javascript">console.log( "hi" );</script>'; * 'console.error( ... )' === wp_remove_surrounding_empty_script_tags( $js ); * * @since 6.4.0 * @access private * * @see wp_print_inline_script_tag() * @see wp_get_inline_script_tag() * * @param string $contents Script body with manually created SCRIPT tag literals. * @return string Script body without surrounding script tag literals, or * original contents if both exact literals aren't present. */ function wp_remove_surrounding_empty_script_tags( $contents ) { $contents = trim( $contents ); $opener = '<SCRIPT>'; $closer = '</SCRIPT>'; if ( strlen( $contents ) > strlen( $opener ) + strlen( $closer ) && strtoupper( substr( $contents, 0, strlen( $opener ) ) ) === $opener && strtoupper( substr( $contents, -strlen( $closer ) ) ) === $closer ) { return substr( $contents, strlen( $opener ), -strlen( $closer ) ); } else { $error_message = __( 'Expected string to start with script tag (without attributes) and end with script tag, with optional whitespace.' ); _doing_it_wrong( __FUNCTION__, $error_message, '6.4' ); return sprintf( 'console.error(%s)', wp_json_encode( sprintf( /* translators: %s: wp_remove_surrounding_empty_script_tags() */ __( 'Function %s used incorrectly in PHP.' ), 'wp_remove_surrounding_empty_script_tags()' ) . ' ' . $error_message ) ); } } /** * Adds hooks to load block styles on demand in classic themes. * * @since 6.9.0 * * @see _add_default_theme_supports() */ function wp_load_classic_theme_block_styles_on_demand() { // This is not relevant to block themes, as they are opted in to loading separate styles on demand via _add_default_theme_supports(). if ( wp_is_block_theme() ) { return; } /* * Make sure that wp_should_output_buffer_template_for_enhancement() returns true even if there aren't any * `wp_template_enhancement_output_buffer` filters added, but do so at priority zero so that applications which * wish to stream responses can more easily turn this off. */ add_filter( 'wp_should_output_buffer_template_for_enhancement', '__return_true', 0 ); // If a site has opted out of the template enhancement output buffer, then bail. if ( ! wp_should_output_buffer_template_for_enhancement() ) { return; } // The following two filters are added by default for block themes in _add_default_theme_supports(). /* * Load separate block styles so that the large block-library stylesheet is not enqueued unconditionally, and so * that block-specific styles will only be enqueued when they are used on the page. A priority of zero allows for * this to be easily overridden by themes which wish to opt out. If a site has explicitly opted out of loading * separate block styles, then abort. */ add_filter( 'should_load_separate_core_block_assets', '__return_true', 0 ); if ( ! wp_should_load_separate_core_block_assets() ) { return; } /* * Also ensure that block assets are loaded on demand (although the default value is from should_load_separate_core_block_assets). * As above, a priority of zero allows for this to be easily overridden by themes which wish to opt out. If a site * has explicitly opted out of loading block styles on demand, then abort. */ add_filter( 'should_load_block_assets_on_demand', '__return_true', 0 ); if ( ! wp_should_load_block_assets_on_demand() ) { return; } // Add hooks which require the presence of the output buffer. Ideally the above two filters could be added here, but they run too early. add_action( 'wp_template_enhancement_output_buffer_started', 'wp_hoist_late_printed_styles' ); } /** * Adds the hooks needed for CSS output to be delayed until after the content of the page has been established. * * @since 6.9.0 * * @see wp_load_classic_theme_block_styles_on_demand() * @see _wp_footer_scripts() */ function wp_hoist_late_printed_styles() { // Skip the embed template on-demand styles aren't relevant, and there is no wp_head action. if ( is_embed() ) { return; } // Capture the styles enqueued at the enqueue_block_assets action, so that non-core block styles and global styles can be inserted afterwards during hoisting. $style_handles_at_enqueue_block_assets = array(); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = wp_styles()->queue; }, PHP_INT_MIN ); add_action( 'enqueue_block_assets', static function () use ( &$style_handles_at_enqueue_block_assets ) { $style_handles_at_enqueue_block_assets = array_values( array_diff( wp_styles()->queue, $style_handles_at_enqueue_block_assets ) ); }, PHP_INT_MAX ); /* * Add a placeholder comment into the inline styles for wp-block-library, after which the late block styles * can be hoisted from the footer to be printed in the header by means of a filter below on the template enhancement * output buffer. The `wp_print_styles` action is used to ensure that if the inline style gets replaced at * `enqueue_block_assets` or `wp_enqueue_scripts` that the placeholder will be sure to be present. */ $placeholder = sprintf( '/*%s*/', uniqid( 'wp_block_styles_on_demand_placeholder:' ) ); add_action( 'wp_print_styles', static function () use ( $placeholder ) { wp_add_inline_style( 'wp-block-library', $placeholder ); } ); /* * Create a substitute for `print_late_styles()` which is aware of block styles. This substitute does not print * the styles, but it captures what would be printed for block styles and non-block styles so that they can be * later hoisted to the HEAD in the template enhancement output buffer. This will run at `wp_print_footer_scripts` * before `print_footer_scripts()` is called. */ $printed_core_block_styles = ''; $printed_other_block_styles = ''; $printed_global_styles = ''; $printed_late_styles = ''; $capture_late_styles = static function () use ( &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Gather the styles related to on-demand block enqueues. $all_core_block_style_handles = array(); $all_other_block_style_handles = array(); foreach ( WP_Block_Type_Registry::get_instance()->get_all_registered() as $block_type ) { if ( str_starts_with( $block_type->name, 'core/' ) ) { foreach ( $block_type->style_handles as $style_handle ) { $all_core_block_style_handles[] = $style_handle; } } else { foreach ( $block_type->style_handles as $style_handle ) { $all_other_block_style_handles[] = $style_handle; } } } /* * First print all styles related to blocks which should be inserted right after the wp-block-library stylesheet * to preserve the CSS cascade. The logic in this `if` statement is derived from `wp_print_styles()`. */ $enqueued_core_block_styles = array_values( array_intersect( $all_core_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_core_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_core_block_styles ); $printed_core_block_styles = ob_get_clean(); } // Non-core block styles get printed after the classic-theme-styles stylesheet. $enqueued_other_block_styles = array_values( array_intersect( $all_other_block_style_handles, wp_styles()->queue ) ); if ( count( $enqueued_other_block_styles ) > 0 ) { ob_start(); wp_styles()->do_items( $enqueued_other_block_styles ); $printed_other_block_styles = ob_get_clean(); } // Capture the global-styles so that it can be printed separately after classic-theme-styles and other styles enqueued at enqueue_block_assets. if ( wp_style_is( 'global-styles' ) ) { ob_start(); wp_styles()->do_items( array( 'global-styles' ) ); $printed_global_styles = ob_get_clean(); } /* * Print all remaining styles not related to blocks. This contains a subset of the logic from * `print_late_styles()`, without admin-specific logic and the `print_late_styles` filter to control whether * late styles are printed (since they are being hoisted anyway). */ ob_start(); wp_styles()->do_footer_items(); $printed_late_styles = ob_get_clean(); }; /* * If `_wp_footer_scripts()` was unhooked from the `wp_print_footer_scripts` action, or if `wp_print_footer_scripts()` * was unhooked from running at the `wp_footer` action, then only add a callback to `wp_footer` which will capture the * late-printed styles. * * Otherwise, in the normal case where `_wp_footer_scripts()` will run at the `wp_print_footer_scripts` action, then * swap out `_wp_footer_scripts()` with an alternative which captures the printed styles (for hoisting to HEAD) before * proceeding with printing the footer scripts. */ $wp_print_footer_scripts_priority = has_action( 'wp_print_footer_scripts', '_wp_footer_scripts' ); if ( false === $wp_print_footer_scripts_priority || false === has_action( 'wp_footer', 'wp_print_footer_scripts' ) ) { // The normal priority for wp_print_footer_scripts() is to run at 20. add_action( 'wp_footer', $capture_late_styles, 20 ); } else { remove_action( 'wp_print_footer_scripts', '_wp_footer_scripts', $wp_print_footer_scripts_priority ); add_action( 'wp_print_footer_scripts', static function () use ( $capture_late_styles ) { $capture_late_styles(); print_footer_scripts(); }, $wp_print_footer_scripts_priority ); } // Replace placeholder with the captured late styles. add_filter( 'wp_template_enhancement_output_buffer', static function ( $buffer ) use ( $placeholder, &$style_handles_at_enqueue_block_assets, &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) { // Anonymous subclass of WP_HTML_Tag_Processor which exposes underlying bookmark spans. $processor = new class( $buffer ) extends WP_HTML_Tag_Processor { /** * Gets the span for the current token. * * @return WP_HTML_Span Current token span. */ private function get_span(): WP_HTML_Span { // Note: This call will never fail according to the usage of this class, given it is always called after ::next_tag() is true. $this->set_bookmark( 'here' ); return $this->bookmarks['here']; } /** * Inserts text before the current token. * * @param string $text Text to insert. */ public function insert_before( string $text ) { $this->lexical_updates[] = new WP_HTML_Text_Replacement( $this->get_span()->start, 0, $text ); } /** * Inserts text after the current token. * * @param string $text Text to insert. */ public function insert_after( string $text ) { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start + $span->length, 0, $text ); } /** * Removes the current token. */ public function remove() { $span = $this->get_span(); $this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start, $span->length, '' ); } }; // Locate the insertion points in the HEAD. while ( $processor->next_tag( array( 'tag_closers' => 'visit' ) ) ) { if ( 'STYLE' === $processor->get_tag() && 'wp-block-library-inline-css' === $processor->get_attribute( 'id' ) ) { $processor->set_bookmark( 'wp_block_library' ); } elseif ( 'HEAD' === $processor->get_tag() && $processor->is_tag_closer() ) { $processor->set_bookmark( 'head_end' ); break; } elseif ( ( 'STYLE' === $processor->get_tag() || 'LINK' === $processor->get_tag() ) && $processor->get_attribute( 'id' ) ) { $id = $processor->get_attribute( 'id' ); $handle = null; if ( 'STYLE' === $processor->get_tag() ) { if ( preg_match( '/^(.+)-inline-css$/', $id, $matches ) ) { $handle = $matches[1]; } } elseif ( preg_match( '/^(.+)-css$/', $id, $matches ) ) { $handle = $matches[1]; } if ( 'classic-theme-styles' === $handle ) { $processor->set_bookmark( 'classic_theme_styles' ); } if ( $handle && in_array( $handle, $style_handles_at_enqueue_block_assets, true ) ) { if ( ! $processor->has_bookmark( 'first_style_at_enqueue_block_assets' ) ) { $processor->set_bookmark( 'first_style_at_enqueue_block_assets' ); } $processor->set_bookmark( 'last_style_at_enqueue_block_assets' ); } } } /* * Insert block styles right after wp-block-library (if it is present). The placeholder CSS comment will * always be added to the wp-block-library inline style since it gets printed at `wp_head` before the blocks * are rendered. This means that there may not actually be any block styles to hoist from the footer to * insert after this inline style. The placeholder CSS comment needs to be added so that the inline style * gets printed, but if the resulting inline style is empty after the placeholder is removed, then the * inline style is removed. */ if ( $processor->has_bookmark( 'wp_block_library' ) ) { $processor->seek( 'wp_block_library' ); $css_text = $processor->get_modifiable_text(); /* * A placeholder CSS comment is added to the inline style in order to force an inline STYLE tag to * be printed. Now that we've located the inline style, the placeholder comment can be removed. If * there is no CSS left in the STYLE tag after removing the placeholder (aside from the sourceURL * comment), then remove the STYLE entirely. */ $css_text = str_replace( $placeholder, '', $css_text ); if ( preg_match( ':^/\*# sourceURL=\S+? \*/$:', trim( $css_text ) ) ) { $processor->remove(); } else { $processor->set_modifiable_text( $css_text ); } $inserted_after = $printed_core_block_styles; $printed_core_block_styles = ''; // If the classic-theme-styles is absent, then the third-party block styles cannot be inserted after it, so they get inserted here. if ( ! $processor->has_bookmark( 'classic_theme_styles' ) ) { if ( '' !== $printed_other_block_styles ) { $inserted_after .= $printed_other_block_styles; } $printed_other_block_styles = ''; // If there aren't any other styles printed at enqueue_block_assets either, then the global styles need to also be printed here. if ( ! $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { if ( '' !== $printed_global_styles ) { $inserted_after .= $printed_global_styles; } $printed_global_styles = ''; } } if ( '' !== $inserted_after ) { $processor->insert_after( "\n" . $inserted_after ); } } // Insert global-styles after the styles enqueued at enqueue_block_assets. if ( '' !== $printed_global_styles && $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) { $processor->seek( 'last_style_at_enqueue_block_assets' ); $processor->insert_after( "\n" . $printed_global_styles ); $printed_global_styles = ''; if ( ! $processor->has_bookmark( 'classic_theme_styles' ) && '' !== $printed_other_block_styles ) { $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } } // Insert third-party block styles right after the classic-theme-styles. if ( '' !== $printed_other_block_styles && $processor->has_bookmark( 'classic_theme_styles' ) ) { $processor->seek( 'classic_theme_styles' ); $processor->insert_after( "\n" . $printed_other_block_styles ); $printed_other_block_styles = ''; } // Print all remaining styles. $remaining_styles = $printed_core_block_styles . $printed_other_block_styles . $printed_global_styles . $printed_late_styles; if ( $remaining_styles && $processor->has_bookmark( 'head_end' ) ) { $processor->seek( 'head_end' ); $processor->insert_before( $remaining_styles . "\n" ); } return $processor->get_updated_html(); } ); } /** * Return the corresponding JavaScript `dataset` name for an attribute * if it represents a custom data attribute, or `null` if not. * * Custom data attributes appear in an element's `dataset` property in a * browser, but there's a specific way the names are translated from HTML * into JavaScript. This function indicates how the name would appear in * JavaScript if a browser would recognize it as a custom data attribute. * * Example: * * // Dash-letter pairs turn into capital letters. * 'postId' === wp_js_dataset_name( 'data-post-id' ); * 'Before' === wp_js_dataset_name( 'data--before' ); * '-One--Two---' === wp_js_dataset_name( 'data---one---two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_js_dataset_name( 'post-id' ); * null === wp_js_dataset_name( 'data' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * '' === wp_js_dataset_name( 'data-' ); * 0 === strlen( wp_js_dataset_name( 'data-' ) ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_html_custom_data_attribute_name() * * @param string $html_attribute_name Raw attribute name as found in the source HTML. * @return string|null Transformed `dataset` name, if interpretable as a custom data attribute, else `null`. */ function wp_js_dataset_name( string $html_attribute_name ): ?string { if ( 0 !== substr_compare( $html_attribute_name, 'data-', 0, 5, true ) ) { return null; } $end = strlen( $html_attribute_name ); /* * If it contains characters which would end the attribute name parsing then * something else is wrong and this contains more than just an attribute name. */ if ( ( $end - 5 ) !== strcspn( $html_attribute_name, "=/> \t\f\r\n", 5 ) ) { return null; } /** * > For each name in list, for each U+002D HYPHEN-MINUS character (-) * > in the name that is followed by an ASCII lower alpha, remove the * > U+002D HYPHEN-MINUS character (-) and replace the character that * > followed it by the same character converted to ASCII uppercase. * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs */ $custom_name = ''; $at = 5; $was_at = $at; while ( $at < $end ) { $next_dash_at = strpos( $html_attribute_name, '-', $at ); if ( false === $next_dash_at || $next_dash_at === $end - 1 ) { break; } // Transform `-a` to `A`, for example. $c = $html_attribute_name[ $next_dash_at + 1 ]; if ( ( $c >= 'A' && $c <= 'Z' ) || ( $c >= 'a' && $c <= 'z' ) ) { $prefix = substr( $html_attribute_name, $was_at, $next_dash_at - $was_at ); $custom_name .= strtolower( $prefix ); $custom_name .= strtoupper( $c ); $at = $next_dash_at + 2; $was_at = $at; continue; } $at = $next_dash_at + 1; } // If nothing has been added it means there are no dash-letter pairs; return the name as-is. return '' === $custom_name ? strtolower( substr( $html_attribute_name, 5 ) ) : ( $custom_name . strtolower( substr( $html_attribute_name, $was_at ) ) ); } /** * Returns a corresponding HTML attribute name for the given name, * if that name were found in a JS element’s `dataset` property. * * Example: * * 'data-post-id' === wp_html_custom_data_attribute_name( 'postId' ); * 'data--before' === wp_html_custom_data_attribute_name( 'Before' ); * 'data---one---two---' === wp_html_custom_data_attribute_name( '-One--Two---' ); * * // Not every attribute name will be interpreted as a custom data attribute. * null === wp_html_custom_data_attribute_name( '/not-an-attribute/' ); * null === wp_html_custom_data_attribute_name( 'no spaces' ); * * // Some very surprising names will; for example, a property whose name is the empty string. * 'data-' === wp_html_custom_data_attribute_name( '' ); * * @since 6.9.0 * * @see https://html.spec.whatwg.org/#concept-domstringmap-pairs * @see \wp_js_dataset_name() * * @param string $js_dataset_name Name of JS `dataset` property to transform. * @return string|null Corresponding name of an HTML custom data attribute for the given dataset name, * if possible to represent in HTML, otherwise `null`. */ function wp_html_custom_data_attribute_name( string $js_dataset_name ): ?string { $end = strlen( $js_dataset_name ); if ( 0 === $end ) { return 'data-'; } /* * If it contains characters which would end the attribute name parsing then * something it’s not possible to represent this in HTML. */ if ( strcspn( $js_dataset_name, "=/> \t\f\r\n" ) !== $end ) { return null; } $html_name = 'data-'; $at = 0; $was_at = $at; while ( $at < $end ) { $next_upper_after = strcspn( $js_dataset_name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', $at ); $next_upper_at = $at + $next_upper_after; if ( $next_upper_at >= $end ) { break; } $prefix = substr( $js_dataset_name, $was_at, $next_upper_at - $was_at ); $html_name .= strtolower( $prefix ); $html_name .= '-' . strtolower( $js_dataset_name[ $next_upper_at ] ); $at = $next_upper_at + 1; $was_at = $at; } if ( $was_at < $end ) { $html_name .= strtolower( substr( $js_dataset_name, $was_at ) ); } return $html_name; } HTTP/https-detection-20260605141018-20260607120417.php 0000666 00000013341 15226703613 0014131 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606103247-20260606142732.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/default-widgets-20260605084036.php 0000666 00000004367 15226703613 0012536 0 ustar 00 <?php /** * Widget API: Default core widgets * * @package WordPress * @subpackage Widgets * @since 2.8.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } /** WP_Widget_Pages class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-pages.php'; /** WP_Widget_Links class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-links.php'; /** WP_Widget_Search class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-search.php'; /** WP_Widget_Archives class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-archives.php'; /** WP_Widget_Media class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media.php'; /** WP_Widget_Media_Audio class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-audio.php'; /** WP_Widget_Media_Image class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-image.php'; /** WP_Widget_Media_Video class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-video.php'; /** WP_Widget_Media_Gallery class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-gallery.php'; /** WP_Widget_Meta class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-meta.php'; /** WP_Widget_Calendar class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-calendar.php'; /** WP_Widget_Text class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-text.php'; /** WP_Widget_Categories class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-categories.php'; /** WP_Widget_Recent_Posts class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-recent-posts.php'; /** WP_Widget_Recent_Comments class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-recent-comments.php'; /** WP_Widget_RSS class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-rss.php'; /** WP_Widget_Tag_Cloud class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-tag-cloud.php'; /** WP_Nav_Menu_Widget class */ require_once ABSPATH . WPINC . '/widgets/class-wp-nav-menu-widget.php'; /** WP_Widget_Custom_HTML class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-custom-html.php'; /** WP_Widget_Block class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-block.php'; HTTP/https-migration-20260605101413-20260608172533.php 0000666 00000011205 15226703613 0014143 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260607133407-20260610191518.php 0000666 00000011205 15226703613 0014152 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606074002.php 0000666 00000011205 15226703613 0012555 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605183410.php 0000666 00000011205 15226703613 0012560 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605171026-20260609122416.php 0000666 00000011205 15226703613 0014146 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Parser-20260605065516.php 0000666 00000035551 15226703613 0010703 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Response Parser * @template Psr7Compatible of bool */ class Parser { /** * HTTP Version * * @var float */ public $http_version = 0.0; /** * Status code * * @var int */ public $status_code = 0; /** * Reason phrase * * @var string */ public $reason = ''; /** * @var Psr7Compatible whether headers are compatible with PSR-7 format. */ private $psr7Compatible; /** * Key/value pairs of the headers * * @var (Psr7Compatible is true ? array<string, non-empty-array<string>> : array<string, string>) */ public $headers = []; /** * Body of the response * * @var string */ public $body = ''; private const STATE_HTTP_VERSION = 'http_version'; private const STATE_STATUS = 'status'; private const STATE_REASON = 'reason'; private const STATE_NEW_LINE = 'new_line'; private const STATE_BODY = 'body'; private const STATE_NAME = 'name'; private const STATE_VALUE = 'value'; private const STATE_VALUE_CHAR = 'value_char'; private const STATE_QUOTE = 'quote'; private const STATE_QUOTE_ESCAPED = 'quote_escaped'; private const STATE_QUOTE_CHAR = 'quote_char'; private const STATE_CHUNKED = 'chunked'; private const STATE_EMIT = 'emit'; private const STATE_ERROR = false; /** * Current state of the state machine * * @var self::STATE_* */ protected $state = self::STATE_HTTP_VERSION; /** * Input data * * @var string */ protected $data = ''; /** * Input data length (to avoid calling strlen() everytime this is needed) * * @var int */ protected $data_length = 0; /** * Current position of the pointer * * @var int */ protected $position = 0; /** * Name of the header currently being parsed * * @var string */ protected $name = ''; /** * Value of the header currently being parsed * * @var string */ protected $value = ''; /** * Create an instance of the class with the input data * * @param string $data Input data * @param Psr7Compatible $psr7Compatible Whether the data types are in format compatible with PSR-7. */ public function __construct(string $data, bool $psr7Compatible = false) { $this->data = $data; $this->data_length = strlen($this->data); $this->psr7Compatible = $psr7Compatible; } /** * Parse the input data * * @return bool true on success, false on failure */ public function parse() { while ($this->state && $this->state !== self::STATE_EMIT && $this->has_data()) { $state = $this->state; $this->$state(); } $this->data = ''; if ($this->state === self::STATE_EMIT || $this->state === self::STATE_BODY) { return true; } // Reset the parser state. $this->http_version = 0.0; $this->status_code = 0; $this->reason = ''; $this->headers = []; $this->body = ''; return false; } /** * Check whether there is data beyond the pointer * * @return bool true if there is further data, false if not */ protected function has_data() { return (bool) ($this->position < $this->data_length); } /** * See if the next character is LWS * * @return bool true if the next character is LWS, false if not */ protected function is_linear_whitespace() { return (bool) ($this->data[$this->position] === "\x09" || $this->data[$this->position] === "\x20" || ($this->data[$this->position] === "\x0A" && isset($this->data[$this->position + 1]) && ($this->data[$this->position + 1] === "\x09" || $this->data[$this->position + 1] === "\x20"))); } /** * Parse the HTTP version * @return void */ protected function http_version() { if (strpos($this->data, "\x0A") !== false && strtoupper(substr($this->data, 0, 5)) === 'HTTP/') { $len = strspn($this->data, '0123456789.', 5); $http_version = substr($this->data, 5, $len); $this->position += 5 + $len; if (substr_count($http_version, '.') <= 1) { $this->http_version = (float) $http_version; $this->position += strspn($this->data, "\x09\x20", $this->position); $this->state = self::STATE_STATUS; } else { $this->state = self::STATE_ERROR; } } else { $this->state = self::STATE_ERROR; } } /** * Parse the status code * @return void */ protected function status() { if ($len = strspn($this->data, '0123456789', $this->position)) { $this->status_code = (int) substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_REASON; } else { $this->state = self::STATE_ERROR; } } /** * Parse the reason phrase * @return void */ protected function reason() { $len = strcspn($this->data, "\x0A", $this->position); $this->reason = trim(substr($this->data, $this->position, $len), "\x09\x0D\x20"); $this->position += $len + 1; $this->state = self::STATE_NEW_LINE; } private function add_header(string $name, string $value): void { if ($this->psr7Compatible) { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, non-empty-array<string>> */ $headers = &$this->headers; $headers[$name][] = $value; } else { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, string>) */ $headers = &$this->headers; $headers[$name] .= ', ' . $value; } } private function replace_header(string $name, string $value): void { if ($this->psr7Compatible) { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, non-empty-array<string>> */ $headers = &$this->headers; $headers[$name] = [$value]; } else { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, string>) */ $headers = &$this->headers; $headers[$name] = $value; } } /** * Deal with a new line, shifting data around as needed * @return void */ protected function new_line() { $this->value = trim($this->value, "\x0D\x20"); if ($this->name !== '' && $this->value !== '') { $this->name = strtolower($this->name); // We should only use the last Content-Type header. c.f. issue #1 if (isset($this->headers[$this->name]) && $this->name !== 'content-type') { $this->add_header($this->name, $this->value); } else { $this->replace_header($this->name, $this->value); } } $this->name = ''; $this->value = ''; if (substr($this->data[$this->position], 0, 2) === "\x0D\x0A") { $this->position += 2; $this->state = self::STATE_BODY; } elseif ($this->data[$this->position] === "\x0A") { $this->position++; $this->state = self::STATE_BODY; } else { $this->state = self::STATE_NAME; } } /** * Parse a header name * @return void */ protected function name() { $len = strcspn($this->data, "\x0A:", $this->position); if (isset($this->data[$this->position + $len])) { if ($this->data[$this->position + $len] === "\x0A") { $this->position += $len; $this->state = self::STATE_NEW_LINE; } else { $this->name = substr($this->data, $this->position, $len); $this->position += $len + 1; $this->state = self::STATE_VALUE; } } else { $this->state = self::STATE_ERROR; } } /** * Parse LWS, replacing consecutive LWS characters with a single space * @return void */ protected function linear_whitespace() { do { if (substr($this->data, $this->position, 2) === "\x0D\x0A") { $this->position += 2; } elseif ($this->data[$this->position] === "\x0A") { $this->position++; } $this->position += strspn($this->data, "\x09\x20", $this->position); } while ($this->has_data() && $this->is_linear_whitespace()); $this->value .= "\x20"; } /** * See what state to move to while within non-quoted header values * @return void */ protected function value() { if ($this->is_linear_whitespace()) { $this->linear_whitespace(); } else { switch ($this->data[$this->position]) { case '"': // Workaround for ETags: we have to include the quotes as // part of the tag. if (strtolower($this->name) === 'etag') { $this->value .= '"'; $this->position++; $this->state = self::STATE_VALUE_CHAR; break; } $this->position++; $this->state = self::STATE_QUOTE; break; case "\x0A": $this->position++; $this->state = self::STATE_NEW_LINE; break; default: $this->state = self::STATE_VALUE_CHAR; break; } } } /** * Parse a header value while outside quotes * @return void */ protected function value_char() { $len = strcspn($this->data, "\x09\x20\x0A\"", $this->position); $this->value .= substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_VALUE; } /** * See what state to move to while within quoted header values * @return void */ protected function quote() { if ($this->is_linear_whitespace()) { $this->linear_whitespace(); } else { switch ($this->data[$this->position]) { case '"': $this->position++; $this->state = self::STATE_VALUE; break; case "\x0A": $this->position++; $this->state = self::STATE_NEW_LINE; break; case '\\': $this->position++; $this->state = self::STATE_QUOTE_ESCAPED; break; default: $this->state = self::STATE_QUOTE_CHAR; break; } } } /** * Parse a header value while within quotes * @return void */ protected function quote_char() { $len = strcspn($this->data, "\x09\x20\x0A\"\\", $this->position); $this->value .= substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_VALUE; } /** * Parse an escaped character within quotes * @return void */ protected function quote_escaped() { $this->value .= $this->data[$this->position]; $this->position++; $this->state = self::STATE_QUOTE; } /** * Parse the body * @return void */ protected function body() { $this->body = substr($this->data, $this->position); if (!empty($this->headers['transfer-encoding'])) { unset($this->headers['transfer-encoding']); $this->state = self::STATE_CHUNKED; } else { $this->state = self::STATE_EMIT; } } /** * Parsed a "Transfer-Encoding: chunked" body * @return void */ protected function chunked() { if (!preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', trim($this->body))) { $this->state = self::STATE_EMIT; return; } $decoded = ''; $encoded = $this->body; while (true) { $is_chunked = (bool) preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', $encoded, $matches); if (!$is_chunked) { // Looks like it's not chunked after all $this->state = self::STATE_EMIT; return; } $length = hexdec(trim($matches[1])); // For PHPStan: this will only be float when larger than PHP_INT_MAX. // But even on 32-bit systems, it would mean 2GiB chunk, which sounds unlikely. \assert(\is_int($length), "Length needs to be shorter than PHP_INT_MAX"); if ($length === 0) { // Ignore trailer headers $this->state = self::STATE_EMIT; $this->body = $decoded; return; } $chunk_length = strlen($matches[0]); $decoded .= substr($encoded, $chunk_length, $length); $encoded = substr($encoded, $chunk_length + $length + 2); // BC for PHP < 8.0: substr() can return bool instead of string $encoded = ($encoded === false) ? '' : $encoded; if (trim($encoded) === '0' || empty($encoded)) { $this->state = self::STATE_EMIT; $this->body = $decoded; return; } } } /** * Prepare headers (take care of proxies headers) * * @param string $headers Raw headers * @param non-negative-int $count Redirection count. Default to 1. * * @return string */ public static function prepareHeaders(string $headers, int $count = 1) { $data = explode("\r\n\r\n", $headers, $count); $data = array_pop($data); if (false !== stripos($data, "HTTP/1.0 200 Connection established\r\n")) { $exploded = explode("\r\n\r\n", $data, 2); $data = end($exploded); } if (false !== stripos($data, "HTTP/1.1 200 Connection established\r\n")) { $exploded = explode("\r\n\r\n", $data, 2); $data = end($exploded); } return $data; } } class_alias('SimplePie\HTTP\Parser', 'SimplePie_HTTP_Parser'); HTTP/https-migration-20260606094733-20260607185231.php 0000666 00000011205 15226703613 0014162 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-script-modules-20260605085734.php 0000666 00000100225 15226703613 0014143 0 ustar 00 <?php /** * Script Modules API: WP_Script_Modules class. * * Native support for ES Modules and Import Maps. * * @package WordPress * @subpackage Script Modules */ /** * Core class used to register script modules. * * @since 6.5.0 */ class WP_Script_Modules { /** * Holds the registered script modules, keyed by script module identifier. * * @since 6.5.0 * @var array<string, array<string, mixed>> */ private $registered = array(); /** * An array of IDs for queued script modules. * * @since 6.9.0 * @var string[] */ private $queue = array(); /** * Holds the script module identifiers that have been printed. * * @since 6.9.0 * @var string[] */ private $done = array(); /** * Tracks whether the @wordpress/a11y script module is available. * * Some additional HTML is required on the page for the module to work. Track * whether it's available to print at the appropriate time. * * @since 6.7.0 * @var bool */ private $a11y_available = false; /** * Holds a mapping of dependents (as IDs) for a given script ID. * Used to optimize recursive dependency tree checks. * * @since 6.9.0 * @var array<string, string[]> */ private $dependents_map = array(); /** * Holds the valid values for fetchpriority. * * @since 6.9.0 * @var string[] */ private $priorities = array( 'low', 'auto', 'high', ); /** * List of IDs for script modules encountered which have missing dependencies. * * An ID is added to this list when it is discovered to have missing dependencies. At this time, a warning is * emitted with {@see _doing_it_wrong()}. The ID is then added to this list, so that duplicate warnings don't occur. * * @since 6.9.1 * @var string[] */ private $modules_with_missing_dependencies = array(); /** * Registers the script module if no script module with that script module * identifier has already been registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ public function register( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) { if ( '' === $id ) { _doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' ); return; } if ( ! isset( $this->registered[ $id ] ) ) { $dependencies = array(); foreach ( $deps as $dependency ) { if ( is_array( $dependency ) ) { if ( ! isset( $dependency['id'] ) || ! is_string( $dependency['id'] ) ) { _doing_it_wrong( __METHOD__, __( 'Missing required id key in entry among dependencies array.' ), '6.5.0' ); continue; } $dependencies[] = array( 'id' => $dependency['id'], 'import' => isset( $dependency['import'] ) && 'dynamic' === $dependency['import'] ? 'dynamic' : 'static', ); } elseif ( is_string( $dependency ) ) { $dependencies[] = array( 'id' => $dependency, 'import' => 'static', ); } else { _doing_it_wrong( __METHOD__, __( 'Entries in dependencies array must be either strings or arrays with an id key.' ), '6.5.0' ); } } $in_footer = isset( $args['in_footer'] ) && (bool) $args['in_footer']; $fetchpriority = 'auto'; if ( isset( $args['fetchpriority'] ) ) { if ( $this->is_valid_fetchpriority( $args['fetchpriority'] ) ) { $fetchpriority = $args['fetchpriority']; } else { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $id */ __( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ), is_string( $args['fetchpriority'] ) ? $args['fetchpriority'] : gettype( $args['fetchpriority'] ), $id ), '6.9.0' ); } } $this->registered[ $id ] = array( 'src' => $src, 'version' => $version, 'dependencies' => $dependencies, 'in_footer' => $in_footer, 'fetchpriority' => $fetchpriority, ); } } /** * Gets IDs for queued script modules. * * @since 6.9.0 * * @return string[] Script module IDs. */ public function get_queue(): array { return $this->queue; } /** * Checks if the provided fetchpriority is valid. * * @since 6.9.0 * * @param string|mixed $priority Fetch priority. * @return bool Whether valid fetchpriority. */ private function is_valid_fetchpriority( $priority ): bool { return in_array( $priority, $this->priorities, true ); } /** * Sets the fetch priority for a script module. * * @since 6.9.0 * * @param string $id Script module identifier. * @param 'auto'|'low'|'high' $priority Fetch priority for the script module. * @return bool Whether setting the fetchpriority was successful. */ public function set_fetchpriority( string $id, string $priority ): bool { if ( ! isset( $this->registered[ $id ] ) ) { return false; } if ( '' === $priority ) { $priority = 'auto'; } if ( ! $this->is_valid_fetchpriority( $priority ) ) { _doing_it_wrong( __METHOD__, /* translators: %s: Invalid fetchpriority. */ sprintf( __( 'Invalid fetchpriority: %s' ), $priority ), '6.9.0' ); return false; } $this->registered[ $id ]['fetchpriority'] = $priority; return true; } /** * Sets whether a script module should be printed in the footer. * * This is only relevant in block themes. * * @since 6.9.0 * * @param string $id Script module identifier. * @param bool $in_footer Whether to print in the footer. * @return bool Whether setting the printing location was successful. */ public function set_in_footer( string $id, bool $in_footer ): bool { if ( ! isset( $this->registered[ $id ] ) ) { return false; } $this->registered[ $id ]['in_footer'] = $in_footer; return true; } /** * Marks the script module to be enqueued in the page. * * If a src is provided and the script module has not been registered yet, it * will be registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ public function enqueue( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) { if ( '' === $id ) { _doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' ); return; } if ( ! in_array( $id, $this->queue, true ) ) { $this->queue[] = $id; } if ( ! isset( $this->registered[ $id ] ) && $src ) { $this->register( $id, $src, $deps, $version, $args ); } } /** * Unmarks the script module so it will no longer be enqueued in the page. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ public function dequeue( string $id ) { $this->queue = array_values( array_diff( $this->queue, array( $id ) ) ); } /** * Removes a registered script module. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ public function deregister( string $id ) { $this->dequeue( $id ); unset( $this->registered[ $id ] ); } /** * Adds the hooks to print the import map, enqueued script modules and script * module preloads. * * In classic themes, the script modules used by the blocks are not yet known * when the `wp_head` actions is fired, so it needs to print everything in the * footer. * * @since 6.5.0 */ public function add_hooks() { $is_block_theme = wp_is_block_theme(); $position = $is_block_theme ? 'wp_head' : 'wp_footer'; add_action( $position, array( $this, 'print_import_map' ) ); if ( $is_block_theme ) { /* * Modules can only be printed in the head for block themes because only with * block themes will import map be fully populated by modules discovered by * rendering the block template. In classic themes, modules are enqueued during * template rendering, thus the import map must be printed in the footer, * followed by all enqueued modules. */ add_action( 'wp_head', array( $this, 'print_head_enqueued_script_modules' ) ); } add_action( 'wp_footer', array( $this, 'print_enqueued_script_modules' ) ); add_action( $position, array( $this, 'print_script_module_preloads' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_import_map' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_enqueued_script_modules' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_preloads' ) ); add_action( 'wp_footer', array( $this, 'print_script_module_data' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_data' ) ); add_action( 'wp_footer', array( $this, 'print_a11y_script_module_html' ), 20 ); add_action( 'admin_print_footer_scripts', array( $this, 'print_a11y_script_module_html' ), 20 ); } /** * Gets the highest fetch priority for the provided script IDs. * * @since 6.9.0 * * @param string[] $ids Script module IDs. * @return 'auto'|'low'|'high' Highest fetch priority for the provided script module IDs. */ private function get_highest_fetchpriority( array $ids ): string { static $high_priority_index = null; if ( null === $high_priority_index ) { $high_priority_index = count( $this->priorities ) - 1; } $highest_priority_index = 0; foreach ( $ids as $id ) { if ( isset( $this->registered[ $id ] ) ) { $highest_priority_index = (int) max( $highest_priority_index, (int) array_search( $this->registered[ $id ]['fetchpriority'], $this->priorities, true ) ); if ( $high_priority_index === $highest_priority_index ) { break; } } } return $this->priorities[ $highest_priority_index ]; } /** * Prints the enqueued script modules in head. * * This is only used in block themes. * * @since 6.9.0 */ public function print_head_enqueued_script_modules() { foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) { if ( isset( $this->registered[ $id ] ) && ! $this->registered[ $id ]['in_footer'] ) { // If any dependency is set to be printed in footer, skip printing this module in head. $dependencies = array_keys( $this->get_dependencies( array( $id ) ) ); foreach ( $dependencies as $dependency_id ) { if ( in_array( $dependency_id, $this->queue, true ) && isset( $this->registered[ $dependency_id ] ) && $this->registered[ $dependency_id ]['in_footer'] ) { continue 2; } } $this->print_script_module( $id ); } } } /** * Prints the enqueued script modules in footer. * * @since 6.5.0 */ public function print_enqueued_script_modules() { foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) { $this->print_script_module( $id ); } } /** * Prints the enqueued script module using script tags with type="module" * attributes. * * @since 6.9.0 * * @param string $id The script module identifier. */ private function print_script_module( string $id ) { if ( in_array( $id, $this->done, true ) || ! in_array( $id, $this->queue, true ) ) { return; } $this->done[] = $id; $src = $this->get_src( $id ); if ( '' === $src ) { return; } $attributes = array( 'type' => 'module', 'src' => $src, 'id' => $id . '-js-module', ); $script_module = $this->registered[ $id ]; $queued_dependents = array_intersect( $this->queue, $this->get_recursive_dependents( $id ) ); $fetchpriority = $this->get_highest_fetchpriority( array_merge( array( $id ), $queued_dependents ) ); if ( 'auto' !== $fetchpriority ) { $attributes['fetchpriority'] = $fetchpriority; } if ( $fetchpriority !== $script_module['fetchpriority'] ) { $attributes['data-wp-fetchpriority'] = $script_module['fetchpriority']; } wp_print_script_tag( $attributes ); } /** * Prints the static dependencies of the enqueued script modules using * link tags with rel="modulepreload" attributes. * * If a script module is marked for enqueue, it will not be preloaded. * * @since 6.5.0 */ public function print_script_module_preloads() { $dependency_ids = $this->get_sorted_dependencies( $this->queue, array( 'static' ) ); foreach ( $dependency_ids as $id ) { // Don't preload if it's marked for enqueue. if ( in_array( $id, $this->queue, true ) ) { continue; } $src = $this->get_src( $id ); if ( '' === $src ) { continue; } $enqueued_dependents = array_intersect( $this->get_recursive_dependents( $id ), $this->queue ); $highest_fetchpriority = $this->get_highest_fetchpriority( $enqueued_dependents ); printf( '<link rel="modulepreload" href="%s" id="%s"', esc_url( $src ), esc_attr( $id . '-js-modulepreload' ) ); if ( 'auto' !== $highest_fetchpriority ) { printf( ' fetchpriority="%s"', esc_attr( $highest_fetchpriority ) ); } if ( $highest_fetchpriority !== $this->registered[ $id ]['fetchpriority'] && 'auto' !== $this->registered[ $id ]['fetchpriority'] ) { printf( ' data-wp-fetchpriority="%s"', esc_attr( $this->registered[ $id ]['fetchpriority'] ) ); } echo ">\n"; } } /** * Prints the import map using a script tag with a type="importmap" attribute. * * @since 6.5.0 */ public function print_import_map() { $import_map = $this->get_import_map(); if ( ! empty( $import_map['imports'] ) ) { wp_print_inline_script_tag( (string) wp_json_encode( $import_map, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), array( 'type' => 'importmap', 'id' => 'wp-importmap', ) ); } } /** * Returns the import map array. * * @since 6.5.0 * * @return array Array with an `imports` key mapping to an array of script module identifiers and their respective * URLs, including the version query. */ private function get_import_map(): array { $imports = array(); foreach ( array_keys( $this->get_dependencies( $this->queue ) ) as $id ) { $src = $this->get_src( $id ); if ( '' !== $src ) { $imports[ $id ] = $src; } } return array( 'imports' => $imports ); } /** * Retrieves the list of script modules marked for enqueue. * * Even though this is a private method and is unused in core, there are ecosystem plugins accessing it via the * Reflection API. The ecosystem should rather use {@see self::get_queue()}. * * @since 6.5.0 * * @return array<string, array> Script modules marked for enqueue, keyed by script module identifier. */ private function get_marked_for_enqueue(): array { return wp_array_slice_assoc( $this->registered, $this->queue ); } /** * Retrieves all the dependencies for the given script module identifiers, filtered by import types. * * It will consolidate an array containing a set of unique dependencies based * on the requested import types: 'static', 'dynamic', or both. This method is * recursive and also retrieves dependencies of the dependencies. * * @since 6.5.0 * * @param string[] $ids The identifiers of the script modules for which to gather dependencies. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * Default is both. * @return array<string, array> List of dependencies, keyed by script module identifier. */ private function get_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array { $all_dependencies = array(); $id_queue = $ids; while ( ! empty( $id_queue ) ) { $id = array_shift( $id_queue ); if ( ! isset( $this->registered[ $id ] ) ) { continue; } foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) { if ( ! isset( $all_dependencies[ $dependency['id'] ] ) && in_array( $dependency['import'], $import_types, true ) && isset( $this->registered[ $dependency['id'] ] ) ) { $all_dependencies[ $dependency['id'] ] = $this->registered[ $dependency['id'] ]; // Add this dependency to the list to get dependencies for. $id_queue[] = $dependency['id']; } } } return $all_dependencies; } /** * Gets all dependents of a script module. * * This is not recursive. * * @since 6.9.0 * * @see WP_Scripts::get_dependents() * * @param string $id The script ID. * @return string[] Script module IDs. */ private function get_dependents( string $id ): array { // Check if dependents map for the handle in question is present. If so, use it. if ( isset( $this->dependents_map[ $id ] ) ) { return $this->dependents_map[ $id ]; } $dependents = array(); // Iterate over all registered scripts, finding dependents of the script passed to this method. foreach ( $this->registered as $registered_id => $args ) { if ( in_array( $id, wp_list_pluck( $args['dependencies'], 'id' ), true ) ) { $dependents[] = $registered_id; } } // Add the module's dependents to the map to ease future lookups. $this->dependents_map[ $id ] = $dependents; return $dependents; } /** * Gets all recursive dependents of a script module. * * @since 6.9.0 * * @see WP_Scripts::get_dependents() * * @param string $id The script ID. * @return string[] Script module IDs. */ private function get_recursive_dependents( string $id ): array { $dependents = array(); $id_queue = array( $id ); $processed = array(); while ( ! empty( $id_queue ) ) { $current_id = array_shift( $id_queue ); // Skip unregistered or already-processed script modules. if ( ! isset( $this->registered[ $current_id ] ) || isset( $processed[ $current_id ] ) ) { continue; } // Mark as processed to guard against infinite loops from circular dependencies. $processed[ $current_id ] = true; // Find the direct dependents of the current script. foreach ( $this->get_dependents( $current_id ) as $dependent_id ) { // Only add the dependent if we haven't found it before. if ( ! isset( $dependents[ $dependent_id ] ) ) { $dependents[ $dependent_id ] = true; // Add dependency to the queue. $id_queue[] = $dependent_id; } } } return array_keys( $dependents ); } /** * Sorts the given script module identifiers based on their dependencies. * * It will return a list of script module identifiers sorted in the order * they should be printed, so that dependencies are printed before the script * modules that depend on them. * * @since 6.9.0 * * @param string[] $ids The identifiers of the script modules to sort. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * Default is both. * @return string[] Sorted list of script module identifiers. */ private function get_sorted_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array { $sorted = array(); foreach ( $ids as $id ) { $this->sort_item_dependencies( $id, $import_types, $sorted ); } return array_unique( $sorted ); } /** * Recursively sorts the dependencies for a single script module identifier. * * @since 6.9.0 * * @param string $id The identifier of the script module to sort. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * @param string[] &$sorted The array of sorted identifiers, passed by reference. * @return bool True on success, false on failure (e.g., missing dependency). */ private function sort_item_dependencies( string $id, array $import_types, array &$sorted ): bool { // If already processed, don't do it again. if ( in_array( $id, $sorted, true ) ) { return true; } // If the item doesn't exist, fail. if ( ! isset( $this->registered[ $id ] ) ) { return false; } $dependency_ids = array(); foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) { if ( in_array( $dependency['import'], $import_types, true ) ) { $dependency_ids[] = $dependency['id']; } } // If the item requires dependencies that do not exist, fail. $missing_dependencies = array_diff( $dependency_ids, array_keys( $this->registered ) ); if ( count( $missing_dependencies ) > 0 ) { if ( ! in_array( $id, $this->modules_with_missing_dependencies, true ) ) { _doing_it_wrong( get_class( $this ) . '::register', sprintf( /* translators: 1: Script module ID, 2: List of missing dependency IDs. */ __( 'The script module with the ID "%1$s" was enqueued with dependencies that are not registered: %2$s.' ), $id, implode( wp_get_list_item_separator(), $missing_dependencies ) ), '6.9.1' ); $this->modules_with_missing_dependencies[] = $id; } return false; } // Recursively process dependencies. foreach ( $dependency_ids as $dependency_id ) { if ( ! $this->sort_item_dependencies( $dependency_id, $import_types, $sorted ) ) { // A dependency failed to resolve, so this branch fails. return false; } } // All dependencies are sorted, so we can now add the current item. $sorted[] = $id; return true; } /** * Gets the versioned URL for a script module src. * * If $version is set to false, the version number is the currently installed * WordPress version. If $version is set to null, no version is added. * Otherwise, the string passed in $version is used. * * @since 6.5.0 * * @param string $id The script module identifier. * @return string The script module src with a version if relevant. */ private function get_src( string $id ): string { if ( ! isset( $this->registered[ $id ] ) ) { return ''; } $script_module = $this->registered[ $id ]; $src = $script_module['src']; if ( '' !== $src ) { if ( false === $script_module['version'] ) { $src = add_query_arg( 'ver', get_bloginfo( 'version' ), $src ); } elseif ( null !== $script_module['version'] ) { $src = add_query_arg( 'ver', $script_module['version'], $src ); } } /** * Filters the script module source. * * @since 6.5.0 * * @param string $src Module source URL. * @param string $id Module identifier. */ $src = apply_filters( 'script_module_loader_src', $src, $id ); if ( ! is_string( $src ) ) { $src = ''; } return $src; } /** * Print data associated with Script Modules. * * The data will be embedded in the page HTML and can be read by Script Modules on page load. * * @since 6.7.0 * * Data can be associated with a Script Module via the * {@see "script_module_data_{$module_id}"} filter. * * The data for a Script Module will be serialized as JSON in a script tag with an ID of the * form `wp-script-module-data-{$module_id}`. */ public function print_script_module_data(): void { $modules = array(); foreach ( array_unique( $this->queue ) as $id ) { if ( '@wordpress/a11y' === $id ) { $this->a11y_available = true; } $modules[ $id ] = true; } foreach ( array_keys( $this->get_import_map()['imports'] ) as $id ) { if ( '@wordpress/a11y' === $id ) { $this->a11y_available = true; } $modules[ $id ] = true; } foreach ( array_keys( $modules ) as $module_id ) { /** * Filters data associated with a given Script Module. * * Script Modules may require data that is required for initialization or is essential * to have immediately available on page load. These are suitable use cases for * this data. * * The dynamic portion of the hook name, `$module_id`, refers to the Script Module ID * that the data is associated with. * * This is best suited to pass essential data that must be available to the module for * initialization or immediately on page load. It does not replace the REST API or * fetching data from the client. * * Example: * * add_filter( * 'script_module_data_MyScriptModuleID', * function ( array $data ): array { * $data['dataForClient'] = 'ok'; * return $data; * } * ); * * If the filter returns no data (an empty array), nothing will be embedded in the page. * * The data for a given Script Module, if provided, will be JSON serialized in a script * tag with an ID of the form `wp-script-module-data-{$module_id}`. * * The data can be read on the client with a pattern like this: * * Example: * * const dataContainer = document.getElementById( 'wp-script-module-data-MyScriptModuleID' ); * let data = {}; * if ( dataContainer ) { * try { * data = JSON.parse( dataContainer.textContent ); * } catch {} * } * // data.dataForClient === 'ok'; * initMyScriptModuleWithData( data ); * * @since 6.7.0 * * @param array $data The data associated with the Script Module. */ $data = apply_filters( "script_module_data_{$module_id}", array() ); if ( is_array( $data ) && array() !== $data ) { /* * This data will be printed as JSON inside a script tag like this: * <script type="application/json"></script> * * A script tag must be closed by a sequence beginning with `</`. It's impossible to * close a script tag without using `<`. We ensure that `<` is escaped and `/` can * remain unescaped, so `</script>` will be printed as `\u003C/script\u00E3`. * * - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E. * - JSON_UNESCAPED_SLASHES: Don't escape /. * * If the page will use UTF-8 encoding, it's safe to print unescaped unicode: * * - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`). * - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when * JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was * before PHP 7.1 without this constant. Available as of PHP 7.1.0. * * The JSON specification requires encoding in UTF-8, so if the generated HTML page * is not encoded in UTF-8 then it's not safe to include those literals. They must * be escaped to avoid encoding issues. * * @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements. * @see https://www.php.net/manual/en/json.constants.php for details on these constants. * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing. */ $json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS; if ( ! is_utf8_charset() ) { $json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES; } wp_print_inline_script_tag( (string) wp_json_encode( $data, $json_encode_flags ), array( 'type' => 'application/json', 'id' => "wp-script-module-data-{$module_id}", ) ); } } } /** * @access private This is only intended to be called by the registered actions. * * @since 6.7.0 */ public function print_a11y_script_module_html() { if ( ! $this->a11y_available ) { return; } echo '<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;">' . '<p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden>' . esc_html__( 'Notifications' ) . '</p>' . '<div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div>' . '<div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div>' . '</div>'; } } HTTP/https-detection-20260605023619.php 0000666 00000013341 15226703613 0012554 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605111908-20260607062219.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-block-processor-20260605094131.php 0000666 00000210507 15226703613 0014274 0 ustar 00 <?php /** * Efficiently scan through block structure in document without parsing * the entire block tree and all of its JSON attributes into memory. * * @package WordPress * @subpackage Blocks * @since 6.9.0 */ /** * Class for efficiently scanning through block structure in a document * without parsing the entire block tree and JSON attributes into memory. * * ## Overview * * This class is designed to help analyze and modify block structure in a * streaming fashion and to bridge the gap between parsed block trees and * the text representing them. * * Use-cases for this class include but are not limited to: * * - Counting block types in a document. * - Queuing stylesheets based on the presence of various block types. * - Modifying blocks of a given type, i.e. migrations, updates, and styling. * - Searching for content of specific kinds, e.g. checking for blocks * with certain theme support attributes, or block bindings. * - Adding CSS class names to the element wrapping a block’s inner blocks. * * > *Note!* If a fully-parsed block tree of a document is necessary, including * > all the parsed JSON attributes, nested blocks, and HTML, consider * > using {@see \parse_blocks()} instead which will parse the document * > in one swift pass. * * For typical usage, jump first to the methods {@see self::next_block()}, * {@see self::next_delimiter()}, or {@see self::next_token()}. * * ### Values * * As a lower-level interface than {@see parse_blocks()} this class follows * different performance-focused values: * * - Minimize allocations so that documents of any size may be processed * on a fixed or marginal amount of memory. * - Make hidden costs explicit so that calling code only has to pay the * performance penalty for features it needs. * - Operate with a streaming and re-entrant design to make it possible * to operate on chunks of a document and to resume after pausing. * * This means that some operations might appear more cumbersome than one * might expect. This design tradeoff opens up opportunity to wrap this in * a convenience class to add higher-level functionality. * * ## Concepts * * All text documents can be considered a block document containing a combination * of “freeform HTML” and explicit block structure. Block structure forms through * special HTML comments called _delimiters_ which include a block type and, * optionally, block attributes encoded as a JSON object payload. * * This processor is designed to scan through a block document from delimiter to * delimiter, tracking how the delimiters impact the structure of the document. * Spans of HTML appear between delimiters. If these spans exist at the top level * of the document, meaning there is no containing block around them, they are * considered freeform HTML content. If, however, they appear _inside_ block * structure they are interpreted as `innerHTML` for the containing block. * * ### Tokens and scanning * * As the processor scans through a document is reports information about the token * on which is pauses. Tokens represent spans of text in the input comprising block * delimiters and spans of HTML. * * - {@see self::next_token()} visits every contiguous subspan of text in the * input document. This includes all explicit block comment delimiters and spans * of HTML content (whether freeform or inner HTML). * - {@see self::next_delimiter()} visits every explicit block comment delimiter * unless passed a block type which covers freeform HTML content. In these cases * it will stop at top-level spans of HTML and report a `null` block type. * - {@see self::next_block()} visits every block delimiter which _opens_ a block. * This includes opening block delimiters as well as void block delimiters. With * the same exception as above for freeform HTML block types, this will visit * top-level spans of HTML content. * * When matched on a particular token, the following methods provide structural * and textual information about it: * * - {@see self::get_delimiter_type()} reports whether the delimiter is an opener, * a closer, or if it represents a whole void block. * - {@see self::get_block_type()} reports the fully-qualified block type which * the delimiter represents. * - {@see self::get_printable_block_type()} reports the fully-qualified block type, * but returns `core/freeform` instead of `null` for top-level freeform HTML content. * - {@see self::is_block_type()} indicates if the delimiter represents a block of * the given block type, or wildcard or pseudo-block type described below. * - {@see self::opens_block()} indicates if the delimiter opens a block of one * of the provided block types. Opening, void, and top-level freeform HTML content * all open blocks. * - {@see static::get_attributes()} is currently reserved for a future streaming * JSON parser class. * - {@see self::allocate_and_return_parsed_attributes()} extracts the JSON attributes * for delimiters which open blocks and return the fully-parsed attributes as an * associative array. {@see static::get_last_json_error()} for when this fails. * - {@see self::is_html()} indicates if the token is a span of HTML which might * be top-level freeform content or a block’s inner HTML. * - {@see self::get_html_content()} returns the span of HTML. * - {@see self::get_span()} for the byte offset and length into the input document * representing the token. * * It’s possible for the processor to fail to scan forward if the input document ends * in a proper prefix of an explicit block comment delimiter. For example, if the input * ends in `<!-- wp:` then it _might_ be the start of another delimiter. The parser * cannot know, however, and therefore refuses to proceed. {@see static::get_last_error()} * to distinguish between a failure to find the next token and an incomplete input. * * ### Block types * * A block’s “type” comprises an optional _namespace_ and _name_. If the namespace * isn’t provided it will be interpreted as the implicit `core` namespace. For example, * the type `gallery` is the name of the block in the `core` namespace, but the type * `abc/gallery` is the _fully-qualified_ block type for the block whose name is still * `gallery`, but in the `abc` namespace. * * Methods on this class are aware of this block naming semantic and anywhere a block * type is an argument to a method it will be normalized to account for implicit namespaces. * Passing `paragraph` is the same as passing `core/paragraph`. On the contrary, anywhere * this class returns a block type, it will return the fully-qualified and normalized form. * For example, for the `<!-- wp:group -->` delimiter it will return `core/group` as the * block type. * * There are two special block types that change the behavior of the processor: * * - The wildcard `*` represents _any block_. In addition to matching all block types, * it also represents top-level freeform HTML whose block type is reported as `null`. * * - The `core/freeform` block type is a pseudo-block type which explicitly matches * top-level freeform HTML. * * These special block types can be passed into any method which searches for blocks. * * There is one additional special block type which may be returned from * {@see self::get_printable_block_type()}. This is the `#innerHTML` type, which * indicates that the HTML span on which the processor is paused is inner HTML for * a containing block. * * ### Spans of HTML * * Non-block content plays a complicated role in processing block documents. This * processor exposes tools to help work with these spans of HTML. * * - {@see self::is_html()} indicates if the processor is paused at a span of * HTML but does not differentiate between top-level freeform content and inner HTML. * - {@see self::is_non_whitespace_html()} indicates not only if the processor * is paused at a span of HTML, but also whether that span incorporates more than * whitespace characters. Because block serialization often inserts newlines between * block comment delimiters, this is useful for distinguishing “real” freeform * content from purely aesthetic syntax. * - {@see self::is_block_type()} matches top-level freeform HTML content when * provided one of the special block types described above. * * ### Block structure * * As the processor traverses block delimiters it maintains a stack of which blocks are * open at the given place in the document where it’s paused. This stack represents the * block structure of a document and is used to determine where blocks end, which blocks * represent inner blocks, whether a span of HTML is top-level freeform content, and * more. Investigate the stack with {@see self::get_breadcrumbs()}, which returns an * array of block types starting at the outermost-open block and descending to the * currently-visited block. * * Unlike {@parse_blocks()}, spans of HTML appear in this structure as the special * reported block type `#html`. Such a span represents inner HTML for a block if the * depth reported by {@see self::get_depth()} is greater than one. * * It will generally not be necessary to inspect the stack of open blocks, though * depth may be important for finding where blocks end. When visiting a block opener, * the depth will have been increased before pausing; in contrast the depth is * decremented before visiting a closer. This makes the following an easy way to * determine if a block is still open. * * Example: * * $depth = $processor->get_depth(); * while ( $processor->next_token() && $processor->get_depth() > $depth ) { * continue * } * // Processor is now paused at the token immediately following the closed block. * * #### Extracting blocks * * A unique feature of this processor is the ability to return the same output as * {@see \parse_blocks()} would produce, but for a subset of the input document. * For example, it’s possible to extract an image block, manipulate that parsed * block, and re-serialize it into the original document. It’s possible to do so * while skipping over the parse of the rest of the document. * * {@see self::extract_full_block_and_advance()} will scan forward from the current block opener * and build the parsed block structure until the current block is closed. It will * include all inner HTML and inner blocks, and parse all of the inner blocks. It * can be used to extract a block at any depth in the document, helpful for operating * on blocks within nested structure. * * Example: * * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery_block = $processor->extract_full_block_and_advance(); * $after_gallery = $processor->get_span()->start; * return ( * substr( $post_content, 0, $gallery_at ) . * serialize_block( modify_gallery( $gallery_block ) . * substr( $post_content, $after_gallery ) * ); * * #### Handling of malformed structure * * There are situations where closing block delimiters appear for which no open block * exists, or where a document ends before a block is closed, or where a closing block * delimiter appears but references a different block type than the most-recently * opened block does. In all of these cases, the stack of open blocks should mirror * the behavior in {@see \parse_blocks()}. * * Unlike {@see \parse_blocks()}, however, this processor can still operate on the * invalid block delimiters. It provides a few functions which can be used for building * custom and non-spec-compliant error handling. * * - {@see self::has_closing_flag()} indicates if the block delimiter contains the * closing flag at the end. Some invalid block delimiters might contain both the * void and closing flag, in which case {@see self::get_delimiter_type()} will * report that it’s a void block. * - {@see static::get_last_error()} indicates if the processor reached an invalid * block closing. Depending on the context, {@see \parse_blocks()} might instead * ignore the token or treat it as freeform HTML content. * * ## Static helpers * * This class provides helpers for performing semantic block-related operations. * * - {@see self::normalize_block_type()} takes a block type with or without the * implicit `core` namespace and returns a fully-qualified block type. * - {@see self::are_equal_block_types()} indicates if two spans across one or * more input texts represent the same fully-qualified block type. * * ## Subclassing * * This processor is designed to accurately parse a block document. Therefore, many * of its methods are not meant for subclassing. However, overall this class supports * building higher-level convenience classes which may choose to subclass it. For those * classes, avoid re-implementing methods except for the list below. Instead, create * new names representing the higher-level concepts being introduced. For example, instead * of creating a new method named `next_block()` which only advances to blocks of a given * kind, consider creating a new method named something like `next_layout_block()` which * won’t interfere with the base class method. * * - {@see static::get_last_error()} may be reimplemented to report new errors in the subclass * which aren’t intrinsic to block parsing. * - {@see static::get_attributes()} may be reimplemented to provide a streaming interface * to reading and modifying a block’s JSON attributes. It should be fast and memory efficient. * - {@see static::get_last_json_error()} may be reimplemented to report new errors introduced * with a reimplementation of {@see static::get_attributes()}. * * @since 6.9.0 */ class WP_Block_Processor { /** * Indicates if the last operation failed, otherwise * will be `null` for success. * * @since 6.9.0 * * @var string|null */ private $last_error = null; /** * Indicates failures from decoding JSON attributes. * * @since 6.9.0 * * @see \json_last_error() * * @var int */ private $last_json_error = JSON_ERROR_NONE; /** * Source text provided to processor. * * @since 6.9.0 * * @var string */ protected $source_text; /** * Byte offset into source text where a matched delimiter starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰─ Starts at byte offset 17. * * @since 6.9.0 * * @var int */ private $matched_delimiter_at = 0; /** * Byte length of full span of a matched delimiter. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $matched_delimiter_length = 0; /** * First byte offset into source text following any previously-matched delimiter. * Used to indicate where an HTML span starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 55 * <!-- wp:paragraph --><p>Content</p><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨ * │ ╰─ This delimiter was matched, and after matching, * │ revealed the preceding HTML span. * │ * ╰─ The first byte offset after the previous matched delimiter * is 21. Because the matched delimiter starts at 55, which is after * this, a span of HTML must exist between these boundaries. * * @since 6.9.0 * * @var int */ private $after_previous_delimiter = 0; /** * Byte offset where namespace span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block name. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $namespace_at = 0; /** * Byte offset where block name span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block namespace. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $name_at = 0; /** * Byte length of block name span. * * Example: * * 5 10 15 20 25 * <!-- wp:core/gallery --> * ╰─────╯ * 7 bytes long. * * @since 6.9.0 * * @var int */ private $name_length = 0; /** * Whether the delimiter contains the block-closing flag. * * This may be erroneous if present within a void block, * therefore the {@see self::has_closing_flag()} can be used by * calling code to perform custom error-handling. * * @since 6.9.0 * * @var bool */ private $has_closing_flag = false; /** * Byte offset where JSON attributes span begins. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰─ Starts at byte offset 18. * * @since 6.9.0 * * @var int */ private $json_at; /** * Byte length of JSON attributes span, or 0 if none are present. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $json_length = 0; /** * Internal parser state, differentiating whether the instance is currently matched, * on an implicit freeform node, in error, or ready to begin parsing. * * @see self::READY * @see self::MATCHED * @see self::HTML_SPAN * @see self::INCOMPLETE_INPUT * @see self::COMPLETE * * @since 6.9.0 * * @var string */ protected $state = self::READY; /** * Indicates what kind of block comment delimiter was matched. * * One of: * * - {@see self::OPENER} If the delimiter is opening a block. * - {@see self::CLOSER} If the delimiter is closing an open block. * - {@see self::VOID} If the delimiter represents a void block with no inner content. * * If a parsed comment delimiter contains both the closing and the void * flags then it will be interpreted as a void block to match the behavior * of the official block parser, however, this is a syntax error and probably * the block ought to close an open block of the same name, if one is open. * * @since 6.9.0 * * @var string */ private $type; /** * Whether the last-matched delimiter acts like a void block and should be * popped from the stack of open blocks as soon as the parser advances. * * This applies to void block delimiters and to HTML spans. * * @since 6.9.0 * * @var bool */ private $was_void = false; /** * For every open block, in hierarchical order, this stores the byte offset * into the source text where the block type starts, including for HTML spans. * * To avoid allocating and normalizing block names when they aren’t requested, * the stack of open blocks is stored as the byte offsets and byte lengths of * each open block’s block type. This allows for minimal tracking and quick * reading or comparison of block types when requested. * * @since 6.9.0 * * @see self::$open_blocks_length * * @var int[] */ private $open_blocks_at = array(); /** * For every open block, in hierarchical order, this stores the byte length * of the block’s block type in the source text. For HTML spans this is 0. * * @since 6.9.0 * * @see self::$open_blocks_at * * @var int[] */ private $open_blocks_length = array(); /** * Indicates which operation should apply to the stack of open blocks after * processing any pending spans of HTML. * * Since HTML spans are discovered after matching block delimiters, those * delimiters need to defer modifying the stack of open blocks. This value, * if set, indicates what operation should be applied. The properties * associated with token boundaries still point to the delimiters even * when processing HTML spans, so there’s no need to track them independently. * * @var 'push'|'void'|'pop'|null */ private $next_stack_op = null; /** * Creates a new block processor. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( $processor->next_block( 'core/image' ) ) { * echo "Found an image!\n"; * } * * @see self::next_block() to advance to the start of the next block (skips closers). * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @since 6.9.0 * * @param string $source_text Input document potentially containing block content. */ public function __construct( string $source_text ) { $this->source_text = $source_text; } /** * Advance to the next block delimiter which opens a block, indicating if one was found. * * Delimiters which open blocks include opening and void block delimiters. To visit * freeform HTML content, pass the wildcard “*” as the block type. * * Use this function to walk through the blocks in a document, pausing where they open. * * Example blocks: * * // The first delimiter opens the paragraph block. * <⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨<p>Content</p><!-- /wp:paragraph--> * * // The void block is the first opener in this sequence of closers. * <!-- /wp:group --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨s⃨p⃨a⃨c⃨e⃨r⃨ ⃨{⃨"⃨h⃨e⃨i⃨g⃨h⃨t⃨"⃨:⃨"⃨2⃨0⃨0⃨p⃨x⃨"⃨}⃨ ⃨/⃨-⃨-⃨>⃨<!-- /wp:group --> * * // If, however, `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * <!-- /wp:list-item --></ul><!-- /wp:list --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨>⃨<p> * * Example: * * // Find all textual ranges of image block opening delimiters. * $images = array(); * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( 'core/image' ) ) { * $images[] = $processor->get_span(); * } * * In some cases it may be useful to conditionally visit the implicit freeform * blocks, such as when determining if a post contains freeform content that * isn’t purely whitespace. * * Example: * * $seen_block_types = []; * $block_type = '*'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( $block_type ) { * // Stop wasting time visiting freeform blocks after one has been found. * if ( * '*' === $block_type && * null === $processor->get_block_type() && * $processor->is_non_whitespace_html() * ) { * $block_type = null; * $seen_block_types['core/freeform'] = true; * continue; * } * * $seen_block_types[ $processor->get_block_type() ] = true; * } * * @since 6.9.0 * * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @param string|null $block_type Optional. If provided, advance until a block of this type is found. * Default is to stop at any block regardless of its type. * @return bool Whether an opening delimiter for a block was found. */ public function next_block( ?string $block_type = null ): bool { while ( $this->next_delimiter( $block_type ) ) { if ( self::CLOSER !== $this->get_delimiter_type() ) { return true; } } return false; } /** * Advance to the next block delimiter in a document, indicating if one was found. * * Delimiters may include invalid JSON. This parser does not attempt to parse the * JSON attributes until requested; when invalid, the attributes will be null. This * matches the behavior of {@see \parse_blocks()}. To visit freeform HTML content, * pass the wildcard “*” as the block type. * * Use this function to walk through the block delimiters in a document. * * Example delimiters: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * * // If the wildcard `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * ...</ul><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨l⃨i⃨s⃨t⃨ ⃨-⃨-⃨>⃨<!-- wp:paragraph --><p> * * Example: * * $html = '<!-- wp:void /-->\n<!-- wp:void /-->'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() { * // Runs twice, seeing both void blocks of type “core/void.” * } * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter( '*' ) ) { * // Runs thrice, seeing the void block, the newline span, and the void block. * } * * @since 6.9.0 * * @param string|null $block_name Optional. Keep searching until a block of this name is found. * Defaults to visit every block regardless of type. * @return bool Whether a block delimiter was matched. */ public function next_delimiter( ?string $block_name = null ): bool { if ( ! isset( $block_name ) ) { while ( $this->next_token() ) { if ( ! $this->is_html() ) { return true; } } return false; } while ( $this->next_token() ) { if ( $this->is_block_type( $block_name ) ) { return true; } } return false; } /** * Advance to the next block delimiter or HTML span in a document, indicating if one was found. * * This function steps through every syntactic chunk in a document. This includes explicit * block comment delimiters, freeform non-block content, and inner HTML segments. * * Example tokens: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * <p>Normal HTML content</p> * Plaintext content too! * * Example: * * // Find span containing wrapping HTML element surrounding inner blocks. * $processor = new WP_Block_Processor( $html ); * if ( ! $processor->next_block( 'gallery' ) ) { * return null; * } * * $containing_span = null; * while ( $processor->next_token() && $processor->is_html() ) { * $containing_span = $processor->get_span(); * } * * This method will visit all HTML spans including those forming freeform non-block * content as well as those which are part of a block’s inner HTML. * * @since 6.9.0 * * @return bool Whether a token was matched or the end of the document was reached without finding any. */ public function next_token(): bool { if ( $this->last_error || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return false; } // Void tokens automatically pop off the stack of open blocks. if ( $this->was_void ) { array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); $this->was_void = false; } $text = $this->source_text; $end = strlen( $text ); /* * Because HTML spans are inferred after finding the next delimiter, it means that * the parser must transition out of that HTML state and reuse the token boundaries * it found after the HTML span. If those boundaries are before the end of the * document it implies that a real delimiter was found; otherwise this must be the * terminating HTML span and the parsing is complete. */ if ( self::HTML_SPAN === $this->state ) { if ( $this->matched_delimiter_at >= $end ) { $this->state = self::COMPLETE; return false; } switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'push': $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; $this->state = self::MATCHED; return true; } $this->state = self::READY; $after_prev_delimiter = $this->matched_delimiter_at + $this->matched_delimiter_length; $at = $after_prev_delimiter; while ( $at < $end ) { /* * Find the next possible start of a delimiter. * * This follows the behavior in the official block parser, which segments a post * by the block comment delimiters. It is possible for an HTML attribute to contain * what looks like a block comment delimiter but which is actually an HTML attribute * value. In such a case, the parser here will break apart the HTML and create the * block boundary inside the HTML attribute. In other words, the block parser * isolates sections of HTML from each other, even if that leads to malformed markup. * * For a more robust parse, scan through the document with the HTML API and parse * comments once they are matched to see if they are also block delimiters. In * practice, this nuance has not caused any known problems since developing blocks. * * <⃨!⃨-⃨-⃨ /wp:core/paragraph {"dropCap":true} /--> */ $comment_opening_at = strpos( $text, '<!--', $at ); /* * Even if the start of a potential block delimiter is not found, the document * might end in a prefix of such, and in that case there is incomplete input. */ if ( false === $comment_opening_at ) { if ( str_ends_with( $text, '<!-' ) ) { $backup = 3; } elseif ( str_ends_with( $text, '<!' ) ) { $backup = 2; } elseif ( str_ends_with( $text, '<' ) ) { $backup = 1; } else { $backup = 0; } // Whether or not there is a potential delimiter, there might be an HTML span. if ( $after_prev_delimiter < ( $end - $backup ) ) { $this->state = self::HTML_SPAN; $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $end - $backup; $this->matched_delimiter_length = $backup; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } /* * In the case that there is the start of an HTML comment, it means that there * might be a block delimiter, but it’s not possible know, therefore it’s incomplete. */ if ( $backup > 0 ) { goto incomplete; } // Otherwise this is the end. $this->state = self::COMPLETE; return false; } // <!-- ⃨/wp:core/paragraph {"dropCap":true} /--> $opening_whitespace_at = $comment_opening_at + 4; if ( $opening_whitespace_at >= $end ) { goto incomplete; } $opening_whitespace_length = strspn( $text, " \t\f\r\n", $opening_whitespace_at ); /* * The `wp` prefix cannot come before this point, but it may come after it * depending on the presence of the closer. This is detected next. */ $wp_prefix_at = $opening_whitespace_at + $opening_whitespace_length; if ( $wp_prefix_at >= $end ) { goto incomplete; } if ( 0 === $opening_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /⃨wp:core/paragraph {"dropCap":true} /--> $has_closer = false; if ( '/' === $text[ $wp_prefix_at ] ) { $has_closer = true; ++$wp_prefix_at; } // <!-- /w⃨p⃨:⃨core/paragraph {"dropCap":true} /--> if ( $wp_prefix_at < $end && 0 !== substr_compare( $text, 'wp:', $wp_prefix_at, 3 ) ) { if ( ( $wp_prefix_at + 2 >= $end && str_ends_with( $text, 'wp' ) ) || ( $wp_prefix_at + 1 >= $end && str_ends_with( $text, 'w' ) ) ) { goto incomplete; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * If the block contains no namespace, this will end up masquerading with * the block name. It’s easier to first detect the span and then determine * if it’s a namespace of a name. * * <!-- /wp:c⃨o⃨r⃨e⃨/paragraph {"dropCap":true} /--> */ $namespace_at = $wp_prefix_at + 3; if ( $namespace_at >= $end ) { goto incomplete; } $start_of_namespace = $text[ $namespace_at ]; // The namespace must start with a-z. if ( 'a' > $start_of_namespace || 'z' < $start_of_namespace ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $namespace_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $namespace_at + 1 ); $separator_at = $namespace_at + $namespace_length; if ( $separator_at >= $end ) { goto incomplete; } // <!-- /wp:core/⃨paragraph {"dropCap":true} /--> $has_separator = '/' === $text[ $separator_at ]; if ( $has_separator ) { $name_at = $separator_at + 1; if ( $name_at >= $end ) { goto incomplete; } // <!-- /wp:core/p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ {"dropCap":true} /--> $start_of_name = $text[ $name_at ]; if ( 'a' > $start_of_name || 'z' < $start_of_name ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $name_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $name_at + 1 ); } else { $name_at = $namespace_at; $name_length = $namespace_length; } if ( $name_at + $name_length >= $end ) { goto incomplete; } /* * For this next section of the delimiter, it could be the JSON attributes * or it could be the end of the comment. Assume that the JSON is there and * update if it’s not. */ // <!-- /wp:core/paragraph ⃨{"dropCap":true} /--> $after_name_whitespace_at = $name_at + $name_length; $after_name_whitespace_length = strspn( $text, " \t\f\r\n", $after_name_whitespace_at ); $json_at = $after_name_whitespace_at + $after_name_whitespace_length; if ( $json_at >= $end ) { goto incomplete; } if ( 0 === $after_name_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /wp:core/paragraph {⃨"dropCap":true} /--> $has_json = '{' === $text[ $json_at ]; $json_length = 0; /* * For the final span of the delimiter it's most efficient to find the end of the * HTML comment and work backwards. This prevents complicated parsing inside the * JSON span, which is not allowed to contain the HTML comment terminator. * * This also matches the behavior in the official block parser, * even though it allows for matching invalid JSON content. * * <!-- /wp:core/paragraph {"dropCap":true} /-⃨-⃨>⃨ */ $comment_closing_at = strpos( $text, '-->', $json_at ); if ( false === $comment_closing_at ) { goto incomplete; } // <!-- /wp:core/paragraph {"dropCap":true} /⃨--> if ( '/' === $text[ $comment_closing_at - 1 ] ) { $has_void_flag = true; $void_flag_length = 1; } else { $has_void_flag = false; $void_flag_length = 0; } /* * If there's no JSON, then the span of text after the name * until the comment closing must be completely whitespace. * Otherwise it’s a normal HTML comment. */ if ( ! $has_json ) { if ( $after_name_whitespace_at + $after_name_whitespace_length === $comment_closing_at - $void_flag_length ) { // This must be a block delimiter! $this->state = self::MATCHED; break; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * There's JSON, so attempt to find its boundary. * * @todo It’s likely faster to scan forward instead of in reverse. * * <!-- /wp:core/paragraph {"dropCap":true}⃨ ⃨/--> */ $after_json_whitespace_length = 0; for ( $char_at = $comment_closing_at - $void_flag_length - 1; $char_at > $json_at; $char_at-- ) { $char = $text[ $char_at ]; switch ( $char ) { case ' ': case "\t": case "\f": case "\r": case "\n": ++$after_json_whitespace_length; continue 2; case '}': $json_length = $char_at - $json_at + 1; break 2; default: ++$at; continue 3; } } /* * This covers cases where there is no terminating “}” or where * mandatory whitespace is missing. */ if ( 0 === $json_length || 0 === $after_json_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // This must be a block delimiter! $this->state = self::MATCHED; break; } // The end of the document was reached without a match. if ( self::MATCHED !== $this->state ) { $this->state = self::COMPLETE; return false; } /* * From this point forward, a delimiter has been matched. There * might also be an HTML span that appears before the delimiter. */ $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $comment_opening_at; $this->matched_delimiter_length = $comment_closing_at + 3 - $comment_opening_at; $this->namespace_at = $namespace_at; $this->name_at = $name_at; $this->name_length = $name_length; $this->json_at = $json_at; $this->json_length = $json_length; /* * When delimiters contain both the void flag and the closing flag * they shall be interpreted as void blocks, per the spec parser. */ if ( $has_void_flag ) { $this->type = self::VOID; $this->next_stack_op = 'void'; } elseif ( $has_closer ) { $this->type = self::CLOSER; $this->next_stack_op = 'pop'; /* * @todo Check if the name matches and bail according to the spec parser. * The default parser doesn’t examine the names. */ } else { $this->type = self::OPENER; $this->next_stack_op = 'push'; } $this->has_closing_flag = $has_closer; // HTML spans are visited before the delimiter that follows them. if ( $comment_opening_at > $after_prev_delimiter ) { $this->state = self::HTML_SPAN; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } // If there were no HTML spans then flush the enqueued stack operations immediately. switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'push': $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; return true; incomplete: $this->state = self::COMPLETE; $this->last_error = self::INCOMPLETE_INPUT; return false; } /** * Returns an array containing the names of the currently-open blocks, in order * from outermost to innermost, with HTML spans indicated as “#html”. * * Example: * * // Freeform HTML content is an HTML span. * $processor = new WP_Block_Processor( 'Just text' ); * $processor->next_token(); * array( '#text' ) === $processor->get_breadcrumbs(); * * $processor = new WP_Block_Processor( '<!-- wp:a --><!-- wp:b --><!-- wp:c /--><!-- /wp:b --><!-- /wp:a -->' ); * $processor->next_token(); * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array( 'core/a', 'core/b' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Void blocks are only open while visiting them. * array( 'core/a', 'core/b', 'core/c' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Blocks are closed before visiting their closing delimiter. * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array() === $processor->get_breadcrumbs(); * * // Inner HTML is also an HTML span. * $processor = new WP_Block_Processor( '<!-- wp:a -->Inner HTML<!-- /wp:a -->' ); * $processor->next_token(); * $processor->next_token(); * array( 'core/a', '#html' ) === $processor->get_breadcrumbs(); * * @since 6.9.0 * * @return string[] */ public function get_breadcrumbs(): array { $breadcrumbs = array_fill( 0, count( $this->open_blocks_at ), null ); /* * Since HTML spans can only be at the very end, set the normalized block name for * each open element and then work backwards after creating the array. This allows * for the elimination of a conditional on each iteration of the loop. */ foreach ( $this->open_blocks_at as $i => $at ) { $block_type = substr( $this->source_text, $at, $this->open_blocks_length[ $i ] ); $breadcrumbs[ $i ] = self::normalize_block_type( $block_type ); } if ( isset( $i ) && 0 === $this->open_blocks_length[ $i ] ) { $breadcrumbs[ $i ] = '#html'; } return $breadcrumbs; } /** * Returns the depth of the open blocks where the processor is currently matched. * * Depth increases before visiting openers and void blocks and decreases before * visiting closers. HTML spans behave like void blocks. * * @since 6.9.0 * * @return int */ public function get_depth(): int { return count( $this->open_blocks_at ); } /** * Extracts a block object, and all inner content, starting at a matched opening * block delimiter, or at a matched top-level HTML span as freeform HTML content. * * Use this function to extract some blocks within a document, but not all. For example, * one might want to find image galleries, parse them, modify them, and then reserialize * them in place. * * Once this function returns, the parser will be matched on token following the close * of the given block. * * The return type of this method is compatible with the return of {@see \parse_blocks()}. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery = $processor->extract_full_block_and_advance(); * $ends_before = $processor->get_span(); * $ends_before = $ends_before->start ?? strlen( $post_content ); * * $new_gallery = update_gallery( $gallery ); * $new_gallery = serialize_block( $new_gallery ); * * return ( * substr( $post_content, 0, $gallery_at ) . * $new_gallery . * substr( $post_content, $ends_before ) * ); * * @since 6.9.0 * * @return array[]|null { * Array of block structures. * * @type array ...$0 { * An associative array of a single parsed block object. See WP_Block_Parser_Block. * * @type string|null $blockName Name of block. * @type array $attrs Attributes from block comment delimiters. * @type array[] $innerBlocks List of inner blocks. An array of arrays that * have the same structure as this one. * @type string $innerHTML HTML from inside block comment delimiters. * @type array $innerContent List of string fragments and null markers where * inner blocks were found. * } * } */ public function extract_full_block_and_advance(): ?array { if ( $this->is_html() ) { $chunk = $this->get_html_content(); return array( 'blockName' => null, 'attrs' => array(), 'innerBlocks' => array(), 'innerHTML' => $chunk, 'innerContent' => array( $chunk ), ); } $block = array( 'blockName' => $this->get_block_type(), 'attrs' => $this->allocate_and_return_parsed_attributes() ?? array(), 'innerBlocks' => array(), 'innerHTML' => '', 'innerContent' => array(), ); $depth = $this->get_depth(); while ( $this->next_token() && $this->get_depth() > $depth ) { if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; continue; } /** * Inner blocks. * * @todo This is a decent place to call {@link \render_block()} * @todo Use iteration instead of recursion, or at least refactor to tail-call form. */ if ( $this->opens_block() ) { $inner_block = $this->extract_full_block_and_advance(); $block['innerBlocks'][] = $inner_block; $block['innerContent'][] = null; } /* * Because the parser has advanced past the closing block token, it * may be matched on an HTML span. This needs to be processed before * moving on to the next token at the start of the next loop iteration. */ if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; } } return $block; } /** * Returns the byte-offset after the ending character of an HTML comment, * assuming the proper starting byte offset. * * @since 6.9.0 * * @param int $comment_starting_at Where the HTML comment started, the leading `<`. * @param int $search_end Last offset in which to search, for limiting search span. * @return int Offset after the current HTML comment ends, or `$search_end` if no end was found. */ private function find_html_comment_end( int $comment_starting_at, int $search_end ): int { $text = $this->source_text; // Find span-of-dashes comments which look like `<!----->`. $span_of_dashes = strspn( $text, '-', $comment_starting_at + 2 ); if ( $comment_starting_at + 2 + $span_of_dashes < $search_end && '>' === $text[ $comment_starting_at + 2 + $span_of_dashes ] ) { return $comment_starting_at + $span_of_dashes + 1; } // Otherwise, there are other characters inside the comment, find the first `-->` or `--!>`. $now_at = $comment_starting_at + 4; while ( $now_at < $search_end ) { $dashes_at = strpos( $text, '--', $now_at ); if ( false === $dashes_at ) { return $search_end; } $closer_must_be_at = $dashes_at + 2 + strspn( $text, '-', $dashes_at + 2 ); if ( $closer_must_be_at < $search_end && '!' === $text[ $closer_must_be_at ] ) { ++$closer_must_be_at; } if ( $closer_must_be_at < $search_end && '>' === $text[ $closer_must_be_at ] ) { return $closer_must_be_at + 1; } ++$now_at; } return $search_end; } /** * Indicates if the last attempt to parse a block comment delimiter * failed, if set, otherwise `null` if the last attempt succeeded. * * @since 6.9.0 * * @return string|null Error from last attempt at parsing next block delimiter, * or `null` if last attempt succeeded. */ public function get_last_error(): ?string { return $this->last_error; } /** * Indicates if the last attempt to parse a block’s JSON attributes failed. * * @see \json_last_error() * * @since 6.9.0 * * @return int JSON_ERROR_ code from last attempt to parse block JSON attributes. */ public function get_last_json_error(): int { return $this->last_json_error; } /** * Returns the type of the block comment delimiter. * * One of: * * - {@see self::OPENER} * - {@see self::CLOSER} * - {@see self::VOID} * - `null` * * @since 6.9.0 * * @return string|null type of the block comment delimiter, if currently matched. */ public function get_delimiter_type(): ?string { switch ( $this->state ) { case self::HTML_SPAN: return self::VOID; case self::MATCHED: return $this->type; default: return null; } } /** * Returns whether the delimiter contains the closing flag. * * This should be avoided except in cases of custom error-handling * with block closers containing the void flag. For normative use, * {@see self::get_delimiter_type()}. * * @since 6.9.0 * * @return bool Whether the currently-matched block delimiter contains the closing flag. */ public function has_closing_flag(): bool { return $this->has_closing_flag; } /** * Indicates if the block delimiter represents a block of the given type. * * Since the “core” namespace may be implicit, it’s allowable to pass * either the fully-qualified block type with namespace and block name * as well as the shorthand version only containing the block name, if * the desired block is in the “core” namespace. * * Since freeform HTML content is non-block content, it has no block type. * Passing the wildcard “*” will, however, return true for all block types, * even the implicit freeform content, though not for spans of inner HTML. * * Example: * * $is_core_paragraph = $processor->is_block_type( 'paragraph' ); * $is_core_paragraph = $processor->is_block_type( 'core/paragraph' ); * $is_formula = $processor->is_block_type( 'math-block/formula' ); * * @param string $block_type Block type name for the desired block. * E.g. "paragraph", "core/paragraph", "math-blocks/formula". * @return bool Whether this delimiter represents a block of the given type. */ public function is_block_type( string $block_type ): bool { if ( '*' === $block_type ) { return true; } if ( $this->is_html() ) { // This is a core/freeform text block, it’s special. if ( 0 === ( $this->open_blocks_length[0] ?? null ) ) { return ( 'core/freeform' === $block_type || 'freeform' === $block_type ); } // Otherwise this is innerHTML and not a block. return false; } return $this->are_equal_block_types( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length, $block_type, 0, strlen( $block_type ) ); } /** * Given two spans of text, indicate if they represent identical block types. * * This function normalizes block types to account for implicit core namespacing. * * Note! This function only returns valid results when the complete block types are * represented in the span offsets and lengths. This means that the full optional * namespace and block name must be represented in the input arguments. * * Example: * * 0 5 10 15 20 25 30 35 40 * $text = '<!-- wp:block --><!-- /wp:core/block -->'; * * true === WP_Block_Processor::are_equal_block_types( $text, 9, 5, $text, 27, 10 ); * false === WP_Block_Processor::are_equal_block_types( $text, 9, 5, 'my/block', 0, 8 ); * * @since 6.9.0 * * @param string $a_text Text in which first block type appears. * @param int $a_at Byte offset into text in which first block type starts. * @param int $a_length Byte length of first block type. * @param string $b_text Text in which second block type appears (may be the same as the first text). * @param int $b_at Byte offset into text in which second block type starts. * @param int $b_length Byte length of second block type. * @return bool Whether the spans of text represent identical block types, normalized for namespacing. */ public static function are_equal_block_types( string $a_text, int $a_at, int $a_length, string $b_text, int $b_at, int $b_length ): bool { $a_ns_length = strcspn( $a_text, '/', $a_at, $a_length ); $b_ns_length = strcspn( $b_text, '/', $b_at, $b_length ); $a_has_ns = $a_ns_length !== $a_length; $b_has_ns = $b_ns_length !== $b_length; // Both contain namespaces. if ( $a_has_ns && $b_has_ns ) { if ( $a_length !== $b_length ) { return false; } $a_block_type = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ); } if ( $a_has_ns ) { $b_block_type = 'core/' . substr( $b_text, $b_at, $b_length ); return ( strlen( $b_block_type ) === $a_length && 0 === substr_compare( $a_text, $b_block_type, $a_at, $a_length ) ); } if ( $b_has_ns ) { $a_block_type = 'core/' . substr( $a_text, $a_at, $a_length ); return ( strlen( $a_block_type ) === $b_length && 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ) ); } // Neither contains a namespace. if ( $a_length !== $b_length ) { return false; } $a_name = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_name, $b_at, $b_length ); } /** * Indicates if the matched delimiter is an opening or void delimiter of the given type, * if a type is provided, otherwise if it opens any block or implicit freeform HTML content. * * This is a helper method to ease handling of code inspecting where blocks start, and for * checking if the blocks are of a given type. The function is variadic to allow for * checking if the delimiter opens one of many possible block types. * * To advance to the start of a block {@see self::next_block()}. * * Example: * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() ) { * if ( $processor->opens_block( 'core/code', 'syntaxhighlighter/code' ) ) { * echo "Found code!"; * continue; * } * * if ( $processor->opens_block( 'core/image' ) ) { * echo "Found an image!"; * continue; * } * * if ( $processor->opens_block() ) { * echo "Found a new block!"; * } * } * * @since 6.9.0 * * @see self::is_block_type() * * @param string[] $block_type Optional. Is the matched block type one of these? * If none are provided, will not test block type. * @return bool Whether the matched block delimiter opens a block, and whether it * opens a block of one of the given block types, if provided. */ public function opens_block( string ...$block_type ): bool { // HTML spans only open implicit freeform content at the top level. if ( self::HTML_SPAN === $this->state && 1 !== count( $this->open_blocks_at ) ) { return false; } /* * Because HTML spans are discovered after the next delimiter is found, * the delimiter type when visiting HTML spans refers to the type of the * following delimiter. Therefore the HTML case is handled by checking * the state and depth of the stack of open block. */ if ( self::CLOSER === $this->type && ! $this->is_html() ) { return false; } if ( count( $block_type ) === 0 ) { return true; } foreach ( $block_type as $block ) { if ( $this->is_block_type( $block ) ) { return true; } } return false; } /** * Indicates if the matched delimiter is an HTML span. * * @since 6.9.0 * * @see self::is_non_whitespace_html() * * @return bool Whether the processor is matched on an HTML span. */ public function is_html(): bool { return self::HTML_SPAN === $this->state; } /** * Indicates if the matched delimiter is an HTML span and comprises more * than whitespace characters, i.e. contains real content. * * Many block serializers introduce newlines between block delimiters, * so the presence of top-level non-block content does not imply that * there are “real” freeform HTML blocks. Checking if there is content * beyond whitespace is a more certain check, such as for determining * whether to load CSS for the freeform or fallback block type. * * @since 6.9.0 * * @see self::is_html() * * @return bool Whether the currently-matched delimiter is an HTML * span containing non-whitespace text. */ public function is_non_whitespace_html(): bool { if ( ! $this->is_html() ) { return false; } $length = $this->matched_delimiter_at - $this->after_previous_delimiter; $whitespace_length = strspn( $this->source_text, " \t\f\r\n", $this->after_previous_delimiter, $length ); return $whitespace_length !== $length; } /** * Returns the string content of a matched HTML span, or `null` otherwise. * * @since 6.9.0 * * @return string|null Raw HTML content, or `null` if not currently matched on HTML. */ public function get_html_content(): ?string { if ( ! $this->is_html() ) { return null; } return substr( $this->source_text, $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); } /** * Allocates a substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter, otherwise `null`. * * This function is like {@see self::get_printable_block_type()} but when * paused on a freeform HTML block, will return `null` instead of “core/freeform”. * The `null` behavior matches what {@see \parse_blocks()} returns but may not * be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content has no block type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * null === $processor->get_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter, otherwise `null`. */ public function get_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return null; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Allocates a printable substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter or freeform block, otherwise `null`. * * This function is like {@see self::get_block_type()} but when paused on a freeform * HTML block, will return “core/freeform” instead of `null`. The `null` behavior matches * what {@see \parse_blocks()} returns but may not be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_printable_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content is given an implicit type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * 'core/freeform' === $processor->get_printable_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter or freeform block, otherwise `null`. */ public function get_printable_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return 1 === count( $this->open_blocks_at ) ? 'core/freeform' : '#innerHTML'; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Normalizes a block name to ensure that missing implicit “core” namespaces are present. * * Example: * * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'paragraph' ); * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'core/paragraph' ); * 'my/paragraph' === WP_Block_Processor::normalize_block_byte( 'my/paragraph' ); * * @since 6.9.0 * * @param string $block_type Valid block name, potentially without a namespace. * @return string Fully-qualified block type including namespace. */ public static function normalize_block_type( string $block_type ): string { return false === strpos( $block_type, '/' ) ? "core/{$block_type}" : $block_type; } /** * Returns a lazy wrapper around the block attributes, which can be used * for efficiently interacting with the JSON attributes. * * This stub hints that there should be a lazy interface for parsing * block attributes but doesn’t define it. It serves both as a placeholder * for one to come as well as a guard against implementing an eager * function in its place. * * @throws Exception This function is a stub for subclasses to implement * when providing streaming attribute parsing. * * @since 6.9.0 * * @see self::allocate_and_return_parsed_attributes() * * @return never */ public function get_attributes() { throw new Exception( 'Lazy attribute parsing not yet supported' ); } /** * Attempts to parse and return the entire JSON attributes from the delimiter, * allocating memory and processing the JSON span in the process. * * This does not return any parsed attributes for a closing block delimiter * even if there is a span of JSON content; this JSON is a parsing error. * * Consider calling {@see static::get_attributes()} instead if it's not * necessary to read all the attributes at the same time, as that provides * a more efficient mechanism for typical use cases. * * Since the JSON span inside the comment delimiter may not be valid JSON, * this function will return `null` if it cannot parse the span and set the * {@see static::get_last_json_error()} to the appropriate JSON_ERROR_ constant. * * If the delimiter contains no JSON span, it will also return `null`, * but the last error will be set to {@see \JSON_ERROR_NONE}. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * $memory_hungry_and_slow_attributes = $processor->allocate_and_return_parsed_attributes(); * $memory_hungry_and_slow_attributes === array( 'url' => 'https://wordpress.org/favicon.ico' ); * * $processor = new WP_Block_Processor( '<!-- /wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_NONE = $processor->get_last_json_error(); * * $processor = new WP_Block_Processor( '<!-- wp:separator {} /-->' ); * $processor->next_delimiter(); * array() === $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:separator /-->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:image {"url} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_CTRL_CHAR = $processor->get_last_json_error(); * * @since 6.9.0 * * @return array|null Parsed JSON attributes, if present and valid, otherwise `null`. */ public function allocate_and_return_parsed_attributes(): ?array { $this->last_json_error = JSON_ERROR_NONE; if ( self::CLOSER === $this->type || $this->is_html() || 0 === $this->json_length ) { return null; } $json_span = substr( $this->source_text, $this->json_at, $this->json_length ); $parsed = json_decode( $json_span, null, 512, JSON_OBJECT_AS_ARRAY | JSON_INVALID_UTF8_SUBSTITUTE ); $last_error = json_last_error(); $this->last_json_error = $last_error; return ( JSON_ERROR_NONE === $last_error && is_array( $parsed ) ) ? $parsed : null; } /** * Returns the span representing the currently-matched delimiter, if matched, otherwise `null`. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:void /-->' ); * null === $processor->get_span(); * * $processor->next_delimiter(); * WP_HTML_Span( 0, 17 ) === $processor->get_span(); * * @since 6.9.0 * * @return WP_HTML_Span|null Span of text in source text spanning matched delimiter. */ public function get_span(): ?WP_HTML_Span { switch ( $this->state ) { case self::HTML_SPAN: return new WP_HTML_Span( $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); case self::MATCHED: return new WP_HTML_Span( $this->matched_delimiter_at, $this->matched_delimiter_length ); default: return null; } } // // Constant declarations that would otherwise pollute the top of the class. // /** * Indicates that the block comment delimiter closes an open block. * * @see self::$type * * @since 6.9.0 */ const CLOSER = 'closer'; /** * Indicates that the block comment delimiter opens a block. * * @see self::$type * * @since 6.9.0 */ const OPENER = 'opener'; /** * Indicates that the block comment delimiter represents a void block * with no inner content of any kind. * * @see self::$type * * @since 6.9.0 */ const VOID = 'void'; /** * Indicates that the processor is ready to start parsing but hasn’t yet begun. * * @see self::$state * * @since 6.9.0 */ const READY = 'processor-ready'; /** * Indicates that the processor is matched on an explicit block delimiter. * * @see self::$state * * @since 6.9.0 */ const MATCHED = 'processor-matched'; /** * Indicates that the processor is matched on the opening of an implicit freeform delimiter. * * @see self::$state * * @since 6.9.0 */ const HTML_SPAN = 'processor-html-span'; /** * Indicates that the parser started parsing a block comment delimiter, but * the input document ended before it could finish. The document was likely truncated. * * @see self::$state * * @since 6.9.0 */ const INCOMPLETE_INPUT = 'incomplete-input'; /** * Indicates that the processor has finished parsing and has nothing left to scan. * * @see self::$state * * @since 6.9.0 */ const COMPLETE = 'processor-complete'; } HTTP/Client-20260605104719.php 0000666 00000001137 15226703613 0010655 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Client interface * * @internal */ interface Client { public const METHOD_GET = 'GET'; /** * send a request and return the response * * @param Client::METHOD_* $method * @param array<string, string> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response; } HTTP/script-loader-react-refresh-runtime-20260606175845.php 0000666 00000000124 15226703613 0016424 0 ustar 00 <?php return array('dependencies' => array(), 'version' => '8f1acdfb845f670b0ef2'); HTTP/https-migration-20260606092626-20260609025029.php 0000666 00000011205 15226703613 0014161 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-customize-widgets-20260605024213.php 0000666 00000215637 15226703613 0014656 0 ustar 00 <?php /** * WordPress Customize Widgets classes * * @package WordPress * @subpackage Customize * @since 3.9.0 */ /** * Customize Widgets class. * * Implements widget management in the Customizer. * * @since 3.9.0 * * @see WP_Customize_Manager */ #[AllowDynamicProperties] final class WP_Customize_Widgets { /** * WP_Customize_Manager instance. * * @since 3.9.0 * @var WP_Customize_Manager */ public $manager; /** * All id_bases for widgets defined in core. * * @since 3.9.0 * @var array */ protected $core_widget_id_bases = array( 'archives', 'calendar', 'categories', 'custom_html', 'links', 'media_audio', 'media_image', 'media_video', 'meta', 'nav_menu', 'pages', 'recent-comments', 'recent-posts', 'rss', 'search', 'tag_cloud', 'text', ); /** * @since 3.9.0 * @var array */ protected $rendered_sidebars = array(); /** * @since 3.9.0 * @var array */ protected $rendered_widgets = array(); /** * @since 3.9.0 * @var array */ protected $old_sidebars_widgets = array(); /** * Mapping of widget ID base to whether it supports selective refresh. * * @since 4.5.0 * @var array */ protected $selective_refreshable_widgets; /** * Mapping of setting type to setting ID pattern. * * @since 4.2.0 * @var array */ protected $setting_id_patterns = array( 'widget_instance' => '/^widget_(?P<id_base>.+?)(?:\[(?P<widget_number>\d+)\])?$/', 'sidebar_widgets' => '/^sidebars_widgets\[(?P<sidebar_id>.+?)\]$/', ); /** * Initial loader. * * @since 3.9.0 * * @param WP_Customize_Manager $manager Customizer bootstrap instance. */ public function __construct( $manager ) { $this->manager = $manager; // See https://github.com/xwp/wp-customize-snapshots/blob/962586659688a5b1fd9ae93618b7ce2d4e7a421c/php/class-customize-snapshot-manager.php#L420-L449 add_filter( 'customize_dynamic_setting_args', array( $this, 'filter_customize_dynamic_setting_args' ), 10, 2 ); add_action( 'widgets_init', array( $this, 'register_settings' ), 95 ); add_action( 'customize_register', array( $this, 'schedule_customize_register' ), 1 ); // Skip remaining hooks when the user can't manage widgets anyway. if ( ! current_user_can( 'edit_theme_options' ) ) { return; } add_action( 'wp_loaded', array( $this, 'override_sidebars_widgets_for_theme_switch' ) ); add_action( 'customize_controls_init', array( $this, 'customize_controls_init' ) ); add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_scripts' ) ); add_action( 'customize_controls_print_styles', array( $this, 'print_styles' ) ); add_action( 'customize_controls_print_scripts', array( $this, 'print_scripts' ) ); add_action( 'customize_controls_print_footer_scripts', array( $this, 'print_footer_scripts' ) ); add_action( 'customize_controls_print_footer_scripts', array( $this, 'output_widget_control_templates' ) ); add_action( 'customize_preview_init', array( $this, 'customize_preview_init' ) ); add_filter( 'customize_refresh_nonces', array( $this, 'refresh_nonces' ) ); add_filter( 'should_load_block_editor_scripts_and_styles', array( $this, 'should_load_block_editor_scripts_and_styles' ) ); add_action( 'dynamic_sidebar', array( $this, 'tally_rendered_widgets' ) ); add_filter( 'is_active_sidebar', array( $this, 'tally_sidebars_via_is_active_sidebar_calls' ), 10, 2 ); add_filter( 'dynamic_sidebar_has_widgets', array( $this, 'tally_sidebars_via_dynamic_sidebar_calls' ), 10, 2 ); // Selective Refresh. add_filter( 'customize_dynamic_partial_args', array( $this, 'customize_dynamic_partial_args' ), 10, 2 ); add_action( 'customize_preview_init', array( $this, 'selective_refresh_init' ) ); } /** * List whether each registered widget can be use selective refresh. * * If the theme does not support the customize-selective-refresh-widgets feature, * then this will always return an empty array. * * @since 4.5.0 * * @global WP_Widget_Factory $wp_widget_factory * * @return array Mapping of id_base to support. If theme doesn't support * selective refresh, an empty array is returned. */ public function get_selective_refreshable_widgets() { global $wp_widget_factory; if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return array(); } if ( ! isset( $this->selective_refreshable_widgets ) ) { $this->selective_refreshable_widgets = array(); foreach ( $wp_widget_factory->widgets as $wp_widget ) { $this->selective_refreshable_widgets[ $wp_widget->id_base ] = ! empty( $wp_widget->widget_options['customize_selective_refresh'] ); } } return $this->selective_refreshable_widgets; } /** * Determines if a widget supports selective refresh. * * @since 4.5.0 * * @param string $id_base Widget ID Base. * @return bool Whether the widget can be selective refreshed. */ public function is_widget_selective_refreshable( $id_base ) { $selective_refreshable_widgets = $this->get_selective_refreshable_widgets(); return ! empty( $selective_refreshable_widgets[ $id_base ] ); } /** * Retrieves the widget setting type given a setting ID. * * @since 4.2.0 * * @param string $setting_id Setting ID. * @return string|void Setting type. */ protected function get_setting_type( $setting_id ) { static $cache = array(); if ( isset( $cache[ $setting_id ] ) ) { return $cache[ $setting_id ]; } foreach ( $this->setting_id_patterns as $type => $pattern ) { if ( preg_match( $pattern, $setting_id ) ) { $cache[ $setting_id ] = $type; return $type; } } } /** * Inspects the incoming customized data for any widget settings, and dynamically adds * them up-front so widgets will be initialized properly. * * @since 4.2.0 */ public function register_settings() { $widget_setting_ids = array(); $incoming_setting_ids = array_keys( $this->manager->unsanitized_post_values() ); foreach ( $incoming_setting_ids as $setting_id ) { if ( ! is_null( $this->get_setting_type( $setting_id ) ) ) { $widget_setting_ids[] = $setting_id; } } if ( $this->manager->doing_ajax( 'update-widget' ) && isset( $_REQUEST['widget-id'] ) ) { $widget_setting_ids[] = $this->get_setting_id( wp_unslash( $_REQUEST['widget-id'] ) ); } $settings = $this->manager->add_dynamic_settings( array_unique( $widget_setting_ids ) ); if ( $this->manager->settings_previewed() ) { foreach ( $settings as $setting ) { $setting->preview(); } } } /** * Determines the arguments for a dynamically-created setting. * * @since 4.2.0 * * @param false|array $args The arguments to the WP_Customize_Setting constructor. * @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`. * @return array|false Setting arguments, false otherwise. */ public function filter_customize_dynamic_setting_args( $args, $setting_id ) { if ( $this->get_setting_type( $setting_id ) ) { $args = $this->get_setting_args( $setting_id ); } return $args; } /** * Retrieves an unslashed post value or return a default. * * @since 3.9.0 * * @param string $name Post value. * @param mixed $default_value Default post value. * @return mixed Unslashed post value or default value. */ protected function get_post_value( $name, $default_value = null ) { if ( ! isset( $_POST[ $name ] ) ) { return $default_value; } return wp_unslash( $_POST[ $name ] ); } /** * Override sidebars_widgets for theme switch. * * When switching a theme via the Customizer, supply any previously-configured * sidebars_widgets from the target theme as the initial sidebars_widgets * setting. Also store the old theme's existing settings so that they can * be passed along for storing in the sidebars_widgets theme_mod when the * theme gets switched. * * @since 3.9.0 * * @global array $sidebars_widgets * @global array $_wp_sidebars_widgets */ public function override_sidebars_widgets_for_theme_switch() { global $sidebars_widgets; if ( $this->manager->doing_ajax() || $this->manager->is_theme_active() ) { return; } $this->old_sidebars_widgets = wp_get_sidebars_widgets(); add_filter( 'customize_value_old_sidebars_widgets_data', array( $this, 'filter_customize_value_old_sidebars_widgets_data' ) ); $this->manager->set_post_value( 'old_sidebars_widgets_data', $this->old_sidebars_widgets ); // Override any value cached in changeset. // retrieve_widgets() looks at the global $sidebars_widgets. $sidebars_widgets = $this->old_sidebars_widgets; $sidebars_widgets = retrieve_widgets( 'customize' ); add_filter( 'option_sidebars_widgets', array( $this, 'filter_option_sidebars_widgets_for_theme_switch' ), 1 ); // Reset global cache var used by wp_get_sidebars_widgets(). unset( $GLOBALS['_wp_sidebars_widgets'] ); } /** * Filters old_sidebars_widgets_data Customizer setting. * * When switching themes, filter the Customizer setting old_sidebars_widgets_data * to supply initial $sidebars_widgets before they were overridden by retrieve_widgets(). * The value for old_sidebars_widgets_data gets set in the old theme's sidebars_widgets * theme_mod. * * @since 3.9.0 * * @see WP_Customize_Widgets::handle_theme_switch() * * @param array $old_sidebars_widgets * @return array */ public function filter_customize_value_old_sidebars_widgets_data( $old_sidebars_widgets ) { return $this->old_sidebars_widgets; } /** * Filters sidebars_widgets option for theme switch. * * When switching themes, the retrieve_widgets() function is run when the Customizer initializes, * and then the new sidebars_widgets here get supplied as the default value for the sidebars_widgets * option. * * @since 3.9.0 * * @see WP_Customize_Widgets::handle_theme_switch() * @global array $sidebars_widgets * * @param array $sidebars_widgets * @return array */ public function filter_option_sidebars_widgets_for_theme_switch( $sidebars_widgets ) { $sidebars_widgets = $GLOBALS['sidebars_widgets']; $sidebars_widgets['array_version'] = 3; return $sidebars_widgets; } /** * Ensures all widgets get loaded into the Customizer. * * Note: these actions are also fired in wp_ajax_update_widget(). * * @since 3.9.0 */ public function customize_controls_init() { /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/widgets.php */ do_action( 'sidebar_admin_setup' ); } /** * Ensures widgets are available for all types of previews. * * When in preview, hook to {@see 'customize_register'} for settings after WordPress is loaded * so that all filters have been initialized (e.g. Widget Visibility). * * @since 3.9.0 */ public function schedule_customize_register() { if ( is_admin() ) { $this->customize_register(); } else { add_action( 'wp', array( $this, 'customize_register' ) ); } } /** * Registers Customizer settings and controls for all sidebars and widgets. * * @since 3.9.0 * * @global array $wp_registered_widgets * @global array $wp_registered_widget_controls * @global array $wp_registered_sidebars */ public function customize_register() { global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_sidebars; $use_widgets_block_editor = wp_use_widgets_block_editor(); add_filter( 'sidebars_widgets', array( $this, 'preview_sidebars_widgets' ), 1 ); $sidebars_widgets = array_merge( array( 'wp_inactive_widgets' => array() ), array_fill_keys( array_keys( $wp_registered_sidebars ), array() ), wp_get_sidebars_widgets() ); $new_setting_ids = array(); /* * Register a setting for all widgets, including those which are active, * inactive, and orphaned since a widget may get suppressed from a sidebar * via a plugin (like Widget Visibility). */ foreach ( array_keys( $wp_registered_widgets ) as $widget_id ) { $setting_id = $this->get_setting_id( $widget_id ); $setting_args = $this->get_setting_args( $setting_id ); if ( ! $this->manager->get_setting( $setting_id ) ) { $this->manager->add_setting( $setting_id, $setting_args ); } $new_setting_ids[] = $setting_id; } /* * Add a setting which will be supplied for the theme's sidebars_widgets * theme_mod when the theme is switched. */ if ( ! $this->manager->is_theme_active() ) { $setting_id = 'old_sidebars_widgets_data'; $setting_args = $this->get_setting_args( $setting_id, array( 'type' => 'global_variable', 'dirty' => true, ) ); $this->manager->add_setting( $setting_id, $setting_args ); } $this->manager->add_panel( 'widgets', array( 'type' => 'widgets', 'title' => __( 'Widgets' ), 'description' => __( 'Widgets are independent sections of content that can be placed into widgetized areas provided by your theme (commonly called sidebars).' ), 'priority' => 110, 'active_callback' => array( $this, 'is_panel_active' ), 'auto_expand_sole_section' => true, 'theme_supports' => 'widgets', ) ); foreach ( $sidebars_widgets as $sidebar_id => $sidebar_widget_ids ) { if ( empty( $sidebar_widget_ids ) ) { $sidebar_widget_ids = array(); } $is_registered_sidebar = is_registered_sidebar( $sidebar_id ); $is_inactive_widgets = ( 'wp_inactive_widgets' === $sidebar_id ); $is_active_sidebar = ( $is_registered_sidebar && ! $is_inactive_widgets ); // Add setting for managing the sidebar's widgets. if ( $is_registered_sidebar || $is_inactive_widgets ) { $setting_id = sprintf( 'sidebars_widgets[%s]', $sidebar_id ); $setting_args = $this->get_setting_args( $setting_id ); if ( ! $this->manager->get_setting( $setting_id ) ) { if ( ! $this->manager->is_theme_active() ) { $setting_args['dirty'] = true; } $this->manager->add_setting( $setting_id, $setting_args ); } $new_setting_ids[] = $setting_id; // Add section to contain controls. $section_id = sprintf( 'sidebar-widgets-%s', $sidebar_id ); if ( $is_active_sidebar ) { $section_args = array( 'title' => $wp_registered_sidebars[ $sidebar_id ]['name'], 'priority' => array_search( $sidebar_id, array_keys( $wp_registered_sidebars ), true ), 'panel' => 'widgets', 'sidebar_id' => $sidebar_id, ); if ( $use_widgets_block_editor ) { $section_args['description'] = ''; } else { $section_args['description'] = $wp_registered_sidebars[ $sidebar_id ]['description']; } /** * Filters Customizer widget section arguments for a given sidebar. * * @since 3.9.0 * * @param array $section_args Array of Customizer widget section arguments. * @param string $section_id Customizer section ID. * @param int|string $sidebar_id Sidebar ID. */ $section_args = apply_filters( 'customizer_widgets_section_args', $section_args, $section_id, $sidebar_id ); $section = new WP_Customize_Sidebar_Section( $this->manager, $section_id, $section_args ); $this->manager->add_section( $section ); if ( $use_widgets_block_editor ) { $control = new WP_Sidebar_Block_Editor_Control( $this->manager, $setting_id, array( 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'label' => $section_args['title'], 'description' => $section_args['description'], ) ); } else { $control = new WP_Widget_Area_Customize_Control( $this->manager, $setting_id, array( 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'priority' => count( $sidebar_widget_ids ), // place 'Add Widget' and 'Reorder' buttons at end. ) ); } $this->manager->add_control( $control ); $new_setting_ids[] = $setting_id; } } if ( ! $use_widgets_block_editor ) { // Add a control for each active widget (located in a sidebar). foreach ( $sidebar_widget_ids as $i => $widget_id ) { // Skip widgets that may have gone away due to a plugin being deactivated. if ( ! $is_active_sidebar || ! isset( $wp_registered_widgets[ $widget_id ] ) ) { continue; } $registered_widget = $wp_registered_widgets[ $widget_id ]; $setting_id = $this->get_setting_id( $widget_id ); $id_base = $wp_registered_widget_controls[ $widget_id ]['id_base']; $control = new WP_Widget_Form_Customize_Control( $this->manager, $setting_id, array( 'label' => $registered_widget['name'], 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'widget_id' => $widget_id, 'widget_id_base' => $id_base, 'priority' => $i, 'width' => $wp_registered_widget_controls[ $widget_id ]['width'], 'height' => $wp_registered_widget_controls[ $widget_id ]['height'], 'is_wide' => $this->is_wide_widget( $widget_id ), ) ); $this->manager->add_control( $control ); } } } if ( $this->manager->settings_previewed() ) { foreach ( $new_setting_ids as $new_setting_id ) { $this->manager->get_setting( $new_setting_id )->preview(); } } } /** * Determines whether the widgets panel is active, based on whether there are sidebars registered. * * @since 4.4.0 * * @see WP_Customize_Panel::$active_callback * * @global array $wp_registered_sidebars * * @return bool Active. */ public function is_panel_active() { global $wp_registered_sidebars; return ! empty( $wp_registered_sidebars ); } /** * Converts a widget_id into its corresponding Customizer setting ID (option name). * * @since 3.9.0 * * @param string $widget_id Widget ID. * @return string Maybe-parsed widget ID. */ public function get_setting_id( $widget_id ) { $parsed_widget_id = $this->parse_widget_id( $widget_id ); $setting_id = sprintf( 'widget_%s', $parsed_widget_id['id_base'] ); if ( ! is_null( $parsed_widget_id['number'] ) ) { $setting_id .= sprintf( '[%d]', $parsed_widget_id['number'] ); } return $setting_id; } /** * Determines whether the widget is considered "wide". * * Core widgets which may have controls wider than 250, but can still be shown * in the narrow Customizer panel. The RSS and Text widgets in Core, for example, * have widths of 400 and yet they still render fine in the Customizer panel. * * This method will return all Core widgets as being not wide, but this can be * overridden with the {@see 'is_wide_widget_in_customizer'} filter. * * @since 3.9.0 * * @global array $wp_registered_widget_controls * * @param string $widget_id Widget ID. * @return bool Whether or not the widget is a "wide" widget. */ public function is_wide_widget( $widget_id ) { global $wp_registered_widget_controls; $parsed_widget_id = $this->parse_widget_id( $widget_id ); $width = $wp_registered_widget_controls[ $widget_id ]['width']; $is_core = in_array( $parsed_widget_id['id_base'], $this->core_widget_id_bases, true ); $is_wide = ( $width > 250 && ! $is_core ); /** * Filters whether the given widget is considered "wide". * * @since 3.9.0 * * @param bool $is_wide Whether the widget is wide, Default false. * @param string $widget_id Widget ID. */ return apply_filters( 'is_wide_widget_in_customizer', $is_wide, $widget_id ); } /** * Converts a widget ID into its id_base and number components. * * @since 3.9.0 * * @param string $widget_id Widget ID. * @return array Array containing a widget's id_base and number components. */ public function parse_widget_id( $widget_id ) { $parsed = array( 'number' => null, 'id_base' => null, ); if ( preg_match( '/^(.+)-(\d+)$/', $widget_id, $matches ) ) { $parsed['id_base'] = $matches[1]; $parsed['number'] = (int) $matches[2]; } else { // Likely an old single widget. $parsed['id_base'] = $widget_id; } return $parsed; } /** * Converts a widget setting ID (option path) to its id_base and number components. * * @since 3.9.0 * * @param string $setting_id Widget setting ID. * @return array|WP_Error Array containing a widget's id_base and number components, * or a WP_Error object. */ public function parse_widget_setting_id( $setting_id ) { if ( ! preg_match( '/^(widget_(.+?))(?:\[(\d+)\])?$/', $setting_id, $matches ) ) { return new WP_Error( 'widget_setting_invalid_id' ); } $id_base = $matches[2]; $number = isset( $matches[3] ) ? (int) $matches[3] : null; return compact( 'id_base', 'number' ); } /** * Calls admin_print_styles-widgets.php and admin_print_styles hooks to * allow custom styles from plugins. * * @since 3.9.0 */ public function print_styles() { /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_styles-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_styles' ); } /** * Calls admin_print_scripts-widgets.php and admin_print_scripts hooks to * allow custom scripts from plugins. * * @since 3.9.0 */ public function print_scripts() { /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_scripts' ); } /** * Enqueues scripts and styles for Customizer panel and export data to JavaScript. * * @since 3.9.0 * * @global WP_Scripts $wp_scripts * @global array $wp_registered_sidebars * @global array $wp_registered_widgets */ public function enqueue_scripts() { global $wp_scripts, $wp_registered_sidebars, $wp_registered_widgets; wp_enqueue_style( 'customize-widgets' ); wp_enqueue_script( 'customize-widgets' ); /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_enqueue_scripts', 'widgets.php' ); /* * Export available widgets with control_tpl removed from model * since plugins need templates to be in the DOM. */ $available_widgets = array(); foreach ( $this->get_available_widgets() as $available_widget ) { unset( $available_widget['control_tpl'] ); $available_widgets[] = $available_widget; } $widget_reorder_nav_tpl = sprintf( '<div class="widget-reorder-nav"><span class="move-widget" tabindex="0">%1$s</span><span class="move-widget-down" tabindex="0">%2$s</span><span class="move-widget-up" tabindex="0">%3$s</span></div>', __( 'Move to another area…' ), __( 'Move down' ), __( 'Move up' ) ); $move_widget_area_tpl = str_replace( array( '{description}', '{btn}' ), array( __( 'Select an area to move this widget into:' ), _x( 'Move', 'Move widget' ), ), '<div class="move-widget-area"> <p class="description">{description}</p> <ul class="widget-area-select"> <% _.each( sidebars, function ( sidebar ){ %> <li class="" data-id="<%- sidebar.id %>" tabindex="0"> <div><strong><%- sidebar.name %></strong></div> <div><%- sidebar.description %></div> </li> <% }); %> </ul> <div class="move-widget-actions"> <button class="move-widget-btn button" type="button">{btn}</button> </div> </div>' ); /* * Gather all strings in PHP that may be needed by JS on the client. * Once JS i18n is implemented (in #20491), this can be removed. */ $some_non_rendered_areas_messages = array(); $some_non_rendered_areas_messages[1] = html_entity_decode( __( 'Your theme has 1 other widget area, but this particular page does not display it.' ), ENT_QUOTES, get_bloginfo( 'charset' ) ); $registered_sidebar_count = count( $wp_registered_sidebars ); for ( $non_rendered_count = 2; $non_rendered_count < $registered_sidebar_count; $non_rendered_count++ ) { $some_non_rendered_areas_messages[ $non_rendered_count ] = html_entity_decode( sprintf( /* translators: %s: The number of other widget areas registered but not rendered. */ _n( 'Your theme has %s other widget area, but this particular page does not display it.', 'Your theme has %s other widget areas, but this particular page does not display them.', $non_rendered_count ), number_format_i18n( $non_rendered_count ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( 1 === $registered_sidebar_count ) { $no_areas_shown_message = html_entity_decode( sprintf( __( 'Your theme has 1 widget area, but this particular page does not display it.' ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } else { $no_areas_shown_message = html_entity_decode( sprintf( /* translators: %s: The total number of widget areas registered. */ _n( 'Your theme has %s widget area, but this particular page does not display it.', 'Your theme has %s widget areas, but this particular page does not display them.', $registered_sidebar_count ), number_format_i18n( $registered_sidebar_count ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } $settings = array( 'registeredSidebars' => array_values( $wp_registered_sidebars ), 'registeredWidgets' => $wp_registered_widgets, 'availableWidgets' => $available_widgets, // @todo Merge this with registered_widgets. 'l10n' => array( 'saveBtnLabel' => __( 'Apply' ), 'saveBtnTooltip' => __( 'Save and preview changes before publishing them.' ), 'removeBtnLabel' => __( 'Remove' ), 'removeBtnTooltip' => __( 'Keep widget settings and move it to the inactive widgets' ), 'error' => __( 'An error has occurred. Please reload the page and try again.' ), 'widgetMovedUp' => __( 'Widget moved up' ), 'widgetMovedDown' => __( 'Widget moved down' ), 'navigatePreview' => __( 'You can navigate to other pages on your site while using the Customizer to view and edit the widgets displayed on those pages.' ), 'someAreasShown' => $some_non_rendered_areas_messages, 'noAreasShown' => $no_areas_shown_message, 'reorderModeOn' => __( 'Reorder mode enabled' ), 'reorderModeOff' => __( 'Reorder mode closed' ), 'reorderLabelOn' => esc_attr__( 'Reorder widgets' ), /* translators: %d: The number of widgets found. */ 'widgetsFound' => __( 'Number of widgets found: %d' ), 'noWidgetsFound' => __( 'No widgets found.' ), ), 'tpl' => array( 'widgetReorderNav' => $widget_reorder_nav_tpl, 'moveWidgetArea' => $move_widget_area_tpl, ), 'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(), ); foreach ( $settings['registeredWidgets'] as &$registered_widget ) { unset( $registered_widget['callback'] ); // May not be JSON-serializable. } $wp_scripts->add_data( 'customize-widgets', 'data', sprintf( 'var _wpCustomizeWidgetsSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); /* * TODO: Update 'wp-customize-widgets' to not rely so much on things in * 'customize-widgets'. This will let us skip most of the above and not * enqueue 'customize-widgets' which saves bytes. */ if ( wp_use_widgets_block_editor() ) { $block_editor_context = new WP_Block_Editor_Context( array( 'name' => 'core/customize-widgets', ) ); $editor_settings = get_block_editor_settings( get_legacy_widget_block_editor_settings(), $block_editor_context ); wp_add_inline_script( 'wp-customize-widgets', sprintf( 'wp.domReady( function() { wp.customizeWidgets.initialize( "widgets-customizer", %s ); } );', wp_json_encode( $editor_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); // Preload server-registered block schemas. wp_add_inline_script( 'wp-blocks', 'wp.blocks.unstable__bootstrapServerSideBlockDefinitions(' . wp_json_encode( get_block_editor_server_block_settings(), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ');' ); // Preload server-registered block bindings sources. $registered_sources = get_all_registered_block_bindings_sources(); if ( ! empty( $registered_sources ) ) { $filtered_sources = array(); foreach ( $registered_sources as $source ) { $filtered_sources[] = array( 'name' => $source->name, 'label' => $source->label, 'usesContext' => $source->uses_context, ); } $script = sprintf( 'for ( const source of %s ) { wp.blocks.registerBlockBindingsSource( source ); }', wp_json_encode( $filtered_sources, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); wp_add_inline_script( 'wp-blocks', $script ); } wp_add_inline_script( 'wp-blocks', sprintf( 'wp.blocks.setCategories( %s );', wp_json_encode( get_block_categories( $block_editor_context ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); wp_enqueue_script( 'wp-customize-widgets' ); wp_enqueue_style( 'wp-customize-widgets' ); /** This action is documented in edit-form-blocks.php */ do_action( 'enqueue_block_editor_assets' ); } } /** * Renders the widget form control templates into the DOM. * * @since 3.9.0 */ public function output_widget_control_templates() { ?> <div id="widgets-left"><!-- compatibility with JS which looks for widget templates here --> <div id="available-widgets"> <div class="customize-section-title"> <button class="customize-section-back" tabindex="-1"> <span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Back' ); ?> </span> </button> <h3> <span class="customize-action"> <?php $panel = $this->manager->get_panel( 'widgets' ); $panel_title = isset( $panel->title ) ? $panel->title : __( 'Widgets' ); /* translators: ▸ is the unicode right-pointing triangle. %s: Section title in the Customizer. */ printf( __( 'Customizing ▸ %s' ), esc_html( $panel_title ) ); ?> </span> <?php _e( 'Add a Widget' ); ?> </h3> </div> <div id="available-widgets-filter"> <label for="widgets-search"> <?php /* translators: Hidden accessibility text. */ _e( 'Search Widgets' ); ?> </label> <input type="text" id="widgets-search" aria-describedby="widgets-search-desc" /> <div class="search-icon" aria-hidden="true"></div> <button type="button" class="clear-results"><span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Clear Results' ); ?> </span></button> <p class="screen-reader-text" id="widgets-search-desc"> <?php /* translators: Hidden accessibility text. */ _e( 'The search results will be updated as you type.' ); ?> </p> </div> <div id="available-widgets-list"> <?php foreach ( $this->get_available_widgets() as $available_widget ) : ?> <div id="widget-tpl-<?php echo esc_attr( $available_widget['id'] ); ?>" data-widget-id="<?php echo esc_attr( $available_widget['id'] ); ?>" class="widget-tpl <?php echo esc_attr( $available_widget['id'] ); ?>" tabindex="0"> <?php echo $available_widget['control_tpl']; ?> </div> <?php endforeach; ?> <p class="no-widgets-found-message"><?php _e( 'No widgets found.' ); ?></p> </div><!-- #available-widgets-list --> </div><!-- #available-widgets --> </div><!-- #widgets-left --> <?php } /** * Calls admin_print_footer_scripts and admin_print_scripts hooks to * allow custom scripts from plugins. * * @since 3.9.0 */ public function print_footer_scripts() { /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_print_footer_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_print_footer_scripts' ); /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_footer-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores } /** * Retrieves common arguments to supply when constructing a Customizer setting. * * @since 3.9.0 * * @param string $id Widget setting ID. * @param array $overrides Array of setting overrides. * @return array Possibly modified setting arguments. */ public function get_setting_args( $id, $overrides = array() ) { $args = array( 'type' => 'option', 'capability' => 'edit_theme_options', 'default' => array(), ); if ( preg_match( $this->setting_id_patterns['sidebar_widgets'], $id, $matches ) ) { $args['sanitize_callback'] = array( $this, 'sanitize_sidebar_widgets' ); $args['sanitize_js_callback'] = array( $this, 'sanitize_sidebar_widgets_js_instance' ); $args['transport'] = current_theme_supports( 'customize-selective-refresh-widgets' ) ? 'postMessage' : 'refresh'; } elseif ( preg_match( $this->setting_id_patterns['widget_instance'], $id, $matches ) ) { $id_base = $matches['id_base']; $args['sanitize_callback'] = function ( $value ) use ( $id_base ) { return $this->sanitize_widget_instance( $value, $id_base ); }; $args['sanitize_js_callback'] = function ( $value ) use ( $id_base ) { return $this->sanitize_widget_js_instance( $value, $id_base ); }; $args['transport'] = $this->is_widget_selective_refreshable( $matches['id_base'] ) ? 'postMessage' : 'refresh'; } $args = array_merge( $args, $overrides ); /** * Filters the common arguments supplied when constructing a Customizer setting. * * @since 3.9.0 * * @see WP_Customize_Setting * * @param array $args Array of Customizer setting arguments. * @param string $id Widget setting ID. */ return apply_filters( 'widget_customizer_setting_args', $args, $id ); } /** * Ensures sidebar widget arrays only ever contain widget IDS. * * Used as the 'sanitize_callback' for each $sidebars_widgets setting. * * @since 3.9.0 * * @param string[] $widget_ids Array of widget IDs. * @return string[] Array of sanitized widget IDs. */ public function sanitize_sidebar_widgets( $widget_ids ) { $widget_ids = array_map( 'strval', (array) $widget_ids ); $sanitized_widget_ids = array(); foreach ( $widget_ids as $widget_id ) { $sanitized_widget_ids[] = preg_replace( '/[^a-z0-9_\-]/', '', $widget_id ); } return $sanitized_widget_ids; } /** * Builds up an index of all available widgets for use in Backbone models. * * @since 3.9.0 * * @global array $wp_registered_widgets * @global array $wp_registered_widget_controls * * @see wp_list_widgets() * * @return array List of available widgets. */ public function get_available_widgets() { static $available_widgets = array(); if ( ! empty( $available_widgets ) ) { return $available_widgets; } global $wp_registered_widgets, $wp_registered_widget_controls; require_once ABSPATH . 'wp-admin/includes/widgets.php'; // For next_widget_id_number(). $sort = $wp_registered_widgets; usort( $sort, array( $this, '_sort_name_callback' ) ); $done = array(); foreach ( $sort as $widget ) { if ( in_array( $widget['callback'], $done, true ) ) { // We already showed this multi-widget. continue; } $sidebar = is_active_widget( $widget['callback'], $widget['id'], false, false ); $done[] = $widget['callback']; if ( ! isset( $widget['params'][0] ) ) { $widget['params'][0] = array(); } $available_widget = $widget; unset( $available_widget['callback'] ); // Not serializable to JSON. $args = array( 'widget_id' => $widget['id'], 'widget_name' => $widget['name'], '_display' => 'template', ); $is_disabled = false; $is_multi_widget = ( isset( $wp_registered_widget_controls[ $widget['id'] ]['id_base'] ) && isset( $widget['params'][0]['number'] ) ); if ( $is_multi_widget ) { $id_base = $wp_registered_widget_controls[ $widget['id'] ]['id_base']; $args['_temp_id'] = "$id_base-__i__"; $args['_multi_num'] = next_widget_id_number( $id_base ); $args['_add'] = 'multi'; } else { $args['_add'] = 'single'; if ( $sidebar && 'wp_inactive_widgets' !== $sidebar ) { $is_disabled = true; } $id_base = $widget['id']; } $list_widget_controls_args = wp_list_widget_controls_dynamic_sidebar( array( 0 => $args, 1 => $widget['params'][0], ) ); $control_tpl = $this->get_widget_control( $list_widget_controls_args ); // The properties here are mapped to the Backbone Widget model. $available_widget = array_merge( $available_widget, array( 'temp_id' => isset( $args['_temp_id'] ) ? $args['_temp_id'] : null, 'is_multi' => $is_multi_widget, 'control_tpl' => $control_tpl, 'multi_number' => ( 'multi' === $args['_add'] ) ? $args['_multi_num'] : false, 'is_disabled' => $is_disabled, 'id_base' => $id_base, 'transport' => $this->is_widget_selective_refreshable( $id_base ) ? 'postMessage' : 'refresh', 'width' => $wp_registered_widget_controls[ $widget['id'] ]['width'], 'height' => $wp_registered_widget_controls[ $widget['id'] ]['height'], 'is_wide' => $this->is_wide_widget( $widget['id'] ), ) ); $available_widgets[] = $available_widget; } return $available_widgets; } /** * Naturally orders available widgets by name. * * @since 3.9.0 * * @param array $widget_a The first widget to compare. * @param array $widget_b The second widget to compare. * @return int Reorder position for the current widget comparison. */ protected function _sort_name_callback( $widget_a, $widget_b ) { return strnatcasecmp( $widget_a['name'], $widget_b['name'] ); } /** * Retrieves the widget control markup. * * @since 3.9.0 * * @param array $args Widget control arguments. * @return string Widget control form HTML markup. */ public function get_widget_control( $args ) { $args[0]['before_form'] = '<div class="form">'; $args[0]['after_form'] = '</div><!-- .form -->'; $args[0]['before_widget_content'] = '<div class="widget-content">'; $args[0]['after_widget_content'] = '</div><!-- .widget-content -->'; ob_start(); wp_widget_control( ...$args ); $control_tpl = ob_get_clean(); return $control_tpl; } /** * Retrieves the widget control markup parts. * * @since 4.4.0 * * @param array $args Widget control arguments. * @return array { * @type string $control Markup for widget control wrapping form. * @type string $content The contents of the widget form itself. * } */ public function get_widget_control_parts( $args ) { $args[0]['before_widget_content'] = '<div class="widget-content">'; $args[0]['after_widget_content'] = '</div><!-- .widget-content -->'; $control_markup = $this->get_widget_control( $args ); $content_start_pos = strpos( $control_markup, $args[0]['before_widget_content'] ); $content_end_pos = strrpos( $control_markup, $args[0]['after_widget_content'] ); $control = substr( $control_markup, 0, $content_start_pos + strlen( $args[0]['before_widget_content'] ) ); $control .= substr( $control_markup, $content_end_pos ); $content = trim( substr( $control_markup, $content_start_pos + strlen( $args[0]['before_widget_content'] ), $content_end_pos - $content_start_pos - strlen( $args[0]['before_widget_content'] ) ) ); return compact( 'control', 'content' ); } /** * Adds hooks for the Customizer preview. * * @since 3.9.0 */ public function customize_preview_init() { add_action( 'wp_enqueue_scripts', array( $this, 'customize_preview_enqueue' ) ); add_action( 'wp_print_styles', array( $this, 'print_preview_css' ), 1 ); add_action( 'wp_footer', array( $this, 'export_preview_data' ), 20 ); } /** * Refreshes the nonce for widget updates. * * @since 4.2.0 * * @param array $nonces Array of nonces. * @return array Array of nonces. */ public function refresh_nonces( $nonces ) { $nonces['update-widget'] = wp_create_nonce( 'update-widget' ); return $nonces; } /** * Tells the script loader to load the scripts and styles of custom blocks * if the widgets block editor is enabled. * * @since 5.8.0 * * @param bool $is_block_editor_screen Current decision about loading block assets. * @return bool Filtered decision about loading block assets. */ public function should_load_block_editor_scripts_and_styles( $is_block_editor_screen ) { if ( wp_use_widgets_block_editor() ) { return true; } return $is_block_editor_screen; } /** * When previewing, ensures the proper previewing widgets are used. * * Because wp_get_sidebars_widgets() gets called early at {@see 'init' } (via * wp_convert_widget_settings()) and can set global variable `$_wp_sidebars_widgets` * to the value of `get_option( 'sidebars_widgets' )` before the Customizer preview * filter is added, it has to be reset after the filter has been added. * * @since 3.9.0 * * @param array $sidebars_widgets List of widgets for the current sidebar. * @return array */ public function preview_sidebars_widgets( $sidebars_widgets ) { $sidebars_widgets = get_option( 'sidebars_widgets', array() ); unset( $sidebars_widgets['array_version'] ); return $sidebars_widgets; } /** * Enqueues scripts for the Customizer preview. * * @since 3.9.0 */ public function customize_preview_enqueue() { wp_enqueue_script( 'customize-preview-widgets' ); } /** * Inserts default style for highlighted widget at early point so theme * stylesheet can override. * * @since 3.9.0 */ public function print_preview_css() { ?> <style> .widget-customizer-highlighted-widget { outline: none; -webkit-box-shadow: 0 0 2px rgba(30, 140, 190, 0.8); box-shadow: 0 0 2px rgba(30, 140, 190, 0.8); position: relative; z-index: 1; } </style> <?php } /** * Communicates the sidebars that appeared on the page at the very end of the page, * and at the very end of the wp_footer, * * @since 3.9.0 * * @global array $wp_registered_sidebars * @global array $wp_registered_widgets */ public function export_preview_data() { global $wp_registered_sidebars, $wp_registered_widgets; $switched_locale = switch_to_user_locale( get_current_user_id() ); $l10n = array( 'widgetTooltip' => __( 'Shift-click to edit this widget.' ), ); if ( $switched_locale ) { restore_previous_locale(); } $rendered_sidebars = array_filter( $this->rendered_sidebars ); $rendered_widgets = array_filter( $this->rendered_widgets ); // Prepare Customizer settings to pass to JavaScript. $settings = array( 'renderedSidebars' => array_fill_keys( array_keys( $rendered_sidebars ), true ), 'renderedWidgets' => array_fill_keys( array_keys( $rendered_widgets ), true ), 'registeredSidebars' => array_values( $wp_registered_sidebars ), 'registeredWidgets' => $wp_registered_widgets, 'l10n' => $l10n, 'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(), ); foreach ( $settings['registeredWidgets'] as &$registered_widget ) { unset( $registered_widget['callback'] ); // May not be JSON-serializable. } wp_print_inline_script_tag( sprintf( 'var _wpWidgetCustomizerPreviewSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) . "\n//# sourceURL=" . rawurlencode( __METHOD__ ) ); } /** * Tracks the widgets that were rendered. * * @since 3.9.0 * * @param array $widget Rendered widget to tally. */ public function tally_rendered_widgets( $widget ) { $this->rendered_widgets[ $widget['id'] ] = true; } /** * Determine if a widget is rendered on the page. * * @since 4.0.0 * * @param string $widget_id Widget ID to check. * @return bool Whether the widget is rendered. */ public function is_widget_rendered( $widget_id ) { return ! empty( $this->rendered_widgets[ $widget_id ] ); } /** * Determines if a sidebar is rendered on the page. * * @since 4.0.0 * * @param string $sidebar_id Sidebar ID to check. * @return bool Whether the sidebar is rendered. */ public function is_sidebar_rendered( $sidebar_id ) { return ! empty( $this->rendered_sidebars[ $sidebar_id ] ); } /** * Tallies the sidebars rendered via is_active_sidebar(). * * Keep track of the times that is_active_sidebar() is called in the template, * and assume that this means that the sidebar would be rendered on the template * if there were widgets populating it. * * @since 3.9.0 * * @param bool $is_active Whether the sidebar is active. * @param string $sidebar_id Sidebar ID. * @return bool Whether the sidebar is active. */ public function tally_sidebars_via_is_active_sidebar_calls( $is_active, $sidebar_id ) { if ( is_registered_sidebar( $sidebar_id ) ) { $this->rendered_sidebars[ $sidebar_id ] = true; } /* * We may need to force this to true, and also force-true the value * for 'dynamic_sidebar_has_widgets' if we want to ensure that there * is an area to drop widgets into, if the sidebar is empty. */ return $is_active; } /** * Tallies the sidebars rendered via dynamic_sidebar(). * * Keep track of the times that dynamic_sidebar() is called in the template, * and assume this means the sidebar would be rendered on the template if * there were widgets populating it. * * @since 3.9.0 * * @param bool $has_widgets Whether the current sidebar has widgets. * @param string $sidebar_id Sidebar ID. * @return bool Whether the current sidebar has widgets. */ public function tally_sidebars_via_dynamic_sidebar_calls( $has_widgets, $sidebar_id ) { if ( is_registered_sidebar( $sidebar_id ) ) { $this->rendered_sidebars[ $sidebar_id ] = true; } /* * We may need to force this to true, and also force-true the value * for 'is_active_sidebar' if we want to ensure there is an area to * drop widgets into, if the sidebar is empty. */ return $has_widgets; } /** * Retrieves MAC for a serialized widget instance string. * * Allows values posted back from JS to be rejected if any tampering of the * data has occurred. * * @since 3.9.0 * * @param string $serialized_instance Widget instance. * @return string MAC for serialized widget instance. */ protected function get_instance_hash_key( $serialized_instance ) { return wp_hash( $serialized_instance ); } /** * Sanitizes a widget instance. * * Unserialize the JS-instance for storing in the options. It's important that this filter * only get applied to an instance *once*. * * @since 3.9.0 * @since 5.8.0 Added the `$id_base` parameter. * * @global WP_Widget_Factory $wp_widget_factory * * @param array $value Widget instance to sanitize. * @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null. * @return array|void Sanitized widget instance. */ public function sanitize_widget_instance( $value, $id_base = null ) { global $wp_widget_factory; if ( array() === $value ) { return $value; } if ( isset( $value['raw_instance'] ) && $id_base && wp_use_widgets_block_editor() ) { $widget_object = $wp_widget_factory->get_widget_object( $id_base ); if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) { if ( 'block' === $id_base && ! current_user_can( 'unfiltered_html' ) ) { /* * The content of the 'block' widget is not filtered on the fly while editing. * Filter the content here to prevent vulnerabilities. */ $value['raw_instance']['content'] = wp_kses_post( $value['raw_instance']['content'] ); } return $value['raw_instance']; } } if ( empty( $value['is_widget_customizer_js_value'] ) || empty( $value['instance_hash_key'] ) || empty( $value['encoded_serialized_instance'] ) ) { return; } $decoded = base64_decode( $value['encoded_serialized_instance'], true ); if ( false === $decoded ) { return; } if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) { return; } $instance = unserialize( $decoded ); if ( false === $instance ) { return; } return $instance; } /** * Converts a widget instance into JSON-representable format. * * @since 3.9.0 * @since 5.8.0 Added the `$id_base` parameter. * * @global WP_Widget_Factory $wp_widget_factory * * @param array $value Widget instance to convert to JSON. * @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null. * @return array JSON-converted widget instance. */ public function sanitize_widget_js_instance( $value, $id_base = null ) { global $wp_widget_factory; if ( empty( $value['is_widget_customizer_js_value'] ) ) { $serialized = serialize( $value ); $js_value = array( 'encoded_serialized_instance' => base64_encode( $serialized ), 'title' => empty( $value['title'] ) ? '' : $value['title'], 'is_widget_customizer_js_value' => true, 'instance_hash_key' => $this->get_instance_hash_key( $serialized ), ); if ( $id_base && wp_use_widgets_block_editor() ) { $widget_object = $wp_widget_factory->get_widget_object( $id_base ); if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) { $js_value['raw_instance'] = (object) $value; } } return $js_value; } return $value; } /** * Strips out widget IDs for widgets which are no longer registered. * * One example where this might happen is when a plugin orphans a widget * in a sidebar upon deactivation. * * @since 3.9.0 * * @global array $wp_registered_widgets * * @param array $widget_ids List of widget IDs. * @return array Parsed list of widget IDs. */ public function sanitize_sidebar_widgets_js_instance( $widget_ids ) { global $wp_registered_widgets; $widget_ids = array_values( array_intersect( $widget_ids, array_keys( $wp_registered_widgets ) ) ); return $widget_ids; } /** * Finds and invokes the widget update and control callbacks. * * Requires that `$_POST` be populated with the instance data. * * @since 3.9.0 * * @global array $wp_registered_widget_updates * @global array $wp_registered_widget_controls * * @param string $widget_id Widget ID. * @return array|WP_Error Array containing the updated widget information. * A WP_Error object, otherwise. */ public function call_widget_update( $widget_id ) { global $wp_registered_widget_updates, $wp_registered_widget_controls; $setting_id = $this->get_setting_id( $widget_id ); /* * Make sure that other setting changes have previewed since this widget * may depend on them (e.g. Menus being present for Navigation Menu widget). */ if ( ! did_action( 'customize_preview_init' ) ) { foreach ( $this->manager->settings() as $setting ) { if ( $setting->id !== $setting_id ) { $setting->preview(); } } } $this->start_capturing_option_updates(); $parsed_id = $this->parse_widget_id( $widget_id ); $option_name = 'widget_' . $parsed_id['id_base']; /* * If a previously-sanitized instance is provided, populate the input vars * with its values so that the widget update callback will read this instance */ $added_input_vars = array(); if ( ! empty( $_POST['sanitized_widget_setting'] ) ) { $sanitized_widget_setting = json_decode( $this->get_post_value( 'sanitized_widget_setting' ), true ); if ( false === $sanitized_widget_setting ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_malformed' ); } $instance = $this->sanitize_widget_instance( $sanitized_widget_setting, $parsed_id['id_base'] ); if ( is_null( $instance ) ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_unsanitized' ); } if ( ! is_null( $parsed_id['number'] ) ) { $value = array(); $value[ $parsed_id['number'] ] = $instance; $key = 'widget-' . $parsed_id['id_base']; $_REQUEST[ $key ] = wp_slash( $value ); $_POST[ $key ] = $_REQUEST[ $key ]; $added_input_vars[] = $key; } else { foreach ( $instance as $key => $value ) { $_REQUEST[ $key ] = wp_slash( $value ); $_POST[ $key ] = $_REQUEST[ $key ]; $added_input_vars[] = $key; } } } // Invoke the widget update callback. foreach ( (array) $wp_registered_widget_updates as $name => $control ) { if ( $name === $parsed_id['id_base'] && is_callable( $control['callback'] ) ) { ob_start(); call_user_func_array( $control['callback'], $control['params'] ); ob_end_clean(); break; } } // Clean up any input vars that were manually added. foreach ( $added_input_vars as $key ) { unset( $_POST[ $key ] ); unset( $_REQUEST[ $key ] ); } // Make sure the expected option was updated. if ( 0 !== $this->count_captured_options() ) { if ( $this->count_captured_options() > 1 ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_too_many_options' ); } $updated_option_name = key( $this->get_captured_options() ); if ( $updated_option_name !== $option_name ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_unexpected_option' ); } } // Obtain the widget instance. $option = $this->get_captured_option( $option_name ); if ( null !== $parsed_id['number'] ) { $instance = $option[ $parsed_id['number'] ]; } else { $instance = $option; } /* * Override the incoming $_POST['customized'] for a newly-created widget's * setting with the new $instance so that the preview filter currently * in place from WP_Customize_Setting::preview() will use this value * instead of the default widget instance value (an empty array). */ $this->manager->set_post_value( $setting_id, $this->sanitize_widget_js_instance( $instance, $parsed_id['id_base'] ) ); // Obtain the widget control with the updated instance in place. ob_start(); $form = $wp_registered_widget_controls[ $widget_id ]; if ( $form ) { call_user_func_array( $form['callback'], $form['params'] ); } $form = ob_get_clean(); $this->stop_capturing_option_updates(); return compact( 'instance', 'form' ); } /** * Updates widget settings asynchronously. * * Allows the Customizer to update a widget using its form, but return the new * instance info via Ajax instead of saving it to the options table. * * Most code here copied from wp_ajax_save_widget(). * * @since 3.9.0 * * @see wp_ajax_save_widget() */ public function wp_ajax_update_widget() { if ( ! is_user_logged_in() ) { wp_die( 0 ); } check_ajax_referer( 'update-widget', 'nonce' ); if ( ! current_user_can( 'edit_theme_options' ) ) { wp_die( -1 ); } if ( empty( $_POST['widget-id'] ) ) { wp_send_json_error( 'missing_widget-id' ); } /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/widgets.php */ do_action( 'sidebar_admin_setup' ); $widget_id = $this->get_post_value( 'widget-id' ); $parsed_id = $this->parse_widget_id( $widget_id ); $id_base = $parsed_id['id_base']; $is_updating_widget_template = ( isset( $_POST[ 'widget-' . $id_base ] ) && is_array( $_POST[ 'widget-' . $id_base ] ) && preg_match( '/__i__|%i%/', key( $_POST[ 'widget-' . $id_base ] ) ) ); if ( $is_updating_widget_template ) { wp_send_json_error( 'template_widget_not_updatable' ); } $updated_widget = $this->call_widget_update( $widget_id ); // => {instance,form} if ( is_wp_error( $updated_widget ) ) { wp_send_json_error( $updated_widget->get_error_code() ); } $form = $updated_widget['form']; $instance = $this->sanitize_widget_js_instance( $updated_widget['instance'], $id_base ); wp_send_json_success( compact( 'form', 'instance' ) ); } /* * Selective Refresh Methods */ /** * Filters arguments for dynamic widget partials. * * @since 4.5.0 * * @param array|false $partial_args Partial arguments. * @param string $partial_id Partial ID. * @return array (Maybe) modified partial arguments. */ public function customize_dynamic_partial_args( $partial_args, $partial_id ) { if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return $partial_args; } if ( preg_match( '/^widget\[(?P<widget_id>.+)\]$/', $partial_id, $matches ) ) { if ( false === $partial_args ) { $partial_args = array(); } $partial_args = array_merge( $partial_args, array( 'type' => 'widget', 'render_callback' => array( $this, 'render_widget_partial' ), 'container_inclusive' => true, 'settings' => array( $this->get_setting_id( $matches['widget_id'] ) ), 'capability' => 'edit_theme_options', ) ); } return $partial_args; } /** * Adds hooks for selective refresh. * * @since 4.5.0 */ public function selective_refresh_init() { if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return; } add_filter( 'dynamic_sidebar_params', array( $this, 'filter_dynamic_sidebar_params' ) ); add_filter( 'wp_kses_allowed_html', array( $this, 'filter_wp_kses_allowed_data_attributes' ) ); add_action( 'dynamic_sidebar_before', array( $this, 'start_dynamic_sidebar' ) ); add_action( 'dynamic_sidebar_after', array( $this, 'end_dynamic_sidebar' ) ); } /** * Inject selective refresh data attributes into widget container elements. * * @since 4.5.0 * * @see WP_Customize_Nav_Menus::filter_wp_nav_menu_args() * * @param array $params { * Dynamic sidebar params. * * @type array $args Sidebar args. * @type array $widget_args Widget args. * } * @return array Params. */ public function filter_dynamic_sidebar_params( $params ) { $sidebar_args = array_merge( array( 'before_widget' => '', 'after_widget' => '', ), $params[0] ); // Skip widgets not in a registered sidebar or ones which lack a proper wrapper element to attach the data-* attributes to. $matches = array(); $is_valid = ( isset( $sidebar_args['id'] ) && is_registered_sidebar( $sidebar_args['id'] ) && ( isset( $this->current_dynamic_sidebar_id_stack[0] ) && $this->current_dynamic_sidebar_id_stack[0] === $sidebar_args['id'] ) && preg_match( '#^<(?P<tag_name>\w+)#', $sidebar_args['before_widget'], $matches ) ); if ( ! $is_valid ) { return $params; } $this->before_widget_tags_seen[ $matches['tag_name'] ] = true; $context = array( 'sidebar_id' => $sidebar_args['id'], ); if ( isset( $this->context_sidebar_instance_number ) ) { $context['sidebar_instance_number'] = $this->context_sidebar_instance_number; } elseif ( isset( $sidebar_args['id'] ) && isset( $this->sidebar_instance_count[ $sidebar_args['id'] ] ) ) { $context['sidebar_instance_number'] = $this->sidebar_instance_count[ $sidebar_args['id'] ]; } $attributes = sprintf( ' data-customize-partial-id="%s"', esc_attr( 'widget[' . $sidebar_args['widget_id'] . ']' ) ); $attributes .= ' data-customize-partial-type="widget"'; $attributes .= sprintf( ' data-customize-partial-placement-context="%s"', esc_attr( wp_json_encode( $context ) ) ); $attributes .= sprintf( ' data-customize-widget-id="%s"', esc_attr( $sidebar_args['widget_id'] ) ); $sidebar_args['before_widget'] = preg_replace( '#^(<\w+)#', '$1 ' . $attributes, $sidebar_args['before_widget'] ); $params[0] = $sidebar_args; return $params; } /** * List of the tag names seen for before_widget strings. * * This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the * data-* attributes can be allowed. * * @since 4.5.0 * @var array */ protected $before_widget_tags_seen = array(); /** * Ensures the HTML data-* attributes for selective refresh are allowed by kses. * * This is needed in case the `$before_widget` is run through wp_kses() when printed. * * @since 4.5.0 * * @param array $allowed_html Allowed HTML. * @return array (Maybe) modified allowed HTML. */ public function filter_wp_kses_allowed_data_attributes( $allowed_html ) { foreach ( array_keys( $this->before_widget_tags_seen ) as $tag_name ) { if ( ! isset( $allowed_html[ $tag_name ] ) ) { $allowed_html[ $tag_name ] = array(); } $allowed_html[ $tag_name ] = array_merge( $allowed_html[ $tag_name ], array_fill_keys( array( 'data-customize-partial-id', 'data-customize-partial-type', 'data-customize-partial-placement-context', 'data-customize-partial-widget-id', 'data-customize-partial-options', ), true ) ); } return $allowed_html; } /** * Keep track of the number of times that dynamic_sidebar() was called for a given sidebar index. * * This helps facilitate the uncommon scenario where a single sidebar is rendered multiple times on a template. * * @since 4.5.0 * @var array */ protected $sidebar_instance_count = array(); /** * The current request's sidebar_instance_number context. * * @since 4.5.0 * @var int|null */ protected $context_sidebar_instance_number; /** * Current sidebar ID being rendered. * * @since 4.5.0 * @var array */ protected $current_dynamic_sidebar_id_stack = array(); /** * Begins keeping track of the current sidebar being rendered. * * Insert marker before widgets are rendered in a dynamic sidebar. * * @since 4.5.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. */ public function start_dynamic_sidebar( $index ) { array_unshift( $this->current_dynamic_sidebar_id_stack, $index ); if ( ! isset( $this->sidebar_instance_count[ $index ] ) ) { $this->sidebar_instance_count[ $index ] = 0; } $this->sidebar_instance_count[ $index ] += 1; if ( ! $this->manager->selective_refresh->is_render_partials_request() ) { printf( "\n<!--dynamic_sidebar_before:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] ); } } /** * Finishes keeping track of the current sidebar being rendered. * * Inserts a marker after widgets are rendered in a dynamic sidebar. * * @since 4.5.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. */ public function end_dynamic_sidebar( $index ) { array_shift( $this->current_dynamic_sidebar_id_stack ); if ( ! $this->manager->selective_refresh->is_render_partials_request() ) { printf( "\n<!--dynamic_sidebar_after:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] ); } } /** * Current sidebar being rendered. * * @since 4.5.0 * @var string|null */ protected $rendering_widget_id; /** * Current widget being rendered. * * @since 4.5.0 * @var string|null */ protected $rendering_sidebar_id; /** * Filters sidebars_widgets to ensure the currently-rendered widget is the only widget in the current sidebar. * * @since 4.5.0 * * @param array $sidebars_widgets Sidebars widgets. * @return array Filtered sidebars widgets. */ public function filter_sidebars_widgets_for_rendering_widget( $sidebars_widgets ) { $sidebars_widgets[ $this->rendering_sidebar_id ] = array( $this->rendering_widget_id ); return $sidebars_widgets; } /** * Renders a specific widget using the supplied sidebar arguments. * * @since 4.5.0 * * @see dynamic_sidebar() * * @param WP_Customize_Partial $partial Partial. * @param array $context { * Sidebar args supplied as container context. * * @type string $sidebar_id ID for sidebar for widget to render into. * @type int $sidebar_instance_number Disambiguating instance number. * } * @return string|false */ public function render_widget_partial( $partial, $context ) { $id_data = $partial->id_data(); $widget_id = array_shift( $id_data['keys'] ); if ( ! is_array( $context ) || empty( $context['sidebar_id'] ) || ! is_registered_sidebar( $context['sidebar_id'] ) ) { return false; } $this->rendering_sidebar_id = $context['sidebar_id']; if ( isset( $context['sidebar_instance_number'] ) ) { $this->context_sidebar_instance_number = (int) $context['sidebar_instance_number']; } // Filter sidebars_widgets so that only the queried widget is in the sidebar. $this->rendering_widget_id = $widget_id; $filter_callback = array( $this, 'filter_sidebars_widgets_for_rendering_widget' ); add_filter( 'sidebars_widgets', $filter_callback, 1000 ); // Render the widget. ob_start(); $this->rendering_sidebar_id = $context['sidebar_id']; dynamic_sidebar( $this->rendering_sidebar_id ); $container = ob_get_clean(); // Reset variables for next partial render. remove_filter( 'sidebars_widgets', $filter_callback, 1000 ); $this->context_sidebar_instance_number = null; $this->rendering_sidebar_id = null; $this->rendering_widget_id = null; return $container; } // // Option Update Capturing. // /** * List of captured widget option updates. * * @since 3.9.0 * @var array $_captured_options Values updated while option capture is happening. */ protected $_captured_options = array(); /** * Whether option capture is currently happening. * * @since 3.9.0 * @var bool $_is_current Whether option capture is currently happening or not. */ protected $_is_capturing_option_updates = false; /** * Determines whether the captured option update should be ignored. * * @since 3.9.0 * * @param string $option_name Option name. * @return bool Whether the option capture is ignored. */ protected function is_option_capture_ignored( $option_name ) { return ( str_starts_with( $option_name, '_transient_' ) ); } /** * Retrieves captured widget option updates. * * @since 3.9.0 * * @return array Array of captured options. */ protected function get_captured_options() { return $this->_captured_options; } /** * Retrieves the option that was captured from being saved. * * @since 4.2.0 * * @param string $option_name Option name. * @param mixed $default_value Optional. Default value to return if the option does not exist. Default false. * @return mixed Value set for the option. */ protected function get_captured_option( $option_name, $default_value = false ) { if ( array_key_exists( $option_name, $this->_captured_options ) ) { $value = $this->_captured_options[ $option_name ]; } else { $value = $default_value; } return $value; } /** * Retrieves the number of captured widget option updates. * * @since 3.9.0 * * @return int Number of updated options. */ protected function count_captured_options() { return count( $this->_captured_options ); } /** * Begins keeping track of changes to widget options, caching new values. * * @since 3.9.0 */ protected function start_capturing_option_updates() { if ( $this->_is_capturing_option_updates ) { return; } $this->_is_capturing_option_updates = true; add_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10, 3 ); } /** * Pre-filters captured option values before updating. * * @since 3.9.0 * * @param mixed $new_value The new option value. * @param string $option_name Name of the option. * @param mixed $old_value The old option value. * @return mixed Filtered option value. */ public function capture_filter_pre_update_option( $new_value, $option_name, $old_value ) { if ( $this->is_option_capture_ignored( $option_name ) ) { return $new_value; } if ( ! isset( $this->_captured_options[ $option_name ] ) ) { add_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) ); } $this->_captured_options[ $option_name ] = $new_value; return $old_value; } /** * Pre-filters captured option values before retrieving. * * @since 3.9.0 * * @param mixed $value Value to return instead of the option value. * @return mixed Filtered option value. */ public function capture_filter_pre_get_option( $value ) { $option_name = preg_replace( '/^pre_option_/', '', current_filter() ); if ( isset( $this->_captured_options[ $option_name ] ) ) { $value = $this->_captured_options[ $option_name ]; /** This filter is documented in wp-includes/option.php */ $value = apply_filters( 'option_' . $option_name, $value, $option_name ); } return $value; } /** * Undoes any changes to the options since options capture began. * * @since 3.9.0 */ protected function stop_capturing_option_updates() { if ( ! $this->_is_capturing_option_updates ) { return; } remove_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10 ); foreach ( array_keys( $this->_captured_options ) as $option_name ) { remove_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) ); } $this->_captured_options = array(); $this->_is_capturing_option_updates = false; } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function setup_widget_addition_previews() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function prepreview_added_sidebars_widgets() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function prepreview_added_widget_instance() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function remove_prepreview_filters() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } } HTTP/shortcode.php 0000666 00000001337 15226703613 0010043 0 ustar 00 <?php /** * Server-side rendering of the `core/shortcode` block. * * @package WordPress */ /** * Performs wpautop() on the shortcode block content. * * @since 5.0.0 * * @param array $attributes The block attributes. * @param string $content The block content. * * @return string Returns the block content. */ function render_block_core_shortcode( $attributes, $content ) { return wpautop( $content ); } /** * Registers the `core/shortcode` block on server. * * @since 5.0.0 */ function register_block_core_shortcode() { register_block_type_from_metadata( __DIR__ . '/shortcode', array( 'render_callback' => 'render_block_core_shortcode', ) ); } add_action( 'init', 'register_block_core_shortcode' ); HTTP/https-migration-20260605201854-20260610212821.php 0000666 00000011205 15226703613 0014141 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605090843-20260608130104.php 0000666 00000011205 15226703613 0014145 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605133511.php 0000666 00000013341 15226703613 0012545 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605092359-20260609073556.php 0000666 00000011205 15226703613 0014173 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605144252.php 0000666 00000013341 15226703613 0012551 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605092254.php 0000666 00000013341 15226703613 0012555 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260607055326-20260609131321.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606042302-20260608213153.php 0000666 00000011205 15226703613 0014137 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606145457-20260607042634.php 0000666 00000013341 15226703613 0014151 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606194024.php 0000666 00000011205 15226703613 0012564 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605211407.php 0000666 00000013341 15226703613 0012546 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606045104-20260606165700.php 0000666 00000011205 15226703613 0014144 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-block-parser.php 0000666 00000026374 15226703613 0012174 0 ustar 00 <?php /** * Block Serialization Parser * * @package WordPress */ /** * Class WP_Block_Parser * * Parses a document and constructs a list of parsed block objects * * @since 5.0.0 * @since 4.0.0 returns arrays not objects, all attributes are arrays */ class WP_Block_Parser { /** * Input document being parsed * * @example "Pre-text\n<!-- wp:paragraph -->This is inside a block!<!-- /wp:paragraph -->" * * @since 5.0.0 * @var string */ public $document; /** * Tracks parsing progress through document * * @since 5.0.0 * @var int */ public $offset; /** * List of parsed blocks * * @since 5.0.0 * @var array[] */ public $output; /** * Stack of partially-parsed structures in memory during parse * * @since 5.0.0 * @var WP_Block_Parser_Frame[] */ public $stack; /** * Parses a document and returns a list of block structures * * When encountering an invalid parse will return a best-effort * parse. In contrast to the specification parser this does not * return an error on invalid inputs. * * @since 5.0.0 * * @param string $document Input document being parsed. * @return array[] */ public function parse( $document ) { $this->document = $document; $this->offset = 0; $this->output = array(); $this->stack = array(); while ( $this->proceed() ) { continue; } return $this->output; } /** * Processes the next token from the input document * and returns whether to proceed eating more tokens * * This is the "next step" function that essentially * takes a token as its input and decides what to do * with that token before descending deeper into a * nested block tree or continuing along the document * or breaking out of a level of nesting. * * @internal * @since 5.0.0 * @return bool */ public function proceed() { $next_token = $this->next_token(); list( $token_type, $block_name, $attrs, $start_offset, $token_length ) = $next_token; $stack_depth = count( $this->stack ); // we may have some HTML soup before the next block. $leading_html_start = $start_offset > $this->offset ? $this->offset : null; switch ( $token_type ) { case 'no-more-tokens': // if not in a block then flush output. if ( 0 === $stack_depth ) { $this->add_freeform(); return false; } /* * Otherwise we have a problem * This is an error * * we have options * - treat it all as freeform text * - assume an implicit closer (easiest when not nesting) */ // for the easy case we'll assume an implicit closer. if ( 1 === $stack_depth ) { $this->add_block_from_stack(); return false; } /* * for the nested case where it's more difficult we'll * have to assume that multiple closers are missing * and so we'll collapse the whole stack piecewise */ while ( 0 < count( $this->stack ) ) { $this->add_block_from_stack(); } return false; case 'void-block': /* * easy case is if we stumbled upon a void block * in the top-level of the document */ if ( 0 === $stack_depth ) { if ( isset( $leading_html_start ) ) { $this->output[] = (array) $this->freeform( substr( $this->document, $leading_html_start, $start_offset - $leading_html_start ) ); } $this->output[] = (array) new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ); $this->offset = $start_offset + $token_length; return true; } // otherwise we found an inner block. $this->add_inner_block( new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ), $start_offset, $token_length ); $this->offset = $start_offset + $token_length; return true; case 'block-opener': // track all newly-opened blocks on the stack. array_push( $this->stack, new WP_Block_Parser_Frame( new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ), $start_offset, $token_length, $start_offset + $token_length, $leading_html_start ) ); $this->offset = $start_offset + $token_length; return true; case 'block-closer': /* * if we're missing an opener we're in trouble * This is an error */ if ( 0 === $stack_depth ) { /* * we have options * - assume an implicit opener * - assume _this_ is the opener * - give up and close out the document */ $this->add_freeform(); return false; } // if we're not nesting then this is easy - close the block. if ( 1 === $stack_depth ) { $this->add_block_from_stack( $start_offset ); $this->offset = $start_offset + $token_length; return true; } /* * otherwise we're nested and we have to close out the current * block and add it as a new innerBlock to the parent */ $stack_top = array_pop( $this->stack ); $html = substr( $this->document, $stack_top->prev_offset, $start_offset - $stack_top->prev_offset ); $stack_top->block->innerHTML .= $html; $stack_top->block->innerContent[] = $html; $stack_top->prev_offset = $start_offset + $token_length; $this->add_inner_block( $stack_top->block, $stack_top->token_start, $stack_top->token_length, $start_offset + $token_length ); $this->offset = $start_offset + $token_length; return true; default: // This is an error. $this->add_freeform(); return false; } } /** * Scans the document from where we last left off * and finds the next valid token to parse if it exists * * Returns the type of the find: kind of find, block information, attributes * * @internal * @since 5.0.0 * @since 4.6.1 fixed a bug in attribute parsing which caused catastrophic backtracking on invalid block comments * @return array */ public function next_token() { $matches = null; /* * aye the magic * we're using a single RegExp to tokenize the block comment delimiters * we're also using a trick here because the only difference between a * block opener and a block closer is the leading `/` before `wp:` (and * a closer has no attributes). we can trap them both and process the * match back in PHP to see which one it was. */ $has_match = preg_match( '/<!--\s+(?P<closer>\/)?wp:(?P<namespace>[a-z][a-z0-9_-]*\/)?(?P<name>[a-z][a-z0-9_-]*)\s+(?P<attrs>{(?:(?:[^}]+|}+(?=})|(?!}\s+\/?-->).)*+)?}\s+)?(?P<void>\/)?-->/s', $this->document, $matches, PREG_OFFSET_CAPTURE, $this->offset ); // if we get here we probably have catastrophic backtracking or out-of-memory in the PCRE. if ( false === $has_match ) { return array( 'no-more-tokens', null, null, null, null ); } // we have no more tokens. if ( 0 === $has_match ) { return array( 'no-more-tokens', null, null, null, null ); } list( $match, $started_at ) = $matches[0]; $length = strlen( $match ); $is_closer = isset( $matches['closer'] ) && -1 !== $matches['closer'][1]; $is_void = isset( $matches['void'] ) && -1 !== $matches['void'][1]; $namespace = $matches['namespace']; $namespace = ( isset( $namespace ) && -1 !== $namespace[1] ) ? $namespace[0] : 'core/'; $name = $namespace . $matches['name'][0]; $has_attrs = isset( $matches['attrs'] ) && -1 !== $matches['attrs'][1]; /* * Fun fact! It's not trivial in PHP to create "an empty associative array" since all arrays * are associative arrays. If we use `array()` we get a JSON `[]` */ $attrs = $has_attrs ? json_decode( $matches['attrs'][0], /* as-associative */ true ) : array(); /* * This state isn't allowed * This is an error */ if ( $is_closer && ( $is_void || $has_attrs ) ) { // we can ignore them since they don't hurt anything. } if ( $is_void ) { return array( 'void-block', $name, $attrs, $started_at, $length ); } if ( $is_closer ) { return array( 'block-closer', $name, null, $started_at, $length ); } return array( 'block-opener', $name, $attrs, $started_at, $length ); } /** * Returns a new block object for freeform HTML * * @internal * @since 5.0.0 * * @param string $inner_html HTML content of block. * @return WP_Block_Parser_Block freeform block object. */ public function freeform( $inner_html ) { return new WP_Block_Parser_Block( null, array(), array(), $inner_html, array( $inner_html ) ); } /** * Pushes a length of text from the input document * to the output list as a freeform block. * * @internal * @since 5.0.0 * @param null $length how many bytes of document text to output. */ public function add_freeform( $length = null ) { $length = $length ? $length : strlen( $this->document ) - $this->offset; if ( 0 === $length ) { return; } $this->output[] = (array) $this->freeform( substr( $this->document, $this->offset, $length ) ); } /** * Given a block structure from memory pushes * a new block to the output list. * * @internal * @since 5.0.0 * @param WP_Block_Parser_Block $block The block to add to the output. * @param int $token_start Byte offset into the document where the first token for the block starts. * @param int $token_length Byte length of entire block from start of opening token to end of closing token. * @param int|null $last_offset Last byte offset into document if continuing form earlier output. */ public function add_inner_block( WP_Block_Parser_Block $block, $token_start, $token_length, $last_offset = null ) { $parent = $this->stack[ count( $this->stack ) - 1 ]; $parent->block->innerBlocks[] = (array) $block; $html = substr( $this->document, $parent->prev_offset, $token_start - $parent->prev_offset ); if ( ! empty( $html ) ) { $parent->block->innerHTML .= $html; $parent->block->innerContent[] = $html; } $parent->block->innerContent[] = null; $parent->prev_offset = $last_offset ? $last_offset : $token_start + $token_length; } /** * Pushes the top block from the parsing stack to the output list. * * @internal * @since 5.0.0 * @param int|null $end_offset byte offset into document for where we should stop sending text output as HTML. */ public function add_block_from_stack( $end_offset = null ) { $stack_top = array_pop( $this->stack ); $prev_offset = $stack_top->prev_offset; $html = isset( $end_offset ) ? substr( $this->document, $prev_offset, $end_offset - $prev_offset ) : substr( $this->document, $prev_offset ); if ( ! empty( $html ) ) { $stack_top->block->innerHTML .= $html; $stack_top->block->innerContent[] = $html; } if ( isset( $stack_top->leading_html_start ) ) { $this->output[] = (array) $this->freeform( substr( $this->document, $stack_top->leading_html_start, $stack_top->token_start - $stack_top->leading_html_start ) ); } $this->output[] = (array) $stack_top->block; } } /** * WP_Block_Parser_Block class. * * Required for backward compatibility in WordPress Core. */ require_once __DIR__ . '/class-wp-block-parser-block.php'; /** * WP_Block_Parser_Frame class. * * Required for backward compatibility in WordPress Core. */ require_once __DIR__ . '/class-wp-block-parser-frame.php'; HTTP/https-detection-20260605174608-20260608123803.php 0000666 00000013341 15226703613 0014147 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/plugin-20260605074609.php 0000666 00000107225 15226703613 0010746 0 ustar 00 <?php /** * The plugin API is located in this file, which allows for creating actions * and filters and hooking functions, and methods. The functions or methods will * then be run when the action or filter is called. * * The API callback examples reference functions, but can be methods of classes. * To hook methods, you'll need to pass an array one of two ways. * * Any of the syntaxes explained in the PHP documentation for the * {@link https://www.php.net/manual/en/language.pseudo-types.php#language.types.callback 'callback'} * type are valid. * * Also see the {@link https://developer.wordpress.org/plugins/ Plugin API} for * more information and examples on how to use a lot of these functions. * * This file should have no external dependencies. * * @package WordPress * @subpackage Plugin * @since 1.5.0 */ // Initialize the filter globals. require __DIR__ . '/class-wp-hook.php'; /** @var WP_Hook[] $wp_filter */ global $wp_filter; /** @var int[] $wp_actions */ global $wp_actions; /** @var int[] $wp_filters */ global $wp_filters; /** @var string[] $wp_current_filter */ global $wp_current_filter; if ( $wp_filter ) { $wp_filter = WP_Hook::build_preinitialized_hooks( $wp_filter ); } else { $wp_filter = array(); } if ( ! isset( $wp_actions ) ) { $wp_actions = array(); } if ( ! isset( $wp_filters ) ) { $wp_filters = array(); } if ( ! isset( $wp_current_filter ) ) { $wp_current_filter = array(); } /** * Adds a callback function to a filter hook. * * WordPress offers filter hooks to allow plugins to modify * various types of internal data at runtime. * * A plugin can modify data by binding a callback to a filter hook. When the filter * is later applied, each bound callback is run in order of priority, and given * the opportunity to modify a value by returning a new value. * * The following example shows how a callback function is bound to a filter hook. * * Note that `$example` is passed to the callback, (maybe) modified, then returned: * * function example_callback( $example ) { * // Maybe modify $example in some way. * return $example; * } * add_filter( 'example_filter', 'example_callback' ); * * Bound callbacks can accept from none to the total number of arguments passed as parameters * in the corresponding apply_filters() call. * * In other words, if an apply_filters() call passes four total arguments, callbacks bound to * it can accept none (the same as 1) of the arguments or up to four. The important part is that * the `$accepted_args` value must reflect the number of arguments the bound callback *actually* * opted to accept. If no arguments were accepted by the callback that is considered to be the * same as accepting 1 argument. For example: * * // Filter call. * $value = apply_filters( 'hook', $value, $arg2, $arg3 ); * * // Accepting zero/one arguments. * function example_callback() { * ... * return 'some value'; * } * add_filter( 'hook', 'example_callback' ); // Where $priority is default 10, $accepted_args is default 1. * * // Accepting two arguments (three possible). * function example_callback( $value, $arg2 ) { * ... * return $maybe_modified_value; * } * add_filter( 'hook', 'example_callback', 10, 2 ); // Where $priority is 10, $accepted_args is 2. * * *Note:* The function will return true whether or not the callback is valid. * It is up to you to take care. This is done for optimization purposes, so * everything is as quick as possible. * * @since 0.71 * * @global WP_Hook[] $wp_filter A multidimensional array of all hooks and the callbacks hooked to them. * * @param string $hook_name The name of the filter to add the callback to. * @param callable $callback The callback to be run when the filter is applied. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular filter are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the filter. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_filter( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ] = new WP_Hook(); } $wp_filter[ $hook_name ]->add_filter( $hook_name, $callback, $priority, $accepted_args ); return true; } /** * Calls the callback functions that have been added to a filter hook. * * This function invokes all functions attached to filter hook `$hook_name`. * It is possible to create new filter hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * The function also allows for multiple additional arguments to be passed to hooks. * * Example usage: * * // The filter callback function. * function example_callback( $string, $arg1, $arg2 ) { * // (maybe) modify $string. * return $string; * } * add_filter( 'example_filter', 'example_callback', 10, 3 ); * * /* * * Apply the filters by calling the 'example_callback()' function * * that's hooked onto `example_filter` above. * * * * - 'example_filter' is the filter hook. * * - 'filter me' is the value being filtered. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * $value = apply_filters( 'example_filter', 'filter me', $arg1, $arg2 ); * * @since 0.71 * @since 6.0.0 Formalized the existing and already documented `...$args` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param mixed $value The value to filter. * @param mixed ...$args Optional. Additional parameters to pass to the callback functions. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters( $hook_name, $value, ...$args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $value; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } // Pass the value to WP_Hook. array_unshift( $args, $value ); $filtered = $wp_filter[ $hook_name ]->apply_filters( $value, $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Calls the callback functions that have been added to a filter hook, specifying arguments in an array. * * @since 3.0.0 * * @see apply_filters() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_ref_array( $hook_name, $args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $args[0]; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $filtered = $wp_filter[ $hook_name ]->apply_filters( $args[0], $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Checks if any filter has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The name of the filter hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_filter( $hook_name, $callback = false, $priority = false ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { return false; } return $wp_filter[ $hook_name ]->has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from a filter hook. * * This can be used to remove default functions attached to a specific filter * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter hook to which the function to be removed is hooked. * @param callable|string|array $callback The callback to be removed from running when the filter is applied. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * filter callback. Default 10. * @return bool Whether the function existed before it was removed. */ function remove_filter( $hook_name, $callback, $priority = 10 ) { global $wp_filter; $r = false; if ( isset( $wp_filter[ $hook_name ] ) ) { $r = $wp_filter[ $hook_name ]->remove_filter( $hook_name, $callback, $priority ); if ( ! $wp_filter[ $hook_name ]->callbacks ) { unset( $wp_filter[ $hook_name ] ); } } return $r; } /** * Removes all of the callback functions from a filter hook. * * @since 2.7.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_filters( $hook_name, $priority = false ) { global $wp_filter; if ( isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ]->remove_all_filters( $priority ); if ( ! $wp_filter[ $hook_name ]->has_filters() ) { unset( $wp_filter[ $hook_name ] ); } } return true; } /** * Retrieves the name of the current filter hook. * * @since 2.5.0 * * @global string[] $wp_current_filter Stores the list of current filters with the current one last * * @return string|false Hook name of the current filter, false if no filter is running. */ function current_filter() { global $wp_current_filter; return end( $wp_current_filter ); } /** * Returns whether or not a filter hook is currently being processed. * * The function current_filter() only returns the most recent filter being executed. * did_filter() returns the number of times a filter has been applied during * the current request. * * This function allows detection for any filter currently being executed * (regardless of whether it's the most recent filter to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_filter() * @see did_filter() * @global string[] $wp_current_filter Current filter. * * @param string|null $hook_name Optional. Filter hook to check. Defaults to null, * which checks if any filter is currently being run. * @return bool Whether the filter is currently in the stack. */ function doing_filter( $hook_name = null ) { global $wp_current_filter; if ( null === $hook_name ) { return ! empty( $wp_current_filter ); } return in_array( $hook_name, $wp_current_filter, true ); } /** * Retrieves the number of times a filter has been applied during the current request. * * @since 6.1.0 * * @global int[] $wp_filters Stores the number of times each filter was triggered. * * @param string $hook_name The name of the filter hook. * @return int The number of times the filter hook has been applied. */ function did_filter( $hook_name ) { global $wp_filters; if ( ! isset( $wp_filters[ $hook_name ] ) ) { return 0; } return $wp_filters[ $hook_name ]; } /** * Adds a callback function to an action hook. * * Actions are the hooks that the WordPress core launches at specific points * during execution, or when specific events occur. Plugins can specify that * one or more of its PHP functions are executed at these points, using the * Action API. * * @since 1.2.0 * * @param string $hook_name The name of the action to add the callback to. * @param callable $callback The callback to be run when the action is called. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular action are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the action. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_action( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { return add_filter( $hook_name, $callback, $priority, $accepted_args ); } /** * Calls the callback functions that have been added to an action hook. * * This function invokes all functions attached to action hook `$hook_name`. * It is possible to create new action hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * You can pass extra arguments to the hooks, much like you can with `apply_filters()`. * * Example usage: * * // The action callback function. * function example_callback( $arg1, $arg2 ) { * // (maybe) do something with the args. * } * add_action( 'example_action', 'example_callback', 10, 2 ); * * /* * * Trigger the actions by calling the 'example_callback()' function * * that's hooked onto `example_action` above. * * * * - 'example_action' is the action hook. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * do_action( 'example_action', $arg1, $arg2 ); * * @since 1.2.0 * @since 5.3.0 Formalized the existing and already documented `...$arg` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param mixed ...$arg Optional. Additional arguments which are passed on to the * functions hooked to the action. Default empty. */ function do_action( $hook_name, ...$arg ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } if ( empty( $arg ) ) { $arg[] = ''; } elseif ( is_array( $arg[0] ) && 1 === count( $arg[0] ) && isset( $arg[0][0] ) && is_object( $arg[0][0] ) ) { // Backward compatibility for PHP4-style passing of `array( &$this )` as action `$arg`. $arg[0] = $arg[0][0]; } $wp_filter[ $hook_name ]->do_action( $arg ); array_pop( $wp_current_filter ); } /** * Calls the callback functions that have been added to an action hook, specifying arguments in an array. * * @since 2.1.0 * * @see do_action() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. */ function do_action_ref_array( $hook_name, $args ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $wp_filter[ $hook_name ]->do_action( $args ); array_pop( $wp_current_filter ); } /** * Checks if any action has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @see has_filter() This function is an alias of has_filter(). * * @param string $hook_name The name of the action hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_action( $hook_name, $callback = false, $priority = false ) { return has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from an action hook. * * This can be used to remove default functions attached to a specific action * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @param string $hook_name The action hook to which the function to be removed is hooked. * @param callable|string|array $callback The name of the function which should be removed. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * action callback. Default 10. * @return bool Whether the function is removed. */ function remove_action( $hook_name, $callback, $priority = 10 ) { return remove_filter( $hook_name, $callback, $priority ); } /** * Removes all of the callback functions from an action hook. * * @since 2.7.0 * * @param string $hook_name The action to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_actions( $hook_name, $priority = false ) { return remove_all_filters( $hook_name, $priority ); } /** * Retrieves the name of the current action hook. * * @since 3.9.0 * * @return string|false Hook name of the current action, false if no action is running. */ function current_action() { return current_filter(); } /** * Returns whether or not an action hook is currently being processed. * * The function current_action() only returns the most recent action being executed. * did_action() returns the number of times an action has been fired during * the current request. * * This function allows detection for any action currently being executed * (regardless of whether it's the most recent action to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_action() * @see did_action() * * @param string|null $hook_name Optional. Action hook to check. Defaults to null, * which checks if any action is currently being run. * @return bool Whether the action is currently in the stack. */ function doing_action( $hook_name = null ) { return doing_filter( $hook_name ); } /** * Retrieves the number of times an action has been fired during the current request. * * @since 2.1.0 * * @global int[] $wp_actions Stores the number of times each action was triggered. * * @param string $hook_name The name of the action hook. * @return int The number of times the action hook has been fired. */ function did_action( $hook_name ) { global $wp_actions; if ( ! isset( $wp_actions[ $hook_name ] ) ) { return 0; } return $wp_actions[ $hook_name ]; } /** * Fires functions attached to a deprecated filter hook. * * When a filter hook is deprecated, the apply_filters() call is replaced with * apply_filters_deprecated(), which triggers a deprecation notice and then fires * the original filter hook. * * Note: the value and extra arguments passed to the original apply_filters() call * must be passed here to `$args` as an array. For example: * * // Old filter. * return apply_filters( 'wpdocs_filter', $value, $extra_arg ); * * // Deprecated. * return apply_filters_deprecated( 'wpdocs_filter', array( $value, $extra_arg ), '4.9.0', 'wpdocs_new_filter' ); * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the filter hook. * @param array $args Array of additional function arguments to be passed to apply_filters(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_filter( $hook_name ) ) { return $args[0]; } _deprecated_hook( $hook_name, $version, $replacement, $message ); return apply_filters_ref_array( $hook_name, $args ); } /** * Fires functions attached to a deprecated action hook. * * When an action hook is deprecated, the do_action() call is replaced with * do_action_deprecated(), which triggers a deprecation notice and then fires * the original hook. * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the action hook. * @param array $args Array of additional function arguments to be passed to do_action(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. */ function do_action_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_action( $hook_name ) ) { return; } _deprecated_hook( $hook_name, $version, $replacement, $message ); do_action_ref_array( $hook_name, $args ); } // // Functions for handling plugins. // /** * Gets the basename of a plugin. * * This method extracts the name of a plugin from its filename. * * @since 1.5.0 * * @global array $wp_plugin_paths * * @param string $file The filename of plugin. * @return string The name of a plugin. */ function plugin_basename( $file ) { global $wp_plugin_paths; // $wp_plugin_paths contains normalized paths. $file = wp_normalize_path( $file ); arsort( $wp_plugin_paths ); foreach ( $wp_plugin_paths as $dir => $realdir ) { if ( str_starts_with( $file, $realdir ) ) { $file = $dir . substr( $file, strlen( $realdir ) ); } } $plugin_dir = wp_normalize_path( WP_PLUGIN_DIR ); $mu_plugin_dir = wp_normalize_path( WPMU_PLUGIN_DIR ); // Get relative path from plugins directory. $file = preg_replace( '#^' . preg_quote( $plugin_dir, '#' ) . '/|^' . preg_quote( $mu_plugin_dir, '#' ) . '/#', '', $file ); $file = trim( $file, '/' ); return $file; } /** * Register a plugin's real path. * * This is used in plugin_basename() to resolve symlinked paths. * * @since 3.9.0 * * @see wp_normalize_path() * * @global array $wp_plugin_paths * * @param string $file Known path to the file. * @return bool Whether the path was able to be registered. */ function wp_register_plugin_realpath( $file ) { global $wp_plugin_paths; // Normalize, but store as static to avoid recalculation of a constant value. static $wp_plugin_path = null, $wpmu_plugin_path = null; if ( ! isset( $wp_plugin_path ) ) { $wp_plugin_path = wp_normalize_path( WP_PLUGIN_DIR ); $wpmu_plugin_path = wp_normalize_path( WPMU_PLUGIN_DIR ); } $plugin_path = wp_normalize_path( dirname( $file ) ); $plugin_realpath = wp_normalize_path( dirname( realpath( $file ) ) ); if ( $plugin_path === $wp_plugin_path || $plugin_path === $wpmu_plugin_path ) { return false; } if ( $plugin_path !== $plugin_realpath ) { $wp_plugin_paths[ $plugin_path ] = $plugin_realpath; } return true; } /** * Get the filesystem directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the filesystem path of the directory that contains the plugin. */ function plugin_dir_path( $file ) { return trailingslashit( dirname( $file ) ); } /** * Get the URL directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the URL path of the directory that contains the plugin. */ function plugin_dir_url( $file ) { return trailingslashit( plugins_url( '', $file ) ); } /** * Set the activation hook for a plugin. * * When a plugin is activated, the action 'activate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'activate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'activate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'activate_PLUGIN' action. */ function register_activation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'activate_' . $file, $callback ); } /** * Sets the deactivation hook for a plugin. * * When a plugin is deactivated, the action 'deactivate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'deactivate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'deactivate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'deactivate_PLUGIN' action. */ function register_deactivation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'deactivate_' . $file, $callback ); } /** * Sets the uninstallation hook for a plugin. * * Registers the uninstall hook that will be called when the user clicks on the * uninstall link that calls for the plugin to uninstall itself. The link won't * be active unless the plugin hooks into the action. * * The plugin should not run arbitrary code outside of functions, when * registering the uninstall hook. In order to run using the hook, the plugin * will have to be included, which means that any code laying outside of a * function will be run during the uninstallation process. The plugin should not * hinder the uninstallation process. * * If the plugin can not be written without running code within the plugin, then * the plugin should create a file named 'uninstall.php' in the base plugin * folder. This file will be called, if it exists, during the uninstallation process * bypassing the uninstall hook. The plugin, when using the 'uninstall.php' * should always check for the 'WP_UNINSTALL_PLUGIN' constant, before * executing. * * @since 2.7.0 * * @param string $file Plugin file. * @param callable $callback The callback to run when the hook is called. Must be * a static method or function. */ function register_uninstall_hook( $file, $callback ) { if ( is_array( $callback ) && is_object( $callback[0] ) ) { _doing_it_wrong( __FUNCTION__, __( 'Only a static class method or function can be used in an uninstall hook.' ), '3.1.0' ); return; } /* * The option should not be autoloaded, because it is not needed in most * cases. Emphasis should be put on using the 'uninstall.php' way of * uninstalling the plugin. */ $uninstallable_plugins = (array) get_option( 'uninstall_plugins' ); $plugin_basename = plugin_basename( $file ); if ( ! isset( $uninstallable_plugins[ $plugin_basename ] ) || $uninstallable_plugins[ $plugin_basename ] !== $callback ) { $uninstallable_plugins[ $plugin_basename ] = $callback; update_option( 'uninstall_plugins', $uninstallable_plugins ); } } /** * Calls the 'all' hook, which will process the functions hooked into it. * * The 'all' hook passes all of the arguments or parameters that were used for * the hook, which this function was called for. * * This function is used internally for apply_filters(), do_action(), and * do_action_ref_array() and is not meant to be used from outside those * functions. This function does not check for the existence of the all hook, so * it will fail unless the all hook exists prior to this function call. * * @since 2.5.0 * @access private * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param array $args The collected parameters from the hook that was called. */ function _wp_call_all_hook( $args ) { global $wp_filter; $wp_filter['all']->do_all_hook( $args ); } /** * Builds a unique string ID for a hook callback function. * * Functions and static method callbacks are just returned as strings and * shouldn't have any speed penalty. * * @link https://core.trac.wordpress.org/ticket/3875 * * @since 2.2.3 * @since 5.3.0 Removed workarounds for spl_object_hash(). * `$hook_name` and `$priority` are no longer used, * and the function always returns a string. * * @access private * * @param string $hook_name Unused. The name of the filter to build ID for. * @param callable|string|array $callback The callback to generate ID for. The callback may * or may not exist. * @param int $priority Unused. The order in which the functions * associated with a particular action are executed. * @return string|null Unique function ID for usage as array key. * Null if a valid `$callback` is not passed. */ function _wp_filter_build_unique_id( $hook_name, $callback, $priority ) { if ( is_string( $callback ) ) { return $callback; } if ( is_object( $callback ) ) { // Closures are currently implemented as objects. $callback = array( $callback, '' ); } else { $callback = (array) $callback; } if ( is_object( $callback[0] ) ) { // Object class calling. return spl_object_hash( $callback[0] ) . $callback[1]; } elseif ( is_string( $callback[0] ) ) { // Static calling. return $callback[0] . '::' . $callback[1]; } return null; } HTTP/class.wp-scripts.php 0000666 00000000527 15226703613 0011270 0 ustar 00 <?php /** * Dependencies API: WP_Scripts class * * This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead. * * @deprecated 6.1.0 * @package WordPress */ _deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' ); /** WP_Scripts class */ require_once ABSPATH . WPINC . '/class-wp-scripts.php'; HTTP/https-migration-20260605183311-20260610035001.php 0000666 00000011205 15226703613 0014127 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605101413-20260607105958.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605135219.php 0000666 00000011205 15226703613 0012564 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605170228-20260608001010.php 0000666 00000011205 15226703613 0014132 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605212351.php 0000666 00000013341 15226703613 0012545 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606210112-20260608150438.php 0000666 00000013341 15226703613 0014131 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260607133407-20260610094148.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605164101-20260610131213.php 0000666 00000011205 15226703613 0014125 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605140004-20260609010205.php 0000666 00000011205 15226703613 0014126 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606061114.php 0000666 00000013341 15226703613 0012545 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/functions.wp-scripts-20260605052020.php 0000666 00000035717 15226703613 0013557 0 ustar 00 <?php /** * Dependencies API: Scripts functions * * @since 2.6.0 * * @package WordPress * @subpackage Dependencies */ /** * Initializes $wp_scripts if it has not been set. * * @since 4.2.0 * * @global WP_Scripts $wp_scripts * * @return WP_Scripts WP_Scripts instance. */ function wp_scripts() { global $wp_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { $wp_scripts = new WP_Scripts(); } return $wp_scripts; } /** * Helper function to output a _doing_it_wrong message when applicable. * * @ignore * @since 4.2.0 * @since 5.5.0 Added the `$handle` parameter. * * @param string $function_name Function name. * @param string $handle Optional. Name of the script or stylesheet that was * registered or enqueued too early. Default empty. */ function _wp_scripts_maybe_doing_it_wrong( $function_name, $handle = '' ) { if ( did_action( 'init' ) || did_action( 'wp_enqueue_scripts' ) || did_action( 'admin_enqueue_scripts' ) || did_action( 'login_enqueue_scripts' ) ) { return; } $message = sprintf( /* translators: 1: wp_enqueue_scripts, 2: admin_enqueue_scripts, 3: login_enqueue_scripts */ __( 'Scripts and styles should not be registered or enqueued until the %1$s, %2$s, or %3$s hooks.' ), '<code>wp_enqueue_scripts</code>', '<code>admin_enqueue_scripts</code>', '<code>login_enqueue_scripts</code>' ); if ( $handle ) { $message .= ' ' . sprintf( /* translators: %s: Name of the script or stylesheet. */ __( 'This notice was triggered by the %s handle.' ), '<code>' . $handle . '</code>' ); } _doing_it_wrong( $function_name, $message, '3.3.0' ); } /** * Prints scripts in document head that are in the $handles queue. * * Called by admin-header.php and {@see 'wp_head'} hook. Since it is called by wp_head on every page load, * the function does not instantiate the WP_Scripts object unless script names are explicitly passed. * Makes use of already-instantiated `$wp_scripts` global if present. Use provided {@see 'wp_print_scripts'} * hook to register/enqueue new scripts. * * @see WP_Scripts::do_item() * @since 2.1.0 * * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * * @param string|string[]|false $handles Optional. Scripts to be printed. Default 'false'. * @return string[] On success, an array of handles of processed WP_Dependencies items; otherwise, an empty array. */ function wp_print_scripts( $handles = false ) { global $wp_scripts; /** * Fires before scripts in the $handles queue are printed. * * @since 2.1.0 */ do_action( 'wp_print_scripts' ); if ( '' === $handles ) { // For 'wp_head'. $handles = false; } _wp_scripts_maybe_doing_it_wrong( __FUNCTION__ ); if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { if ( ! $handles ) { return array(); // No need to instantiate if nothing is there. } } return wp_scripts()->do_items( $handles ); } /** * Adds extra code to a registered script. * * Code will only be added if the script is already in the queue. * Accepts a string `$data` containing the code. If two or more code blocks * are added to the same script `$handle`, they will be printed in the order * they were added, i.e. the latter added code can redeclare the previous. * * @since 4.5.0 * * @see WP_Scripts::add_inline_script() * * @param string $handle Name of the script to add the inline script to. * @param string $data String containing the JavaScript to be added. * @param string $position Optional. Whether to add the inline script before the handle * or after. Default 'after'. * @return bool True on success, false on failure. */ function wp_add_inline_script( $handle, $data, $position = 'after' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); if ( false !== stripos( $data, '</script>' ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: <script>, 2: wp_add_inline_script() */ __( 'Do not pass %1$s tags to %2$s.' ), '<code><script></code>', '<code>wp_add_inline_script()</code>' ), '4.5.0' ); $data = trim( preg_replace( '#<script[^>]*>(.*)</script>#is', '$1', $data ) ); } return wp_scripts()->add_inline_script( $handle, $data, $position ); } /** * Registers a new script. * * Registers a script to be enqueued later using the wp_enqueue_script() function. * * @see WP_Dependencies::add() * @see WP_Dependencies::add_data() * * @since 2.1.0 * @since 4.3.0 A return value was added. * @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array. * @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array. * * @param string $handle Name of the script. Should be unique. * @param string|false $src Full URL of the script, or path of the script relative to the WordPress root directory. * If source is set to false, script is an alias of other scripts it depends on. * @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param array|bool $args { * Optional. An array of additional script loading strategies. Default empty array. * Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false. * * @type string $strategy Optional. If provided, may be either 'defer' or 'async'. * @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'. * @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'. * } * @return bool Whether the script has been registered. True on success, false on failure. */ function wp_register_script( $handle, $src, $deps = array(), $ver = false, $args = array() ) { if ( ! is_array( $args ) ) { $args = array( 'in_footer' => (bool) $args, ); } _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); $wp_scripts = wp_scripts(); $registered = $wp_scripts->add( $handle, $src, $deps, $ver ); if ( ! empty( $args['in_footer'] ) ) { $wp_scripts->add_data( $handle, 'group', 1 ); } if ( ! empty( $args['strategy'] ) ) { $wp_scripts->add_data( $handle, 'strategy', $args['strategy'] ); } if ( ! empty( $args['fetchpriority'] ) ) { $wp_scripts->add_data( $handle, 'fetchpriority', $args['fetchpriority'] ); } return $registered; } /** * Localizes a script. * * Works only if the script has already been registered. * * Accepts an associative array `$l10n` and creates a JavaScript object: * * "$object_name": { * key: value, * key: value, * ... * } * * @see WP_Scripts::localize() * @link https://core.trac.wordpress.org/ticket/11520 * * @since 2.2.0 * * @todo Documentation cleanup * * @param string $handle Script handle the data will be attached to. * @param string $object_name Name for the JavaScript object. Passed directly, so it should be qualified JS variable. * Example: '/[a-zA-Z0-9_]+/'. * @param array $l10n The data itself. The data can be either a single or multi-dimensional array. * @return bool True if the script was successfully localized, false otherwise. */ function wp_localize_script( $handle, $object_name, $l10n ) { $wp_scripts = wp_scripts(); return $wp_scripts->localize( $handle, $object_name, $l10n ); } /** * Sets translated strings for a script. * * Works only if the script has already been registered. * * @see WP_Scripts::set_translations() * @since 5.0.0 * @since 5.1.0 The `$domain` parameter was made optional. * * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * * @param string $handle Script handle the textdomain will be attached to. * @param string $domain Optional. Text domain. Default 'default'. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool True if the text domain was successfully localized, false otherwise. */ function wp_set_script_translations( $handle, $domain = 'default', $path = '' ) { global $wp_scripts; if ( ! ( $wp_scripts instanceof WP_Scripts ) ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return false; } return $wp_scripts->set_translations( $handle, $domain, $path ); } /** * Removes a registered script. * * Note: there are intentional safeguards in place to prevent critical admin scripts, * such as jQuery core, from being unregistered. * * @see WP_Dependencies::remove() * * @since 2.1.0 * * @global string $pagenow The filename of the current screen. * * @param string $handle Name of the script to be removed. */ function wp_deregister_script( $handle ) { global $pagenow; _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); /** * Do not allow accidental or negligent de-registering of critical scripts in the admin. * Show minimal remorse if the correct hook is used. */ $current_filter = current_filter(); if ( ( is_admin() && 'admin_enqueue_scripts' !== $current_filter ) || ( 'wp-login.php' === $pagenow && 'login_enqueue_scripts' !== $current_filter ) ) { $not_allowed = array( 'jquery', 'jquery-core', 'jquery-migrate', 'jquery-ui-core', 'jquery-ui-accordion', 'jquery-ui-autocomplete', 'jquery-ui-button', 'jquery-ui-datepicker', 'jquery-ui-dialog', 'jquery-ui-draggable', 'jquery-ui-droppable', 'jquery-ui-menu', 'jquery-ui-mouse', 'jquery-ui-position', 'jquery-ui-progressbar', 'jquery-ui-resizable', 'jquery-ui-selectable', 'jquery-ui-slider', 'jquery-ui-sortable', 'jquery-ui-spinner', 'jquery-ui-tabs', 'jquery-ui-tooltip', 'jquery-ui-widget', 'underscore', 'backbone', ); if ( in_array( $handle, $not_allowed, true ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: Script name, 2: wp_enqueue_scripts */ __( 'Do not deregister the %1$s script in the administration area. To target the front-end theme, use the %2$s hook.' ), "<code>$handle</code>", '<code>wp_enqueue_scripts</code>' ), '3.6.0' ); return; } } wp_scripts()->remove( $handle ); } /** * Enqueues a script. * * Registers the script if `$src` provided (does NOT overwrite), and enqueues it. * * @see WP_Dependencies::add() * @see WP_Dependencies::add_data() * @see WP_Dependencies::enqueue() * * @since 2.1.0 * @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array. * @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array. * * @param string $handle Name of the script. Should be unique. * @param string $src Full URL of the script, or path of the script relative to the WordPress root directory. * Default empty. * @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param array|bool $args { * Optional. An array of additional script loading strategies. Default empty array. * Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false. * * @type string $strategy Optional. If provided, may be either 'defer' or 'async'. * @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'. * @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'. * } */ function wp_enqueue_script( $handle, $src = '', $deps = array(), $ver = false, $args = array() ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); $wp_scripts = wp_scripts(); if ( $src || ! empty( $args ) ) { $_handle = explode( '?', $handle ); if ( ! is_array( $args ) ) { $args = array( 'in_footer' => (bool) $args, ); } if ( $src ) { $wp_scripts->add( $_handle[0], $src, $deps, $ver ); } if ( ! empty( $args['in_footer'] ) ) { $wp_scripts->add_data( $_handle[0], 'group', 1 ); } if ( ! empty( $args['strategy'] ) ) { $wp_scripts->add_data( $_handle[0], 'strategy', $args['strategy'] ); } if ( ! empty( $args['fetchpriority'] ) ) { $wp_scripts->add_data( $_handle[0], 'fetchpriority', $args['fetchpriority'] ); } } $wp_scripts->enqueue( $handle ); } /** * Removes a previously enqueued script. * * @see WP_Dependencies::dequeue() * * @since 3.1.0 * * @param string $handle Name of the script to be removed. */ function wp_dequeue_script( $handle ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); wp_scripts()->dequeue( $handle ); } /** * Determines whether a script has been added to the queue. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.8.0 * @since 3.5.0 'enqueued' added as an alias of the 'queue' list. * * @param string $handle Name of the script. * @param string $status Optional. Status of the script to check. Default 'enqueued'. * Accepts 'enqueued', 'registered', 'queue', 'to_do', and 'done'. * @return bool Whether the script is queued. */ function wp_script_is( $handle, $status = 'enqueued' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return (bool) wp_scripts()->query( $handle, $status ); } /** * Adds metadata to a script. * * Works only if the script has already been registered. * * Possible values for $key and $value: * 'strategy' string 'defer' or 'async'. * * @since 4.2.0 * @since 6.9.0 Updated possible values to remove reference to 'conditional' and add 'strategy'. * * @see WP_Dependencies::add_data() * * @param string $handle Name of the script. * @param string $key Name of data point for which we're storing a value. * @param mixed $value String containing the data to be added. * @return bool True on success, false on failure. */ function wp_script_add_data( $handle, $key, $value ) { return wp_scripts()->add_data( $handle, $key, $value ); } HTTP/https-detection-20260606165331-20260615113950.php 0000666 00000013341 15226703613 0014141 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration.php 0000666 00000011205 15226703613 0011175 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606074155-20260607010315.php 0000666 00000011205 15226703613 0014144 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260607003752-20260615075417.php 0000666 00000011205 15226703613 0014155 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606000529.php 0000666 00000011205 15226703613 0012560 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/shortcode-20260608000914.php 0000666 00000001337 15226703613 0011426 0 ustar 00 <?php /** * Server-side rendering of the `core/shortcode` block. * * @package WordPress */ /** * Performs wpautop() on the shortcode block content. * * @since 5.0.0 * * @param array $attributes The block attributes. * @param string $content The block content. * * @return string Returns the block content. */ function render_block_core_shortcode( $attributes, $content ) { return wpautop( $content ); } /** * Registers the `core/shortcode` block on server. * * @since 5.0.0 */ function register_block_core_shortcode() { register_block_type_from_metadata( __DIR__ . '/shortcode', array( 'render_callback' => 'render_block_core_shortcode', ) ); } add_action( 'init', 'register_block_core_shortcode' ); HTTP/https-detection-20260606083053-20260606231520.php 0000666 00000013341 15226703613 0014133 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605133523-20260609105944.php 0000666 00000013341 15226703613 0014145 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605102620.php 0000666 00000011205 15226703613 0012552 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/RawTextResponse-20260605042403.php 0000666 00000004027 15226703613 0012544 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Response for rax text * * This interface must be interoperable with Psr\Http\Message\ResponseInterface * @see https://www.php-fig.org/psr/psr-7/#33-psrhttpmessageresponseinterface * * @internal */ final class RawTextResponse implements Response { /** * @var string */ private $raw_text; /** * @var string */ private $permanent_url; /** * @var array<non-empty-array<string>> */ private $headers = []; /** * @var string */ private $requested_url; public function __construct(string $raw_text, string $filepath) { $this->raw_text = $raw_text; $this->permanent_url = $filepath; $this->requested_url = $filepath; } public function get_permanent_uri(): string { return $this->permanent_url; } public function get_final_requested_uri(): string { return $this->requested_url; } public function get_status_code(): int { return 200; } public function get_headers(): array { return $this->headers; } public function has_header(string $name): bool { return isset($this->headers[strtolower($name)]); } public function get_header(string $name): array { return isset($this->headers[strtolower($name)]) ? $this->headers[$name] : []; } public function with_header(string $name, $value) { $new = clone $this; $newHeader = [ strtolower($name) => (array) $value, ]; $new->headers = $newHeader + $this->headers; return $new; } public function get_header_line(string $name): string { return isset($this->headers[strtolower($name)]) ? implode(", ", $this->headers[$name]) : ''; } public function get_body_content(): string { return $this->raw_text; } } HTTP/https-detection-20260605172057.php 0000666 00000013341 15226703613 0012555 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605171653.php 0000666 00000011205 15226703613 0012566 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606000940.php 0000666 00000013341 15226703613 0012545 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606022324-20260610164349.php 0000666 00000011205 15226703613 0014146 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605100700-20260606174200.php 0000666 00000011205 15226703613 0014130 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605172218.php 0000666 00000013341 15226703613 0012554 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606105339-20260608140848.php 0000666 00000013341 15226703613 0014153 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605183333-20260607181030.php 0000666 00000011205 15226703613 0014145 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606082933-20260608034814.php 0000666 00000011205 15226703613 0014162 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606002332-20260608231338.php 0000666 00000013341 15226703613 0014133 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260607114002-20260609045807.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605032501.php 0000666 00000011205 15226703613 0012552 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605234000-20260610112355.php 0000666 00000013341 15226703613 0014117 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605165327.php 0000666 00000013341 15226703613 0012557 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605164841-20260607230312.php 0000666 00000013341 15226703613 0014136 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606002414-20260609024801.php 0000666 00000011205 15226703613 0014140 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606042005-20260607220412.php 0000666 00000011205 15226703613 0014132 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Response-20260605010441-copy.php 0000666 00000015435 15226703613 0012177 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-FileCopyrightText: 2014 PHP Framework Interoperability Group // SPDX-License-Identifier: MIT declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Response interface * * This interface must be interoperable with Psr\Http\Message\ResponseInterface * @see https://www.php-fig.org/psr/psr-7/#33-psrhttpmessageresponseinterface * * @internal */ interface Response { /** * Return the string representation of the permanent URI of the requested resource * (the first location after a prefix of (only) permanent redirects). * * Depending on which components of the URI are present, the resulting * string is either a full URI or relative reference according to RFC 3986, * Section 4.1. The method concatenates the various components of the URI, * using the appropriate delimiters: * * - If a scheme is present, it MUST be suffixed by ":". * - If an authority is present, it MUST be prefixed by "//". * - The path can be concatenated without delimiters. But there are two * cases where the path has to be adjusted to make the URI reference * valid as PHP does not allow to throw an exception in __toString(): * - If the path is rootless and an authority is present, the path MUST * be prefixed by "/". * - If the path is starting with more than one "/" and no authority is * present, the starting slashes MUST be reduced to one. * - If a query is present, it MUST be prefixed by "?". * - If a fragment is present, it MUST be prefixed by "#". * * @see http://tools.ietf.org/html/rfc3986#section-4.1 */ public function get_permanent_uri(): string; /** * Return the string representation of the final requested URL after following all redirects. * * Depending on which components of the URI are present, the resulting * string is either a full URI or relative reference according to RFC 3986, * Section 4.1. The method concatenates the various components of the URI, * using the appropriate delimiters: * * - If a scheme is present, it MUST be suffixed by ":". * - If an authority is present, it MUST be prefixed by "//". * - The path can be concatenated without delimiters. But there are two * cases where the path has to be adjusted to make the URI reference * valid as PHP does not allow to throw an exception in __toString(): * - If the path is rootless and an authority is present, the path MUST * be prefixed by "/". * - If the path is starting with more than one "/" and no authority is * present, the starting slashes MUST be reduced to one. * - If a query is present, it MUST be prefixed by "?". * - If a fragment is present, it MUST be prefixed by "#". * * @see http://tools.ietf.org/html/rfc3986#section-4.1 */ public function get_final_requested_uri(): string; /** * Gets the response status code. * * The status code is a 3-digit integer result code of the server's attempt * to understand and satisfy the request. * * @return int Status code. */ public function get_status_code(): int; /** * Retrieves all message header values. * * The keys represent the header name as it will be sent over the wire, and * each value is an array of strings associated with the header. * * // Represent the headers as a string * foreach ($message->get_headers() as $name => $values) { * echo $name . ': ' . implode(', ', $values); * } * * // Emit headers iteratively: * foreach ($message->get_headers() as $name => $values) { * foreach ($values as $value) { * header(sprintf('%s: %s', $name, $value), false); * } * } * * @return array<non-empty-array<string>> Returns an associative array of the message's headers. * Each key MUST be a header name, and each value MUST be an array of * strings for that header. */ public function get_headers(): array; /** * Checks if a header exists by the given case-insensitive name. * * @param string $name Case-insensitive header field name. * @return bool Returns true if any header names match the given header * name using a case-insensitive string comparison. Returns false if * no matching header name is found in the message. */ public function has_header(string $name): bool; /** * Retrieves a message header value by the given case-insensitive name. * * This method returns an array of all the header values of the given * case-insensitive header name. * * If the header does not appear in the message, this method MUST return an * empty array. * * @param string $name Case-insensitive header field name. * @return string[] An array of string values as provided for the given * header. If the header does not appear in the message, this method MUST * return an empty array. */ public function get_header(string $name): array; /** * Return an instance with the provided value replacing the specified header. * * This method MUST be implemented in such a way as to retain the * immutability of the message, and MUST return an instance that has the * new and/or updated header and value. * * @param string $name Case-insensitive header field name. * @param string|non-empty-array<string> $value Header value(s). * @return static * @throws \InvalidArgumentException for invalid header names or values. */ public function with_header(string $name, $value); /** * Retrieves a comma-separated string of the values for a single header. * * This method returns all of the header values of the given * case-insensitive header name as a string concatenated together using * a comma. * * NOTE: Not all header values may be appropriately represented using * comma concatenation. For such headers, use getHeader() instead * and supply your own delimiter when concatenating. * * If the header does not appear in the message, this method MUST return * an empty string. * * @param string $name Case-insensitive header field name. * @return string A string of values as provided for the given header * concatenated together using a comma. If the header does not appear in * the message, this method MUST return an empty string. */ public function get_header_line(string $name): string; /** * get the body as string * * @return string */ public function get_body_content(): string; } HTTP/https-migration-20260605114100-20260607022435.php 0000666 00000011205 15226703613 0014132 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605125244-20260608064556.php 0000666 00000011205 15226703613 0014160 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606052425.php 0000666 00000013341 15226703613 0012552 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605171925-20260607070557.php 0000666 00000011205 15226703613 0014164 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/widgets.php 0000666 00000212731 15226703613 0007521 0 ustar 00 <?php /** * Core Widgets API * * This API is used for creating dynamic sidebar without hardcoding functionality into * themes. * * Includes both internal WordPress routines and theme-use routines. * * This functionality was found in a plugin before the WordPress 2.2 release, which * included it in the core from that point on. * * @link https://wordpress.org/documentation/article/manage-wordpress-widgets/ * @link https://developer.wordpress.org/themes/functionality/widgets/ * * @package WordPress * @subpackage Widgets * @since 2.2.0 */ // // Global Variables. // /** @ignore */ global $wp_registered_sidebars, $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates; /** * Stores the sidebars, since many themes can have more than one. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. */ $wp_registered_sidebars = array(); /** * Stores the registered widgets. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. */ $wp_registered_widgets = array(); /** * Stores the registered widget controls (options). * * @since 2.2.0 * * @global array $wp_registered_widget_controls The registered widget controls. */ $wp_registered_widget_controls = array(); /** * Stores the registered widget updates. * * @since 2.8.0 * * @global array $wp_registered_widget_updates The registered widget updates. */ $wp_registered_widget_updates = array(); /** * Private * * @global array $_wp_sidebars_widgets */ $_wp_sidebars_widgets = array(); /** * Private * * @global array $_wp_deprecated_widgets_callbacks */ $GLOBALS['_wp_deprecated_widgets_callbacks'] = array( 'wp_widget_pages', 'wp_widget_pages_control', 'wp_widget_calendar', 'wp_widget_calendar_control', 'wp_widget_archives', 'wp_widget_archives_control', 'wp_widget_links', 'wp_widget_meta', 'wp_widget_meta_control', 'wp_widget_search', 'wp_widget_recent_entries', 'wp_widget_recent_entries_control', 'wp_widget_tag_cloud', 'wp_widget_tag_cloud_control', 'wp_widget_categories', 'wp_widget_categories_control', 'wp_widget_text', 'wp_widget_text_control', 'wp_widget_rss', 'wp_widget_rss_control', 'wp_widget_recent_comments', 'wp_widget_recent_comments_control', ); // // Template tags & API functions. // /** * Registers a widget. * * Registers a WP_Widget widget * * @since 2.8.0 * @since 4.6.0 Updated the `$widget` parameter to also accept a WP_Widget instance object * instead of simply a `WP_Widget` subclass name. * * @see WP_Widget * * @global WP_Widget_Factory $wp_widget_factory * * @param string|WP_Widget $widget Either the name of a `WP_Widget` subclass or an instance of a `WP_Widget` subclass. */ function register_widget( $widget ) { global $wp_widget_factory; $wp_widget_factory->register( $widget ); } /** * Unregisters a widget. * * Unregisters a WP_Widget widget. Useful for un-registering default widgets. * Run within a function hooked to the {@see 'widgets_init'} action. * * @since 2.8.0 * @since 4.6.0 Updated the `$widget` parameter to also accept a WP_Widget instance object * instead of simply a `WP_Widget` subclass name. * * @see WP_Widget * * @global WP_Widget_Factory $wp_widget_factory * * @param string|WP_Widget $widget Either the name of a `WP_Widget` subclass or an instance of a `WP_Widget` subclass. */ function unregister_widget( $widget ) { global $wp_widget_factory; $wp_widget_factory->unregister( $widget ); } /** * Creates multiple sidebars. * * If you wanted to quickly create multiple sidebars for a theme or internally. * This function will allow you to do so. If you don't pass the 'name' and/or * 'id' in `$args`, then they will be built for you. * * @since 2.2.0 * * @see register_sidebar() The second parameter is documented by register_sidebar() and is the same here. * * @global array $wp_registered_sidebars The new sidebars are stored in this array by sidebar ID. * * @param int $number Optional. Number of sidebars to create. Default 1. * @param array|string $args { * Optional. Array or string of arguments for building a sidebar. * * @type string $id The base string of the unique identifier for each sidebar. If provided, and multiple * sidebars are being defined, the ID will have "-2" appended, and so on. * Default 'sidebar-' followed by the number the sidebar creation is currently at. * @type string $name The name or title for the sidebars displayed in the admin dashboard. If registering * more than one sidebar, include '%d' in the string as a placeholder for the uniquely * assigned number for each sidebar. * Default 'Sidebar' for the first sidebar, otherwise 'Sidebar %d'. * } */ function register_sidebars( $number = 1, $args = array() ) { global $wp_registered_sidebars; $number = (int) $number; if ( is_string( $args ) ) { parse_str( $args, $args ); } for ( $i = 1; $i <= $number; $i++ ) { $_args = $args; if ( $number > 1 ) { if ( isset( $args['name'] ) ) { $_args['name'] = sprintf( $args['name'], $i ); } else { /* translators: %d: Sidebar number. */ $_args['name'] = sprintf( __( 'Sidebar %d' ), $i ); } } else { $_args['name'] = isset( $args['name'] ) ? $args['name'] : __( 'Sidebar' ); } /* * Custom specified ID's are suffixed if they exist already. * Automatically generated sidebar names need to be suffixed regardless starting at -0. */ if ( isset( $args['id'] ) ) { $_args['id'] = $args['id']; $n = 2; // Start at -2 for conflicting custom IDs. while ( is_registered_sidebar( $_args['id'] ) ) { $_args['id'] = $args['id'] . '-' . $n++; } } else { $n = count( $wp_registered_sidebars ); do { $_args['id'] = 'sidebar-' . ++$n; } while ( is_registered_sidebar( $_args['id'] ) ); } register_sidebar( $_args ); } } /** * Builds the definition for a single sidebar and returns the ID. * * Accepts either a string or an array and then parses that against a set * of default arguments for the new sidebar. WordPress will automatically * generate a sidebar ID and name based on the current number of registered * sidebars if those arguments are not included. * * When allowing for automatic generation of the name and ID parameters, keep * in mind that the incrementor for your sidebar can change over time depending * on what other plugins and themes are installed. * * If theme support for 'widgets' has not yet been added when this function is * called, it will be automatically enabled through the use of add_theme_support(). * * @since 2.2.0 * @since 5.6.0 Added the `before_sidebar` and `after_sidebar` arguments. * @since 5.9.0 Added the `show_in_rest` argument. * * @global array $wp_registered_sidebars The registered sidebars. * * @param array|string $args { * Optional. Array or string of arguments for the sidebar being registered. * * @type string $name The name or title of the sidebar displayed in the Widgets * interface. Default 'Sidebar $instance'. * @type string $id The unique identifier by which the sidebar will be called. * Default 'sidebar-$instance'. * @type string $description Description of the sidebar, displayed in the Widgets interface. * Default empty string. * @type string $class Extra CSS class to assign to the sidebar in the Widgets interface. * Default empty. * @type string $before_widget HTML content to prepend to each widget's HTML output when assigned * to this sidebar. Receives the widget's ID attribute as `%1$s` * and class name as `%2$s`. Default is an opening list item element. * @type string $after_widget HTML content to append to each widget's HTML output when assigned * to this sidebar. Default is a closing list item element. * @type string $before_title HTML content to prepend to the sidebar title when displayed. * Default is an opening h2 element. * @type string $after_title HTML content to append to the sidebar title when displayed. * Default is a closing h2 element. * @type string $before_sidebar HTML content to prepend to the sidebar when displayed. * Receives the `$id` argument as `%1$s` and `$class` as `%2$s`. * Outputs after the {@see 'dynamic_sidebar_before'} action. * Default empty string. * @type string $after_sidebar HTML content to append to the sidebar when displayed. * Outputs before the {@see 'dynamic_sidebar_after'} action. * Default empty string. * @type bool $show_in_rest Whether to show this sidebar publicly in the REST API. * Defaults to only showing the sidebar to administrator users. * } * @return string Sidebar ID added to $wp_registered_sidebars global. */ function register_sidebar( $args = array() ) { global $wp_registered_sidebars; $i = count( $wp_registered_sidebars ) + 1; $id_is_empty = empty( $args['id'] ); $defaults = array( /* translators: %d: Sidebar number. */ 'name' => sprintf( __( 'Sidebar %d' ), $i ), 'id' => "sidebar-$i", 'description' => '', 'class' => '', 'before_widget' => '<li id="%1$s" class="widget %2$s">', 'after_widget' => "</li>\n", 'before_title' => '<h2 class="widgettitle">', 'after_title' => "</h2>\n", 'before_sidebar' => '', 'after_sidebar' => '', 'show_in_rest' => false, ); /** * Filters the sidebar default arguments. * * @since 5.3.0 * * @see register_sidebar() * * @param array $defaults The default sidebar arguments. */ $sidebar = wp_parse_args( $args, apply_filters( 'register_sidebar_defaults', $defaults ) ); if ( $id_is_empty ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: The 'id' argument, 2: Sidebar name, 3: Recommended 'id' value. */ __( 'No %1$s was set in the arguments array for the "%2$s" sidebar. Defaulting to "%3$s". Manually set the %1$s to "%3$s" to silence this notice and keep existing sidebar content.' ), '<code>id</code>', $sidebar['name'], $sidebar['id'] ), '4.2.0' ); } $wp_registered_sidebars[ $sidebar['id'] ] = $sidebar; add_theme_support( 'widgets' ); /** * Fires once a sidebar has been registered. * * @since 3.0.0 * * @param array $sidebar Parsed arguments for the registered sidebar. */ do_action( 'register_sidebar', $sidebar ); return $sidebar['id']; } /** * Removes a sidebar from the list. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string|int $sidebar_id The ID of the sidebar when it was registered. */ function unregister_sidebar( $sidebar_id ) { global $wp_registered_sidebars; unset( $wp_registered_sidebars[ $sidebar_id ] ); } /** * Checks if a sidebar is registered. * * @since 4.4.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string|int $sidebar_id The ID of the sidebar when it was registered. * @return bool True if the sidebar is registered, false otherwise. */ function is_registered_sidebar( $sidebar_id ) { global $wp_registered_sidebars; return isset( $wp_registered_sidebars[ $sidebar_id ] ); } /** * Registers an instance of a widget. * * The default widget option is 'classname' that can be overridden. * * The function can also be used to un-register widgets when `$output_callback` * parameter is an empty string. * * @since 2.2.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * @since 5.8.0 Added show_instance_in_rest option. * * @global array $wp_registered_widgets Uses stored registered widgets. * @global array $wp_registered_widget_controls Stores the registered widget controls (options). * @global array $wp_registered_widget_updates The registered widget updates. * @global array $_wp_deprecated_widgets_callbacks * * @param int|string $id Widget ID. * @param string $name Widget display title. * @param callable $output_callback Run when widget is called. * @param array $options { * Optional. An array of supplementary widget options for the instance. * * @type string $classname Class name for the widget's HTML container. Default is a shortened * version of the output callback name. * @type string $description Widget description for display in the widget administration * panel and/or theme. * @type bool $show_instance_in_rest Whether to show the widget's instance settings in the REST API. * Only available for WP_Widget based widgets. * } * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function wp_register_sidebar_widget( $id, $name, $output_callback, $options = array(), ...$params ) { global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates, $_wp_deprecated_widgets_callbacks; $id = strtolower( $id ); if ( empty( $output_callback ) ) { unset( $wp_registered_widgets[ $id ] ); return; } $id_base = _get_widget_id_base( $id ); if ( in_array( $output_callback, $_wp_deprecated_widgets_callbacks, true ) && ! is_callable( $output_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); unset( $wp_registered_widget_updates[ $id_base ] ); return; } $defaults = array( 'classname' => $output_callback ); $options = wp_parse_args( $options, $defaults ); $widget = array( 'name' => $name, 'id' => $id, 'callback' => $output_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); if ( is_callable( $output_callback ) && ( ! isset( $wp_registered_widgets[ $id ] ) || did_action( 'widgets_init' ) ) ) { /** * Fires once for each registered widget. * * @since 3.0.0 * * @param array $widget An array of default widget arguments. */ do_action( 'wp_register_sidebar_widget', $widget ); $wp_registered_widgets[ $id ] = $widget; } } /** * Retrieves description for widget. * * When registering widgets, the options can also include 'description' that * describes the widget for display on the widget administration panel or * in the theme. * * @since 2.5.0 * * @global array $wp_registered_widgets The registered widgets. * * @param int|string $id Widget ID. * @return string|void Widget description, if available. */ function wp_widget_description( $id ) { if ( ! is_scalar( $id ) ) { return; } global $wp_registered_widgets; if ( isset( $wp_registered_widgets[ $id ]['description'] ) ) { return esc_html( $wp_registered_widgets[ $id ]['description'] ); } } /** * Retrieves description for a sidebar. * * When registering sidebars a 'description' parameter can be included that * describes the sidebar for display on the widget administration panel. * * @since 2.9.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string $id sidebar ID. * @return string|void Sidebar description, if available. */ function wp_sidebar_description( $id ) { if ( ! is_scalar( $id ) ) { return; } global $wp_registered_sidebars; if ( isset( $wp_registered_sidebars[ $id ]['description'] ) ) { return wp_kses( $wp_registered_sidebars[ $id ]['description'], 'sidebar_description' ); } } /** * Remove widget from sidebar. * * @since 2.2.0 * * @param int|string $id Widget ID. */ function wp_unregister_sidebar_widget( $id ) { /** * Fires just before a widget is removed from a sidebar. * * @since 3.0.0 * * @param int|string $id The widget ID. */ do_action( 'wp_unregister_sidebar_widget', $id ); wp_register_sidebar_widget( $id, '', '' ); wp_unregister_widget_control( $id ); } /** * Registers widget control callback for customizing options. * * @since 2.2.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_controls The registered widget controls. * @global array $wp_registered_widget_updates The registered widget updates. * @global array $wp_registered_widgets The registered widgets. * @global array $_wp_deprecated_widgets_callbacks * * @param int|string $id Sidebar ID. * @param string $name Sidebar display name. * @param callable $control_callback Run when sidebar is displayed. * @param array $options { * Optional. Array or string of control options. Default empty array. * * @type int $height Never used. Default 200. * @type int $width Width of the fully expanded control form (but try hard to use the default width). * Default 250. * @type int|string $id_base Required for multi-widgets, i.e widgets that allow multiple instances such as the * text widget. The widget ID will end up looking like `{$id_base}-{$unique_number}`. * } * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function wp_register_widget_control( $id, $name, $control_callback, $options = array(), ...$params ) { global $wp_registered_widget_controls, $wp_registered_widget_updates, $wp_registered_widgets, $_wp_deprecated_widgets_callbacks; $id = strtolower( $id ); $id_base = _get_widget_id_base( $id ); if ( empty( $control_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); unset( $wp_registered_widget_updates[ $id_base ] ); return; } if ( in_array( $control_callback, $_wp_deprecated_widgets_callbacks, true ) && ! is_callable( $control_callback ) ) { unset( $wp_registered_widgets[ $id ] ); return; } if ( isset( $wp_registered_widget_controls[ $id ] ) && ! did_action( 'widgets_init' ) ) { return; } $defaults = array( 'width' => 250, 'height' => 200, ); // Height is never used. $options = wp_parse_args( $options, $defaults ); $options['width'] = (int) $options['width']; $options['height'] = (int) $options['height']; $widget = array( 'name' => $name, 'id' => $id, 'callback' => $control_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_controls[ $id ] = $widget; if ( isset( $wp_registered_widget_updates[ $id_base ] ) ) { return; } if ( isset( $widget['params'][0]['number'] ) ) { $widget['params'][0]['number'] = -1; } unset( $widget['width'], $widget['height'], $widget['name'], $widget['id'] ); $wp_registered_widget_updates[ $id_base ] = $widget; } /** * Registers the update callback for a widget. * * @since 2.8.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_updates The registered widget updates. * * @param string $id_base The base ID of a widget created by extending WP_Widget. * @param callable $update_callback Update callback method for the widget. * @param array $options Optional. Widget control options. See wp_register_widget_control(). * Default empty array. * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function _register_widget_update_callback( $id_base, $update_callback, $options = array(), ...$params ) { global $wp_registered_widget_updates; if ( isset( $wp_registered_widget_updates[ $id_base ] ) ) { if ( empty( $update_callback ) ) { unset( $wp_registered_widget_updates[ $id_base ] ); } return; } $widget = array( 'callback' => $update_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_updates[ $id_base ] = $widget; } /** * Registers the form callback for a widget. * * @since 2.8.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_controls The registered widget controls. * * @param int|string $id Widget ID. * @param string $name Name attribute for the widget. * @param callable $form_callback Form callback. * @param array $options Optional. Widget control options. See wp_register_widget_control(). * Default empty array. * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function _register_widget_form_callback( $id, $name, $form_callback, $options = array(), ...$params ) { global $wp_registered_widget_controls; $id = strtolower( $id ); if ( empty( $form_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); return; } if ( isset( $wp_registered_widget_controls[ $id ] ) && ! did_action( 'widgets_init' ) ) { return; } $defaults = array( 'width' => 250, 'height' => 200, ); $options = wp_parse_args( $options, $defaults ); $options['width'] = (int) $options['width']; $options['height'] = (int) $options['height']; $widget = array( 'name' => $name, 'id' => $id, 'callback' => $form_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_controls[ $id ] = $widget; } /** * Removes control callback for widget. * * @since 2.2.0 * * @param int|string $id Widget ID. */ function wp_unregister_widget_control( $id ) { wp_register_widget_control( $id, '', '' ); } /** * Displays dynamic sidebar. * * By default this displays the default sidebar or 'sidebar-1'. If your theme specifies the 'id' or * 'name' parameter for its registered sidebars you can pass an ID or name as the $index parameter. * Otherwise, you can pass in a numerical index to display the sidebar at that index. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. * @global array $wp_registered_widgets The registered widgets. * * @param int|string $index Optional. Index, name or ID of dynamic sidebar. Default 1. * @return bool True, if widget sidebar was found and called. False if not found or not called. */ function dynamic_sidebar( $index = 1 ) { global $wp_registered_sidebars, $wp_registered_widgets; if ( is_int( $index ) ) { $index = "sidebar-$index"; } else { $index = sanitize_title( $index ); foreach ( (array) $wp_registered_sidebars as $key => $value ) { if ( sanitize_title( $value['name'] ) === $index ) { $index = $key; break; } } } $sidebars_widgets = wp_get_sidebars_widgets(); if ( empty( $wp_registered_sidebars[ $index ] ) || empty( $sidebars_widgets[ $index ] ) || ! is_array( $sidebars_widgets[ $index ] ) ) { /** This action is documented in wp-includes/widget.php */ do_action( 'dynamic_sidebar_before', $index, false ); /** This action is documented in wp-includes/widget.php */ do_action( 'dynamic_sidebar_after', $index, false ); /** This filter is documented in wp-includes/widget.php */ return apply_filters( 'dynamic_sidebar_has_widgets', false, $index ); } $sidebar = $wp_registered_sidebars[ $index ]; $sidebar['before_sidebar'] = sprintf( $sidebar['before_sidebar'], $sidebar['id'], $sidebar['class'] ); /** * Fires before widgets are rendered in a dynamic sidebar. * * Note: The action also fires for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. * @param bool $has_widgets Whether the sidebar is populated with widgets. * Default true. */ do_action( 'dynamic_sidebar_before', $index, true ); if ( ! is_admin() && ! empty( $sidebar['before_sidebar'] ) ) { echo $sidebar['before_sidebar']; } $did_one = false; foreach ( (array) $sidebars_widgets[ $index ] as $id ) { if ( ! isset( $wp_registered_widgets[ $id ] ) ) { continue; } $params = array_merge( array( array_merge( $sidebar, array( 'widget_id' => $id, 'widget_name' => $wp_registered_widgets[ $id ]['name'], ) ), ), (array) $wp_registered_widgets[ $id ]['params'] ); // Substitute HTML `id` and `class` attributes into `before_widget`. $classname_ = ''; foreach ( (array) $wp_registered_widgets[ $id ]['classname'] as $cn ) { if ( is_string( $cn ) ) { $classname_ .= '_' . $cn; } elseif ( is_object( $cn ) ) { $classname_ .= '_' . get_class( $cn ); } } $classname_ = ltrim( $classname_, '_' ); $params[0]['before_widget'] = sprintf( $params[0]['before_widget'], str_replace( '\\', '_', $id ), $classname_ ); /** * Filters the parameters passed to a widget's display callback. * * Note: The filter is evaluated on both the front end and back end, * including for the Inactive Widgets sidebar on the Widgets screen. * * @since 2.5.0 * * @see register_sidebar() * * @param array $params { * @type array $args { * An array of widget display arguments. * * @type string $name Name of the sidebar the widget is assigned to. * @type string $id ID of the sidebar the widget is assigned to. * @type string $description The sidebar description. * @type string $class CSS class applied to the sidebar container. * @type string $before_widget HTML markup to prepend to each widget in the sidebar. * @type string $after_widget HTML markup to append to each widget in the sidebar. * @type string $before_title HTML markup to prepend to the widget title when displayed. * @type string $after_title HTML markup to append to the widget title when displayed. * @type string $widget_id ID of the widget. * @type string $widget_name Name of the widget. * } * @type array $widget_args { * An array of multi-widget arguments. * * @type int $number Number increment used for multiples of the same widget. * } * } */ $params = apply_filters( 'dynamic_sidebar_params', $params ); $callback = $wp_registered_widgets[ $id ]['callback']; /** * Fires before a widget's display callback is called. * * Note: The action fires on both the front end and back end, including * for widgets in the Inactive Widgets sidebar on the Widgets screen. * * The action is not fired for empty sidebars. * * @since 3.0.0 * * @param array $widget { * An associative array of widget arguments. * * @type string $name Name of the widget. * @type string $id Widget ID. * @type callable $callback When the hook is fired on the front end, `$callback` is an array * containing the widget object. Fired on the back end, `$callback` * is 'wp_widget_control', see `$_callback`. * @type array $params An associative array of multi-widget arguments. * @type string $classname CSS class applied to the widget container. * @type string $description The widget description. * @type array $_callback When the hook is fired on the back end, `$_callback` is populated * with an array containing the widget object, see `$callback`. * } */ do_action( 'dynamic_sidebar', $wp_registered_widgets[ $id ] ); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); $did_one = true; } } if ( ! is_admin() && ! empty( $sidebar['after_sidebar'] ) ) { echo $sidebar['after_sidebar']; } /** * Fires after widgets are rendered in a dynamic sidebar. * * Note: The action also fires for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. * @param bool $has_widgets Whether the sidebar is populated with widgets. * Default true. */ do_action( 'dynamic_sidebar_after', $index, true ); /** * Filters whether a sidebar has widgets. * * Note: The filter is also evaluated for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param bool $did_one Whether at least one widget was rendered in the sidebar. * Default false. * @param int|string $index Index, name, or ID of the dynamic sidebar. */ return apply_filters( 'dynamic_sidebar_has_widgets', $did_one, $index ); } /** * Determines whether a given widget is displayed on the front end. * * Either $callback or $id_base can be used. * $id_base is the first argument when extending WP_Widget class. * Without the optional $widget_id parameter, returns the ID of the first sidebar * in which the first instance of the widget with the given callback or $id_base is found. * With the $widget_id parameter, returns the ID of the sidebar where * the widget with that callback/$id_base AND that ID is found. * * NOTE: $widget_id and $id_base are the same for single widgets. To be effective * this function has to run after widgets have initialized, at action {@see 'init'} or later. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. * * @param callable|false $callback Optional. Widget callback to check. Default false. * @param string|false $widget_id Optional. Widget ID. Optional, but needed for checking. * Default false. * @param string|false $id_base Optional. The base ID of a widget created by extending WP_Widget. * Default false. * @param bool $skip_inactive Optional. Whether to check in 'wp_inactive_widgets'. * Default true. * @return string|false ID of the sidebar in which the widget is active, * false if the widget is not active. */ function is_active_widget( $callback = false, $widget_id = false, $id_base = false, $skip_inactive = true ) { global $wp_registered_widgets; $sidebars_widgets = wp_get_sidebars_widgets(); if ( is_array( $sidebars_widgets ) ) { foreach ( $sidebars_widgets as $sidebar => $widgets ) { if ( $skip_inactive && ( 'wp_inactive_widgets' === $sidebar || str_starts_with( $sidebar, 'orphaned_widgets' ) ) ) { continue; } if ( is_array( $widgets ) ) { foreach ( $widgets as $widget ) { if ( ( $callback && isset( $wp_registered_widgets[ $widget ]['callback'] ) && $wp_registered_widgets[ $widget ]['callback'] === $callback ) || ( $id_base && _get_widget_id_base( $widget ) === $id_base ) ) { if ( ! $widget_id || $widget_id === $wp_registered_widgets[ $widget ]['id'] ) { return $sidebar; } } } } } } return false; } /** * Determines whether the dynamic sidebar is enabled and used by the theme. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. * @global array $wp_registered_sidebars The registered sidebars. * * @return bool True if using widgets, false otherwise. */ function is_dynamic_sidebar() { global $wp_registered_widgets, $wp_registered_sidebars; $sidebars_widgets = get_option( 'sidebars_widgets' ); foreach ( (array) $wp_registered_sidebars as $index => $sidebar ) { if ( ! empty( $sidebars_widgets[ $index ] ) ) { foreach ( (array) $sidebars_widgets[ $index ] as $widget ) { if ( array_key_exists( $widget, $wp_registered_widgets ) ) { return true; } } } } return false; } /** * Determines whether a sidebar contains widgets. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.8.0 * * @param string|int $index Sidebar name, id or number to check. * @return bool True if the sidebar has widgets, false otherwise. */ function is_active_sidebar( $index ) { $index = ( is_int( $index ) ) ? "sidebar-$index" : sanitize_title( $index ); $sidebars_widgets = wp_get_sidebars_widgets(); $is_active_sidebar = ! empty( $sidebars_widgets[ $index ] ); /** * Filters whether a dynamic sidebar is considered "active". * * @since 3.9.0 * * @param bool $is_active_sidebar Whether or not the sidebar should be considered "active". * In other words, whether the sidebar contains any widgets. * @param int|string $index Index, name, or ID of the dynamic sidebar. */ return apply_filters( 'is_active_sidebar', $is_active_sidebar, $index ); } // // Internal Functions. // /** * Retrieves the full list of sidebars and their widget instance IDs. * * Will upgrade sidebar widget list, if needed. Will also save updated list, if * needed. * * @since 2.2.0 * @access private * * @global array $_wp_sidebars_widgets * @global array $sidebars_widgets * * @param bool $deprecated Not used (argument deprecated). * @return array Upgraded list of widgets to version 3 array format when called from the admin. */ function wp_get_sidebars_widgets( $deprecated = true ) { if ( true !== $deprecated ) { _deprecated_argument( __FUNCTION__, '2.8.1' ); } global $_wp_sidebars_widgets, $sidebars_widgets; /* * If loading from front page, consult $_wp_sidebars_widgets rather than options * to see if wp_convert_widget_settings() has made manipulations in memory. */ if ( ! is_admin() ) { if ( empty( $_wp_sidebars_widgets ) ) { $_wp_sidebars_widgets = get_option( 'sidebars_widgets', array() ); } $sidebars_widgets = $_wp_sidebars_widgets; } else { $sidebars_widgets = get_option( 'sidebars_widgets', array() ); } if ( is_array( $sidebars_widgets ) && isset( $sidebars_widgets['array_version'] ) ) { unset( $sidebars_widgets['array_version'] ); } /** * Filters the list of sidebars and their widgets. * * @since 2.7.0 * * @param array $sidebars_widgets An associative array of sidebars and their widgets. */ return apply_filters( 'sidebars_widgets', $sidebars_widgets ); } /** * Retrieves the registered sidebar with the given ID. * * @since 5.9.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string $id The sidebar ID. * @return array|null The discovered sidebar, or null if it is not registered. */ function wp_get_sidebar( $id ) { global $wp_registered_sidebars; foreach ( (array) $wp_registered_sidebars as $sidebar ) { if ( $sidebar['id'] === $id ) { return $sidebar; } } if ( 'wp_inactive_widgets' === $id ) { return array( 'id' => 'wp_inactive_widgets', 'name' => __( 'Inactive widgets' ), ); } return null; } /** * Sets the sidebar widget option to update sidebars. * * @since 2.2.0 * @access private * * @global array $_wp_sidebars_widgets * @param array $sidebars_widgets Sidebar widgets and their settings. */ function wp_set_sidebars_widgets( $sidebars_widgets ) { global $_wp_sidebars_widgets; // Clear cached value used in wp_get_sidebars_widgets(). $_wp_sidebars_widgets = null; if ( ! isset( $sidebars_widgets['array_version'] ) ) { $sidebars_widgets['array_version'] = 3; } update_option( 'sidebars_widgets', $sidebars_widgets ); } /** * Retrieves default registered sidebars list. * * @since 2.2.0 * @access private * * @global array $wp_registered_sidebars The registered sidebars. * * @return array */ function wp_get_widget_defaults() { global $wp_registered_sidebars; $defaults = array(); foreach ( (array) $wp_registered_sidebars as $index => $sidebar ) { $defaults[ $index ] = array(); } return $defaults; } /** * Converts the widget settings from single to multi-widget format. * * @since 2.8.0 * * @global array $_wp_sidebars_widgets * * @param string $base_name Root ID for all widgets of this type. * @param string $option_name Option name for this widget type. * @param array $settings The array of widget instance settings. * @return array The array of widget settings converted to multi-widget format. */ function wp_convert_widget_settings( $base_name, $option_name, $settings ) { // This test may need expanding. $single = false; $changed = false; if ( empty( $settings ) ) { $single = true; } else { foreach ( array_keys( $settings ) as $number ) { if ( 'number' === $number ) { continue; } if ( ! is_numeric( $number ) ) { $single = true; break; } } } if ( $single ) { $settings = array( 2 => $settings ); // If loading from the front page, update sidebar in memory but don't save to options. if ( is_admin() ) { $sidebars_widgets = get_option( 'sidebars_widgets' ); } else { if ( empty( $GLOBALS['_wp_sidebars_widgets'] ) ) { $GLOBALS['_wp_sidebars_widgets'] = get_option( 'sidebars_widgets', array() ); } $sidebars_widgets = &$GLOBALS['_wp_sidebars_widgets']; } foreach ( (array) $sidebars_widgets as $index => $sidebar ) { if ( is_array( $sidebar ) ) { foreach ( $sidebar as $i => $name ) { if ( $base_name === $name ) { $sidebars_widgets[ $index ][ $i ] = "$name-2"; $changed = true; break 2; } } } } if ( is_admin() && $changed ) { update_option( 'sidebars_widgets', $sidebars_widgets ); } } $settings['_multiwidget'] = 1; if ( is_admin() ) { update_option( $option_name, $settings ); } return $settings; } /** * Outputs an arbitrary widget as a template tag. * * @since 2.8.0 * * @global WP_Widget_Factory $wp_widget_factory * * @param string $widget The widget's PHP class name (see class-wp-widget.php). * @param array $instance Optional. The widget's instance settings. Default empty array. * @param array $args { * Optional. Array of arguments to configure the display of the widget. * * @type string $before_widget HTML content that will be prepended to the widget's HTML output. * Default `<div class="widget %s">`, where `%s` is the widget's class name. * @type string $after_widget HTML content that will be appended to the widget's HTML output. * Default `</div>`. * @type string $before_title HTML content that will be prepended to the widget's title when displayed. * Default `<h2 class="widgettitle">`. * @type string $after_title HTML content that will be appended to the widget's title when displayed. * Default `</h2>`. * } */ function the_widget( $widget, $instance = array(), $args = array() ) { global $wp_widget_factory; if ( ! isset( $wp_widget_factory->widgets[ $widget ] ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: register_widget() */ __( 'Widgets need to be registered using %s, before they can be displayed.' ), '<code>register_widget()</code>' ), '4.9.0' ); return; } $widget_obj = $wp_widget_factory->widgets[ $widget ]; if ( ! ( $widget_obj instanceof WP_Widget ) ) { return; } $default_args = array( 'before_widget' => '<div class="widget %s">', 'after_widget' => '</div>', 'before_title' => '<h2 class="widgettitle">', 'after_title' => '</h2>', ); $args = wp_parse_args( $args, $default_args ); $args['before_widget'] = sprintf( $args['before_widget'], $widget_obj->widget_options['classname'] ); $instance = wp_parse_args( $instance ); /** This filter is documented in wp-includes/class-wp-widget.php */ $instance = apply_filters( 'widget_display_callback', $instance, $widget_obj, $args ); if ( false === $instance ) { return; } /** * Fires before rendering the requested widget. * * @since 3.0.0 * * @param string $widget The widget's class name. * @param array $instance The current widget instance's settings. * @param array $args An array of the widget's sidebar arguments. */ do_action( 'the_widget', $widget, $instance, $args ); $widget_obj->_set( -1 ); $widget_obj->widget( $args, $instance ); } /** * Retrieves the widget ID base value. * * @since 2.8.0 * * @param string $id Widget ID. * @return string Widget ID base. */ function _get_widget_id_base( $id ) { return preg_replace( '/-[0-9]+$/', '', $id ); } /** * Handles sidebars config after theme change. * * @access private * @since 3.3.0 * * @global array $sidebars_widgets */ function _wp_sidebars_changed() { global $sidebars_widgets; if ( ! is_array( $sidebars_widgets ) ) { $sidebars_widgets = wp_get_sidebars_widgets(); } retrieve_widgets( true ); } /** * Validates and remaps any "orphaned" widgets to wp_inactive_widgets sidebar, * and saves the widget settings. This has to run at least on each theme change. * * For example, let's say theme A has a "footer" sidebar, and theme B doesn't have one. * After switching from theme A to theme B, all the widgets previously assigned * to the footer would be inaccessible. This function detects this scenario, and * moves all the widgets previously assigned to the footer under wp_inactive_widgets. * * Despite the word "retrieve" in the name, this function actually updates the database * and the global `$sidebars_widgets`. For that reason it should not be run on front end, * unless the `$theme_changed` value is 'customize' (to bypass the database write). * * @since 2.8.0 * * @global array $wp_registered_sidebars The registered sidebars. * @global array $sidebars_widgets * @global array $wp_registered_widgets The registered widgets. * * @param string|bool $theme_changed Whether the theme was changed as a boolean. A value * of 'customize' defers updates for the Customizer. * @return array Updated sidebars widgets. */ function retrieve_widgets( $theme_changed = false ) { global $wp_registered_sidebars, $sidebars_widgets, $wp_registered_widgets; $registered_sidebars_keys = array_keys( $wp_registered_sidebars ); $registered_widgets_ids = array_keys( $wp_registered_widgets ); if ( ! is_array( get_theme_mod( 'sidebars_widgets' ) ) ) { if ( empty( $sidebars_widgets ) ) { return array(); } unset( $sidebars_widgets['array_version'] ); $sidebars_widgets_keys = array_keys( $sidebars_widgets ); sort( $sidebars_widgets_keys ); sort( $registered_sidebars_keys ); if ( $sidebars_widgets_keys === $registered_sidebars_keys ) { $sidebars_widgets = _wp_remove_unregistered_widgets( $sidebars_widgets, $registered_widgets_ids ); return $sidebars_widgets; } } // Discard invalid, theme-specific widgets from sidebars. $sidebars_widgets = _wp_remove_unregistered_widgets( $sidebars_widgets, $registered_widgets_ids ); $sidebars_widgets = wp_map_sidebars_widgets( $sidebars_widgets ); // Replace non-array values inside the array with an empty array. foreach ( $sidebars_widgets as $key => $value ) { if ( ! is_array( $value ) ) { $sidebars_widgets[ $key ] = array(); } } // Find hidden/lost multi-widget instances. $shown_widgets = array_merge( ...array_values( $sidebars_widgets ) ); $lost_widgets = array_diff( $registered_widgets_ids, $shown_widgets ); foreach ( $lost_widgets as $key => $widget_id ) { $number = preg_replace( '/.+?-([0-9]+)$/', '$1', $widget_id ); // Only keep active and default widgets. if ( is_numeric( $number ) && (int) $number < 2 ) { unset( $lost_widgets[ $key ] ); } } $sidebars_widgets['wp_inactive_widgets'] = array_merge( $lost_widgets, (array) $sidebars_widgets['wp_inactive_widgets'] ); if ( 'customize' !== $theme_changed ) { // Update the widgets settings in the database. wp_set_sidebars_widgets( $sidebars_widgets ); } return $sidebars_widgets; } /** * Compares a list of sidebars with their widgets against an allowed list. * * @since 4.9.0 * @since 4.9.2 Always tries to restore widget assignments from previous data, not just if sidebars needed mapping. * * @global array $wp_registered_sidebars The registered sidebars. * * @param array $existing_sidebars_widgets List of sidebars and their widget instance IDs. * @return array Mapped sidebars widgets. */ function wp_map_sidebars_widgets( $existing_sidebars_widgets ) { global $wp_registered_sidebars; $new_sidebars_widgets = array( 'wp_inactive_widgets' => array(), ); // Short-circuit if there are no sidebars to map. if ( ! is_array( $existing_sidebars_widgets ) || empty( $existing_sidebars_widgets ) ) { return $new_sidebars_widgets; } foreach ( $existing_sidebars_widgets as $sidebar => $widgets ) { if ( 'wp_inactive_widgets' === $sidebar || str_starts_with( $sidebar, 'orphaned_widgets' ) ) { $new_sidebars_widgets['wp_inactive_widgets'] = array_merge( $new_sidebars_widgets['wp_inactive_widgets'], (array) $widgets ); unset( $existing_sidebars_widgets[ $sidebar ] ); } } // If old and new theme have just one sidebar, map it and we're done. if ( 1 === count( $existing_sidebars_widgets ) && 1 === count( $wp_registered_sidebars ) ) { $new_sidebars_widgets[ key( $wp_registered_sidebars ) ] = array_pop( $existing_sidebars_widgets ); return $new_sidebars_widgets; } // Map locations with the same slug. $existing_sidebars = array_keys( $existing_sidebars_widgets ); foreach ( $wp_registered_sidebars as $sidebar => $name ) { if ( in_array( $sidebar, $existing_sidebars, true ) ) { $new_sidebars_widgets[ $sidebar ] = $existing_sidebars_widgets[ $sidebar ]; unset( $existing_sidebars_widgets[ $sidebar ] ); } elseif ( ! array_key_exists( $sidebar, $new_sidebars_widgets ) ) { $new_sidebars_widgets[ $sidebar ] = array(); } } // If there are more sidebars, try to map them. if ( ! empty( $existing_sidebars_widgets ) ) { /* * If old and new theme both have sidebars that contain phrases * from within the same group, make an educated guess and map it. */ $common_slug_groups = array( array( 'sidebar', 'primary', 'main', 'right' ), array( 'second', 'left' ), array( 'sidebar-2', 'footer', 'bottom' ), array( 'header', 'top' ), ); // Go through each group... foreach ( $common_slug_groups as $slug_group ) { // ...and see if any of these slugs... foreach ( $slug_group as $slug ) { // ...and any of the new sidebars... foreach ( $wp_registered_sidebars as $new_sidebar => $args ) { // ...actually match! if ( false === stripos( $new_sidebar, $slug ) && false === stripos( $slug, $new_sidebar ) ) { continue; } // Then see if any of the existing sidebars... foreach ( $existing_sidebars_widgets as $sidebar => $widgets ) { // ...and any slug in the same group... foreach ( $slug_group as $slug ) { // ... have a match as well. if ( false === stripos( $sidebar, $slug ) && false === stripos( $slug, $sidebar ) ) { continue; } // Make sure this sidebar wasn't mapped and removed previously. if ( ! empty( $existing_sidebars_widgets[ $sidebar ] ) ) { // We have a match that can be mapped! $new_sidebars_widgets[ $new_sidebar ] = array_merge( $new_sidebars_widgets[ $new_sidebar ], $existing_sidebars_widgets[ $sidebar ] ); // Remove the mapped sidebar so it can't be mapped again. unset( $existing_sidebars_widgets[ $sidebar ] ); // Go back and check the next new sidebar. continue 3; } } // End foreach ( $slug_group as $slug ). } // End foreach ( $existing_sidebars_widgets as $sidebar => $widgets ). } // End foreach ( $wp_registered_sidebars as $new_sidebar => $args ). } // End foreach ( $slug_group as $slug ). } // End foreach ( $common_slug_groups as $slug_group ). } // Move any left over widgets to inactive sidebar. foreach ( $existing_sidebars_widgets as $widgets ) { if ( is_array( $widgets ) && ! empty( $widgets ) ) { $new_sidebars_widgets['wp_inactive_widgets'] = array_merge( $new_sidebars_widgets['wp_inactive_widgets'], $widgets ); } } // Sidebars_widgets settings from when this theme was previously active. $old_sidebars_widgets = get_theme_mod( 'sidebars_widgets' ); $old_sidebars_widgets = isset( $old_sidebars_widgets['data'] ) ? $old_sidebars_widgets['data'] : false; if ( is_array( $old_sidebars_widgets ) ) { // Remove empty sidebars, no need to map those. $old_sidebars_widgets = array_filter( $old_sidebars_widgets ); // Only check sidebars that are empty or have not been mapped to yet. foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ) { if ( array_key_exists( $new_sidebar, $old_sidebars_widgets ) && ! empty( $new_widgets ) ) { unset( $old_sidebars_widgets[ $new_sidebar ] ); } } // Remove orphaned widgets, we're only interested in previously active sidebars. foreach ( $old_sidebars_widgets as $sidebar => $widgets ) { if ( str_starts_with( $sidebar, 'orphaned_widgets' ) ) { unset( $old_sidebars_widgets[ $sidebar ] ); } } $old_sidebars_widgets = _wp_remove_unregistered_widgets( $old_sidebars_widgets ); // Replace non-array values inside the array with an empty array. foreach ( $new_sidebars_widgets as $key => $value ) { if ( ! is_array( $value ) ) { $new_sidebars_widgets[ $key ] = array(); } } if ( ! empty( $old_sidebars_widgets ) ) { // Go through each remaining sidebar... foreach ( $old_sidebars_widgets as $old_sidebar => $old_widgets ) { // ...and check every new sidebar... foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ) { // ...for every widget we're trying to revive. foreach ( $old_widgets as $key => $widget_id ) { $active_key = array_search( $widget_id, $new_widgets, true ); // If the widget is used elsewhere... if ( false !== $active_key ) { // ...and that elsewhere is inactive widgets... if ( 'wp_inactive_widgets' === $new_sidebar ) { // ...remove it from there and keep the active version... unset( $new_sidebars_widgets['wp_inactive_widgets'][ $active_key ] ); } else { // ...otherwise remove it from the old sidebar and keep it in the new one. unset( $old_sidebars_widgets[ $old_sidebar ][ $key ] ); } } // End if ( $active_key ). } // End foreach ( $old_widgets as $key => $widget_id ). } // End foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ). } // End foreach ( $old_sidebars_widgets as $old_sidebar => $old_widgets ). } // End if ( ! empty( $old_sidebars_widgets ) ). // Restore widget settings from when theme was previously active. $new_sidebars_widgets = array_merge( $new_sidebars_widgets, $old_sidebars_widgets ); } return $new_sidebars_widgets; } /** * Compares a list of sidebars with their widgets against an allowed list. * * @since 4.9.0 * * @global array $wp_registered_widgets The registered widgets. * * @param array $sidebars_widgets List of sidebars and their widget instance IDs. * @param array $allowed_widget_ids Optional. List of widget IDs to compare against. Default: Registered widgets. * @return array Sidebars with allowed widgets. */ function _wp_remove_unregistered_widgets( $sidebars_widgets, $allowed_widget_ids = array() ) { if ( empty( $allowed_widget_ids ) ) { $allowed_widget_ids = array_keys( $GLOBALS['wp_registered_widgets'] ); } foreach ( $sidebars_widgets as $sidebar => $widgets ) { if ( is_array( $widgets ) ) { $sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $allowed_widget_ids ); } } return $sidebars_widgets; } /** * Displays the RSS entries in a list. * * @since 2.5.0 * * @param string|array|object $rss RSS url. * @param array $args Widget arguments. */ function wp_widget_rss_output( $rss, $args = array() ) { if ( is_string( $rss ) ) { $rss = fetch_feed( $rss ); } elseif ( is_array( $rss ) && isset( $rss['url'] ) ) { $args = $rss; $rss = fetch_feed( $rss['url'] ); } elseif ( ! is_object( $rss ) ) { return; } if ( is_wp_error( $rss ) ) { if ( is_admin() || current_user_can( 'manage_options' ) ) { echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $rss->get_error_message() ) . '</p>'; } return; } $default_args = array( 'show_author' => 0, 'show_date' => 0, 'show_summary' => 0, 'items' => 0, ); $args = wp_parse_args( $args, $default_args ); $items = (int) $args['items']; if ( $items < 1 || 20 < $items ) { $items = 10; } $show_summary = (int) $args['show_summary']; $show_author = (int) $args['show_author']; $show_date = (int) $args['show_date']; if ( ! $rss->get_item_quantity() ) { echo '<ul><li>' . __( 'An error has occurred, which probably means the feed is down. Try again later.' ) . '</li></ul>'; $rss->__destruct(); unset( $rss ); return; } echo '<ul>'; foreach ( $rss->get_items( 0, $items ) as $item ) { $link = $item->get_link(); while ( ! empty( $link ) && stristr( $link, 'http' ) !== $link ) { $link = substr( $link, 1 ); } $link = esc_url( strip_tags( $link ) ); $title = esc_html( trim( strip_tags( $item->get_title() ) ) ); if ( empty( $title ) ) { $title = __( 'Untitled' ); } $desc = html_entity_decode( $item->get_description(), ENT_QUOTES, get_option( 'blog_charset' ) ); $desc = esc_attr( wp_trim_words( $desc, 55, ' […]' ) ); $summary = ''; if ( $show_summary ) { $summary = $desc; // Change existing [...] to […]. if ( str_ends_with( $summary, '[...]' ) ) { $summary = substr( $summary, 0, -5 ) . '[…]'; } $summary = '<div class="rssSummary">' . esc_html( $summary ) . '</div>'; } $date = ''; if ( $show_date ) { $date = $item->get_date( 'U' ); if ( $date ) { $date = ' <span class="rss-date">' . date_i18n( get_option( 'date_format' ), $date ) . '</span>'; } } $author = ''; if ( $show_author ) { $author = $item->get_author(); if ( is_object( $author ) ) { $author = $author->get_name(); $author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>'; } } if ( '' === $link ) { echo "<li>$title{$date}{$summary}{$author}</li>"; } elseif ( $show_summary ) { echo "<li><a class='rsswidget' href='$link'>$title</a>{$date}{$summary}{$author}</li>"; } else { echo "<li><a class='rsswidget' href='$link'>$title</a>{$date}{$author}</li>"; } } echo '</ul>'; $rss->__destruct(); unset( $rss ); } /** * Displays RSS widget options form. * * The options for what fields are displayed for the RSS form are all booleans * and are as follows: 'url', 'title', 'items', 'show_summary', 'show_author', * 'show_date'. * * @since 2.5.0 * * @param array|string $args Values for input fields. * @param array $inputs Override default display options. */ function wp_widget_rss_form( $args, $inputs = null ) { $default_inputs = array( 'url' => true, 'title' => true, 'items' => true, 'show_summary' => true, 'show_author' => true, 'show_date' => true, ); $inputs = wp_parse_args( $inputs, $default_inputs ); $args['title'] = isset( $args['title'] ) ? $args['title'] : ''; $args['url'] = isset( $args['url'] ) ? $args['url'] : ''; $args['items'] = isset( $args['items'] ) ? (int) $args['items'] : 0; if ( $args['items'] < 1 || 20 < $args['items'] ) { $args['items'] = 10; } $args['show_summary'] = isset( $args['show_summary'] ) ? (int) $args['show_summary'] : (int) $inputs['show_summary']; $args['show_author'] = isset( $args['show_author'] ) ? (int) $args['show_author'] : (int) $inputs['show_author']; $args['show_date'] = isset( $args['show_date'] ) ? (int) $args['show_date'] : (int) $inputs['show_date']; if ( ! empty( $args['error'] ) ) { echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $args['error'] ) . '</p>'; } $esc_number = esc_attr( $args['number'] ); if ( $inputs['url'] ) : ?> <p><label for="rss-url-<?php echo $esc_number; ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label> <input class="widefat" id="rss-url-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][url]" type="text" value="<?php echo esc_url( $args['url'] ); ?>" /></p> <?php endif; if ( $inputs['title'] ) : ?> <p><label for="rss-title-<?php echo $esc_number; ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label> <input class="widefat" id="rss-title-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][title]" type="text" value="<?php echo esc_attr( $args['title'] ); ?>" /></p> <?php endif; if ( $inputs['items'] ) : ?> <p><label for="rss-items-<?php echo $esc_number; ?>"><?php _e( 'How many items would you like to display?' ); ?></label> <select id="rss-items-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][items]"> <?php for ( $i = 1; $i <= 20; ++$i ) { echo "<option value='$i' " . selected( $args['items'], $i, false ) . ">$i</option>"; } ?> </select></p> <?php endif; if ( $inputs['show_summary'] || $inputs['show_author'] || $inputs['show_date'] ) : ?> <p> <?php if ( $inputs['show_summary'] ) : ?> <input id="rss-show-summary-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> /> <label for="rss-show-summary-<?php echo $esc_number; ?>"><?php _e( 'Display item content?' ); ?></label><br /> <?php endif; if ( $inputs['show_author'] ) : ?> <input id="rss-show-author-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> /> <label for="rss-show-author-<?php echo $esc_number; ?>"><?php _e( 'Display item author if available?' ); ?></label><br /> <?php endif; if ( $inputs['show_date'] ) : ?> <input id="rss-show-date-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?> /> <label for="rss-show-date-<?php echo $esc_number; ?>"><?php _e( 'Display item date?' ); ?></label><br /> <?php endif; ?> </p> <?php endif; // End of display options. foreach ( array_keys( $default_inputs ) as $input ) : if ( 'hidden' === $inputs[ $input ] ) : $id = str_replace( '_', '-', $input ); ?> <input type="hidden" id="rss-<?php echo esc_attr( $id ); ?>-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][<?php echo esc_attr( $input ); ?>]" value="<?php echo esc_attr( $args[ $input ] ); ?>" /> <?php endif; endforeach; } /** * Processes RSS feed widget data and optionally retrieve feed items. * * The feed widget can not have more than 20 items or it will reset back to the * default, which is 10. * * The resulting array has the feed title, feed url, feed link (from channel), * feed items, error (if any), and whether to show summary, author, and date. * All respectively in the order of the array elements. * * @since 2.5.0 * * @param array $widget_rss RSS widget feed data. Expects unescaped data. * @param bool $check_feed Optional. Whether to check feed for errors. Default true. * @return array */ function wp_widget_rss_process( $widget_rss, $check_feed = true ) { $items = (int) $widget_rss['items']; if ( $items < 1 || 20 < $items ) { $items = 10; } $url = sanitize_url( strip_tags( $widget_rss['url'] ) ); $title = isset( $widget_rss['title'] ) ? trim( strip_tags( $widget_rss['title'] ) ) : ''; $show_summary = isset( $widget_rss['show_summary'] ) ? (int) $widget_rss['show_summary'] : 0; $show_author = isset( $widget_rss['show_author'] ) ? (int) $widget_rss['show_author'] : 0; $show_date = isset( $widget_rss['show_date'] ) ? (int) $widget_rss['show_date'] : 0; $error = false; $link = ''; if ( $check_feed ) { $rss = fetch_feed( $url ); if ( is_wp_error( $rss ) ) { $error = $rss->get_error_message(); } else { $link = esc_url( strip_tags( $rss->get_permalink() ) ); while ( stristr( $link, 'http' ) !== $link ) { $link = substr( $link, 1 ); } $rss->__destruct(); unset( $rss ); } } return compact( 'title', 'url', 'link', 'items', 'error', 'show_summary', 'show_author', 'show_date' ); } /** * Registers all of the default WordPress widgets on startup. * * Calls {@see 'widgets_init'} action after all of the WordPress widgets have been registered. * * @since 2.2.0 */ function wp_widgets_init() { if ( ! is_blog_installed() ) { return; } register_widget( 'WP_Widget_Pages' ); register_widget( 'WP_Widget_Calendar' ); register_widget( 'WP_Widget_Archives' ); if ( get_option( 'link_manager_enabled' ) ) { register_widget( 'WP_Widget_Links' ); } register_widget( 'WP_Widget_Media_Audio' ); register_widget( 'WP_Widget_Media_Image' ); register_widget( 'WP_Widget_Media_Gallery' ); register_widget( 'WP_Widget_Media_Video' ); register_widget( 'WP_Widget_Meta' ); register_widget( 'WP_Widget_Search' ); register_widget( 'WP_Widget_Text' ); register_widget( 'WP_Widget_Categories' ); register_widget( 'WP_Widget_Recent_Posts' ); register_widget( 'WP_Widget_Recent_Comments' ); register_widget( 'WP_Widget_RSS' ); register_widget( 'WP_Widget_Tag_Cloud' ); register_widget( 'WP_Nav_Menu_Widget' ); register_widget( 'WP_Widget_Custom_HTML' ); register_widget( 'WP_Widget_Block' ); /** * Fires after all default WordPress widgets have been registered. * * @since 2.2.0 */ do_action( 'widgets_init' ); } /** * Enables the widgets block editor. This is hooked into 'after_setup_theme' so * that the block editor is enabled by default but can be disabled by themes. * * @since 5.8.0 * * @access private */ function wp_setup_widgets_block_editor() { add_theme_support( 'widgets-block-editor' ); } /** * Determines whether or not to use the block editor to manage widgets. * Defaults to true unless a theme has removed support for widgets-block-editor * or a plugin has filtered the return value of this function. * * @since 5.8.0 * * @return bool Whether to use the block editor to manage widgets. */ function wp_use_widgets_block_editor() { /** * Filters whether to use the block editor to manage widgets. * * @since 5.8.0 * * @param bool $use_widgets_block_editor Whether to use the block editor to manage widgets. */ return apply_filters( 'use_widgets_block_editor', get_theme_support( 'widgets-block-editor' ) ); } /** * Converts a widget ID into its id_base and number components. * * @since 5.8.0 * * @param string $id Widget ID. * @return array Array containing a widget's id_base and number components. */ function wp_parse_widget_id( $id ) { $parsed = array(); if ( preg_match( '/^(.+)-(\d+)$/', $id, $matches ) ) { $parsed['id_base'] = $matches[1]; $parsed['number'] = (int) $matches[2]; } else { // Likely an old single widget. $parsed['id_base'] = $id; } return $parsed; } /** * Finds the sidebar that a given widget belongs to. * * @since 5.8.0 * * @param string $widget_id The widget ID to look for. * @return string|null The found sidebar's ID, or null if it was not found. */ function wp_find_widgets_sidebar( $widget_id ) { foreach ( wp_get_sidebars_widgets() as $sidebar_id => $widget_ids ) { foreach ( $widget_ids as $maybe_widget_id ) { if ( $maybe_widget_id === $widget_id ) { return (string) $sidebar_id; } } } return null; } /** * Assigns a widget to the given sidebar. * * @since 5.8.0 * * @param string $widget_id The widget ID to assign. * @param string $sidebar_id The sidebar ID to assign to. If empty, the widget won't be added to any sidebar. */ function wp_assign_widget_to_sidebar( $widget_id, $sidebar_id ) { $sidebars = wp_get_sidebars_widgets(); foreach ( $sidebars as $maybe_sidebar_id => $widgets ) { foreach ( $widgets as $i => $maybe_widget_id ) { if ( $widget_id === $maybe_widget_id && $sidebar_id !== $maybe_sidebar_id ) { unset( $sidebars[ $maybe_sidebar_id ][ $i ] ); // We could technically break 2 here, but continue looping in case the ID is duplicated. continue 2; } } } if ( $sidebar_id ) { $sidebars[ $sidebar_id ][] = $widget_id; } wp_set_sidebars_widgets( $sidebars ); } /** * Calls the render callback of a widget and returns the output. * * @since 5.8.0 * * @global array $wp_registered_widgets The registered widgets. * @global array $wp_registered_sidebars The registered sidebars. * * @param string $widget_id Widget ID. * @param string $sidebar_id Sidebar ID. * @return string */ function wp_render_widget( $widget_id, $sidebar_id ) { global $wp_registered_widgets, $wp_registered_sidebars; if ( ! isset( $wp_registered_widgets[ $widget_id ] ) ) { return ''; } if ( isset( $wp_registered_sidebars[ $sidebar_id ] ) ) { $sidebar = $wp_registered_sidebars[ $sidebar_id ]; } elseif ( 'wp_inactive_widgets' === $sidebar_id ) { $sidebar = array(); } else { return ''; } $params = array_merge( array( array_merge( $sidebar, array( 'widget_id' => $widget_id, 'widget_name' => $wp_registered_widgets[ $widget_id ]['name'], ) ), ), (array) $wp_registered_widgets[ $widget_id ]['params'] ); // Substitute HTML `id` and `class` attributes into `before_widget`. $classname_ = ''; foreach ( (array) $wp_registered_widgets[ $widget_id ]['classname'] as $cn ) { if ( is_string( $cn ) ) { $classname_ .= '_' . $cn; } elseif ( is_object( $cn ) ) { $classname_ .= '_' . get_class( $cn ); } } $classname_ = ltrim( $classname_, '_' ); $params[0]['before_widget'] = sprintf( $params[0]['before_widget'], $widget_id, $classname_ ); /** This filter is documented in wp-includes/widgets.php */ $params = apply_filters( 'dynamic_sidebar_params', $params ); $callback = $wp_registered_widgets[ $widget_id ]['callback']; ob_start(); /** This filter is documented in wp-includes/widgets.php */ do_action( 'dynamic_sidebar', $wp_registered_widgets[ $widget_id ] ); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); } return ob_get_clean(); } /** * Calls the control callback of a widget and returns the output. * * @since 5.8.0 * * @global array $wp_registered_widget_controls The registered widget controls. * * @param string $id Widget ID. * @return string|null */ function wp_render_widget_control( $id ) { global $wp_registered_widget_controls; if ( ! isset( $wp_registered_widget_controls[ $id ]['callback'] ) ) { return null; } $callback = $wp_registered_widget_controls[ $id ]['callback']; $params = $wp_registered_widget_controls[ $id ]['params']; ob_start(); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); } return ob_get_clean(); } /** * Displays a _doing_it_wrong() message for conflicting widget editor scripts. * * The 'wp-editor' script module is exposed as window.wp.editor. This overrides * the legacy TinyMCE editor module which is required by the widgets editor. * Because of that conflict, these two shouldn't be enqueued together. * See https://core.trac.wordpress.org/ticket/53569. * * There is also another conflict related to styles where the block widgets * editor is hidden if a block enqueues 'wp-edit-post' stylesheet. * See https://core.trac.wordpress.org/ticket/53569. * * @since 5.8.0 * @access private * * @global WP_Scripts $wp_scripts * @global WP_Styles $wp_styles */ function wp_check_widget_editor_deps() { global $wp_scripts, $wp_styles; if ( $wp_scripts->query( 'wp-edit-widgets', 'enqueued' ) || $wp_scripts->query( 'wp-customize-widgets', 'enqueued' ) ) { if ( $wp_scripts->query( 'wp-editor', 'enqueued' ) ) { _doing_it_wrong( 'wp_enqueue_script()', sprintf( /* translators: 1: 'wp-editor', 2: 'wp-edit-widgets', 3: 'wp-customize-widgets'. */ __( '"%1$s" script should not be enqueued together with the new widgets editor (%2$s or %3$s).' ), 'wp-editor', 'wp-edit-widgets', 'wp-customize-widgets' ), '5.8.0' ); } if ( $wp_styles->query( 'wp-edit-post', 'enqueued' ) ) { _doing_it_wrong( 'wp_enqueue_style()', sprintf( /* translators: 1: 'wp-edit-post', 2: 'wp-edit-widgets', 3: 'wp-customize-widgets'. */ __( '"%1$s" style should not be enqueued together with the new widgets editor (%2$s or %3$s).' ), 'wp-edit-post', 'wp-edit-widgets', 'wp-customize-widgets' ), '5.8.0' ); } } } /** * Registers the previous theme's sidebars for the block themes. * * @since 6.2.0 * @access private * * @global array $wp_registered_sidebars The registered sidebars. */ function _wp_block_theme_register_classic_sidebars() { global $wp_registered_sidebars; if ( ! wp_is_block_theme() ) { return; } $classic_sidebars = get_theme_mod( 'wp_classic_sidebars' ); if ( empty( $classic_sidebars ) ) { return; } // Don't use `register_sidebar` since it will enable the `widgets` support for a theme. foreach ( $classic_sidebars as $sidebar ) { $wp_registered_sidebars[ $sidebar['id'] ] = $sidebar; } } HTTP/https-detection-20260605183345-20260606231349.php 0000666 00000013341 15226703613 0014150 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-http-20260605074623.php 0000666 00000121142 15226703613 0012144 0 ustar 00 <?php /** * HTTP API: WP_Http class * * @package WordPress * @subpackage HTTP * @since 2.7.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) { require ABSPATH . WPINC . '/Requests/src/Autoload.php'; WpOrg\Requests\Autoload::register(); WpOrg\Requests\Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' ); } /** * Core class used for managing HTTP transports and making HTTP requests. * * This class is used to consistently make outgoing HTTP requests easy for developers * while still being compatible with the many PHP configurations under which * WordPress runs. * * Debugging includes several actions, which pass different variables for debugging the HTTP API. * * @since 2.7.0 */ #[AllowDynamicProperties] class WP_Http { // Aliases for HTTP response codes. const HTTP_CONTINUE = 100; const SWITCHING_PROTOCOLS = 101; const PROCESSING = 102; const EARLY_HINTS = 103; const OK = 200; const CREATED = 201; const ACCEPTED = 202; const NON_AUTHORITATIVE_INFORMATION = 203; const NO_CONTENT = 204; const RESET_CONTENT = 205; const PARTIAL_CONTENT = 206; const MULTI_STATUS = 207; const IM_USED = 226; const MULTIPLE_CHOICES = 300; const MOVED_PERMANENTLY = 301; const FOUND = 302; const SEE_OTHER = 303; const NOT_MODIFIED = 304; const USE_PROXY = 305; const RESERVED = 306; const TEMPORARY_REDIRECT = 307; const PERMANENT_REDIRECT = 308; const BAD_REQUEST = 400; const UNAUTHORIZED = 401; const PAYMENT_REQUIRED = 402; const FORBIDDEN = 403; const NOT_FOUND = 404; const METHOD_NOT_ALLOWED = 405; const NOT_ACCEPTABLE = 406; const PROXY_AUTHENTICATION_REQUIRED = 407; const REQUEST_TIMEOUT = 408; const CONFLICT = 409; const GONE = 410; const LENGTH_REQUIRED = 411; const PRECONDITION_FAILED = 412; const REQUEST_ENTITY_TOO_LARGE = 413; const REQUEST_URI_TOO_LONG = 414; const UNSUPPORTED_MEDIA_TYPE = 415; const REQUESTED_RANGE_NOT_SATISFIABLE = 416; const EXPECTATION_FAILED = 417; const IM_A_TEAPOT = 418; const MISDIRECTED_REQUEST = 421; const UNPROCESSABLE_ENTITY = 422; const LOCKED = 423; const FAILED_DEPENDENCY = 424; const TOO_EARLY = 425; const UPGRADE_REQUIRED = 426; const PRECONDITION_REQUIRED = 428; const TOO_MANY_REQUESTS = 429; const REQUEST_HEADER_FIELDS_TOO_LARGE = 431; const UNAVAILABLE_FOR_LEGAL_REASONS = 451; const INTERNAL_SERVER_ERROR = 500; const NOT_IMPLEMENTED = 501; const BAD_GATEWAY = 502; const SERVICE_UNAVAILABLE = 503; const GATEWAY_TIMEOUT = 504; const HTTP_VERSION_NOT_SUPPORTED = 505; const VARIANT_ALSO_NEGOTIATES = 506; const INSUFFICIENT_STORAGE = 507; const NOT_EXTENDED = 510; const NETWORK_AUTHENTICATION_REQUIRED = 511; /** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', 'PUT', 'DELETE', * 'TRACE', 'OPTIONS', or 'PATCH'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type float $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports. * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through wp_http_validate_url(). * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string $sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be dropped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error { * Array of response data, or a WP_Error instance upon error. * * @type \WpOrg\Requests\Utility\CaseInsensitiveDictionary $headers Response headers keyed by name. * @type string $body Response body. * @type array $response { * Array of HTTP response data. * * @type int|false $code HTTP response status code. * @type string|false $message HTTP response message. * } * @type WP_HTTP_Cookie[] $cookies Array of cookies set by the server. * @type string|null $filename Optional. Filename of the response. * @type WP_HTTP_Requests_Response|null $http_response Response object. * } */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', /** * Filters the timeout value for an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param float $timeout_value Time in seconds until a request times out. Default 5. * @param string $url The request URL. */ 'timeout' => apply_filters( 'http_request_timeout', 5, $url ), /** * Filters the number of redirects allowed during an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param int $redirect_count Number of redirects allowed. Default 5. * @param string $url The request URL. */ 'redirection' => apply_filters( 'http_request_redirection_count', 5, $url ), /** * Filters the version of the HTTP protocol used in a request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $version Version of HTTP used. Accepts '1.0' and '1.1'. Default '1.0'. * @param string $url The request URL. */ 'httpversion' => apply_filters( 'http_request_version', '1.0', $url ), /** * Filters the user agent value sent with an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $user_agent WordPress user agent string. * @param string $url The request URL. */ 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $url ), /** * Filters whether to pass URLs through wp_http_validate_url() in an HTTP request. * * @since 3.6.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $pass_url Whether to pass URLs through wp_http_validate_url(). Default false. * @param string $url The request URL. */ 'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false, $url ), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null, ); // Pre-parse for the HEAD checks. $args = wp_parse_args( $args ); // By default, HEAD requests do not cause redirections. if ( isset( $args['method'] ) && 'HEAD' === $args['method'] ) { $defaults['redirection'] = 0; } $parsed_args = wp_parse_args( $args, $defaults ); /** * Filters the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $parsed_args An array of HTTP request arguments. * @param string $url The request URL. */ $parsed_args = apply_filters( 'http_request_args', $parsed_args, $url ); // The transports decrement this, store a copy of the original value for loop purposes. if ( ! isset( $parsed_args['_redirection'] ) ) { $parsed_args['_redirection'] = $parsed_args['redirection']; } /** * Filters the preemptive return value of an HTTP request. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return one of: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - Boolean false to avoid short-circuiting the response * * Returning any other value may result in unexpected behavior. * * @since 2.9.0 * * @param false|array|WP_Error $response A preemptive return value of an HTTP request. Default false. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters( 'pre_http_request', false, $parsed_args, $url ); if ( false !== $pre ) { return $pre; } if ( function_exists( 'wp_kses_bad_protocol' ) ) { if ( $parsed_args['reject_unsafe_urls'] ) { $url = wp_http_validate_url( $url ); } if ( $url ) { $url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) ); } } $parsed_url = parse_url( $url ); if ( empty( $url ) || empty( $parsed_url['scheme'] ) ) { $response = new WP_Error( 'http_request_failed', __( 'A valid URL was not provided.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } if ( $this->block_request( $url ) ) { $response = new WP_Error( 'http_request_not_executed', __( 'User has blocked requests through HTTP.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } // If we are streaming to a file but no filename was given drop it in the WP temp dir // and pick its name using the basename of the $url. if ( $parsed_args['stream'] ) { if ( empty( $parsed_args['filename'] ) ) { $parsed_args['filename'] = get_temp_dir() . basename( $url ); } // Force some settings if we are streaming to a file and check for existence // and perms of destination directory. $parsed_args['blocking'] = true; if ( ! wp_is_writable( dirname( $parsed_args['filename'] ) ) ) { $response = new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } } if ( is_null( $parsed_args['headers'] ) ) { $parsed_args['headers'] = array(); } // WP allows passing in headers as a string, weirdly. if ( ! is_array( $parsed_args['headers'] ) ) { $processed_headers = self::processHeaders( $parsed_args['headers'] ); $parsed_args['headers'] = $processed_headers['headers']; } // Setup arguments. $headers = $parsed_args['headers']; $data = $parsed_args['body']; $type = $parsed_args['method']; $options = array( 'timeout' => $parsed_args['timeout'], 'useragent' => $parsed_args['user-agent'], 'blocking' => $parsed_args['blocking'], 'hooks' => new WP_HTTP_Requests_Hooks( $url, $parsed_args ), ); // Ensure redirects follow browser behavior. $options['hooks']->register( 'requests.before_redirect', array( static::class, 'browser_redirect_compatibility' ) ); // Validate redirected URLs. if ( function_exists( 'wp_kses_bad_protocol' ) && $parsed_args['reject_unsafe_urls'] ) { $options['hooks']->register( 'requests.before_redirect', array( static::class, 'validate_redirects' ) ); } if ( $parsed_args['stream'] ) { $options['filename'] = $parsed_args['filename']; } if ( empty( $parsed_args['redirection'] ) ) { $options['follow_redirects'] = false; } else { $options['redirects'] = $parsed_args['redirection']; } // Use byte limit, if we can. if ( isset( $parsed_args['limit_response_size'] ) ) { $options['max_bytes'] = $parsed_args['limit_response_size']; } // If we've got cookies, use and convert them to WpOrg\Requests\Cookie. if ( ! empty( $parsed_args['cookies'] ) ) { $options['cookies'] = self::normalize_cookies( $parsed_args['cookies'] ); } // SSL certificate handling. if ( ! $parsed_args['sslverify'] ) { $options['verify'] = false; $options['verifyname'] = false; } else { $options['verify'] = $parsed_args['sslcertificates']; } // All non-GET/HEAD requests should put the arguments in the form body. if ( 'HEAD' !== $type && 'GET' !== $type ) { $options['data_format'] = 'body'; } /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection * or path to an SSL certificate. * @param string $url The request URL. */ $options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'], $url ); // Check for proxies. $proxy = new WP_HTTP_Proxy(); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $options['proxy'] = new WpOrg\Requests\Proxy\Http( $proxy->host() . ':' . $proxy->port() ); if ( $proxy->use_authentication() ) { $options['proxy']->use_authentication = true; $options['proxy']->user = $proxy->username(); $options['proxy']->pass = $proxy->password(); } } // Avoid issues where mbstring.func_overload is enabled. mbstring_binary_safe_encoding(); try { $requests_response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options ); // Convert the response into an array. $http_response = new WP_HTTP_Requests_Response( $requests_response, $parsed_args['filename'] ); $response = $http_response->to_array(); // Add the original object to the array. $response['http_response'] = $http_response; } catch ( WpOrg\Requests\Exception $e ) { $response = new WP_Error( 'http_request_failed', $e->getMessage() ); } reset_mbstring_encoding(); /** * Fires after an HTTP API response is received and before the response is returned. * * @since 2.8.0 * * @param array|WP_Error $response HTTP response or WP_Error object. * @param string $context Context under which the hook is fired. * @param string $class HTTP transport used. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); if ( is_wp_error( $response ) ) { return $response; } if ( ! $parsed_args['blocking'] ) { return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), 'http_response' => null, ); } /** * Filters a successful HTTP API response immediately before the response is returned. * * @since 2.9.0 * * @param array $response HTTP response. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ return apply_filters( 'http_response', $response, $parsed_args, $url ); } /** * Normalizes cookies for using in Requests. * * @since 4.6.0 * * @param array $cookies Array of cookies to send with the request. * @return WpOrg\Requests\Cookie\Jar Cookie holder object. */ public static function normalize_cookies( $cookies ) { $cookie_jar = new WpOrg\Requests\Cookie\Jar(); foreach ( $cookies as $name => $value ) { if ( $value instanceof WP_Http_Cookie ) { $attributes = array_filter( $value->get_attributes(), static function ( $attr ) { return null !== $attr; } ); $cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) ); } elseif ( is_scalar( $value ) ) { $cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value ); } } return $cookie_jar; } /** * Match redirect behavior to browser handling. * * Changes 302 redirects from POST to GET to match browser handling. Per * RFC 7231, user agents can deviate from the strict reading of the * specification for compatibility purposes. * * @since 4.6.0 * * @param string $location URL to redirect to. * @param array $headers Headers for the redirect. * @param string|array $data Body to send with the request. * @param array $options Redirect request options. * @param WpOrg\Requests\Response $original Response object. */ public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) { // Browser compatibility. if ( 302 === $original->status_code ) { $options['type'] = WpOrg\Requests\Requests::GET; } } /** * Validate redirected URLs. * * @since 4.7.5 * * @throws WpOrg\Requests\Exception On unsuccessful URL validation. * @param string $location URL to redirect to. */ public static function validate_redirects( $location ) { if ( ! wp_http_validate_url( $location ) ) { throw new WpOrg\Requests\Exception( __( 'A valid URL was not provided.' ), 'wp_http.redirect_failed_validation' ); } } /** * Tests which transports are capable of supporting the request. * * @since 3.2.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * @see WpOrg\Requests\Requests::get_transport_class() * * @param array $args Request arguments. * @param string $url URL to request. * @return string|false Class name for the first transport that claims to support the request. * False if no transport claims to support the request. */ public function _get_first_available_transport( $args, $url = null ) { $transports = array( 'curl', 'streams' ); /** * Filters which HTTP transports are available and in what order. * * @since 3.7.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * * @param string[] $transports Array of HTTP transports to check. Default array contains * 'curl' and 'streams', in that order. * @param array $args HTTP request arguments. * @param string $url The URL to request. */ $request_order = apply_filters_deprecated( 'http_api_transports', array( $transports, $args, $url ), '6.4.0' ); // Loop over each transport on each HTTP request looking for one which will serve this request's needs. foreach ( $request_order as $transport ) { if ( in_array( $transport, $transports, true ) ) { $transport = ucfirst( $transport ); } $class = 'WP_Http_' . $transport; // Check to see if this transport is a possibility, calls the transport statically. if ( ! call_user_func( array( $class, 'test' ), $args, $url ) ) { continue; } return $class; } return false; } /** * Dispatches a HTTP request to a supporting transport. * * Tests each transport in order to find a transport which matches the request arguments. * Also caches the transport instance to be used later. * * The order for requests is cURL, and then PHP Streams. * * @since 3.2.0 * @deprecated 5.1.0 Use WP_Http::request() * @see WP_Http::request() * * @param string $url URL to request. * @param array $args Request arguments. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ private function _dispatch_request( $url, $args ) { static $transports = array(); $class = $this->_get_first_available_transport( $args, $url ); if ( ! $class ) { return new WP_Error( 'http_failure', __( 'There are no HTTP transports available which can complete the requested request.' ) ); } // Transport claims to support request, instantiate it and give it a whirl. if ( empty( $transports[ $class ] ) ) { $transports[ $class ] = new $class(); } $response = $transports[ $class ]->request( $url, $args ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', $class, $args, $url ); if ( is_wp_error( $response ) ) { return $response; } /** This filter is documented in wp-includes/class-wp-http.php */ return apply_filters( 'http_response', $response, $args, $url ); } /** * Uses the POST HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function post( $url, $args = array() ) { $defaults = array( 'method' => 'POST' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the GET HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function get( $url, $args = array() ) { $defaults = array( 'method' => 'GET' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the HEAD HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function head( $url, $args = array() ) { $defaults = array( 'method' => 'HEAD' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Parses the responses and splits the parts into headers and body. * * @since 2.7.0 * * @param string $response The full response string. * @return array { * Array with response headers and body. * * @type string $headers HTTP response headers. * @type string $body HTTP response body. * } */ public static function processResponse( $response ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid $response = explode( "\r\n\r\n", $response, 2 ); return array( 'headers' => $response[0], 'body' => isset( $response[1] ) ? $response[1] : '', ); } /** * Transforms header string into an array. * * @since 2.7.0 * * @param string|array $headers The original headers. If a string is passed, it will be converted * to an array. If an array is passed, then it is assumed to be * raw header data with numeric keys with the headers as the values. * No headers must be passed that were already processed. * @param string $url Optional. The URL that was requested. Default empty. * @return array { * Processed string headers. If duplicate headers are encountered, * then a numbered array is returned as the value of that header-key. * * @type array $response { * @type int $code The response status code. Default 0. * @type string $message The response message. Default empty. * } * @type array $newheaders The processed header data as a multidimensional array. * @type WP_Http_Cookie[] $cookies If the original headers contain the 'Set-Cookie' key, * an array containing `WP_Http_Cookie` objects is returned. * } */ public static function processHeaders( $headers, $url = '' ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // Split headers, one per array element. if ( is_string( $headers ) ) { // Tolerate line terminator: CRLF = LF (RFC 2616 19.3). $headers = str_replace( "\r\n", "\n", $headers ); /* * Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>, * <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2). */ $headers = preg_replace( '/\n[ \t]/', ' ', $headers ); // Create the headers array. $headers = explode( "\n", $headers ); } $response = array( 'code' => 0, 'message' => '', ); /* * If a redirection has taken place, The headers for each page request may have been passed. * In this case, determine the final HTTP header and parse from there. */ for ( $i = count( $headers ) - 1; $i >= 0; $i-- ) { if ( ! empty( $headers[ $i ] ) && ! str_contains( $headers[ $i ], ':' ) ) { $headers = array_splice( $headers, $i ); break; } } $cookies = array(); $newheaders = array(); foreach ( (array) $headers as $tempheader ) { if ( empty( $tempheader ) ) { continue; } if ( ! str_contains( $tempheader, ':' ) ) { $stack = explode( ' ', $tempheader, 3 ); $stack[] = ''; list( , $response['code'], $response['message']) = $stack; continue; } list($key, $value) = explode( ':', $tempheader, 2 ); $key = strtolower( $key ); $value = trim( $value ); if ( isset( $newheaders[ $key ] ) ) { if ( ! is_array( $newheaders[ $key ] ) ) { $newheaders[ $key ] = array( $newheaders[ $key ] ); } $newheaders[ $key ][] = $value; } else { $newheaders[ $key ] = $value; } if ( 'set-cookie' === $key ) { $cookies[] = new WP_Http_Cookie( $value, $url ); } } // Cast the Response Code to an int. $response['code'] = (int) $response['code']; return array( 'response' => $response, 'headers' => $newheaders, 'cookies' => $cookies, ); } /** * Takes the arguments for a ::request() and checks for the cookie array. * * If it's found, then it upgrades any basic name => value pairs to WP_Http_Cookie instances, * which are each parsed into strings and added to the Cookie: header (within the arguments array). * Edits the array by reference. * * @since 2.8.0 * * @param array $r Full array of args passed into ::request() */ public static function buildCookieHeader( &$r ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! empty( $r['cookies'] ) ) { // Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances. foreach ( $r['cookies'] as $name => $value ) { if ( ! is_object( $value ) ) { $r['cookies'][ $name ] = new WP_Http_Cookie( array( 'name' => $name, 'value' => $value, ) ); } } $cookies_header = ''; foreach ( (array) $r['cookies'] as $cookie ) { $cookies_header .= $cookie->getHeaderValue() . '; '; } $cookies_header = substr( $cookies_header, 0, -2 ); $r['headers']['cookie'] = $cookies_header; } } /** * Decodes chunk transfer-encoding, based off the HTTP 1.1 specification. * * Based off the HTTP http_encoding_dechunk function. * * @link https://tools.ietf.org/html/rfc2616#section-19.4.6 Process for chunked decoding. * * @since 2.7.0 * * @param string $body Body content. * @return string Chunked decoded body on success or raw body on failure. */ public static function chunkTransferDecode( $body ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // The body is not chunked encoded or is malformed. if ( ! preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', trim( $body ) ) ) { return $body; } $parsed_body = ''; // We'll be altering $body, so need a backup in case of error. $body_original = $body; while ( true ) { $has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match ); if ( ! $has_chunk || empty( $match[1] ) ) { return $body_original; } $length = hexdec( $match[1] ); $chunk_length = strlen( $match[0] ); // Parse out the chunk of data. $parsed_body .= substr( $body, $chunk_length, $length ); // Remove the chunk from the raw data. $body = substr( $body, $length + $chunk_length ); // End of the document. if ( '0' === trim( $body ) ) { return $parsed_body; } } } /** * Determines whether an HTTP API request to the given URL should be blocked. * * Those who are behind a proxy and want to prevent access to certain hosts may do so. This will * prevent plugins from working and core functionality, if you don't include `api.wordpress.org`. * * You block external URL requests by defining `WP_HTTP_BLOCK_EXTERNAL` as true in your `wp-config.php` * file and this will only allow localhost and your site to make requests. The constant * `WP_ACCESSIBLE_HOSTS` will allow additional hosts to go through for requests. The format of the * `WP_ACCESSIBLE_HOSTS` constant is a comma separated list of hostnames to allow, wildcard domains * are supported, eg `*.wordpress.org` will allow for all subdomains of `wordpress.org` to be contacted. * * @since 2.8.0 * * @link https://core.trac.wordpress.org/ticket/8927 Allow preventing external requests. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_ACCESSIBLE_HOSTS * * @param string $uri URI of url. * @return bool True to block, false to allow. */ public function block_request( $uri ) { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) { return false; } $check = parse_url( $uri ); if ( ! $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * * A local request is one to `localhost` or to the same host as the site itself. * * @since 2.8.0 * * @param bool $block Whether to block local requests. Default false. */ return apply_filters( 'block_local_requests', false ); } if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) { return true; } static $accessible_hosts = null; static $wildcard_regex = array(); if ( null === $accessible_hosts ) { $accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS ); if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $accessible_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it. } } /** * Used as a wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7. * * @deprecated 4.4.0 Use wp_parse_url() * @see wp_parse_url() * * @param string $url The URL to parse. * @return bool|array False on failure; Array of URL components on success; * See parse_url()'s return values. */ protected static function parse_url( $url ) { _deprecated_function( __METHOD__, '4.4.0', 'wp_parse_url()' ); return wp_parse_url( $url ); } /** * Converts a relative URL to an absolute URL relative to a given URL. * * If an Absolute URL is provided, no processing of that URL is done. * * @since 3.4.0 * * @param string $maybe_relative_path The URL which might be relative. * @param string $url The URL which $maybe_relative_path is relative to. * @return string An Absolute URL, in a failure condition where the URL cannot be parsed, the relative URL will be returned. */ public static function make_absolute_url( $maybe_relative_path, $url ) { if ( empty( $url ) ) { return $maybe_relative_path; } $url_parts = wp_parse_url( $url ); if ( ! $url_parts ) { return $maybe_relative_path; } $relative_url_parts = wp_parse_url( $maybe_relative_path ); if ( ! $relative_url_parts ) { return $maybe_relative_path; } // Check for a scheme on the 'relative' URL. if ( ! empty( $relative_url_parts['scheme'] ) ) { return $maybe_relative_path; } $absolute_path = $url_parts['scheme'] . '://'; // Schemeless URLs will make it this far, so we check for a host in the relative URL // and convert it to a protocol-URL. if ( isset( $relative_url_parts['host'] ) ) { $absolute_path .= $relative_url_parts['host']; if ( isset( $relative_url_parts['port'] ) ) { $absolute_path .= ':' . $relative_url_parts['port']; } } else { $absolute_path .= $url_parts['host']; if ( isset( $url_parts['port'] ) ) { $absolute_path .= ':' . $url_parts['port']; } } // Start off with the absolute URL path. $path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/'; // If it's a root-relative path, then great. if ( ! empty( $relative_url_parts['path'] ) && '/' === $relative_url_parts['path'][0] ) { $path = $relative_url_parts['path']; // Else it's a relative path. } elseif ( ! empty( $relative_url_parts['path'] ) ) { // Strip off any file components from the absolute path. $path = substr( $path, 0, strrpos( $path, '/' ) + 1 ); // Build the new path. $path .= $relative_url_parts['path']; // Strip all /path/../ out of the path. while ( strpos( $path, '../' ) > 1 ) { $path = preg_replace( '![^/]+/\.\./!', '', $path ); } // Strip any final leading ../ from the path. $path = preg_replace( '!^/(\.\./)+!', '', $path ); } // Add the query string. if ( ! empty( $relative_url_parts['query'] ) ) { $path .= '?' . $relative_url_parts['query']; } // Add the fragment. if ( ! empty( $relative_url_parts['fragment'] ) ) { $path .= '#' . $relative_url_parts['fragment']; } return $absolute_path . '/' . ltrim( $path, '/' ); } /** * Handles an HTTP redirect and follows it if appropriate. * * @since 3.7.0 * * @param string $url The URL which was requested. * @param array $args The arguments which were used to make the request. * @param array $response The response of the HTTP request. * @return array|false|WP_Error An HTTP API response array if the redirect is successfully followed, * false if no redirect is present, or a WP_Error object if there's an error. */ public static function handle_redirects( $url, $args, $response ) { // If no redirects are present, or, redirects were not requested, perform no action. if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) { return false; } // Only perform redirections on redirection http codes. if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) { return false; } // Don't redirect if we've run out of redirects. if ( $args['redirection']-- <= 0 ) { return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) ); } $redirect_location = $response['headers']['location']; // If there were multiple Location headers, use the last header specified. if ( is_array( $redirect_location ) ) { $redirect_location = array_pop( $redirect_location ); } $redirect_location = self::make_absolute_url( $redirect_location, $url ); // POST requests should not POST to a redirected location. if ( 'POST' === $args['method'] ) { if ( in_array( $response['response']['code'], array( 302, 303 ), true ) ) { $args['method'] = 'GET'; } } // Include valid cookies in the redirect process. if ( ! empty( $response['cookies'] ) ) { foreach ( $response['cookies'] as $cookie ) { if ( $cookie->test( $redirect_location ) ) { $args['cookies'][] = $cookie; } } } return wp_remote_request( $redirect_location, $args ); } /** * Determines if a specified string represents an IP address or not. * * This function also detects the type of the IP address, returning either * '4' or '6' to represent an IPv4 and IPv6 address respectively. * This does not verify if the IP is a valid IP, only that it appears to be * an IP address. * * @link http://home.deds.nl/~aeron/regex/ for IPv6 regex. * * @since 3.7.0 * * @param string $maybe_ip A suspected IP address. * @return int|false Upon success, '4' or '6' to represent an IPv4 or IPv6 address, false upon failure. */ public static function is_ip_address( $maybe_ip ) { if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $maybe_ip ) ) { return 4; } if ( str_contains( $maybe_ip, ':' ) && preg_match( '/^(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})$/i', trim( $maybe_ip, ' []' ) ) ) { return 6; } return false; } } HTTP/https-detection-20260605145451-20260607060524.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606052425-20260607165413.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605043510-20260607123405.php 0000666 00000011205 15226703613 0014137 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605151244-20260610142416.php 0000666 00000013341 15226703613 0014130 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605201111-20260607220759.php 0000666 00000013341 15226703613 0014132 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class.wp-scripts-20260606091920.php 0000666 00000000527 15226703613 0012660 0 ustar 00 <?php /** * Dependencies API: WP_Scripts class * * This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead. * * @deprecated 6.1.0 * @package WordPress */ _deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' ); /** WP_Scripts class */ require_once ABSPATH . WPINC . '/class-wp-scripts.php'; HTTP/https-migration-20260605170227.php 0000666 00000011205 15226703613 0012562 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605163510.php 0000666 00000013341 15226703613 0012547 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-theme-json-20260605041927.php 0000666 00000500773 15226703613 0013252 0 ustar 00 <?php /** * WP_Theme_JSON class * * @package WordPress * @subpackage Theme * @since 5.8.0 */ /** * Class that encapsulates the processing of structures that adhere to the theme.json spec. * * This class is for internal core usage and is not supposed to be used by extenders (plugins and/or themes). * This is a low-level API that may need to do breaking changes. Please, * use get_global_settings, get_global_styles, and get_global_stylesheet instead. * * @access private */ #[AllowDynamicProperties] class WP_Theme_JSON { /** * Container of data in theme.json format. * * @since 5.8.0 * @var array */ protected $theme_json = null; /** * Holds block metadata extracted from block.json * to be shared among all instances so we don't * process it twice. * * @since 5.8.0 * @since 6.1.0 Initialize as an empty array. * @var array */ protected static $blocks_metadata = array(); /** * The CSS selector for the top-level preset settings. * * @since 6.6.0 * @var string */ const ROOT_CSS_PROPERTIES_SELECTOR = ':root'; /** * The CSS selector for the top-level styles. * * @since 5.8.0 * @var string */ const ROOT_BLOCK_SELECTOR = 'body'; /** * The sources of data this object can represent. * * @since 5.8.0 * @since 6.1.0 Added 'blocks'. * @var string[] */ const VALID_ORIGINS = array( 'default', 'blocks', 'theme', 'custom', ); /** * Presets are a set of values that serve * to bootstrap some styles: colors, font sizes, etc. * * They are a unkeyed array of values such as: * * array( * array( * 'slug' => 'unique-name-within-the-set', * 'name' => 'Name for the UI', * <value_key> => 'value' * ), * ) * * This contains the necessary metadata to process them: * * - path => Where to find the preset within the settings section. * - prevent_override => Disables override of default presets by theme presets. * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults by setting this false. * - use_default_names => whether to use the default names * - value_key => the key that represents the value * - value_func => optionally, instead of value_key, a function to generate * the value that takes a preset as an argument * (either value_key or value_func should be present) * - css_vars => template string to use in generating the CSS Custom Property. * Example output: "--wp--preset--duotone--blue: <value>" will generate as many CSS Custom Properties as presets defined * substituting the $slug for the slug's value for each preset value. * - classes => array containing a structure with the classes to * generate for the presets, where for each array item * the key is the class name and the value the property name. * The "$slug" substring will be replaced by the slug of each preset. * For example: * 'classes' => array( * '.has-$slug-color' => 'color', * '.has-$slug-background-color' => 'background-color', * '.has-$slug-border-color' => 'border-color', * ) * - properties => array of CSS properties to be used by kses to * validate the content of each preset * by means of the remove_insecure_properties method. * * @since 5.8.0 * @since 5.9.0 Added the `color.duotone` and `typography.fontFamilies` presets, * `use_default_names` preset key, and simplified the metadata structure. * @since 6.0.0 Replaced `override` with `prevent_override` and updated the * `prevent_override` value for `color.duotone` to use `color.defaultDuotone`. * @since 6.2.0 Added 'shadow' presets. * @since 6.3.0 Replaced value_func for duotone with `null`. Custom properties are handled by class-wp-duotone.php. * @since 6.6.0 Added the `dimensions.aspectRatios` and `dimensions.defaultAspectRatios` presets. * Updated the 'prevent_override' value for font size presets to use 'typography.defaultFontSizes' * and spacing size presets to use `spacing.defaultSpacingSizes`. * @since 6.9.0 Added `border.radiusSizes`. * @var array */ const PRESETS_METADATA = array( array( 'path' => array( 'dimensions', 'aspectRatios' ), 'prevent_override' => array( 'dimensions', 'defaultAspectRatios' ), 'use_default_names' => false, 'value_key' => 'ratio', 'css_vars' => '--wp--preset--aspect-ratio--$slug', 'classes' => array(), 'properties' => array( 'aspect-ratio' ), ), array( 'path' => array( 'color', 'palette' ), 'prevent_override' => array( 'color', 'defaultPalette' ), 'use_default_names' => false, 'value_key' => 'color', 'css_vars' => '--wp--preset--color--$slug', 'classes' => array( '.has-$slug-color' => 'color', '.has-$slug-background-color' => 'background-color', '.has-$slug-border-color' => 'border-color', ), 'properties' => array( 'color', 'background-color', 'border-color' ), ), array( 'path' => array( 'color', 'gradients' ), 'prevent_override' => array( 'color', 'defaultGradients' ), 'use_default_names' => false, 'value_key' => 'gradient', 'css_vars' => '--wp--preset--gradient--$slug', 'classes' => array( '.has-$slug-gradient-background' => 'background' ), 'properties' => array( 'background' ), ), array( 'path' => array( 'color', 'duotone' ), 'prevent_override' => array( 'color', 'defaultDuotone' ), 'use_default_names' => false, 'value_func' => null, // CSS Custom Properties for duotone are handled by block supports in class-wp-duotone.php. 'css_vars' => null, 'classes' => array(), 'properties' => array( 'filter' ), ), array( 'path' => array( 'typography', 'fontSizes' ), 'prevent_override' => array( 'typography', 'defaultFontSizes' ), 'use_default_names' => true, 'value_func' => 'wp_get_typography_font_size_value', 'css_vars' => '--wp--preset--font-size--$slug', 'classes' => array( '.has-$slug-font-size' => 'font-size' ), 'properties' => array( 'font-size' ), ), array( 'path' => array( 'typography', 'fontFamilies' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'fontFamily', 'css_vars' => '--wp--preset--font-family--$slug', 'classes' => array( '.has-$slug-font-family' => 'font-family' ), 'properties' => array( 'font-family' ), ), array( 'path' => array( 'spacing', 'spacingSizes' ), 'prevent_override' => array( 'spacing', 'defaultSpacingSizes' ), 'use_default_names' => true, 'value_key' => 'size', 'css_vars' => '--wp--preset--spacing--$slug', 'classes' => array(), 'properties' => array( 'padding', 'margin' ), ), array( 'path' => array( 'shadow', 'presets' ), 'prevent_override' => array( 'shadow', 'defaultPresets' ), 'use_default_names' => false, 'value_key' => 'shadow', 'css_vars' => '--wp--preset--shadow--$slug', 'classes' => array(), 'properties' => array( 'box-shadow' ), ), array( 'path' => array( 'border', 'radiusSizes' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'size', 'css_vars' => '--wp--preset--border-radius--$slug', 'classes' => array(), 'properties' => array( 'border-radius' ), ), ); /** * Metadata for style properties. * * Each element is a direct mapping from the CSS property name to the * path to the value in theme.json & block attributes. * * @since 5.8.0 * @since 5.9.0 Added the `border-*`, `font-family`, `font-style`, `font-weight`, * `letter-spacing`, `margin-*`, `padding-*`, `--wp--style--block-gap`, * `text-decoration`, `text-transform`, and `filter` properties, * simplified the metadata structure. * @since 6.1.0 Added the `border-*-color`, `border-*-width`, `border-*-style`, * `--wp--style--root--padding-*`, and `box-shadow` properties, * removed the `--wp--style--block-gap` property. * @since 6.2.0 Added `outline-*`, and `min-height` properties. * @since 6.3.0 Added `column-count` property. * @since 6.4.0 Added `writing-mode` property. * @since 6.5.0 Added `aspect-ratio` property. * @since 6.6.0 Added `background-[image|position|repeat|size]` properties. * @since 6.7.0 Added `background-attachment` property. * @var array */ const PROPERTIES_METADATA = array( 'aspect-ratio' => array( 'dimensions', 'aspectRatio' ), 'background' => array( 'color', 'gradient' ), 'background-color' => array( 'color', 'background' ), 'background-image' => array( 'background', 'backgroundImage' ), 'background-position' => array( 'background', 'backgroundPosition' ), 'background-repeat' => array( 'background', 'backgroundRepeat' ), 'background-size' => array( 'background', 'backgroundSize' ), 'background-attachment' => array( 'background', 'backgroundAttachment' ), 'border-radius' => array( 'border', 'radius' ), 'border-top-left-radius' => array( 'border', 'radius', 'topLeft' ), 'border-top-right-radius' => array( 'border', 'radius', 'topRight' ), 'border-bottom-left-radius' => array( 'border', 'radius', 'bottomLeft' ), 'border-bottom-right-radius' => array( 'border', 'radius', 'bottomRight' ), 'border-color' => array( 'border', 'color' ), 'border-width' => array( 'border', 'width' ), 'border-style' => array( 'border', 'style' ), 'border-top-color' => array( 'border', 'top', 'color' ), 'border-top-width' => array( 'border', 'top', 'width' ), 'border-top-style' => array( 'border', 'top', 'style' ), 'border-right-color' => array( 'border', 'right', 'color' ), 'border-right-width' => array( 'border', 'right', 'width' ), 'border-right-style' => array( 'border', 'right', 'style' ), 'border-bottom-color' => array( 'border', 'bottom', 'color' ), 'border-bottom-width' => array( 'border', 'bottom', 'width' ), 'border-bottom-style' => array( 'border', 'bottom', 'style' ), 'border-left-color' => array( 'border', 'left', 'color' ), 'border-left-width' => array( 'border', 'left', 'width' ), 'border-left-style' => array( 'border', 'left', 'style' ), 'color' => array( 'color', 'text' ), 'text-align' => array( 'typography', 'textAlign' ), 'column-count' => array( 'typography', 'textColumns' ), 'font-family' => array( 'typography', 'fontFamily' ), 'font-size' => array( 'typography', 'fontSize' ), 'font-style' => array( 'typography', 'fontStyle' ), 'font-weight' => array( 'typography', 'fontWeight' ), 'letter-spacing' => array( 'typography', 'letterSpacing' ), 'line-height' => array( 'typography', 'lineHeight' ), 'margin' => array( 'spacing', 'margin' ), 'margin-top' => array( 'spacing', 'margin', 'top' ), 'margin-right' => array( 'spacing', 'margin', 'right' ), 'margin-bottom' => array( 'spacing', 'margin', 'bottom' ), 'margin-left' => array( 'spacing', 'margin', 'left' ), 'min-height' => array( 'dimensions', 'minHeight' ), 'outline-color' => array( 'outline', 'color' ), 'outline-offset' => array( 'outline', 'offset' ), 'outline-style' => array( 'outline', 'style' ), 'outline-width' => array( 'outline', 'width' ), 'padding' => array( 'spacing', 'padding' ), 'padding-top' => array( 'spacing', 'padding', 'top' ), 'padding-right' => array( 'spacing', 'padding', 'right' ), 'padding-bottom' => array( 'spacing', 'padding', 'bottom' ), 'padding-left' => array( 'spacing', 'padding', 'left' ), '--wp--style--root--padding' => array( 'spacing', 'padding' ), '--wp--style--root--padding-top' => array( 'spacing', 'padding', 'top' ), '--wp--style--root--padding-right' => array( 'spacing', 'padding', 'right' ), '--wp--style--root--padding-bottom' => array( 'spacing', 'padding', 'bottom' ), '--wp--style--root--padding-left' => array( 'spacing', 'padding', 'left' ), 'text-decoration' => array( 'typography', 'textDecoration' ), 'text-transform' => array( 'typography', 'textTransform' ), 'filter' => array( 'filter', 'duotone' ), 'box-shadow' => array( 'shadow' ), 'writing-mode' => array( 'typography', 'writingMode' ), ); /** * Indirect metadata for style properties that are not directly output. * * Each element maps from a CSS property name to an array of * paths to the value in theme.json & block attributes. * * Indirect properties are not output directly by `compute_style_properties`, * but are used elsewhere in the processing of global styles. The indirect * property is used to validate whether a style value is allowed. * * @since 6.2.0 * @since 6.6.0 Added background-image properties. * @var array */ const INDIRECT_PROPERTIES_METADATA = array( 'gap' => array( array( 'spacing', 'blockGap' ), ), 'column-gap' => array( array( 'spacing', 'blockGap', 'left' ), ), 'row-gap' => array( array( 'spacing', 'blockGap', 'top' ), ), 'max-width' => array( array( 'layout', 'contentSize' ), array( 'layout', 'wideSize' ), ), 'background-image' => array( array( 'background', 'backgroundImage', 'url' ), ), ); /** * Protected style properties. * * These style properties are only rendered if a setting enables it * via a value other than `null`. * * Each element maps the style property to the corresponding theme.json * setting key. * * @since 5.9.0 * @var array */ const PROTECTED_PROPERTIES = array( 'spacing.blockGap' => array( 'spacing', 'blockGap' ), ); /** * The top-level keys a theme.json can have. * * @since 5.8.0 As `ALLOWED_TOP_LEVEL_KEYS`. * @since 5.9.0 Renamed from `ALLOWED_TOP_LEVEL_KEYS` to `VALID_TOP_LEVEL_KEYS`, * added the `customTemplates` and `templateParts` values. * @since 6.3.0 Added the `description` value. * @since 6.6.0 Added `blockTypes` to support block style variation theme.json partials. * @var string[] */ const VALID_TOP_LEVEL_KEYS = array( 'blockTypes', 'customTemplates', 'description', 'patterns', 'settings', 'slug', 'styles', 'templateParts', 'title', 'version', ); /** * The valid properties under the settings key. * * @since 5.8.0 As `ALLOWED_SETTINGS`. * @since 5.9.0 Renamed from `ALLOWED_SETTINGS` to `VALID_SETTINGS`, * added new properties for `border`, `color`, `spacing`, * and `typography`, and renamed others according to the new schema. * @since 6.0.0 Added `color.defaultDuotone`. * @since 6.1.0 Added `layout.definitions` and `useRootPaddingAwareAlignments`. * @since 6.2.0 Added `dimensions.minHeight`, 'shadow.presets', 'shadow.defaultPresets', * `position.fixed` and `position.sticky`. * @since 6.3.0 Added support for `typography.textColumns`, removed `layout.definitions`. * @since 6.4.0 Added support for `layout.allowEditing`, `background.backgroundImage`, * `typography.writingMode`, `lightbox.enabled` and `lightbox.allowEditing`. * @since 6.5.0 Added support for `layout.allowCustomContentAndWideSize`, * `background.backgroundSize` and `dimensions.aspectRatio`. * @since 6.6.0 Added support for 'dimensions.aspectRatios', 'dimensions.defaultAspectRatios', * 'typography.defaultFontSizes', and 'spacing.defaultSpacingSizes'. * @since 6.9.0 Added support for `border.radiusSizes`. * @var array */ const VALID_SETTINGS = array( 'appearanceTools' => null, 'useRootPaddingAwareAlignments' => null, 'background' => array( 'backgroundImage' => null, 'backgroundSize' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'radiusSizes' => null, 'style' => null, 'width' => null, ), 'color' => array( 'background' => null, 'custom' => null, 'customDuotone' => null, 'customGradient' => null, 'defaultDuotone' => null, 'defaultGradients' => null, 'defaultPalette' => null, 'duotone' => null, 'gradients' => null, 'link' => null, 'heading' => null, 'button' => null, 'caption' => null, 'palette' => null, 'text' => null, ), 'custom' => null, 'dimensions' => array( 'aspectRatio' => null, 'aspectRatios' => null, 'defaultAspectRatios' => null, 'minHeight' => null, ), 'layout' => array( 'contentSize' => null, 'wideSize' => null, 'allowEditing' => null, 'allowCustomContentAndWideSize' => null, ), 'lightbox' => array( 'enabled' => null, 'allowEditing' => null, ), 'position' => array( 'fixed' => null, 'sticky' => null, ), 'spacing' => array( 'customSpacingSize' => null, 'defaultSpacingSizes' => null, 'spacingSizes' => null, 'spacingScale' => null, 'blockGap' => null, 'margin' => null, 'padding' => null, 'units' => null, ), 'shadow' => array( 'presets' => null, 'defaultPresets' => null, ), 'typography' => array( 'fluid' => null, 'customFontSize' => null, 'defaultFontSizes' => null, 'dropCap' => null, 'fontFamilies' => null, 'fontSizes' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), ); /** * The valid properties for fontFamilies under settings key. * * @since 6.5.0 * @var array */ const FONT_FAMILY_SCHEMA = array( array( 'fontFamily' => null, 'name' => null, 'slug' => null, 'fontFace' => array( array( 'ascentOverride' => null, 'descentOverride' => null, 'fontDisplay' => null, 'fontFamily' => null, 'fontFeatureSettings' => null, 'fontStyle' => null, 'fontStretch' => null, 'fontVariationSettings' => null, 'fontWeight' => null, 'lineGapOverride' => null, 'sizeAdjust' => null, 'src' => null, 'unicodeRange' => null, ), ), ), ); /** * The valid properties under the styles key. * * @since 5.8.0 As `ALLOWED_STYLES`. * @since 5.9.0 Renamed from `ALLOWED_STYLES` to `VALID_STYLES`, * added new properties for `border`, `filter`, `spacing`, * and `typography`. * @since 6.1.0 Added new side properties for `border`, * added new property `shadow`, * updated `blockGap` to be allowed at any level. * @since 6.2.0 Added `outline`, and `minHeight` properties. * @since 6.3.0 Added support for `typography.textColumns`. * @since 6.5.0 Added support for `dimensions.aspectRatio`. * @since 6.6.0 Added `background` sub properties to top-level only. * @var array */ const VALID_STYLES = array( 'background' => array( 'backgroundImage' => null, 'backgroundPosition' => null, 'backgroundRepeat' => null, 'backgroundSize' => null, 'backgroundAttachment' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'style' => null, 'width' => null, 'top' => null, 'right' => null, 'bottom' => null, 'left' => null, ), 'color' => array( 'background' => null, 'gradient' => null, 'text' => null, ), 'dimensions' => array( 'aspectRatio' => null, 'minHeight' => null, ), 'filter' => array( 'duotone' => null, ), 'outline' => array( 'color' => null, 'offset' => null, 'style' => null, 'width' => null, ), 'shadow' => null, 'spacing' => array( 'margin' => null, 'padding' => null, 'blockGap' => null, ), 'typography' => array( 'fontFamily' => null, 'fontSize' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), 'css' => null, ); /** * Defines which pseudo selectors are enabled for which elements. * * The order of the selectors should be: link, any-link, visited, hover, focus, focus-visible, active. * This is to ensure the user action (hover, focus and active) styles have a higher * specificity than the visited styles, which in turn have a higher specificity than * the unvisited styles. * * See https://core.trac.wordpress.org/ticket/56928. * Note: this will affect both top-level and block-level elements. * * @since 6.1.0 * @since 6.2.0 Added support for ':link' and ':any-link'. * @since 6.8.0 Added support for ':focus-visible'. * @since 6.9.0 Added `textInput` and `select` elements. * @var array */ const VALID_ELEMENT_PSEUDO_SELECTORS = array( 'link' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), 'button' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), ); /** * The valid elements that can be found under styles. * * @since 5.8.0 * @since 6.1.0 Added `heading`, `button`, and `caption` elements. * @var string[] */ const ELEMENTS = array( 'link' => 'a:where(:not(.wp-element-button))', // The `where` is needed to lower the specificity. 'heading' => 'h1, h2, h3, h4, h5, h6', 'h1' => 'h1', 'h2' => 'h2', 'h3' => 'h3', 'h4' => 'h4', 'h5' => 'h5', 'h6' => 'h6', // We have the .wp-block-button__link class so that this will target older buttons that have been serialized. 'button' => '.wp-element-button, .wp-block-button__link', // The block classes are necessary to target older content that won't use the new class names. 'caption' => '.wp-element-caption, .wp-block-audio figcaption, .wp-block-embed figcaption, .wp-block-gallery figcaption, .wp-block-image figcaption, .wp-block-table figcaption, .wp-block-video figcaption', 'cite' => 'cite', 'textInput' => 'textarea, input:where([type=email],[type=number],[type=password],[type=search],[type=text],[type=tel],[type=url])', 'select' => 'select', ); const __EXPERIMENTAL_ELEMENT_CLASS_NAMES = array( 'button' => 'wp-element-button', 'caption' => 'wp-element-caption', ); /** * List of block support features that can have their related styles * generated under their own feature level selector rather than the block's. * * @since 6.1.0 * @var string[] */ const BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS = array( '__experimentalBorder' => 'border', 'color' => 'color', 'spacing' => 'spacing', 'typography' => 'typography', ); /** * Return the input schema at the root and per origin. * * @since 6.5.0 * * @param array $schema The base schema. * @return array The schema at the root and per origin. * * Example: * schema_in_root_and_per_origin( * array( * 'fontFamily' => null, * 'slug' => null, * ) * ) * * Returns: * array( * 'fontFamily' => null, * 'slug' => null, * 'default' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'blocks' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'theme' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'custom' => array( * 'fontFamily' => null, * 'slug' => null, * ), * ) */ protected static function schema_in_root_and_per_origin( $schema ) { $schema_in_root_and_per_origin = $schema; foreach ( static::VALID_ORIGINS as $origin ) { $schema_in_root_and_per_origin[ $origin ] = $schema; } return $schema_in_root_and_per_origin; } /** * Returns a class name by an element name. * * @since 6.1.0 * * @param string $element The name of the element. * @return string The name of the class. */ public static function get_element_class_name( $element ) { $class_name = ''; if ( isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ] ) ) { $class_name = static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ]; } return $class_name; } /** * Options that settings.appearanceTools enables. * * @since 6.0.0 * @since 6.2.0 Added `dimensions.minHeight` and `position.sticky`. * @since 6.4.0 Added `background.backgroundImage`. * @since 6.5.0 Added `background.backgroundSize` and `dimensions.aspectRatio`. * @var array */ const APPEARANCE_TOOLS_OPT_INS = array( array( 'background', 'backgroundImage' ), array( 'background', 'backgroundSize' ), array( 'border', 'color' ), array( 'border', 'radius' ), array( 'border', 'style' ), array( 'border', 'width' ), array( 'color', 'link' ), array( 'color', 'heading' ), array( 'color', 'button' ), array( 'color', 'caption' ), array( 'dimensions', 'aspectRatio' ), array( 'dimensions', 'minHeight' ), array( 'position', 'sticky' ), array( 'spacing', 'blockGap' ), array( 'spacing', 'margin' ), array( 'spacing', 'padding' ), array( 'typography', 'lineHeight' ), ); /** * The latest version of the schema in use. * * @since 5.8.0 * @since 5.9.0 Changed value from 1 to 2. * @since 6.6.0 Changed value from 2 to 3. * @var int */ const LATEST_SCHEMA = 3; /** * Constructor. * * @since 5.8.0 * @since 6.6.0 Key spacingScale by origin, and Pre-generate the spacingSizes from spacingScale. * Added unwrapping of shared block style variations into block type variations if registered. * * @param array $theme_json A structure that follows the theme.json schema. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. */ public function __construct( $theme_json = array( 'version' => self::LATEST_SCHEMA ), $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $this->theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $this->theme_json = static::unwrap_shared_block_style_variations( $this->theme_json, $valid_variations ); $this->theme_json = static::sanitize( $this->theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $this->theme_json = static::maybe_opt_in_into_settings( $this->theme_json ); // Internally, presets are keyed by origin. $nodes = static::get_setting_nodes( $this->theme_json ); foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $subpath ) { $path[] = $subpath; } $preset = _wp_array_get( $this->theme_json, $path, null ); if ( null !== $preset ) { // If the preset is not already keyed by origin. if ( isset( $preset[0] ) || empty( $preset ) ) { _wp_array_set( $this->theme_json, $path, array( $origin => $preset ) ); } } } } // In addition to presets, spacingScale (which generates presets) is also keyed by origin. $scale_path = array( 'settings', 'spacing', 'spacingScale' ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( null !== $spacing_scale ) { // If the spacingScale is not already keyed by origin. if ( empty( array_intersect( array_keys( $spacing_scale ), static::VALID_ORIGINS ) ) ) { _wp_array_set( $this->theme_json, $scale_path, array( $origin => $spacing_scale ) ); } } // Pre-generate the spacingSizes from spacingScale. $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( isset( $spacing_scale ) ) { $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $this->theme_json, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $this->theme_json, $sizes_path, $merged_spacing_sizes ); } } /** * Unwraps shared block style variations. * * It takes the shared variations (styles.variations.variationName) and * applies them to all the blocks that have the given variation registered * (styles.blocks.blockType.variations.variationName). * * For example, given the `core/paragraph` and `core/group` blocks have * registered the `section-a` style variation, and given the following input: * * { * "styles": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * * It returns the following output: * * { * "styles": { * "blocks": { * "core/paragraph": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * }, * }, * "core/group": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * } * } * * @since 6.6.0 * * @param array $theme_json A structure that follows the theme.json schema. * @param array $valid_variations Valid block style variations. * @return array Theme json data with shared variation definitions unwrapped under appropriate block types. */ private static function unwrap_shared_block_style_variations( $theme_json, $valid_variations ) { if ( empty( $theme_json['styles']['variations'] ) || empty( $valid_variations ) ) { return $theme_json; } $new_theme_json = $theme_json; $variations = $new_theme_json['styles']['variations']; foreach ( $valid_variations as $block_type => $registered_variations ) { foreach ( $registered_variations as $variation_name ) { $block_level_data = $new_theme_json['styles']['blocks'][ $block_type ]['variations'][ $variation_name ] ?? array(); $top_level_data = $variations[ $variation_name ] ?? array(); $merged_data = array_replace_recursive( $top_level_data, $block_level_data ); if ( ! empty( $merged_data ) ) { _wp_array_set( $new_theme_json, array( 'styles', 'blocks', $block_type, 'variations', $variation_name ), $merged_data ); } } } unset( $new_theme_json['styles']['variations'] ); return $new_theme_json; } /** * Enables some opt-in settings if theme declared support. * * @since 5.9.0 * * @param array $theme_json A theme.json structure to modify. * @return array The modified theme.json structure. */ protected static function maybe_opt_in_into_settings( $theme_json ) { $new_theme_json = $theme_json; if ( isset( $new_theme_json['settings']['appearanceTools'] ) && true === $new_theme_json['settings']['appearanceTools'] ) { static::do_opt_in_into_settings( $new_theme_json['settings'] ); } if ( isset( $new_theme_json['settings']['blocks'] ) && is_array( $new_theme_json['settings']['blocks'] ) ) { foreach ( $new_theme_json['settings']['blocks'] as &$block ) { if ( isset( $block['appearanceTools'] ) && ( true === $block['appearanceTools'] ) ) { static::do_opt_in_into_settings( $block ); } } } return $new_theme_json; } /** * Enables some settings. * * @since 5.9.0 * * @param array $context The context to which the settings belong. */ protected static function do_opt_in_into_settings( &$context ) { foreach ( static::APPEARANCE_TOOLS_OPT_INS as $path ) { /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ if ( 'unset prop' === _wp_array_get( $context, $path, 'unset prop' ) ) { _wp_array_set( $context, $path, true ); } } unset( $context['appearanceTools'] ); } /** * Sanitizes the input according to the schemas. * * @since 5.8.0 * @since 5.9.0 Added the `$valid_block_names` and `$valid_element_name` parameters. * @since 6.3.0 Added the `$valid_variations` parameter. * @since 6.6.0 Updated schema to allow extended block style variations. * * @param array $input Structure to sanitize. * @param array $valid_block_names List of valid block names. * @param array $valid_element_names List of valid element names. * @param array $valid_variations List of valid variations per block. * @return array The sanitized output. */ protected static function sanitize( $input, $valid_block_names, $valid_element_names, $valid_variations ) { $output = array(); if ( ! is_array( $input ) ) { return $output; } // Preserve only the top most level keys. $output = array_intersect_key( $input, array_flip( static::VALID_TOP_LEVEL_KEYS ) ); /* * Remove any rules that are annotated as "top" in VALID_STYLES constant. * Some styles are only meant to be available at the top-level (e.g.: blockGap), * hence, the schema for blocks & elements should not have them. */ $styles_non_top_level = static::VALID_STYLES; foreach ( array_keys( $styles_non_top_level ) as $section ) { // array_key_exists() needs to be used instead of isset() because the value can be null. if ( array_key_exists( $section, $styles_non_top_level ) && is_array( $styles_non_top_level[ $section ] ) ) { foreach ( array_keys( $styles_non_top_level[ $section ] ) as $prop ) { if ( 'top' === $styles_non_top_level[ $section ][ $prop ] ) { unset( $styles_non_top_level[ $section ][ $prop ] ); } } } } // Build the schema based on valid block & element names. $schema = array(); $schema_styles_elements = array(); /* * Set allowed element pseudo selectors based on per element allow list. * Target data structure in schema: * e.g. * - top level elements: `$schema['styles']['elements']['link'][':hover']`. * - block level elements: `$schema['styles']['blocks']['core/button']['elements']['link'][':hover']`. */ foreach ( $valid_element_names as $element ) { $schema_styles_elements[ $element ] = $styles_non_top_level; if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { $schema_styles_elements[ $element ][ $pseudo_selector ] = $styles_non_top_level; } } } $schema_styles_blocks = array(); $schema_settings_blocks = array(); /* * Generate a schema for blocks. * - Block styles can contain `elements` & `variations` definitions. * - Variations definitions cannot be nested. * - Variations can contain styles for inner `blocks`. * - Variation inner `blocks` styles can contain `elements`. * * As each variation needs a `blocks` schema but further nested * inner `blocks`, the overall schema will be generated in multiple passes. */ foreach ( $valid_block_names as $block ) { $schema_settings_blocks[ $block ] = static::VALID_SETTINGS; $schema_styles_blocks[ $block ] = $styles_non_top_level; $schema_styles_blocks[ $block ]['elements'] = $schema_styles_elements; } $block_style_variation_styles = static::VALID_STYLES; $block_style_variation_styles['blocks'] = $schema_styles_blocks; $block_style_variation_styles['elements'] = $schema_styles_elements; foreach ( $valid_block_names as $block ) { // Build the schema for each block style variation. $style_variation_names = array(); if ( ! empty( $input['styles']['blocks'][ $block ]['variations'] ) && is_array( $input['styles']['blocks'][ $block ]['variations'] ) && isset( $valid_variations[ $block ] ) ) { $style_variation_names = array_intersect( array_keys( $input['styles']['blocks'][ $block ]['variations'] ), $valid_variations[ $block ] ); } $schema_styles_variations = array(); if ( ! empty( $style_variation_names ) ) { $schema_styles_variations = array_fill_keys( $style_variation_names, $block_style_variation_styles ); } $schema_styles_blocks[ $block ]['variations'] = $schema_styles_variations; } $schema['styles'] = static::VALID_STYLES; $schema['styles']['blocks'] = $schema_styles_blocks; $schema['styles']['elements'] = $schema_styles_elements; $schema['settings'] = static::VALID_SETTINGS; $schema['settings']['blocks'] = $schema_settings_blocks; $schema['settings']['typography']['fontFamilies'] = static::schema_in_root_and_per_origin( static::FONT_FAMILY_SCHEMA ); // Remove anything that's not present in the schema. foreach ( array( 'styles', 'settings' ) as $subtree ) { if ( ! isset( $input[ $subtree ] ) ) { continue; } if ( ! is_array( $input[ $subtree ] ) ) { unset( $output[ $subtree ] ); continue; } $result = static::remove_keys_not_in_schema( $input[ $subtree ], $schema[ $subtree ] ); if ( empty( $result ) ) { unset( $output[ $subtree ] ); } else { $output[ $subtree ] = static::resolve_custom_css_format( $result ); } } return $output; } /** * Appends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_append selector ".some-class" the result will be * "h1.some-class, h2.some-class, h3.some-class". * * @since 5.8.0 * @since 6.1.0 Added append position. * @since 6.3.0 Removed append position parameter. * * @param string $selector Original selector. * @param string $to_append Selector to append. * @return string The new selector. */ protected static function append_to_selector( $selector, $to_append ) { if ( ! str_contains( $selector, ',' ) ) { return $selector . $to_append; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $sel . $to_append; } return implode( ',', $new_selectors ); } /** * Prepends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_prepend selector ".some-class " the result will be * ".some-class h1, .some-class h2, .some-class h3". * * @since 6.3.0 * * @param string $selector Original selector. * @param string $to_prepend Selector to prepend. * @return string The new selector. */ protected static function prepend_to_selector( $selector, $to_prepend ) { if ( ! str_contains( $selector, ',' ) ) { return $to_prepend . $selector; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $to_prepend . $sel; } return implode( ',', $new_selectors ); } /** * Returns the metadata for each block. * * Example: * * { * 'core/paragraph': { * 'selector': 'p', * 'elements': { * 'link' => 'link selector', * 'etc' => 'element selector' * } * }, * 'core/heading': { * 'selector': 'h1', * 'elements': {} * }, * 'core/image': { * 'selector': '.wp-block-image', * 'duotone': 'img', * 'elements': {} * } * } * * @since 5.8.0 * @since 5.9.0 Added `duotone` key with CSS selector. * @since 6.1.0 Added `features` key with block support feature level selectors. * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Updated to include block style variations from the block styles registry. * * @return array Block metadata. */ protected static function get_blocks_metadata() { $registry = WP_Block_Type_Registry::get_instance(); $blocks = $registry->get_all_registered(); $style_registry = WP_Block_Styles_Registry::get_instance(); // Is there metadata for all currently registered blocks? $blocks = array_diff_key( $blocks, static::$blocks_metadata ); if ( empty( $blocks ) ) { /* * New block styles may have been registered within WP_Block_Styles_Registry. * Update block metadata for any new block style variations. */ $registered_styles = $style_registry->get_all_registered(); foreach ( static::$blocks_metadata as $block_name => $block_metadata ) { if ( ! empty( $registered_styles[ $block_name ] ) ) { $style_selectors = $block_metadata['styleVariations'] ?? array(); foreach ( $registered_styles[ $block_name ] as $block_style ) { if ( ! isset( $style_selectors[ $block_style['name'] ] ) ) { $style_selectors[ $block_style['name'] ] = static::get_block_style_variation_selector( $block_style['name'], $block_metadata['selector'] ); } } static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } foreach ( $blocks as $block_name => $block_type ) { $root_selector = wp_get_block_css_selector( $block_type ); static::$blocks_metadata[ $block_name ]['selector'] = $root_selector; static::$blocks_metadata[ $block_name ]['selectors'] = static::get_block_selectors( $block_type, $root_selector ); $elements = static::get_block_element_selectors( $root_selector ); if ( ! empty( $elements ) ) { static::$blocks_metadata[ $block_name ]['elements'] = $elements; } // The block may or may not have a duotone selector. $duotone_selector = wp_get_block_css_selector( $block_type, 'filter.duotone' ); // Keep backwards compatibility for support.color.__experimentalDuotone. if ( null === $duotone_selector ) { $duotone_support = isset( $block_type->supports['color']['__experimentalDuotone'] ) ? $block_type->supports['color']['__experimentalDuotone'] : null; if ( $duotone_support ) { $root_selector = wp_get_block_css_selector( $block_type ); $duotone_selector = static::scope_selector( $root_selector, $duotone_support ); } } if ( null !== $duotone_selector ) { static::$blocks_metadata[ $block_name ]['duotone'] = $duotone_selector; } // If the block has style variations, append their selectors to the block metadata. $style_selectors = array(); if ( ! empty( $block_type->styles ) ) { foreach ( $block_type->styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } } // Block style variations can be registered through the WP_Block_Styles_Registry as well as block.json. $registered_styles = $style_registry->get_registered_styles_for_block( $block_name ); foreach ( $registered_styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } if ( ! empty( $style_selectors ) ) { static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } /** * Given a tree, removes the keys that are not present in the schema. * * It is recursive and modifies the input in-place. * * @since 5.8.0 * * @param array $tree Input to process. * @param array $schema Schema to adhere to. * @return array The modified $tree. */ protected static function remove_keys_not_in_schema( $tree, $schema ) { if ( ! is_array( $tree ) ) { return $tree; } foreach ( $tree as $key => $value ) { // Remove keys not in the schema or with null/empty values. if ( ! array_key_exists( $key, $schema ) ) { unset( $tree[ $key ] ); continue; } if ( is_array( $schema[ $key ] ) ) { if ( ! is_array( $value ) ) { unset( $tree[ $key ] ); } elseif ( wp_is_numeric_array( $value ) ) { // If indexed, process each item in the array. foreach ( $value as $item_key => $item_value ) { if ( isset( $schema[ $key ][0] ) && is_array( $schema[ $key ][0] ) ) { $tree[ $key ][ $item_key ] = self::remove_keys_not_in_schema( $item_value, $schema[ $key ][0] ); } else { // If the schema does not define a further structure, keep the value as is. $tree[ $key ][ $item_key ] = $item_value; } } } else { // If associative, process as a single object. $tree[ $key ] = self::remove_keys_not_in_schema( $value, $schema[ $key ] ); if ( empty( $tree[ $key ] ) ) { unset( $tree[ $key ] ); } } } } return $tree; } /** * Returns the existing settings for each block. * * Example: * * { * 'root': { * 'color': { * 'custom': true * } * }, * 'core/paragraph': { * 'spacing': { * 'customPadding': true * } * } * } * * @since 5.8.0 * * @return array Settings per block. */ public function get_settings() { if ( ! isset( $this->theme_json['settings'] ) ) { return array(); } else { return $this->theme_json['settings']; } } /** * Returns the stylesheet that results of processing * the theme.json structure this object represents. * * @since 5.8.0 * @since 5.9.0 Removed the `$type` parameter, added the `$types` and `$origins` parameters. * @since 6.3.0 Add fallback layout styles for Post Template when block gap support isn't available. * @since 6.6.0 Added boolean `skip_root_layout_styles` and `include_block_style_variations` options * to control styles output as desired. * * @param string[] $types Types of styles to load. Will load all by default. It accepts: * - `variables`: only the CSS Custom Properties for presets & custom ones. * - `styles`: only the styles section in theme.json. * - `presets`: only the classes for the presets. * - `base-layout-styles`: only the base layout styles. * - `custom-css`: only the custom CSS. * @param string[] $origins A list of origins to include. By default it includes VALID_ORIGINS. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type string $scope Makes sure all style are scoped to a given selector * @type string $root_selector Overwrites and forces a given selector to be used on the root node * @type bool $skip_root_layout_styles Omits root layout styles from the generated stylesheet. Default false. * @type bool $include_block_style_variations Includes styles for block style variations in the generated stylesheet. Default false. * } * @return string The resulting stylesheet. */ public function get_stylesheet( $types = array( 'variables', 'styles', 'presets' ), $origins = null, $options = array() ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } if ( is_string( $types ) ) { // Dispatch error and map old arguments to new ones. _deprecated_argument( __FUNCTION__, '5.9.0' ); if ( 'block_styles' === $types ) { $types = array( 'styles', 'presets' ); } elseif ( 'css_variables' === $types ) { $types = array( 'variables' ); } else { $types = array( 'variables', 'styles', 'presets' ); } } $blocks_metadata = static::get_blocks_metadata(); $style_nodes = static::get_style_nodes( $this->theme_json, $blocks_metadata, $options ); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $root_style_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $style_nodes, 'selector' ), true ); $root_settings_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $setting_nodes, 'selector' ), true ); if ( ! empty( $options['scope'] ) ) { foreach ( $setting_nodes as &$node ) { $node['selector'] = static::scope_selector( $options['scope'], $node['selector'] ); } foreach ( $style_nodes as &$node ) { $node = static::scope_style_node_selectors( $options['scope'], $node ); } unset( $node ); } if ( ! empty( $options['root_selector'] ) ) { if ( false !== $root_settings_key ) { $setting_nodes[ $root_settings_key ]['selector'] = $options['root_selector']; } if ( false !== $root_style_key ) { $style_nodes[ $root_style_key ]['selector'] = $options['root_selector']; } } $stylesheet = ''; if ( in_array( 'variables', $types, true ) ) { $stylesheet .= $this->get_css_variables( $setting_nodes, $origins ); } if ( in_array( 'styles', $types, true ) ) { if ( false !== $root_style_key && empty( $options['skip_root_layout_styles'] ) ) { $stylesheet .= $this->get_root_layout_rules( $style_nodes[ $root_style_key ]['selector'], $style_nodes[ $root_style_key ] ); } $stylesheet .= $this->get_block_classes( $style_nodes ); } elseif ( in_array( 'base-layout-styles', $types, true ) ) { $root_selector = static::ROOT_BLOCK_SELECTOR; $columns_selector = '.wp-block-columns'; $post_template_selector = '.wp-block-post-template'; if ( ! empty( $options['scope'] ) ) { $root_selector = static::scope_selector( $options['scope'], $root_selector ); $columns_selector = static::scope_selector( $options['scope'], $columns_selector ); $post_template_selector = static::scope_selector( $options['scope'], $post_template_selector ); } if ( ! empty( $options['root_selector'] ) ) { $root_selector = $options['root_selector']; } /* * Base layout styles are provided as part of `styles`, so only output separately if explicitly requested. * For backwards compatibility, the Columns block is explicitly included, to support a different default gap value. */ $base_styles_nodes = array( array( 'path' => array( 'styles' ), 'selector' => $root_selector, ), array( 'path' => array( 'styles', 'blocks', 'core/columns' ), 'selector' => $columns_selector, 'name' => 'core/columns', ), array( 'path' => array( 'styles', 'blocks', 'core/post-template' ), 'selector' => $post_template_selector, 'name' => 'core/post-template', ), ); foreach ( $base_styles_nodes as $base_style_node ) { $stylesheet .= $this->get_layout_styles( $base_style_node, $types ); } } if ( in_array( 'presets', $types, true ) ) { $stylesheet .= $this->get_preset_classes( $setting_nodes, $origins ); } // Load the custom CSS last so it has the highest specificity. if ( in_array( 'custom-css', $types, true ) ) { // Add the global styles root CSS. $stylesheet .= _wp_array_get( $this->theme_json, array( 'styles', 'css' ) ); } return $stylesheet; } /** * Processes the CSS, to apply nesting. * * @since 6.2.0 * @since 6.6.0 Enforced 0-1-0 specificity for block custom CSS selectors. * * @param string $css The CSS to process. * @param string $selector The selector to nest. * @return string The processed CSS. */ protected function process_blocks_custom_css( $css, $selector ) { $processed_css = ''; if ( empty( $css ) ) { return $processed_css; } // Split CSS nested rules. $parts = explode( '&', $css ); foreach ( $parts as $part ) { if ( empty( $part ) ) { continue; } $is_root_css = ( ! str_contains( $part, '{' ) ); if ( $is_root_css ) { // If the part doesn't contain braces, it applies to the root level. $processed_css .= ':root :where(' . trim( $selector ) . '){' . trim( $part ) . '}'; } else { // If the part contains braces, it's a nested CSS rule. $part = explode( '{', str_replace( '}', '', $part ) ); if ( count( $part ) !== 2 ) { continue; } $nested_selector = $part[0]; $css_value = $part[1]; /* * Handle pseudo elements such as ::before, ::after etc. Regex will also * capture any leading combinator such as >, +, or ~, as well as spaces. * This allows pseudo elements as descendants e.g. `.parent ::before`. */ $matches = array(); $has_pseudo_element = preg_match( '/([>+~\s]*::[a-zA-Z-]+)/', $nested_selector, $matches ); $pseudo_part = $has_pseudo_element ? $matches[1] : ''; $nested_selector = $has_pseudo_element ? str_replace( $pseudo_part, '', $nested_selector ) : $nested_selector; // Finalize selector and re-append pseudo element if required. $part_selector = str_starts_with( $nested_selector, ' ' ) ? static::scope_selector( $selector, $nested_selector ) : static::append_to_selector( $selector, $nested_selector ); $final_selector = ":root :where($part_selector)$pseudo_part"; $processed_css .= $final_selector . '{' . trim( $css_value ) . '}'; } } return $processed_css; } /** * Returns the global styles custom CSS. * * @since 6.2.0 * @deprecated 6.7.0 Use {@see 'get_stylesheet'} instead. * * @return string The global styles custom CSS. */ public function get_custom_css() { _deprecated_function( __METHOD__, '6.7.0', 'get_stylesheet' ); // Add the global styles root CSS. $stylesheet = isset( $this->theme_json['styles']['css'] ) ? $this->theme_json['styles']['css'] : ''; // Add the global styles block CSS. if ( isset( $this->theme_json['styles']['blocks'] ) ) { foreach ( $this->theme_json['styles']['blocks'] as $name => $node ) { $custom_block_css = isset( $this->theme_json['styles']['blocks'][ $name ]['css'] ) ? $this->theme_json['styles']['blocks'][ $name ]['css'] : null; if ( $custom_block_css ) { $selector = static::$blocks_metadata[ $name ]['selector']; $stylesheet .= $this->process_blocks_custom_css( $custom_block_css, $selector ); } } } return $stylesheet; } /** * Returns the page templates of the active theme. * * @since 5.9.0 * * @return array */ public function get_custom_templates() { $custom_templates = array(); if ( ! isset( $this->theme_json['customTemplates'] ) || ! is_array( $this->theme_json['customTemplates'] ) ) { return $custom_templates; } foreach ( $this->theme_json['customTemplates'] as $item ) { if ( isset( $item['name'] ) ) { $custom_templates[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'postTypes' => isset( $item['postTypes'] ) ? $item['postTypes'] : array( 'page' ), ); } } return $custom_templates; } /** * Returns the template part data of active theme. * * @since 5.9.0 * * @return array */ public function get_template_parts() { $template_parts = array(); if ( ! isset( $this->theme_json['templateParts'] ) || ! is_array( $this->theme_json['templateParts'] ) ) { return $template_parts; } foreach ( $this->theme_json['templateParts'] as $item ) { if ( isset( $item['name'] ) ) { $template_parts[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'area' => isset( $item['area'] ) ? $item['area'] : '', ); } } return $template_parts; } /** * Converts each style section into a list of rulesets * containing the block styles to be appended to the stylesheet. * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * style-property-one: value; * } * * @since 5.8.0 As `get_block_styles()`. * @since 5.9.0 Renamed from `get_block_styles()` to `get_block_classes()` * and no longer returns preset classes. * Removed the `$setting_nodes` parameter. * @since 6.1.0 Moved most internal logic to `get_styles_for_block()`. * * @param array $style_nodes Nodes with styles. * @return string The new stylesheet. */ protected function get_block_classes( $style_nodes ) { $block_rules = ''; foreach ( $style_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $block_rules .= static::get_styles_for_block( $metadata ); } return $block_rules; } /** * Gets the CSS layout rules for a particular block from theme.json layout definitions. * * @since 6.1.0 * @since 6.3.0 Reduced specificity for layout margin rules. * @since 6.5.1 Only output rules referencing content and wide sizes when values exist. * @since 6.5.3 Add types parameter to check if only base layout styles are needed. * @since 6.6.0 Updated layout style specificity to be compatible with overall 0-1-0 specificity in global styles. * * @param array $block_metadata Metadata about the block to get styles for. * @param array $types Optional. Types of styles to output. If empty, all styles will be output. * @return string Layout styles for the block. */ protected function get_layout_styles( $block_metadata, $types = array() ) { $block_rules = ''; $block_type = null; // Skip outputting layout styles if explicitly disabled. if ( current_theme_supports( 'disable-layout-styles' ) ) { return $block_rules; } if ( isset( $block_metadata['name'] ) ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block_metadata['name'] ); if ( ! block_has_support( $block_type, 'layout', false ) && ! block_has_support( $block_type, '__experimentalLayout', false ) ) { return $block_rules; } } $selector = isset( $block_metadata['selector'] ) ? $block_metadata['selector'] : ''; $has_block_gap_support = isset( $this->theme_json['settings']['spacing']['blockGap'] ); $has_fallback_gap_support = ! $has_block_gap_support; // This setting isn't useful yet: it exists as a placeholder for a future explicit fallback gap styles support. $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $layout_definitions = wp_get_layout_definitions(); $layout_selector_pattern = '/^[a-zA-Z0-9\-\.\,\ *+>:\(\)]*$/'; // Allow alphanumeric classnames, spaces, wildcard, sibling, child combinator and pseudo class selectors. /* * Gap styles will only be output if the theme has block gap support, or supports a fallback gap. * Default layout gap styles will be skipped for themes that do not explicitly opt-in to blockGap with a `true` or `false` value. */ if ( $has_block_gap_support || $has_fallback_gap_support ) { $block_gap_value = null; // Use a fallback gap value if block gap support is not available. if ( ! $has_block_gap_support ) { $block_gap_value = static::ROOT_BLOCK_SELECTOR === $selector ? '0.5em' : null; if ( ! empty( $block_type ) ) { $block_gap_value = isset( $block_type->supports['spacing']['blockGap']['__experimentalDefault'] ) ? $block_type->supports['spacing']['blockGap']['__experimentalDefault'] : null; } } else { $block_gap_value = static::get_property_value( $node, array( 'spacing', 'blockGap' ) ); } // Support split row / column values and concatenate to a shorthand value. if ( is_array( $block_gap_value ) ) { if ( isset( $block_gap_value['top'] ) && isset( $block_gap_value['left'] ) ) { $gap_row = static::get_property_value( $node, array( 'spacing', 'blockGap', 'top' ) ); $gap_column = static::get_property_value( $node, array( 'spacing', 'blockGap', 'left' ) ); $block_gap_value = $gap_row === $gap_column ? $gap_row : $gap_row . ' ' . $gap_column; } else { // Skip outputting gap value if not all sides are provided. $block_gap_value = null; } } // If the block should have custom gap, add the gap styles. if ( null !== $block_gap_value && false !== $block_gap_value && '' !== $block_gap_value ) { foreach ( $layout_definitions as $layout_definition_key => $layout_definition ) { // Allow outputting fallback gap styles for flex and grid layout types when block gap support isn't available. if ( ! $has_block_gap_support && 'flex' !== $layout_definition_key && 'grid' !== $layout_definition_key ) { continue; } $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $spacing_rules = isset( $layout_definition['spacingStyles'] ) ? $layout_definition['spacingStyles'] : array(); if ( ! empty( $class_name ) && ! empty( $spacing_rules ) ) { foreach ( $spacing_rules as $spacing_rule ) { $declarations = array(); if ( isset( $spacing_rule['selector'] ) && preg_match( $layout_selector_pattern, $spacing_rule['selector'] ) && ! empty( $spacing_rule['rules'] ) ) { // Iterate over each of the styling rules and substitute non-string values such as `null` with the real `blockGap` value. foreach ( $spacing_rule['rules'] as $css_property => $css_value ) { $current_css_value = is_string( $css_value ) ? $css_value : $block_gap_value; if ( static::is_safe_css_declaration( $css_property, $current_css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $current_css_value, ); } } if ( ! $has_block_gap_support ) { // For fallback gap styles, use lower specificity, to ensure styles do not unintentionally override theme styles. $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':where(.%2$s%3$s)' : ':where(%1$s.%2$s%3$s)'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } else { $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':root :where(.%2$s)%3$s' : ':root :where(%1$s-%2$s)%3$s'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } } // Output base styles. if ( static::ROOT_BLOCK_SELECTOR === $selector ) { $valid_display_modes = array( 'block', 'flex', 'grid' ); foreach ( $layout_definitions as $layout_definition ) { $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $base_style_rules = isset( $layout_definition['baseStyles'] ) ? $layout_definition['baseStyles'] : array(); if ( ! empty( $class_name ) && is_array( $base_style_rules ) ) { // Output display mode. This requires special handling as `display` is not exposed in `safe_style_css_filter`. if ( ! empty( $layout_definition['displayMode'] ) && is_string( $layout_definition['displayMode'] ) && in_array( $layout_definition['displayMode'], $valid_display_modes, true ) ) { $layout_selector = sprintf( '%s .%s', $selector, $class_name ); $block_rules .= static::to_ruleset( $layout_selector, array( array( 'name' => 'display', 'value' => $layout_definition['displayMode'], ), ) ); } foreach ( $base_style_rules as $base_style_rule ) { $declarations = array(); // Skip outputting base styles for flow and constrained layout types if theme doesn't support theme.json. The 'base-layout-styles' type flags this. if ( in_array( 'base-layout-styles', $types, true ) && ( 'default' === $layout_definition['name'] || 'constrained' === $layout_definition['name'] ) ) { continue; } if ( isset( $base_style_rule['selector'] ) && preg_match( $layout_selector_pattern, $base_style_rule['selector'] ) && ! empty( $base_style_rule['rules'] ) ) { foreach ( $base_style_rule['rules'] as $css_property => $css_value ) { // Skip rules that reference content size or wide size if they are not defined in the theme.json. if ( is_string( $css_value ) && ( str_contains( $css_value, '--global--content-size' ) || str_contains( $css_value, '--global--wide-size' ) ) && ! isset( $this->theme_json['settings']['layout']['contentSize'] ) && ! isset( $this->theme_json['settings']['layout']['wideSize'] ) ) { continue; } if ( static::is_safe_css_declaration( $css_property, $css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $css_value, ); } } $layout_selector = sprintf( '.%s%s', $class_name, $base_style_rule['selector'] ); $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } return $block_rules; } /** * Creates new rulesets as classes for each preset value such as: * * .has-value-color { * color: value; * } * * .has-value-background-color { * background-color: value; * } * * .has-value-font-size { * font-size: value; * } * * .has-value-gradient-background { * background: value; * } * * p.has-value-gradient-background { * background: value; * } * * @since 5.9.0 * * @param array $setting_nodes Nodes with settings. * @param string[] $origins List of origins to process presets from. * @return string The new stylesheet. */ protected function get_preset_classes( $setting_nodes, $origins ) { $preset_rules = ''; foreach ( $setting_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $preset_rules .= static::compute_preset_classes( $node, $selector, $origins ); } return $preset_rules; } /** * Converts each styles section into a list of rulesets * to be appended to the stylesheet. * These rulesets contain all the css variables (custom variables and preset variables). * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * --wp--preset--category--slug: value; * --wp--custom--variable: value; * } * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $nodes Nodes with settings. * @param string[] $origins List of origins to process. * @return string The new stylesheet. */ protected function get_css_variables( $nodes, $origins ) { $stylesheet = ''; foreach ( $nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $declarations = static::compute_preset_vars( $node, $origins ); $theme_vars_declarations = static::compute_theme_vars( $node ); foreach ( $theme_vars_declarations as $theme_vars_declaration ) { $declarations[] = $theme_vars_declaration; } $stylesheet .= static::to_ruleset( $selector, $declarations ); } return $stylesheet; } /** * Given a selector and a declaration list, * creates the corresponding ruleset. * * @since 5.8.0 * * @param string $selector CSS selector. * @param array $declarations List of declarations. * @return string The resulting CSS ruleset. */ protected static function to_ruleset( $selector, $declarations ) { if ( empty( $declarations ) ) { return ''; } $declaration_block = array_reduce( $declarations, static function ( $carry, $element ) { return $carry .= $element['name'] . ': ' . $element['value'] . ';'; }, '' ); return $selector . '{' . $declaration_block . '}'; } /** * Given a settings array, returns the generated rulesets * for the preset classes. * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * @since 6.6.0 Added check for root CSS properties selector. * * @param array $settings Settings to process. * @param string $selector Selector wrapping the classes. * @param string[] $origins List of origins to process. * @return string The result of processing the presets. */ protected static function compute_preset_classes( $settings, $selector, $origins ) { if ( static::ROOT_BLOCK_SELECTOR === $selector || static::ROOT_CSS_PROPERTIES_SELECTOR === $selector ) { /* * Classes at the global level do not need any CSS prefixed, * and we don't want to increase its specificity. */ $selector = ''; } $stylesheet = ''; foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['classes'] ) ) { continue; } $slugs = static::get_settings_slugs( $settings, $preset_metadata, $origins ); foreach ( $preset_metadata['classes'] as $class => $property ) { foreach ( $slugs as $slug ) { $css_var = static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ); $class_name = static::replace_slug_in_string( $class, $slug ); // $selector is often empty, so we can save ourselves the `append_to_selector()` call then. $new_selector = '' === $selector ? $class_name : static::append_to_selector( $selector, $class_name ); $stylesheet .= static::to_ruleset( $new_selector, array( array( 'name' => $property, 'value' => 'var(' . $css_var . ') !important', ), ) ); } } } return $stylesheet; } /** * Function that scopes a selector with another one. This works a bit like * SCSS nesting except the `&` operator isn't supported. * * <code> * $scope = '.a, .b .c'; * $selector = '> .x, .y'; * $merged = scope_selector( $scope, $selector ); * // $merged is '.a > .x, .a .y, .b .c > .x, .b .c .y' * </code> * * @since 5.9.0 * @since 6.6.0 Added early return if missing scope or selector. * * @param string $scope Selector to scope to. * @param string $selector Original selector. * @return string Scoped selector. */ public static function scope_selector( $scope, $selector ) { if ( ! $scope || ! $selector ) { return $selector; } $scopes = explode( ',', $scope ); $selectors = explode( ',', $selector ); $selectors_scoped = array(); foreach ( $scopes as $outer ) { foreach ( $selectors as $inner ) { $outer = trim( $outer ); $inner = trim( $inner ); if ( ! empty( $outer ) && ! empty( $inner ) ) { $selectors_scoped[] = $outer . ' ' . $inner; } elseif ( empty( $outer ) ) { $selectors_scoped[] = $inner; } elseif ( empty( $inner ) ) { $selectors_scoped[] = $outer; } } } $result = implode( ', ', $selectors_scoped ); return $result; } /** * Scopes the selectors for a given style node. * * This includes the primary selector, i.e. `$node['selector']`, as well as any custom * selectors for features and subfeatures, e.g. `$node['selectors']['border']` etc. * * @since 6.6.0 * * @param string $scope Selector to scope to. * @param array $node Style node with selectors to scope. * @return array Node with updated selectors. */ protected static function scope_style_node_selectors( $scope, $node ) { $node['selector'] = static::scope_selector( $scope, $node['selector'] ); if ( empty( $node['selectors'] ) ) { return $node; } foreach ( $node['selectors'] as $feature => $selector ) { if ( is_string( $selector ) ) { $node['selectors'][ $feature ] = static::scope_selector( $scope, $selector ); } if ( is_array( $selector ) ) { foreach ( $selector as $subfeature => $subfeature_selector ) { $node['selectors'][ $feature ][ $subfeature ] = static::scope_selector( $scope, $subfeature_selector ); } } } return $node; } /** * Gets preset values keyed by slugs based on settings and metadata. * * <code> * $settings = array( * 'typography' => array( * 'fontFamilies' => array( * array( * 'slug' => 'sansSerif', * 'fontFamily' => '"Helvetica Neue", sans-serif', * ), * array( * 'slug' => 'serif', * 'colors' => 'Georgia, serif', * ) * ), * ), * ); * $meta = array( * 'path' => array( 'typography', 'fontFamilies' ), * 'value_key' => 'fontFamily', * ); * $values_by_slug = get_settings_values_by_slug(); * // $values_by_slug === array( * // 'sans-serif' => '"Helvetica Neue", sans-serif', * // 'serif' => 'Georgia, serif', * // ); * </code> * * @since 5.9.0 * @since 6.6.0 Passing $settings to the callbacks defined in static::PRESETS_METADATA. * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where each key is a slug and each value is the preset value. */ protected static function get_settings_values_by_slug( $settings, $preset_metadata, $origins ) { $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); $value = ''; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value_key = $preset_metadata['value_key']; $value = $preset[ $value_key ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value_func = $preset_metadata['value_func']; $value = call_user_func( $value_func, $preset, $settings ); } else { // If we don't have a value, then don't add it to the result. continue; } $result[ $slug ] = $value; } } return $result; } /** * Similar to get_settings_values_by_slug, but doesn't compute the value. * * @since 5.9.0 * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where the key and value are both the slug. */ protected static function get_settings_slugs( $settings, $preset_metadata, $origins = null ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); // Use the array as a set so we don't get duplicates. $result[ $slug ] = $slug; } } return $result; } /** * Transforms a slug into a CSS Custom Property. * * @since 5.9.0 * * @param string $input String to replace. * @param string $slug The slug value to use to generate the custom property. * @return string The CSS Custom Property. Something along the lines of `--wp--preset--color--black`. */ protected static function replace_slug_in_string( $input, $slug ) { return strtr( $input, array( '$slug' => $slug ) ); } /** * Given the block settings, extracts the CSS Custom Properties * for the presets and adds them to the $declarations array * following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $settings Settings to process. * @param string[] $origins List of origins to process. * @return array The modified $declarations. */ protected static function compute_preset_vars( $settings, $origins ) { $declarations = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['css_vars'] ) ) { continue; } $values_by_slug = static::get_settings_values_by_slug( $settings, $preset_metadata, $origins ); foreach ( $values_by_slug as $slug => $value ) { $declarations[] = array( 'name' => static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ), 'value' => $value, ); } } return $declarations; } /** * Given an array of settings, extracts the CSS Custom Properties * for the custom values and adds them to the $declarations * array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * * @param array $settings Settings to process. * @return array The modified $declarations. */ protected static function compute_theme_vars( $settings ) { $declarations = array(); $custom_values = isset( $settings['custom'] ) ? $settings['custom'] : array(); $css_vars = static::flatten_tree( $custom_values ); foreach ( $css_vars as $key => $value ) { $declarations[] = array( 'name' => '--wp--custom--' . $key, 'value' => $value, ); } return $declarations; } /** * Given a tree, it creates a flattened one * by merging the keys and binding the leaf values * to the new keys. * * It also transforms camelCase names into kebab-case * and substitutes '/' by '-'. * * This is thought to be useful to generate * CSS Custom Properties from a tree, * although there's nothing in the implementation * of this function that requires that format. * * For example, assuming the given prefix is '--wp' * and the token is '--', for this input tree: * * { * 'some/property': 'value', * 'nestedProperty': { * 'sub-property': 'value' * } * } * * it'll return this output: * * { * '--wp--some-property': 'value', * '--wp--nested-property--sub-property': 'value' * } * * @since 5.8.0 * * @param array $tree Input tree to process. * @param string $prefix Optional. Prefix to prepend to each variable. Default empty string. * @param string $token Optional. Token to use between levels. Default '--'. * @return array The flattened tree. */ protected static function flatten_tree( $tree, $prefix = '', $token = '--' ) { $result = array(); foreach ( $tree as $property => $value ) { $new_key = $prefix . str_replace( '/', '-', strtolower( _wp_to_kebab_case( $property ) ) ); if ( is_array( $value ) ) { $new_prefix = $new_key . $token; $flattened_subtree = static::flatten_tree( $value, $new_prefix, $token ); foreach ( $flattened_subtree as $subtree_key => $subtree_value ) { $result[ $subtree_key ] = $subtree_value; } } else { $result[ $new_key ] = $value; } } return $result; } /** * Given a styles array, it extracts the style properties * and adds them to the $declarations array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value', * ) * * @since 5.8.0 * @since 5.9.0 Added the `$settings` and `$properties` parameters. * @since 6.1.0 Added `$theme_json`, `$selector`, and `$use_root_padding` parameters. * @since 6.5.0 Output a `min-height: unset` rule when `aspect-ratio` is set. * @since 6.6.0 Pass current theme JSON settings to wp_get_typography_font_size_value(), and process background properties. * @since 6.7.0 `ref` resolution of background properties, and assigning custom default values. * * @param array $styles Styles to process. * @param array $settings Theme settings. * @param array $properties Properties metadata. * @param array $theme_json Theme JSON array. * @param string $selector The style block selector. * @param boolean $use_root_padding Whether to add custom properties at root level. * @return array Returns the modified $declarations. */ protected static function compute_style_properties( $styles, $settings = array(), $properties = null, $theme_json = null, $selector = null, $use_root_padding = null ) { if ( empty( $styles ) ) { return array(); } if ( null === $properties ) { $properties = static::PROPERTIES_METADATA; } $declarations = array(); $root_variable_duplicates = array(); $root_style_length = strlen( '--wp--style--root--' ); foreach ( $properties as $css_property => $value_path ) { if ( ! is_array( $value_path ) ) { continue; } $is_root_style = str_starts_with( $css_property, '--wp--style--root--' ); if ( $is_root_style && ( static::ROOT_BLOCK_SELECTOR !== $selector || ! $use_root_padding ) ) { continue; } $value = static::get_property_value( $styles, $value_path, $theme_json ); /* * Root-level padding styles don't currently support strings with CSS shorthand values. * This may change: https://github.com/WordPress/gutenberg/issues/40132. */ if ( '--wp--style--root--padding' === $css_property && is_string( $value ) ) { continue; } if ( $is_root_style && $use_root_padding ) { $root_variable_duplicates[] = substr( $css_property, $root_style_length ); } /* * Processes background image styles. * If the value is a URL, it will be converted to a CSS `url()` value. * For uploaded image (images with a database ID), apply size and position defaults, * equal to those applied in block supports in lib/background.php. */ if ( 'background-image' === $css_property && ! empty( $value ) ) { $background_styles = wp_style_engine_get_styles( array( 'background' => array( 'backgroundImage' => $value ) ) ); $value = $background_styles['declarations'][ $css_property ]; } if ( empty( $value ) && static::ROOT_BLOCK_SELECTOR !== $selector && ! empty( $styles['background']['backgroundImage']['id'] ) ) { if ( 'background-size' === $css_property ) { $value = 'cover'; } // If the background size is set to `contain` and no position is set, set the position to `center`. if ( 'background-position' === $css_property ) { $background_size = $styles['background']['backgroundSize'] ?? null; $value = 'contain' === $background_size ? '50% 50%' : null; } } // Skip if empty and not "0" or value represents array of longhand values. $has_missing_value = empty( $value ) && ! is_numeric( $value ); if ( $has_missing_value || is_array( $value ) ) { continue; } /* * Look up protected properties, keyed by value path. * Skip protected properties that are explicitly set to `null`. */ $path_string = implode( '.', $value_path ); if ( isset( static::PROTECTED_PROPERTIES[ $path_string ] ) && _wp_array_get( $settings, static::PROTECTED_PROPERTIES[ $path_string ], null ) === null ) { continue; } // Calculates fluid typography rules where available. if ( 'font-size' === $css_property ) { /* * wp_get_typography_font_size_value() will check * if fluid typography has been activated and also * whether the incoming value can be converted to a fluid value. * Values that already have a clamp() function will not pass the test, * and therefore the original $value will be returned. * Pass the current theme_json settings to override any global settings. */ $value = wp_get_typography_font_size_value( array( 'size' => $value ), $settings ); } if ( 'aspect-ratio' === $css_property ) { // For aspect ratio to work, other dimensions rules must be unset. // This ensures that a fixed height does not override the aspect ratio. $declarations[] = array( 'name' => 'min-height', 'value' => 'unset', ); } $declarations[] = array( 'name' => $css_property, 'value' => $value, ); } // If a variable value is added to the root, the corresponding property should be removed. foreach ( $root_variable_duplicates as $duplicate ) { $discard = array_search( $duplicate, array_column( $declarations, 'name' ), true ); if ( is_numeric( $discard ) ) { array_splice( $declarations, $discard, 1 ); } } return $declarations; } /** * Returns the style property for the given path. * * It also converts references to a path to the value * stored at that location, e.g. * { "ref": "style.color.background" } => "#fff". * * @since 5.8.0 * @since 5.9.0 Added support for values of array type, which are returned as is. * @since 6.1.0 Added the `$theme_json` parameter. * @since 6.3.0 It no longer converts the internal format "var:preset|color|secondary" * to the standard form "--wp--preset--color--secondary". * This is already done by the sanitize method, * so every property will be in the standard form. * @since 6.7.0 Added support for background image refs. * * @param array $styles Styles subtree. * @param array $path Which property to process. * @param array $theme_json Theme JSON array. * @return string|array Style property value. */ protected static function get_property_value( $styles, $path, $theme_json = null ) { $value = _wp_array_get( $styles, $path, '' ); if ( '' === $value || null === $value ) { // No need to process the value further. return ''; } /* * This converts references to a path to the value at that path * where the value is an array with a "ref" key, pointing to a path. * For example: { "ref": "style.color.background" } => "#fff". * In the case of backgroundImage, if both a ref and a URL are present in the value, * the URL takes precedence and the ref is ignored. */ if ( is_array( $value ) && isset( $value['ref'] ) ) { $value_path = explode( '.', $value['ref'] ); $ref_value = _wp_array_get( $theme_json, $value_path ); // Background Image refs can refer to a string or an array containing a URL string. $ref_value_url = $ref_value['url'] ?? null; // Only use the ref value if we find anything. if ( ! empty( $ref_value ) && ( is_string( $ref_value ) || is_string( $ref_value_url ) ) ) { $value = $ref_value; } if ( is_array( $ref_value ) && isset( $ref_value['ref'] ) ) { $path_string = json_encode( $path ); $ref_value_string = json_encode( $ref_value ); _doing_it_wrong( 'get_property_value', sprintf( /* translators: 1: theme.json, 2: Value name, 3: Value path, 4: Another value name. */ __( 'Your %1$s file uses a dynamic value (%2$s) for the path at %3$s. However, the value at %3$s is also a dynamic value (pointing to %4$s) and pointing to another dynamic value is not supported. Please update %3$s to point directly to %4$s.' ), 'theme.json', $ref_value_string, $path_string, $ref_value['ref'] ), '6.1.0' ); } } if ( is_array( $value ) ) { return $value; } return $value; } /** * Builds metadata for the setting nodes, which returns in the form of: * * [ * [ * 'path' => ['path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node' * ], * [ * 'path' => [ 'path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node' * ], * ] * * @since 5.8.0 * * @param array $theme_json The tree to extract setting nodes from. * @param array $selectors List of selectors per block. * @return array An array of setting nodes metadata. */ protected static function get_setting_nodes( $theme_json, $selectors = array() ) { $nodes = array(); if ( ! isset( $theme_json['settings'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'settings' ), 'selector' => static::ROOT_CSS_PROPERTIES_SELECTOR, ); // Calculate paths for blocks. if ( ! isset( $theme_json['settings']['blocks'] ) ) { return $nodes; } foreach ( $theme_json['settings']['blocks'] as $name => $node ) { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $nodes[] = array( 'path' => array( 'settings', 'blocks', $name ), 'selector' => $selector, ); } return $nodes; } /** * Builds metadata for the style nodes, which returns in the form of: * * [ * [ * 'path' => [ 'path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node', * 'duotone' => 'CSS selector for duotone for some node' * ], * [ * 'path' => ['path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node', * 'duotone' => null * ], * ] * * @since 5.8.0 * @since 6.6.0 Added options array for modifying generated nodes. * * @param array $theme_json The tree to extract style nodes from. * @param array $selectors List of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Includes style nodes for block style variations. Default false. * } * @return array An array of style nodes metadata. */ protected static function get_style_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'styles' ), 'selector' => static::ROOT_BLOCK_SELECTOR, ); if ( isset( $theme_json['styles']['elements'] ) ) { foreach ( self::ELEMENTS as $element => $selector ) { if ( ! isset( $theme_json['styles']['elements'][ $element ] ) ) { continue; } $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::ELEMENTS[ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['elements'][ $element ][ $pseudo_selector ] ) ) { $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::append_to_selector( static::ELEMENTS[ $element ], $pseudo_selector ), ); } } } } } // Blocks. if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $block_nodes = static::get_block_nodes( $theme_json, $selectors, $options ); foreach ( $block_nodes as $block_node ) { $nodes[] = $block_node; } /** * Filters the list of style nodes with metadata. * * This allows for things like loading block CSS independently. * * @since 6.1.0 * * @param array $nodes Style nodes with metadata. */ return apply_filters( 'wp_theme_json_get_style_nodes', $nodes ); } /** * A public helper to get the block nodes from a theme.json file. * * @since 6.1.0 * * @return array The block nodes in theme.json. */ public function get_styles_block_nodes() { return static::get_block_nodes( $this->theme_json ); } /** * Returns a filtered declarations array if there is a separator block with only a background * style defined in theme.json by adding a color attribute to reflect the changes in the front. * * @since 6.1.1 * * @param array $declarations List of declarations. * @return array $declarations List of declarations filtered. */ private static function update_separator_declarations( $declarations ) { $background_color = ''; $border_color_matches = false; $text_color_matches = false; foreach ( $declarations as $declaration ) { if ( 'background-color' === $declaration['name'] && ! $background_color && isset( $declaration['value'] ) ) { $background_color = $declaration['value']; } elseif ( 'border-color' === $declaration['name'] ) { $border_color_matches = true; } elseif ( 'color' === $declaration['name'] ) { $text_color_matches = true; } if ( $background_color && $border_color_matches && $text_color_matches ) { break; } } if ( $background_color && ! $border_color_matches && ! $text_color_matches ) { $declarations[] = array( 'name' => 'color', 'value' => $background_color, ); } return $declarations; } /** * An internal method to get the block nodes from a theme.json file. * * @since 6.1.0 * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Added optional selectors and options for generating block nodes. * @since 6.7.0 Added $include_node_paths_only option. * * @param array $theme_json The theme.json converted to an array. * @param array $selectors Optional list of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Include nodes for block style variations. Default false. * @type bool $include_node_paths_only Return only block nodes node paths. Default false. * } * @return array The block nodes in theme.json. */ private static function get_block_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $include_variations = $options['include_block_style_variations'] ?? false; $include_node_paths_only = $options['include_node_paths_only'] ?? false; // If only node paths are to be returned, skip selector assignment. if ( ! $include_node_paths_only ) { $selectors = empty( $selectors ) ? static::get_blocks_metadata() : $selectors; } foreach ( $theme_json['styles']['blocks'] as $name => $node ) { $node_path = array( 'styles', 'blocks', $name ); if ( $include_node_paths_only ) { $variation_paths = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $variation_node ) { $variation_paths[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), ); } } $node = array( 'path' => $node_path, ); if ( ! empty( $variation_paths ) ) { $node['variations'] = $variation_paths; } $nodes[] = $node; } else { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $duotone_selector = null; if ( isset( $selectors[ $name ]['duotone'] ) ) { $duotone_selector = $selectors[ $name ]['duotone']; } $feature_selectors = null; if ( isset( $selectors[ $name ]['selectors'] ) ) { $feature_selectors = $selectors[ $name ]['selectors']; } $variation_selectors = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $node ) { $variation_selectors[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), 'selector' => $selectors[ $name ]['styleVariations'][ $variation ], ); } } $nodes[] = array( 'name' => $name, 'path' => $node_path, 'selector' => $selector, 'selectors' => $feature_selectors, 'duotone' => $duotone_selector, 'features' => $feature_selectors, 'variations' => $variation_selectors, 'css' => $selector, ); } if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'] ) ) { foreach ( $theme_json['styles']['blocks'][ $name ]['elements'] as $element => $node ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); if ( $include_node_paths_only ) { $nodes[] = array( 'path' => $node_path, ); continue; } $nodes[] = array( 'path' => $node_path, 'selector' => $selectors[ $name ]['elements'][ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'][ $element ][ $pseudo_selector ] ) ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); $nodes[] = array( 'path' => $node_path, 'selector' => static::append_to_selector( $selectors[ $name ]['elements'][ $element ], $pseudo_selector ), ); } } } } } } return $nodes; } /** * Gets the CSS rules for a particular block from theme.json. * * @since 6.1.0 * @since 6.6.0 Setting a min-height of HTML when root styles have a background gradient or image. * Updated general global styles specificity to 0-1-0. * Fixed custom CSS output in block style variations. * * @param array $block_metadata Metadata about the block to get styles for. * @return string Styles for the block. */ public function get_styles_for_block( $block_metadata ) { $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; $selector = $block_metadata['selector']; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $feature_declarations = static::get_feature_declarations_for_node( $block_metadata, $node ); $is_root_selector = static::ROOT_BLOCK_SELECTOR === $selector; // If there are style variations, generate the declarations for them, including any feature selectors the block may have. $style_variation_declarations = array(); $style_variation_custom_css = array(); if ( ! empty( $block_metadata['variations'] ) ) { foreach ( $block_metadata['variations'] as $style_variation ) { $style_variation_node = _wp_array_get( $this->theme_json, $style_variation['path'], array() ); $clean_style_variation_selector = trim( $style_variation['selector'] ); // Generate any feature/subfeature style declarations for the current style variation. $variation_declarations = static::get_feature_declarations_for_node( $block_metadata, $style_variation_node ); // Combine selectors with style variation's selector and add to overall style variation declarations. foreach ( $variation_declarations as $current_selector => $new_declarations ) { /* * Clean up any whitespace between comma separated selectors. * This prevents these spaces breaking compound selectors such as: * - `.wp-block-list:not(.wp-block-list .wp-block-list)` * - `.wp-block-image img, .wp-block-image.my-class img` */ $clean_current_selector = preg_replace( '/,\s+/', ',', $current_selector ); $shortened_selector = str_replace( $block_metadata['selector'], '', $clean_current_selector ); // Prepend the variation selector to the current selector. $split_selectors = explode( ',', $shortened_selector ); $updated_selectors = array_map( static function ( $split_selector ) use ( $clean_style_variation_selector ) { return $clean_style_variation_selector . $split_selector; }, $split_selectors ); $combined_selectors = implode( ',', $updated_selectors ); // Add the new declarations to the overall results under the modified selector. $style_variation_declarations[ $combined_selectors ] = $new_declarations; } // Compute declarations for remaining styles not covered by feature level selectors. $style_variation_declarations[ $style_variation['selector'] ] = static::compute_style_properties( $style_variation_node, $settings, null, $this->theme_json ); // Store custom CSS for the style variation. if ( isset( $style_variation_node['css'] ) ) { $style_variation_custom_css[ $style_variation['selector'] ] = $this->process_blocks_custom_css( $style_variation_node['css'], $style_variation['selector'] ); } } } /* * Get a reference to element name from path. * $block_metadata['path'] = array( 'styles','elements','link' ); * Make sure that $block_metadata['path'] describes an element node, like [ 'styles', 'element', 'link' ]. * Skip non-element paths like just ['styles']. */ $is_processing_element = in_array( 'elements', $block_metadata['path'], true ); $current_element = $is_processing_element ? $block_metadata['path'][ count( $block_metadata['path'] ) - 1 ] : null; $element_pseudo_allowed = array(); if ( isset( $current_element, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { $element_pseudo_allowed = static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ]; } /* * Check for allowed pseudo classes (e.g. ":hover") from the $selector ("a:hover"). * This also resets the array keys. */ $pseudo_matches = array_values( array_filter( $element_pseudo_allowed, static function ( $pseudo_selector ) use ( $selector ) { /* * Check if the pseudo selector is in the current selector, * ensuring it is not followed by a dash (e.g., :focus should not match :focus-visible). */ return preg_match( '/' . preg_quote( $pseudo_selector, '/' ) . '(?!-)/', $selector ) === 1; } ) ); $pseudo_selector = isset( $pseudo_matches[0] ) ? $pseudo_matches[0] : null; /* * If the current selector is a pseudo selector that's defined in the allow list for the current * element then compute the style properties for it. * Otherwise just compute the styles for the default selector as normal. */ if ( $pseudo_selector && isset( $node[ $pseudo_selector ] ) && isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) && in_array( $pseudo_selector, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ], true ) ) { $declarations = static::compute_style_properties( $node[ $pseudo_selector ], $settings, null, $this->theme_json, $selector, $use_root_padding ); } else { $declarations = static::compute_style_properties( $node, $settings, null, $this->theme_json, $selector, $use_root_padding ); } $block_rules = ''; /* * 1. Bespoke declaration modifiers: * - 'filter': Separate the declarations that use the general selector * from the ones using the duotone selector. * - 'background|background-image': set the html min-height to 100% * to ensure the background covers the entire viewport. */ $declarations_duotone = array(); $should_set_root_min_height = false; foreach ( $declarations as $index => $declaration ) { if ( 'filter' === $declaration['name'] ) { /* * 'unset' filters happen when a filter is unset * in the site-editor UI. Because the 'unset' value * in the user origin overrides the value in the * theme origin, we can skip rendering anything * here as no filter needs to be applied anymore. * So only add declarations to with values other * than 'unset'. */ if ( 'unset' !== $declaration['value'] ) { $declarations_duotone[] = $declaration; } unset( $declarations[ $index ] ); } if ( $is_root_selector && ( 'background-image' === $declaration['name'] || 'background' === $declaration['name'] ) ) { $should_set_root_min_height = true; } } /* * If root styles has a background-image or a background (gradient) set, * set the min-height to '100%'. Minus `--wp-admin--admin-bar--height` for logged-in view. * Setting the CSS rule on the HTML tag ensures background gradients and images behave similarly, * and matches the behavior of the site editor. */ if ( $should_set_root_min_height ) { $block_rules .= static::to_ruleset( 'html', array( array( 'name' => 'min-height', 'value' => 'calc(100% - var(--wp-admin--admin-bar--height, 0px))', ), ) ); } // Update declarations if there are separators with only background color defined. if ( '.wp-block-separator' === $selector ) { $declarations = static::update_separator_declarations( $declarations ); } /* * Root selector (body) styles should not be wrapped in `:root where()` to keep * specificity at (0,0,1) and maintain backwards compatibility. * * Top-level element styles using element-only specificity selectors should * not get wrapped in `:root :where()` to maintain backwards compatibility. * * Pseudo classes, e.g. :hover, :focus etc., are a class-level selector so * still need to be wrapped in `:root :where` to cap specificity for nested * variations etc. Pseudo selectors won't match the ELEMENTS selector exactly. */ $element_only_selector = $is_root_selector || ( $current_element && isset( static::ELEMENTS[ $current_element ] ) && // buttons, captions etc. still need `:root :where()` as they are class based selectors. ! isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $current_element ] ) && static::ELEMENTS[ $current_element ] === $selector ); // 2. Generate and append the rules that use the general selector. $general_selector = $element_only_selector ? $selector : ":root :where($selector)"; $block_rules .= static::to_ruleset( $general_selector, $declarations ); // 3. Generate and append the rules that use the duotone selector. if ( isset( $block_metadata['duotone'] ) && ! empty( $declarations_duotone ) ) { $block_rules .= static::to_ruleset( $block_metadata['duotone'], $declarations_duotone ); } // 4. Generate Layout block gap styles. if ( ! $is_root_selector && ! empty( $block_metadata['name'] ) ) { $block_rules .= $this->get_layout_styles( $block_metadata ); } // 5. Generate and append the feature level rulesets. foreach ( $feature_declarations as $feature_selector => $individual_feature_declarations ) { $block_rules .= static::to_ruleset( ":root :where($feature_selector)", $individual_feature_declarations ); } // 6. Generate and append the style variation rulesets. foreach ( $style_variation_declarations as $style_variation_selector => $individual_style_variation_declarations ) { $block_rules .= static::to_ruleset( ":root :where($style_variation_selector)", $individual_style_variation_declarations ); if ( isset( $style_variation_custom_css[ $style_variation_selector ] ) ) { $block_rules .= $style_variation_custom_css[ $style_variation_selector ]; } } // 7. Generate and append any custom CSS rules. if ( isset( $node['css'] ) && ! $is_root_selector ) { $block_rules .= $this->process_blocks_custom_css( $node['css'], $selector ); } return $block_rules; } /** * Outputs the CSS for layout rules on the root. * * @since 6.1.0 * @since 6.6.0 Use `ROOT_CSS_PROPERTIES_SELECTOR` for CSS custom properties and improved consistency of root padding rules. * Updated specificity of body margin reset and first/last child selectors. * * @param string $selector The root node selector. * @param array $block_metadata The metadata for the root block. * @return string The additional root rules CSS. */ public function get_root_layout_rules( $selector, $block_metadata ) { $css = ''; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; /* * If there are content and wide widths in theme.json, output them * as custom properties on the body element so all blocks can use them. */ if ( isset( $settings['layout']['contentSize'] ) || isset( $settings['layout']['wideSize'] ) ) { $content_size = isset( $settings['layout']['contentSize'] ) ? $settings['layout']['contentSize'] : $settings['layout']['wideSize']; $content_size = static::is_safe_css_declaration( 'max-width', $content_size ) ? $content_size : 'initial'; $wide_size = isset( $settings['layout']['wideSize'] ) ? $settings['layout']['wideSize'] : $settings['layout']['contentSize']; $wide_size = static::is_safe_css_declaration( 'max-width', $wide_size ) ? $wide_size : 'initial'; $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . ' { --wp--style--global--content-size: ' . $content_size . ';'; $css .= '--wp--style--global--wide-size: ' . $wide_size . '; }'; } /* * Reset default browser margin on the body element. * This is set on the body selector **before** generating the ruleset * from the `theme.json`. This is to ensure that if the `theme.json` declares * `margin` in its `spacing` declaration for the `body` element then these * user-generated values take precedence in the CSS cascade. * @link https://github.com/WordPress/gutenberg/issues/36147. */ $css .= ':where(body) { margin: 0; }'; if ( $use_root_padding ) { // Top and bottom padding are applied to the outer block container. $css .= '.wp-site-blocks { padding-top: var(--wp--style--root--padding-top); padding-bottom: var(--wp--style--root--padding-bottom); }'; // Right and left padding are applied to the first container with `.has-global-padding` class. $css .= '.has-global-padding { padding-right: var(--wp--style--root--padding-right); padding-left: var(--wp--style--root--padding-left); }'; // Alignfull children of the container with left and right padding have negative margins so they can still be full width. $css .= '.has-global-padding > .alignfull { margin-right: calc(var(--wp--style--root--padding-right) * -1); margin-left: calc(var(--wp--style--root--padding-left) * -1); }'; // Nested children of the container with left and right padding that are not full aligned do not get padding, unless they are direct children of an alignfull flow container. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) { padding-right: 0; padding-left: 0; }'; // Alignfull direct children of the containers that are targeted by the rule above do not need negative margins. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) > .alignfull { margin-left: 0; margin-right: 0; }'; } $css .= '.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }'; $css .= '.wp-site-blocks > .alignright { float: right; margin-left: 2em; }'; $css .= '.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }'; // Block gap styles will be output unless explicitly set to `null`. See static::PROTECTED_PROPERTIES. if ( isset( $this->theme_json['settings']['spacing']['blockGap'] ) ) { $block_gap_value = static::get_property_value( $this->theme_json, array( 'styles', 'spacing', 'blockGap' ) ); $css .= ":where(.wp-site-blocks) > * { margin-block-start: $block_gap_value; margin-block-end: 0; }"; $css .= ':where(.wp-site-blocks) > :first-child { margin-block-start: 0; }'; $css .= ':where(.wp-site-blocks) > :last-child { margin-block-end: 0; }'; // For backwards compatibility, ensure the legacy block gap CSS variable is still available. $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . " { --wp--style--block-gap: $block_gap_value; }"; } $css .= $this->get_layout_styles( $block_metadata ); return $css; } /** * For metadata values that can either be booleans or paths to booleans, gets the value. * * $data = array( * 'color' => array( * 'defaultPalette' => true * ) * ); * * static::get_metadata_boolean( $data, false ); * // => false * * static::get_metadata_boolean( $data, array( 'color', 'defaultPalette' ) ); * // => true * * @since 6.0.0 * * @param array $data The data to inspect. * @param bool|array $path Boolean or path to a boolean. * @param bool $default_value Default value if the referenced path is missing. * Default false. * @return bool Value of boolean metadata. */ protected static function get_metadata_boolean( $data, $path, $default_value = false ) { if ( is_bool( $path ) ) { return $path; } if ( is_array( $path ) ) { $value = _wp_array_get( $data, $path ); if ( null !== $value ) { return $value; } } return $default_value; } /** * Merges new incoming data. * * @since 5.8.0 * @since 5.9.0 Duotone preset also has origins. * @since 6.7.0 Replace background image objects during merge. * * @param WP_Theme_JSON $incoming Data to merge. */ public function merge( $incoming ) { $incoming_data = $incoming->get_raw_data(); $this->theme_json = array_replace_recursive( $this->theme_json, $incoming_data ); /* * Recompute all the spacing sizes based on the new hierarchy of data. In the constructor * spacingScale and spacingSizes are both keyed by origin and VALID_ORIGINS is ordered, so * we can allow partial spacingScale data to inherit missing data from earlier layers when * computing the spacing sizes. * * This happens before the presets are merged to ensure that default spacing sizes can be * removed from the theme origin if $prevent_override is true. */ $flattened_spacing_scale = array(); foreach ( static::VALID_ORIGINS as $origin ) { $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); // Apply the base spacing scale to the current layer. $base_spacing_scale = _wp_array_get( $this->theme_json, $scale_path, array() ); $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $base_spacing_scale ); $spacing_scale = _wp_array_get( $incoming_data, $scale_path, null ); if ( ! isset( $spacing_scale ) ) { continue; } // Allow partial scale settings by merging with lower layers. $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $spacing_scale ); // Generate and merge the scales for this layer. $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $incoming_data, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $flattened_spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $incoming_data, $sizes_path, $merged_spacing_sizes ); } /* * The array_replace_recursive algorithm merges at the leaf level, * but we don't want leaf arrays to be merged, so we overwrite it. * * For leaf values that are sequential arrays it will use the numeric indexes for replacement. * We rather replace the existing with the incoming value, if it exists. * This is the case of spacing.units. * * For leaf values that are associative arrays it will merge them as expected. * This is also not the behavior we want for the current associative arrays (presets). * We rather replace the existing with the incoming value, if it exists. * This happens, for example, when we merge data from theme.json upon existing * theme supports or when we merge anything coming from the same source twice. * This is the case of color.palette, color.gradients, color.duotone, * typography.fontSizes, or typography.fontFamilies. * * Additionally, for some preset types, we also want to make sure the * values they introduce don't conflict with default values. We do so * by checking the incoming slugs for theme presets and compare them * with the equivalent default presets: if a slug is present as a default * we remove it from the theme presets. */ $nodes = static::get_setting_nodes( $incoming_data ); $slugs_global = static::get_default_slugs( $this->theme_json, array( 'settings' ) ); foreach ( $nodes as $node ) { // Replace the spacing.units. $path = $node['path']; $path[] = 'spacing'; $path[] = 'units'; $content = _wp_array_get( $incoming_data, $path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $path, $content ); } // Replace the presets. foreach ( static::PRESETS_METADATA as $preset_metadata ) { $prevent_override = $preset_metadata['prevent_override']; if ( is_array( $prevent_override ) ) { $global_path = array_merge( array( 'settings' ), $prevent_override ); $global_value = _wp_array_get( $this->theme_json, $global_path, null ); $node_level_path = array_merge( $node['path'], $prevent_override ); $prevent_override = _wp_array_get( $this->theme_json, $node_level_path, $global_value ); } foreach ( static::VALID_ORIGINS as $origin ) { $base_path = $node['path']; foreach ( $preset_metadata['path'] as $leaf ) { $base_path[] = $leaf; } $path = $base_path; $path[] = $origin; $content = _wp_array_get( $incoming_data, $path, null ); if ( ! isset( $content ) ) { continue; } // Set names for theme presets based on the slug if they are not set and can use default names. if ( 'theme' === $origin && $preset_metadata['use_default_names'] ) { foreach ( $content as $key => $item ) { if ( ! isset( $item['name'] ) ) { $name = static::get_name_from_defaults( $item['slug'], $base_path ); if ( null !== $name ) { $content[ $key ]['name'] = $name; } } } } // Filter out default slugs from theme presets when defaults should not be overridden. if ( 'theme' === $origin && $prevent_override ) { $slugs_node = static::get_default_slugs( $this->theme_json, $node['path'] ); $preset_global = _wp_array_get( $slugs_global, $preset_metadata['path'], array() ); $preset_node = _wp_array_get( $slugs_node, $preset_metadata['path'], array() ); $preset_slugs = array_merge_recursive( $preset_global, $preset_node ); $content = static::filter_slugs( $content, $preset_slugs ); } _wp_array_set( $this->theme_json, $path, $content ); } } } /* * Style values are merged at the leaf level, however * some values provide exceptions, namely style values that are * objects and represent unique definitions for the style. */ $style_nodes = static::get_block_nodes( $this->theme_json, array(), array( 'include_node_paths_only' => true ) ); // Add top-level styles. $style_nodes[] = array( 'path' => array( 'styles' ) ); foreach ( $style_nodes as $style_node ) { $path = $style_node['path']; /* * Background image styles should be replaced, not merged, * as they themselves are specific object definitions for the style. */ $background_image_path = array_merge( $path, static::PROPERTIES_METADATA['background-image'] ); $content = _wp_array_get( $incoming_data, $background_image_path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $background_image_path, $content ); } } } /** * Converts all filter (duotone) presets into SVGs. * * @since 5.9.1 * * @param array $origins List of origins to process. * @return string SVG filters. */ public function get_svg_filters( $origins ) { $blocks_metadata = static::get_blocks_metadata(); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $filters = ''; foreach ( $setting_nodes as $metadata ) { $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); if ( empty( $node['color']['duotone'] ) ) { continue; } $duotone_presets = $node['color']['duotone']; foreach ( $origins as $origin ) { if ( ! isset( $duotone_presets[ $origin ] ) ) { continue; } foreach ( $duotone_presets[ $origin ] as $duotone_preset ) { $filters .= WP_Duotone::get_filter_svg_from_preset( $duotone_preset ); } } } return $filters; } /** * Determines whether a presets should be overridden or not. * * @since 5.9.0 * @deprecated 6.0.0 Use {@see 'get_metadata_boolean'} instead. * * @param array $theme_json The theme.json like structure to inspect. * @param array $path Path to inspect. * @param bool|array $override Data to compute whether to override the preset. * @return bool */ protected static function should_override_preset( $theme_json, $path, $override ) { _deprecated_function( __METHOD__, '6.0.0', 'get_metadata_boolean' ); if ( is_bool( $override ) ) { return $override; } /* * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults. */ if ( is_array( $override ) ) { $value = _wp_array_get( $theme_json, array_merge( $path, $override ) ); if ( isset( $value ) ) { return ! $value; } // Search the top-level key if none was found for this node. $value = _wp_array_get( $theme_json, array_merge( array( 'settings' ), $override ) ); if ( isset( $value ) ) { return ! $value; } return true; } } /** * Returns the default slugs for all the presets in an associative array * whose keys are the preset paths and the leaves is the list of slugs. * * For example: * * array( * 'color' => array( * 'palette' => array( 'slug-1', 'slug-2' ), * 'gradients' => array( 'slug-3', 'slug-4' ), * ), * ) * * @since 5.9.0 * * @param array $data A theme.json like structure. * @param array $node_path The path to inspect. It's 'settings' by default. * @return array */ protected static function get_default_slugs( $data, $node_path ) { $slugs = array(); foreach ( static::PRESETS_METADATA as $metadata ) { $path = $node_path; foreach ( $metadata['path'] as $leaf ) { $path[] = $leaf; } $path[] = 'default'; $preset = _wp_array_get( $data, $path, null ); if ( ! isset( $preset ) ) { continue; } $slugs_for_preset = array(); foreach ( $preset as $item ) { if ( isset( $item['slug'] ) ) { $slugs_for_preset[] = $item['slug']; } } _wp_array_set( $slugs, $metadata['path'], $slugs_for_preset ); } return $slugs; } /** * Gets a `default`'s preset name by a provided slug. * * @since 5.9.0 * * @param string $slug The slug we want to find a match from default presets. * @param array $base_path The path to inspect. It's 'settings' by default. * @return string|null */ protected function get_name_from_defaults( $slug, $base_path ) { $path = $base_path; $path[] = 'default'; $default_content = _wp_array_get( $this->theme_json, $path, null ); if ( ! $default_content ) { return null; } foreach ( $default_content as $item ) { if ( $slug === $item['slug'] ) { return $item['name']; } } return null; } /** * Removes the preset values whose slug is equal to any of given slugs. * * @since 5.9.0 * * @param array $node The node with the presets to validate. * @param array $slugs The slugs that should not be overridden. * @return array The new node. */ protected static function filter_slugs( $node, $slugs ) { if ( empty( $slugs ) ) { return $node; } $new_node = array(); foreach ( $node as $value ) { if ( isset( $value['slug'] ) && ! in_array( $value['slug'], $slugs, true ) ) { $new_node[] = $value; } } return $new_node; } /** * Removes insecure data from theme.json. * * @since 5.9.0 * @since 6.3.2 Preserves global styles block variations when securing styles. * @since 6.6.0 Updated to allow variation element styles and $origin parameter. * * @param array $theme_json Structure to sanitize. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. * @return array Sanitized structure. */ public static function remove_insecure_properties( $theme_json, $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $sanitized = array(); $theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $theme_json = static::sanitize( $theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $blocks_metadata = static::get_blocks_metadata(); $style_options = array( 'include_block_style_variations' => true ); // Allow variations data. $style_nodes = static::get_style_nodes( $theme_json, $blocks_metadata, $style_options ); foreach ( $style_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } // The global styles custom CSS is not sanitized, but can only be edited by users with 'edit_css' capability. if ( isset( $input['css'] ) && current_user_can( 'edit_css' ) ) { $output = $input; } else { $output = static::remove_insecure_styles( $input ); } /* * Get a reference to element name from path. * $metadata['path'] = array( 'styles', 'elements', 'link' ); */ $current_element = $metadata['path'][ count( $metadata['path'] ) - 1 ]; /* * $output is stripped of pseudo selectors. Re-add and process them * or insecure styles here. */ if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] as $pseudo_selector ) { if ( isset( $input[ $pseudo_selector ] ) ) { $output[ $pseudo_selector ] = static::remove_insecure_styles( $input[ $pseudo_selector ] ); } } } if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } if ( isset( $metadata['variations'] ) ) { foreach ( $metadata['variations'] as $variation ) { $variation_input = _wp_array_get( $theme_json, $variation['path'], array() ); if ( empty( $variation_input ) ) { continue; } $variation_output = static::remove_insecure_styles( $variation_input ); if ( isset( $variation_input['blocks'] ) ) { $variation_output['blocks'] = static::remove_insecure_inner_block_styles( $variation_input['blocks'] ); } if ( isset( $variation_input['elements'] ) ) { $variation_output['elements'] = static::remove_insecure_element_styles( $variation_input['elements'] ); } if ( ! empty( $variation_output ) ) { _wp_array_set( $sanitized, $variation['path'], $variation_output ); } } } } $setting_nodes = static::get_setting_nodes( $theme_json ); foreach ( $setting_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } $output = static::remove_insecure_settings( $input ); if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } } if ( empty( $sanitized['styles'] ) ) { unset( $theme_json['styles'] ); } else { $theme_json['styles'] = $sanitized['styles']; } if ( empty( $sanitized['settings'] ) ) { unset( $theme_json['settings'] ); } else { $theme_json['settings'] = $sanitized['settings']; } return $theme_json; } /** * Remove insecure element styles within a variation or block. * * @since 6.8.0 * * @param array $elements The elements to process. * @return array The sanitized elements styles. */ protected static function remove_insecure_element_styles( $elements ) { $sanitized = array(); $valid_element_names = array_keys( static::ELEMENTS ); foreach ( $valid_element_names as $element_name ) { $element_input = $elements[ $element_name ] ?? null; if ( $element_input ) { $element_output = static::remove_insecure_styles( $element_input ); if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] as $pseudo_selector ) { if ( isset( $element_input[ $pseudo_selector ] ) ) { $element_output[ $pseudo_selector ] = static::remove_insecure_styles( $element_input[ $pseudo_selector ] ); } } } $sanitized[ $element_name ] = $element_output; } } return $sanitized; } /** * Remove insecure styles from inner blocks and their elements. * * @since 6.8.0 * * @param array $blocks The block styles to process. * @return array Sanitized block type styles. */ protected static function remove_insecure_inner_block_styles( $blocks ) { $sanitized = array(); foreach ( $blocks as $block_type => $block_input ) { $block_output = static::remove_insecure_styles( $block_input ); if ( isset( $block_input['elements'] ) ) { $block_output['elements'] = static::remove_insecure_element_styles( $block_input['elements'] ); } $sanitized[ $block_type ] = $block_output; } return $sanitized; } /** * Processes a setting node and returns the same node * without the insecure settings. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_settings( $input ) { $output = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { foreach ( static::VALID_ORIGINS as $origin ) { $path_with_origin = $preset_metadata['path']; $path_with_origin[] = $origin; $presets = _wp_array_get( $input, $path_with_origin, null ); if ( null === $presets ) { continue; } $escaped_preset = array(); foreach ( $presets as $preset ) { if ( esc_attr( esc_html( $preset['name'] ) ) === $preset['name'] && sanitize_html_class( $preset['slug'] ) === $preset['slug'] ) { $value = null; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value = $preset[ $preset_metadata['value_key'] ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value = call_user_func( $preset_metadata['value_func'], $preset ); } $preset_is_valid = true; foreach ( $preset_metadata['properties'] as $property ) { if ( ! static::is_safe_css_declaration( $property, $value ) ) { $preset_is_valid = false; break; } } if ( $preset_is_valid ) { $escaped_preset[] = $preset; } } } if ( ! empty( $escaped_preset ) ) { _wp_array_set( $output, $path_with_origin, $escaped_preset ); } } } // Ensure indirect properties not included in any `PRESETS_METADATA` value are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Processes a style node and returns the same node * without the insecure styles. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_styles( $input ) { $output = array(); $declarations = static::compute_style_properties( $input ); foreach ( $declarations as $declaration ) { if ( static::is_safe_css_declaration( $declaration['name'], $declaration['value'] ) ) { $path = static::PROPERTIES_METADATA[ $declaration['name'] ]; /* * Check the value isn't an array before adding so as to not * double up shorthand and longhand styles. */ $value = _wp_array_get( $input, $path, array() ); if ( ! is_array( $value ) ) { _wp_array_set( $output, $path, $value ); } } } // Ensure indirect properties not handled by `compute_style_properties` are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Checks that a declaration provided by the user is safe. * * @since 5.9.0 * * @param string $property_name Property name in a CSS declaration, i.e. the `color` in `color: red`. * @param string $property_value Value in a CSS declaration, i.e. the `red` in `color: red`. * @return bool */ protected static function is_safe_css_declaration( $property_name, $property_value ) { $style_to_validate = $property_name . ': ' . $property_value; $filtered = esc_html( safecss_filter_attr( $style_to_validate ) ); return ! empty( trim( $filtered ) ); } /** * Removes indirect properties from the given input node and * sets in the given output node. * * @since 6.2.0 * * @param array $input Node to process. * @param array $output The processed node. Passed by reference. */ private static function remove_indirect_properties( $input, &$output ) { foreach ( static::INDIRECT_PROPERTIES_METADATA as $property => $paths ) { foreach ( $paths as $path ) { $value = _wp_array_get( $input, $path ); if ( is_string( $value ) && static::is_safe_css_declaration( $property, $value ) ) { _wp_array_set( $output, $path, $value ); } } } } /** * Returns the raw data. * * @since 5.8.0 * * @return array Raw data. */ public function get_raw_data() { return $this->theme_json; } /** * Transforms the given editor settings according the * add_theme_support format to the theme.json format. * * @since 5.8.0 * * @param array $settings Existing editor settings. * @return array Config that adheres to the theme.json schema. */ public static function get_from_editor_settings( $settings ) { $theme_settings = array( 'version' => static::LATEST_SCHEMA, 'settings' => array(), ); // Deprecated theme supports. if ( isset( $settings['disableCustomColors'] ) ) { $theme_settings['settings']['color']['custom'] = ! $settings['disableCustomColors']; } if ( isset( $settings['disableCustomGradients'] ) ) { $theme_settings['settings']['color']['customGradient'] = ! $settings['disableCustomGradients']; } if ( isset( $settings['disableCustomFontSizes'] ) ) { $theme_settings['settings']['typography']['customFontSize'] = ! $settings['disableCustomFontSizes']; } if ( isset( $settings['enableCustomLineHeight'] ) ) { $theme_settings['settings']['typography']['lineHeight'] = $settings['enableCustomLineHeight']; } if ( isset( $settings['enableCustomUnits'] ) ) { $theme_settings['settings']['spacing']['units'] = ( true === $settings['enableCustomUnits'] ) ? array( 'px', 'em', 'rem', 'vh', 'vw', '%' ) : $settings['enableCustomUnits']; } if ( isset( $settings['colors'] ) ) { $theme_settings['settings']['color']['palette'] = $settings['colors']; } if ( isset( $settings['gradients'] ) ) { $theme_settings['settings']['color']['gradients'] = $settings['gradients']; } if ( isset( $settings['fontSizes'] ) ) { $font_sizes = $settings['fontSizes']; // Back-compatibility for presets without units. foreach ( $font_sizes as $key => $font_size ) { if ( is_numeric( $font_size['size'] ) ) { $font_sizes[ $key ]['size'] = $font_size['size'] . 'px'; } } $theme_settings['settings']['typography']['fontSizes'] = $font_sizes; } if ( isset( $settings['enableCustomSpacing'] ) ) { $theme_settings['settings']['spacing']['padding'] = $settings['enableCustomSpacing']; } if ( isset( $settings['spacingSizes'] ) ) { $theme_settings['settings']['spacing']['spacingSizes'] = $settings['spacingSizes']; } return $theme_settings; } /** * Returns the current theme's wanted patterns(slugs) to be * registered from Pattern Directory. * * @since 6.0.0 * * @return string[] */ public function get_patterns() { if ( isset( $this->theme_json['patterns'] ) && is_array( $this->theme_json['patterns'] ) ) { return $this->theme_json['patterns']; } return array(); } /** * Returns a valid theme.json as provided by a theme. * * Unlike get_raw_data() this returns the presets flattened, as provided by a theme. * This also uses appearanceTools instead of their opt-ins if all of them are true. * * @since 6.0.0 * * @return array */ public function get_data() { $output = $this->theme_json; $nodes = static::get_setting_nodes( $output ); /** * Flatten the theme & custom origins into a single one. * * For example, the following: * * { * "settings": { * "color": { * "palette": { * "theme": [ {} ], * "custom": [ {} ] * } * } * } * } * * will be converted to: * * { * "settings": { * "color": { * "palette": [ {} ] * } * } * } */ foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $preset_metadata_path ) { $path[] = $preset_metadata_path; } $preset = _wp_array_get( $output, $path, null ); if ( null === $preset ) { continue; } $items = array(); if ( isset( $preset['theme'] ) ) { foreach ( $preset['theme'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } if ( isset( $preset['custom'] ) ) { foreach ( $preset['custom'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } $flattened_preset = array(); foreach ( $items as $slug => $value ) { $flattened_preset[] = array_merge( array( 'slug' => (string) $slug ), $value ); } _wp_array_set( $output, $path, $flattened_preset ); } } /* * If all of the static::APPEARANCE_TOOLS_OPT_INS are true, * this code unsets them and sets 'appearanceTools' instead. */ foreach ( $nodes as $node ) { $all_opt_ins_are_set = true; foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( 'unset prop' === $opt_in_value ) { $all_opt_ins_are_set = false; break; } } if ( $all_opt_ins_are_set ) { $node_path_with_appearance_tools = $node['path']; $node_path_with_appearance_tools[] = 'appearanceTools'; _wp_array_set( $output, $node_path_with_appearance_tools, true ); foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( true !== $opt_in_value ) { continue; } /* * The following could be improved to be path independent. * At the moment it relies on a couple of assumptions: * * - all opt-ins having a path of size 2. * - there's two sources of settings: the top-level and the block-level. */ if ( ( 1 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) ) { // Top-level settings. unset( $output['settings'][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings'][ $opt_in_path[0] ] ) ) { unset( $output['settings'][ $opt_in_path[0] ] ); } } elseif ( ( 3 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) && ( 'blocks' === $node['path'][1] ) ) { // Block-level settings. $block_name = $node['path'][2]; unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ) ) { unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ); } } } } } wp_recursive_ksort( $output ); return $output; } /** * Sets the spacingSizes array based on the spacingScale values from theme.json. * * @since 6.1.0 * @deprecated 6.6.0 No longer used as the spacingSizes are automatically * generated in the constructor and merge methods instead * of manually after instantiation. * * @return null|void */ public function set_spacing_sizes() { _deprecated_function( __METHOD__, '6.6.0' ); $spacing_scale = isset( $this->theme_json['settings']['spacing']['spacingScale'] ) ? $this->theme_json['settings']['spacing']['spacingScale'] : array(); if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || ! isset( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) ) { if ( ! empty( $spacing_scale ) ) { wp_trigger_error( __METHOD__, sprintf( /* translators: 1: theme.json, 2: settings.spacing.spacingScale */ __( 'Some of the %1$s %2$s values are invalid' ), 'theme.json', 'settings.spacing.spacingScale' ), E_USER_NOTICE ); } return null; } // If theme authors want to prevent the generation of the core spacing scale they can set their theme.json spacingScale.steps to 0. if ( 0 === $spacing_scale['steps'] ) { return null; } $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); // If there are 7 or fewer steps in the scale revert to numbers for labels instead of t-shirt sizes. if ( $spacing_scale['steps'] <= 7 ) { for ( $spacing_sizes_count = 0; $spacing_sizes_count < count( $spacing_sizes ); $spacing_sizes_count++ ) { $spacing_sizes[ $spacing_sizes_count ]['name'] = (string) ( $spacing_sizes_count + 1 ); } } _wp_array_set( $this->theme_json, array( 'settings', 'spacing', 'spacingSizes', 'default' ), $spacing_sizes ); } /** * Merges two sets of spacing size presets. * * @since 6.6.0 * * @param array $base The base set of spacing sizes. * @param array $incoming The set of spacing sizes to merge with the base. Duplicate slugs will override the base values. * @return array The merged set of spacing sizes. */ private static function merge_spacing_sizes( $base, $incoming ) { // Preserve the order if there are no base (spacingScale) values. if ( empty( $base ) ) { return $incoming; } $merged = array(); foreach ( $base as $item ) { $merged[ $item['slug'] ] = $item; } foreach ( $incoming as $item ) { $merged[ $item['slug'] ] = $item; } ksort( $merged, SORT_NUMERIC ); return array_values( $merged ); } /** * Generates a set of spacing sizes by starting with a medium size and * applying an operator with an increment value to generate the rest of the * sizes outward from the medium size. The medium slug is '50' with the rest * of the slugs being 10 apart. The generated names use t-shirt sizing. * * Example: * * $spacing_scale = array( * 'steps' => 4, * 'mediumStep' => 16, * 'unit' => 'px', * 'operator' => '+', * 'increment' => 2, * ); * $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); * // -> array( * // array( 'name' => 'Small', 'slug' => '40', 'size' => '14px' ), * // array( 'name' => 'Medium', 'slug' => '50', 'size' => '16px' ), * // array( 'name' => 'Large', 'slug' => '60', 'size' => '18px' ), * // array( 'name' => 'X-Large', 'slug' => '70', 'size' => '20px' ), * // ) * * @since 6.6.0 * * @param array $spacing_scale { * The spacing scale values. All are required. * * @type int $steps The number of steps in the scale. (up to 10 steps are supported.) * @type float $mediumStep The middle value that gets the slug '50'. (For even number of steps, this becomes the first middle value.) * @type string $unit The CSS unit to use for the sizes. * @type string $operator The mathematical operator to apply to generate the other sizes. Either '+' or '*'. * @type float $increment The value used with the operator to generate the other sizes. * } * @return array The spacing sizes presets or an empty array if some spacing scale values are missing or invalid. */ private static function compute_spacing_sizes( $spacing_scale ) { /* * This condition is intentionally missing some checks on ranges for the values in order to * keep backwards compatibility with the previous implementation. */ if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || 0 === $spacing_scale['steps'] || ! isset( $spacing_scale['mediumStep'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['increment'] ) ) { return array(); } $unit = '%' === $spacing_scale['unit'] ? '%' : sanitize_title( $spacing_scale['unit'] ); $current_step = $spacing_scale['mediumStep']; $steps_mid_point = round( $spacing_scale['steps'] / 2, 0 ); $x_small_count = null; $below_sizes = array(); $slug = 40; $remainder = 0; for ( $below_midpoint_count = $steps_mid_point - 1; $spacing_scale['steps'] > 1 && $slug > 0 && $below_midpoint_count > 0; $below_midpoint_count-- ) { if ( '+' === $spacing_scale['operator'] ) { $current_step -= $spacing_scale['increment']; } elseif ( $spacing_scale['increment'] > 1 ) { $current_step /= $spacing_scale['increment']; } else { $current_step *= $spacing_scale['increment']; } if ( $current_step <= 0 ) { $remainder = $below_midpoint_count; break; } $below_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Small. */ 'name' => $below_midpoint_count === $steps_mid_point - 1 ? __( 'Small' ) : sprintf( __( '%sX-Small' ), (string) $x_small_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( $below_midpoint_count === $steps_mid_point - 2 ) { $x_small_count = 2; } if ( $below_midpoint_count < $steps_mid_point - 2 ) { ++$x_small_count; } $slug -= 10; } $below_sizes = array_reverse( $below_sizes ); $below_sizes[] = array( 'name' => __( 'Medium' ), 'slug' => '50', 'size' => $spacing_scale['mediumStep'] . $unit, ); $current_step = $spacing_scale['mediumStep']; $x_large_count = null; $above_sizes = array(); $slug = 60; $steps_above = ( $spacing_scale['steps'] - $steps_mid_point ) + $remainder; for ( $above_midpoint_count = 0; $above_midpoint_count < $steps_above; $above_midpoint_count++ ) { $current_step = '+' === $spacing_scale['operator'] ? $current_step + $spacing_scale['increment'] : ( $spacing_scale['increment'] >= 1 ? $current_step * $spacing_scale['increment'] : $current_step / $spacing_scale['increment'] ); $above_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Large. */ 'name' => 0 === $above_midpoint_count ? __( 'Large' ) : sprintf( __( '%sX-Large' ), (string) $x_large_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( 1 === $above_midpoint_count ) { $x_large_count = 2; } if ( $above_midpoint_count > 1 ) { ++$x_large_count; } $slug += 10; } $spacing_sizes = $below_sizes; foreach ( $above_sizes as $above_sizes_item ) { $spacing_sizes[] = $above_sizes_item; } return $spacing_sizes; } /** * This is used to convert the internal representation of variables to the CSS representation. * For example, `var:preset|color|vivid-green-cyan` becomes `var(--wp--preset--color--vivid-green-cyan)`. * * @since 6.3.0 * * @param string $value The variable such as var:preset|color|vivid-green-cyan to convert. * @return string The converted variable. */ private static function convert_custom_properties( $value ) { $prefix = 'var:'; $prefix_len = strlen( $prefix ); $token_in = '|'; $token_out = '--'; if ( str_starts_with( $value, $prefix ) ) { $unwrapped_name = str_replace( $token_in, $token_out, substr( $value, $prefix_len ) ); $value = "var(--wp--$unwrapped_name)"; } return $value; } /** * Given a tree, converts the internal representation of variables to the CSS representation. * It is recursive and modifies the input in-place. * * @since 6.3.0 * * @param array $tree Input to process. * @return array The modified $tree. */ private static function resolve_custom_css_format( $tree ) { $prefix = 'var:'; foreach ( $tree as $key => $data ) { if ( is_string( $data ) && str_starts_with( $data, $prefix ) ) { $tree[ $key ] = self::convert_custom_properties( $data ); } elseif ( is_array( $data ) ) { $tree[ $key ] = self::resolve_custom_css_format( $data ); } } return $tree; } /** * Returns the selectors metadata for a block. * * @since 6.3.0 * * @param object $block_type The block type. * @param string $root_selector The block's root selector. * @return array The custom selectors set by the block. */ protected static function get_block_selectors( $block_type, $root_selector ) { if ( ! empty( $block_type->selectors ) ) { return $block_type->selectors; } $selectors = array( 'root' => $root_selector ); foreach ( static::BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS as $key => $feature ) { $feature_selector = wp_get_block_css_selector( $block_type, $key ); if ( null !== $feature_selector ) { $selectors[ $feature ] = array( 'root' => $feature_selector ); } } return $selectors; } /** * Generates all the element selectors for a block. * * @since 6.3.0 * * @param string $root_selector The block's root CSS selector. * @return array The block's element selectors. */ protected static function get_block_element_selectors( $root_selector ) { /* * Assign defaults, then override those that the block sets by itself. * If the block selector is compounded, will append the element to each * individual block selector. */ $block_selectors = explode( ',', $root_selector ); $element_selectors = array(); foreach ( static::ELEMENTS as $el_name => $el_selector ) { $element_selector = array(); foreach ( $block_selectors as $selector ) { if ( $selector === $el_selector ) { $element_selector = array( $el_selector ); break; } $element_selector[] = static::prepend_to_selector( $el_selector, $selector . ' ' ); } $element_selectors[ $el_name ] = implode( ',', $element_selector ); } return $element_selectors; } /** * Generates style declarations for a node's features e.g., color, border, * typography etc. that have custom selectors in their related block's * metadata. * * @since 6.3.0 * * @param object $metadata The related block metadata containing selectors. * @param object $node A merged theme.json node for block or variation. * @return array The style declarations for the node's features with custom * selectors. */ protected function get_feature_declarations_for_node( $metadata, &$node ) { $declarations = array(); if ( ! isset( $metadata['selectors'] ) ) { return $declarations; } $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); foreach ( $metadata['selectors'] as $feature => $feature_selectors ) { /* * Skip if this is the block's root selector or the block doesn't * have any styles for the feature. */ if ( 'root' === $feature || empty( $node[ $feature ] ) ) { continue; } if ( is_array( $feature_selectors ) ) { foreach ( $feature_selectors as $subfeature => $subfeature_selector ) { if ( 'root' === $subfeature || empty( $node[ $feature ][ $subfeature ] ) ) { continue; } /* * Create temporary node containing only the subfeature data * to leverage existing `compute_style_properties` function. */ $subfeature_node = array( $feature => array( $subfeature => $node[ $feature ][ $subfeature ], ), ); // Generate style declarations. $new_declarations = static::compute_style_properties( $subfeature_node, $settings, null, $this->theme_json ); // Merge subfeature declarations into feature declarations. if ( isset( $declarations[ $subfeature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $subfeature_selector ][] = $new_declaration; } } else { $declarations[ $subfeature_selector ] = $new_declarations; } /* * Remove the subfeature from the block's node now its * styles will be included under its own selector not the * block's. */ unset( $node[ $feature ][ $subfeature ] ); } } /* * Now subfeatures have been processed and removed we can process * feature root selector or simple string selector. */ if ( is_string( $feature_selectors ) || ( isset( $feature_selectors['root'] ) && $feature_selectors['root'] ) ) { $feature_selector = is_string( $feature_selectors ) ? $feature_selectors : $feature_selectors['root']; /* * Create temporary node containing only the feature data * to leverage existing `compute_style_properties` function. */ $feature_node = array( $feature => $node[ $feature ] ); // Generate the style declarations. $new_declarations = static::compute_style_properties( $feature_node, $settings, null, $this->theme_json ); /* * Merge new declarations with any that already exist for * the feature selector. This may occur when multiple block * support features use the same custom selector. */ if ( isset( $declarations[ $feature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $feature_selector ][] = $new_declaration; } } else { $declarations[ $feature_selector ] = $new_declarations; } /* * Remove the feature from the block's node now its styles * will be included under its own selector not the block's. */ unset( $node[ $feature ] ); } } return $declarations; } /** * Replaces CSS variables with their values in place. * * @since 6.3.0 * @since 6.5.0 Check for empty style before processing its value. * * @param array $styles CSS declarations to convert. * @param array $values key => value pairs to use for replacement. * @return array */ private static function convert_variables_to_value( $styles, $values ) { foreach ( $styles as $key => $style ) { if ( empty( $style ) ) { continue; } if ( is_array( $style ) ) { $styles[ $key ] = self::convert_variables_to_value( $style, $values ); continue; } if ( 0 <= strpos( $style, 'var(' ) ) { // find all the variables in the string in the form of var(--variable-name, fallback), with fallback in the second capture group. $has_matches = preg_match_all( '/var\(([^),]+)?,?\s?(\S+)?\)/', $style, $var_parts ); if ( $has_matches ) { $resolved_style = $styles[ $key ]; foreach ( $var_parts[1] as $index => $var_part ) { $key_in_values = 'var(' . $var_part . ')'; $rule_to_replace = $var_parts[0][ $index ]; // the css rule to replace e.g. var(--wp--preset--color--vivid-green-cyan). $fallback = $var_parts[2][ $index ]; // the fallback value. $resolved_style = str_replace( array( $rule_to_replace, $fallback, ), array( isset( $values[ $key_in_values ] ) ? $values[ $key_in_values ] : $rule_to_replace, isset( $values[ $fallback ] ) ? $values[ $fallback ] : $fallback, ), $resolved_style ); } $styles[ $key ] = $resolved_style; } } } return $styles; } /** * Resolves the values of CSS variables in the given styles. * * @since 6.3.0 * * @param WP_Theme_JSON $theme_json The theme json resolver. * @return WP_Theme_JSON The $theme_json with resolved variables. */ public static function resolve_variables( $theme_json ) { $settings = $theme_json->get_settings(); $styles = $theme_json->get_raw_data()['styles']; $preset_vars = static::compute_preset_vars( $settings, static::VALID_ORIGINS ); $theme_vars = static::compute_theme_vars( $settings ); $vars = array_reduce( array_merge( $preset_vars, $theme_vars ), function ( $carry, $item ) { $name = $item['name']; $carry[ "var({$name})" ] = $item['value']; return $carry; }, array() ); $theme_json->theme_json['styles'] = self::convert_variables_to_value( $styles, $vars ); return $theme_json; } /** * Generates a selector for a block style variation. * * @since 6.5.0 * * @param string $variation_name Name of the block style variation. * @param string $block_selector CSS selector for the block. * @return string Block selector with block style variation selector added to it. */ protected static function get_block_style_variation_selector( $variation_name, $block_selector ) { $variation_class = ".is-style-$variation_name"; if ( ! $block_selector ) { return $variation_class; } $limit = 1; $selector_parts = explode( ',', $block_selector ); $result = array(); foreach ( $selector_parts as $part ) { $result[] = preg_replace_callback( '/((?::\([^)]+\))?\s*)([^\s:]+)/', function ( $matches ) use ( $variation_class ) { return $matches[1] . $matches[2] . $variation_class; }, $part, $limit ); } return implode( ',', $result ); } /** * Collects valid block style variations keyed by block type. * * @since 6.6.0 * @since 6.8.0 Added the `$blocks_metadata` parameter. * * @param array $blocks_metadata Optional. List of metadata per block. Default is the metadata for all blocks. * @return array Valid block style variations by block type. */ protected static function get_valid_block_style_variations( $blocks_metadata = array() ) { $valid_variations = array(); $blocks_metadata = empty( $blocks_metadata ) ? static::get_blocks_metadata() : $blocks_metadata; foreach ( $blocks_metadata as $block_name => $block_meta ) { if ( ! isset( $block_meta['styleVariations'] ) ) { continue; } $valid_variations[ $block_name ] = array_keys( $block_meta['styleVariations'] ); } return $valid_variations; } } HTTP/https-migration-20260607003752-20260609072711.php 0000666 00000011205 15226703613 0014152 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605100735.php 0000666 00000013341 15226703613 0012547 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606110645-20260608205617.php 0000666 00000013341 15226703613 0014143 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605022840-20260607032840.php 0000666 00000013341 15226703613 0014134 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/FileClient-20260605024208.php 0000666 00000004333 15226703613 0011450 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use SimplePie\File; use SimplePie\Misc; use SimplePie\Registry; use Throwable; /** * HTTP Client based on \SimplePie\File * * @internal */ final class FileClient implements Client { /** @var Registry */ private $registry; /** @var array{timeout?: int, redirects?: int, useragent?: string, force_fsockopen?: bool, curl_options?: array<mixed>} */ private $options; /** * @param array{timeout?: int, redirects?: int, useragent?: string, force_fsockopen?: bool, curl_options?: array<mixed>} $options */ public function __construct(Registry $registry, array $options = []) { $this->registry = $registry; $this->options = $options; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param array<string, string> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { // @phpstan-ignore-next-line Enforce PHPDoc type. if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } try { $file = $this->registry->create(File::class, [ $url, $this->options['timeout'] ?? 10, $this->options['redirects'] ?? 5, $headers, $this->options['useragent'] ?? Misc::get_default_useragent(), $this->options['force_fsockopen'] ?? false, $this->options['curl_options'] ?? [] ]); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($file->error !== null && $file->get_status_code() === 0) { throw new ClientException($file->error); } return $file; } } HTTP/FileClient.php 0000666 00000004333 15226703613 0010066 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use SimplePie\File; use SimplePie\Misc; use SimplePie\Registry; use Throwable; /** * HTTP Client based on \SimplePie\File * * @internal */ final class FileClient implements Client { /** @var Registry */ private $registry; /** @var array{timeout?: int, redirects?: int, useragent?: string, force_fsockopen?: bool, curl_options?: array<mixed>} */ private $options; /** * @param array{timeout?: int, redirects?: int, useragent?: string, force_fsockopen?: bool, curl_options?: array<mixed>} $options */ public function __construct(Registry $registry, array $options = []) { $this->registry = $registry; $this->options = $options; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param array<string, string> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { // @phpstan-ignore-next-line Enforce PHPDoc type. if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } try { $file = $this->registry->create(File::class, [ $url, $this->options['timeout'] ?? 10, $this->options['redirects'] ?? 5, $headers, $this->options['useragent'] ?? Misc::get_default_useragent(), $this->options['force_fsockopen'] ?? false, $this->options['curl_options'] ?? [] ]); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($file->error !== null && $file->get_status_code() === 0) { throw new ClientException($file->error); } return $file; } } HTTP/https-detection-20260608081111.php 0000666 00000013341 15226703613 0012546 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606143502-20260609003806.php 0000666 00000013341 15226703613 0014136 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-feed-cache.php 0000666 00000001711 15226703613 0011540 0 ustar 00 <?php /** * Feed API: WP_Feed_Cache class * * @package WordPress * @subpackage Feed * @since 4.7.0 * @deprecated 5.6.0 */ _deprecated_file( basename( __FILE__ ), '5.6.0', '', __( 'This file is only loaded for backward compatibility with SimplePie 1.2.x. Please consider switching to a recent SimplePie version.' ) ); /** * Core class used to implement a feed cache. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Feed_Cache extends SimplePie\Cache { /** * Creates a new SimplePie\Cache object. * * @since 2.8.0 * * @param string $location URL location (scheme is used to determine handler). * @param string $filename Unique identifier for cache object. * @param string $extension 'spi' or 'spc'. * @return WP_Feed_Cache_Transient Feed cache handler object that uses transients. */ public function create( $location, $filename, $extension ) { return new WP_Feed_Cache_Transient( $location, $filename, $extension ); } } HTTP/https-detection-20260605114012.php 0000666 00000013341 15226703613 0012540 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605111908-20260607031013.php 0000666 00000011205 15226703613 0014137 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class.wp-scripts-20260605083308.php 0000666 00000000527 15226703613 0012660 0 ustar 00 <?php /** * Dependencies API: WP_Scripts class * * This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead. * * @deprecated 6.1.0 * @package WordPress */ _deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' ); /** WP_Scripts class */ require_once ABSPATH . WPINC . '/class-wp-scripts.php'; HTTP/https-migration-20260605170810-20260608072005.php 0000666 00000011205 15226703613 0014143 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606092326.php 0000666 00000013341 15226703613 0012556 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605102726-20260607060516.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605102712-20260608181553.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606143502.php 0000666 00000013341 15226703613 0012547 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260607003229-20260609003843.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/script-loader-react-refresh-runtime.min-20260606074828.php 0000666 00000000124 15226703613 0017205 0 ustar 00 <?php return array('dependencies' => array(), 'version' => '8f1acdfb845f670b0ef2'); HTTP/https-detection-20260605102712-20260608023013.php 0000666 00000013341 15226703613 0014122 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Client-20260605063215.php 0000666 00000001137 15226703613 0010650 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Client interface * * @internal */ interface Client { public const METHOD_GET = 'GET'; /** * send a request and return the response * * @param Client::METHOD_* $method * @param array<string, string> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response; } HTTP/https-migration-20260605225728-20260606224753.php 0000666 00000011205 15226703613 0014163 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605171923.php 0000666 00000013341 15226703613 0012556 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606061114-20260606085420.php 0000666 00000013341 15226703613 0014133 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606153059-20260609191923.php 0000666 00000011205 15226703613 0014166 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/cache-20260605054234.php 0000666 00000032256 15226703613 0010504 0 ustar 00 <?php /** * Object Cache API * * @link https://developer.wordpress.org/reference/classes/wp_object_cache/ * * @package WordPress * @subpackage Cache */ /** WP_Object_Cache class */ require_once ABSPATH . WPINC . '/class-wp-object-cache.php'; /** * Sets up Object Cache Global and assigns it. * * @since 2.0.0 * * @global WP_Object_Cache $wp_object_cache */ function wp_cache_init() { $GLOBALS['wp_object_cache'] = new WP_Object_Cache(); } /** * Adds data to the cache, if the cache key doesn't already exist. * * @since 2.0.0 * * @see WP_Object_Cache::add() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The data to add to the cache. * @param string $group Optional. The group to add the cache to. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When the cache data should expire, in seconds. * Default 0 (no expiration). * @return bool True on success, false if cache key and group already exist. */ function wp_cache_add( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add( $key, $data, $group, (int) $expire ); } /** * Adds multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::add_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if cache key and group already exist. */ function wp_cache_add_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add_multiple( $data, $group, (int) $expire ); } /** * Replaces the contents of the cache with new data. * * @since 2.0.0 * * @see WP_Object_Cache::replace() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache data that should be replaced. * @param mixed $data The new data to store in the cache. * @param string $group Optional. The group for the cache data that should be replaced. * Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True if contents were replaced, false if original value does not exist. */ function wp_cache_replace( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->replace( $key, $data, $group, (int) $expire ); } /** * Saves the data to the cache. * * Differs from wp_cache_add() and wp_cache_replace() in that it will always write data. * * @since 2.0.0 * * @see WP_Object_Cache::set() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The contents to store in the cache. * @param string $group Optional. Where to group the cache contents. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True on success, false on failure. */ function wp_cache_set( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set( $key, $data, $group, (int) $expire ); } /** * Sets multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::set_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false on failure. */ function wp_cache_set_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set_multiple( $data, $group, (int) $expire ); } /** * Retrieves the cache contents from the cache by key and group. * * @since 2.0.0 * * @see WP_Object_Cache::get() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @param bool|null $found Optional. Whether the key was found in the cache (passed by reference). * Disambiguates a return of false, a storable value. Default null. * @return mixed|false The cache contents on success, false on failure to retrieve contents. */ function wp_cache_get( $key, $group = '', $force = false, &$found = null ) { global $wp_object_cache; return $wp_object_cache->get( $key, $group, $force, $found ); } /** * Retrieves multiple values from the cache in one call. * * @since 5.5.0 * * @see WP_Object_Cache::get_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @return array Array of return values, grouped by key. Each value is either * the cache contents on success, or false on failure. */ function wp_cache_get_multiple( $keys, $group = '', $force = false ) { global $wp_object_cache; return $wp_object_cache->get_multiple( $keys, $group, $force ); } /** * Removes the cache contents matching key and group. * * @since 2.0.0 * * @see WP_Object_Cache::delete() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key What the contents in the cache are called. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool True on successful removal, false on failure. */ function wp_cache_delete( $key, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete( $key, $group ); } /** * Deletes multiple values from the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::delete_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache to deleted. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if the contents were not deleted. */ function wp_cache_delete_multiple( array $keys, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete_multiple( $keys, $group ); } /** * Increments numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::incr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache contents that should be incremented. * @param int $offset Optional. The amount by which to increment the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_incr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->incr( $key, $offset, $group ); } /** * Decrements numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::decr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to decrement. * @param int $offset Optional. The amount by which to decrement the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_decr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->decr( $key, $offset, $group ); } /** * Removes all cache items. * * @since 2.0.0 * * @see WP_Object_Cache::flush() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @return bool True on success, false on failure. */ function wp_cache_flush() { global $wp_object_cache; return $wp_object_cache->flush(); } /** * Removes all cache items from the in-memory runtime cache. * * @since 6.0.0 * * @see WP_Object_Cache::flush() * * @return bool True on success, false on failure. */ function wp_cache_flush_runtime() { return wp_cache_flush(); } /** * Removes all cache items in a group, if the object cache implementation supports it. * * Before calling this function, always check for group flushing support using the * `wp_cache_supports( 'flush_group' )` function. * * @since 6.1.0 * * @see WP_Object_Cache::flush_group() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string $group Name of group to remove from cache. * @return bool True if group was flushed, false otherwise. */ function wp_cache_flush_group( $group ) { global $wp_object_cache; return $wp_object_cache->flush_group( $group ); } /** * Determines whether the object cache implementation supports a particular feature. * * @since 6.1.0 * * @param string $feature Name of the feature to check for. Possible values include: * 'add_multiple', 'set_multiple', 'get_multiple', 'delete_multiple', * 'flush_runtime', 'flush_group'. * @return bool True if the feature is supported, false otherwise. */ function wp_cache_supports( $feature ) { switch ( $feature ) { case 'add_multiple': case 'set_multiple': case 'get_multiple': case 'delete_multiple': case 'flush_runtime': case 'flush_group': return true; default: return false; } } /** * Closes the cache. * * This function has ceased to do anything since WordPress 2.5. The * functionality was removed along with the rest of the persistent cache. * * This does not mean that plugins can't implement this function when they need * to make sure that the cache is cleaned up after WordPress no longer needs it. * * @since 2.0.0 * * @return true Always returns true. */ function wp_cache_close() { return true; } /** * Adds a group or set of groups to the list of global groups. * * @since 2.6.0 * * @see WP_Object_Cache::add_global_groups() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_global_groups( $groups ) { global $wp_object_cache; $wp_object_cache->add_global_groups( $groups ); } /** * Adds a group or set of groups to the list of non-persistent groups. * * @since 2.6.0 * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_non_persistent_groups( $groups ) { // Default cache doesn't persist so nothing to do here. } /** * Switches the internal blog ID. * * This changes the blog id used to create keys in blog specific groups. * * @since 3.5.0 * * @see WP_Object_Cache::switch_to_blog() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int $blog_id Site ID. */ function wp_cache_switch_to_blog( $blog_id ) { global $wp_object_cache; $wp_object_cache->switch_to_blog( $blog_id ); } /** * Resets internal cache keys and structures. * * If the cache back end uses global blog or site IDs as part of its cache keys, * this function instructs the back end to reset those keys and perform any cleanup * since blog or site IDs have changed since cache init. * * This function is deprecated. Use wp_cache_switch_to_blog() instead of this * function when preparing the cache for a blog switch. For clearing the cache * during unit tests, consider using wp_cache_init(). wp_cache_init() is not * recommended outside of unit tests as the performance penalty for using it is high. * * @since 3.0.0 * @deprecated 3.5.0 Use wp_cache_switch_to_blog() * @see WP_Object_Cache::reset() * * @global WP_Object_Cache $wp_object_cache Object cache global instance. */ function wp_cache_reset() { _deprecated_function( __FUNCTION__, '3.5.0', 'wp_cache_switch_to_blog()' ); global $wp_object_cache; $wp_object_cache->reset(); } HTTP/https-detection-20260605194319-20260608123528.php 0000666 00000013341 15226703613 0014154 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Psr7Response-20260605054418.php 0000666 00000004201 15226703613 0012004 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use Psr\Http\Message\ResponseInterface; /** * HTTP Response based on a PSR-7 response * * This interface must be interoperable with Psr\Http\Message\ResponseInterface * @see https://www.php-fig.org/psr/psr-7/#33-psrhttpmessageresponseinterface * * @internal */ final class Psr7Response implements Response { /** * @var ResponseInterface */ private $response; /** * @var string */ private $permanent_url; /** * @var string */ private $requested_url; public function __construct(ResponseInterface $response, string $permanent_url, string $requested_url) { $this->response = $response; $this->permanent_url = $permanent_url; $this->requested_url = $requested_url; } public function get_permanent_uri(): string { return $this->permanent_url; } public function get_final_requested_uri(): string { return $this->requested_url; } public function get_status_code(): int { return $this->response->getStatusCode(); } public function get_headers(): array { // The filtering is probably redundant but let’s make PHPStan happy. return array_filter($this->response->getHeaders(), function (array $header): bool { return count($header) >= 1; }); } public function has_header(string $name): bool { return $this->response->hasHeader($name); } public function with_header(string $name, $value) { return new self($this->response->withHeader($name, $value), $this->permanent_url, $this->requested_url); } public function get_header(string $name): array { return $this->response->getHeader($name); } public function get_header_line(string $name): string { return $this->response->getHeaderLine($name); } public function get_body_content(): string { return $this->response->getBody()->__toString(); } } HTTP/https-detection-20260605172059.php 0000666 00000013341 15226703613 0012557 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606030444-20260606175058.php 0000666 00000013341 15226703613 0014144 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606074142.php 0000666 00000011205 15226703613 0012562 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605183537.php 0000666 00000013341 15226703613 0012562 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605211440-20260608091909.php 0000666 00000011205 15226703613 0014154 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606014211-20260608135426.php 0000666 00000013341 15226703613 0014133 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605173952.php 0000666 00000011205 15226703613 0012572 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606145457-20260608022032.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260608081111-20260610021508.php 0000666 00000013341 15226703613 0014124 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605080418.php 0000666 00000013341 15226703613 0012554 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605224023-20260607212909.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606072415-20260607161921.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/script-modules-20260608125043.php 0000666 00000023267 15226703613 0012415 0 ustar 00 <?php /** * Script Modules API: Script Module functions * * @since 6.5.0 * * @package WordPress * @subpackage Script Modules */ /** * Retrieves the main WP_Script_Modules instance. * * This function provides access to the WP_Script_Modules instance, creating one * if it doesn't exist yet. * * @since 6.5.0 * * @global WP_Script_Modules $wp_script_modules * * @return WP_Script_Modules The main WP_Script_Modules instance. */ function wp_script_modules(): WP_Script_Modules { global $wp_script_modules; if ( ! ( $wp_script_modules instanceof WP_Script_Modules ) ) { $wp_script_modules = new WP_Script_Modules(); } return $wp_script_modules; } /** * Registers the script module if no script module with that script module * identifier has already been registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ function wp_register_script_module( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) { wp_script_modules()->register( $id, $src, $deps, $version, $args ); } /** * Marks the script module to be enqueued in the page. * * If a src is provided and the script module has not been registered yet, it * will be registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ function wp_enqueue_script_module( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) { wp_script_modules()->enqueue( $id, $src, $deps, $version, $args ); } /** * Unmarks the script module so it is no longer enqueued in the page. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ function wp_dequeue_script_module( string $id ) { wp_script_modules()->dequeue( $id ); } /** * Deregisters the script module. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ function wp_deregister_script_module( string $id ) { wp_script_modules()->deregister( $id ); } /** * Registers all the default WordPress Script Modules. * * @since 6.7.0 */ function wp_default_script_modules() { $suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix(); /* * Expects multidimensional array like: * * 'interactivity/index.min.js' => array('dependencies' => array(…), 'version' => '…'), * 'interactivity/debug.min.js' => array('dependencies' => array(…), 'version' => '…'), * 'interactivity-router/index.min.js' => … */ $assets = include ABSPATH . WPINC . "/assets/script-modules-packages{$suffix}.php"; foreach ( $assets as $file_name => $script_module_data ) { /* * Build the WordPress Script Module ID from the file name. * Prepend `@wordpress/` and remove extensions and `/index` if present: * - interactivity/index.min.js => @wordpress/interactivity * - interactivity/debug.min.js => @wordpress/interactivity/debug * - block-library/query/view.js => @wordpress/block-library/query/view */ $script_module_id = '@wordpress/' . preg_replace( '~(?:/index)?(?:\.min)?\.js$~D', '', $file_name, 1 ); switch ( $script_module_id ) { /* * Interactivity exposes two entrypoints, "/index" and "/debug". * "/debug" should replace "/index" in development. */ case '@wordpress/interactivity/debug': if ( ! SCRIPT_DEBUG ) { continue 2; } $script_module_id = '@wordpress/interactivity'; break; case '@wordpress/interactivity': if ( SCRIPT_DEBUG ) { continue 2; } break; } /* * The Interactivity API is designed with server-side rendering as its primary goal, so all of its script modules * should be loaded with low fetchpriority and printed in the footer since they should not be needed in the * critical rendering path. Also, the @wordpress/a11y script module is intended to be used as a dynamic import * dependency, in which case the fetchpriority is irrelevant. See <https://make.wordpress.org/core/2024/10/14/updates-to-script-modules-in-6-7/>. * However, in case it is added as a static import dependency, the fetchpriority is explicitly set to be 'low' * since the module should not be involved in the critical rendering path, and if it is, its fetchpriority will * be bumped to match the fetchpriority of the dependent script. */ $args = array(); if ( str_starts_with( $script_module_id, '@wordpress/interactivity' ) || str_starts_with( $script_module_id, '@wordpress/block-library' ) || '@wordpress/a11y' === $script_module_id ) { $args['fetchpriority'] = 'low'; $args['in_footer'] = true; } // Marks all Core blocks as compatible with client-side navigation. if ( str_starts_with( $script_module_id, '@wordpress/block-library' ) ) { wp_interactivity()->add_client_navigation_support_to_script_module( $script_module_id ); } $path = includes_url( "js/dist/script-modules/{$file_name}" ); wp_register_script_module( $script_module_id, $path, $script_module_data['dependencies'], $script_module_data['version'], $args ); } } HTTP/https-detection-20260605212936.php 0000666 00000013341 15226703613 0012556 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606042711-20260608080944.php 0000666 00000013341 15226703613 0014145 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Exception-20260605083909.php 0000666 00000000543 15226703613 0011404 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; use Exception as NativeException; /** * General SimplePie exception class */ class Exception extends NativeException { } class_alias('SimplePie\Exception', 'SimplePie_Exception'); HTTP/script-loader-react-refresh-runtime.min-20260605103122.php 0000666 00000000124 15226703613 0017160 0 ustar 00 <?php return array('dependencies' => array(), 'version' => '8f1acdfb845f670b0ef2'); HTTP/https-detection-20260606092458-20260609191302.php 0000666 00000013341 15226703613 0014152 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606072117-20260609132218.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605133608-20260606075339.php 0000666 00000013341 15226703613 0014152 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606024459-20260606085928.php 0000666 00000013341 15226703613 0014163 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605201854-20260610134307.php 0000666 00000011205 15226703613 0014143 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-feed-cache-20260605052159.php 0000666 00000001711 15226703613 0013130 0 ustar 00 <?php /** * Feed API: WP_Feed_Cache class * * @package WordPress * @subpackage Feed * @since 4.7.0 * @deprecated 5.6.0 */ _deprecated_file( basename( __FILE__ ), '5.6.0', '', __( 'This file is only loaded for backward compatibility with SimplePie 1.2.x. Please consider switching to a recent SimplePie version.' ) ); /** * Core class used to implement a feed cache. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Feed_Cache extends SimplePie\Cache { /** * Creates a new SimplePie\Cache object. * * @since 2.8.0 * * @param string $location URL location (scheme is used to determine handler). * @param string $filename Unique identifier for cache object. * @param string $extension 'spi' or 'spc'. * @return WP_Feed_Cache_Transient Feed cache handler object that uses transients. */ public function create( $location, $filename, $extension ) { return new WP_Feed_Cache_Transient( $location, $filename, $extension ); } } HTTP/https-detection-20260605125128.php 0000666 00000013341 15226703613 0012552 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605111237-20260606173904.php 0000666 00000013341 15226703613 0014141 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606154019-20260608050034.php 0000666 00000013341 15226703613 0014135 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605090852-20260607212525.php 0000666 00000011205 15226703613 0014154 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605070331-20260606141018.php 0000666 00000013341 15226703613 0014127 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605201047.php 0000666 00000011205 15226703613 0012555 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605201854.php 0000666 00000011205 15226703613 0012563 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605225728-20260613122638.php 0000666 00000011205 15226703613 0014160 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-20260605060228.php 0000666 00000121142 15226703613 0012140 0 ustar 00 <?php /** * HTTP API: WP_Http class * * @package WordPress * @subpackage HTTP * @since 2.7.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) { require ABSPATH . WPINC . '/Requests/src/Autoload.php'; WpOrg\Requests\Autoload::register(); WpOrg\Requests\Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' ); } /** * Core class used for managing HTTP transports and making HTTP requests. * * This class is used to consistently make outgoing HTTP requests easy for developers * while still being compatible with the many PHP configurations under which * WordPress runs. * * Debugging includes several actions, which pass different variables for debugging the HTTP API. * * @since 2.7.0 */ #[AllowDynamicProperties] class WP_Http { // Aliases for HTTP response codes. const HTTP_CONTINUE = 100; const SWITCHING_PROTOCOLS = 101; const PROCESSING = 102; const EARLY_HINTS = 103; const OK = 200; const CREATED = 201; const ACCEPTED = 202; const NON_AUTHORITATIVE_INFORMATION = 203; const NO_CONTENT = 204; const RESET_CONTENT = 205; const PARTIAL_CONTENT = 206; const MULTI_STATUS = 207; const IM_USED = 226; const MULTIPLE_CHOICES = 300; const MOVED_PERMANENTLY = 301; const FOUND = 302; const SEE_OTHER = 303; const NOT_MODIFIED = 304; const USE_PROXY = 305; const RESERVED = 306; const TEMPORARY_REDIRECT = 307; const PERMANENT_REDIRECT = 308; const BAD_REQUEST = 400; const UNAUTHORIZED = 401; const PAYMENT_REQUIRED = 402; const FORBIDDEN = 403; const NOT_FOUND = 404; const METHOD_NOT_ALLOWED = 405; const NOT_ACCEPTABLE = 406; const PROXY_AUTHENTICATION_REQUIRED = 407; const REQUEST_TIMEOUT = 408; const CONFLICT = 409; const GONE = 410; const LENGTH_REQUIRED = 411; const PRECONDITION_FAILED = 412; const REQUEST_ENTITY_TOO_LARGE = 413; const REQUEST_URI_TOO_LONG = 414; const UNSUPPORTED_MEDIA_TYPE = 415; const REQUESTED_RANGE_NOT_SATISFIABLE = 416; const EXPECTATION_FAILED = 417; const IM_A_TEAPOT = 418; const MISDIRECTED_REQUEST = 421; const UNPROCESSABLE_ENTITY = 422; const LOCKED = 423; const FAILED_DEPENDENCY = 424; const TOO_EARLY = 425; const UPGRADE_REQUIRED = 426; const PRECONDITION_REQUIRED = 428; const TOO_MANY_REQUESTS = 429; const REQUEST_HEADER_FIELDS_TOO_LARGE = 431; const UNAVAILABLE_FOR_LEGAL_REASONS = 451; const INTERNAL_SERVER_ERROR = 500; const NOT_IMPLEMENTED = 501; const BAD_GATEWAY = 502; const SERVICE_UNAVAILABLE = 503; const GATEWAY_TIMEOUT = 504; const HTTP_VERSION_NOT_SUPPORTED = 505; const VARIANT_ALSO_NEGOTIATES = 506; const INSUFFICIENT_STORAGE = 507; const NOT_EXTENDED = 510; const NETWORK_AUTHENTICATION_REQUIRED = 511; /** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', 'PUT', 'DELETE', * 'TRACE', 'OPTIONS', or 'PATCH'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type float $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports. * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through wp_http_validate_url(). * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string $sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be dropped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error { * Array of response data, or a WP_Error instance upon error. * * @type \WpOrg\Requests\Utility\CaseInsensitiveDictionary $headers Response headers keyed by name. * @type string $body Response body. * @type array $response { * Array of HTTP response data. * * @type int|false $code HTTP response status code. * @type string|false $message HTTP response message. * } * @type WP_HTTP_Cookie[] $cookies Array of cookies set by the server. * @type string|null $filename Optional. Filename of the response. * @type WP_HTTP_Requests_Response|null $http_response Response object. * } */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', /** * Filters the timeout value for an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param float $timeout_value Time in seconds until a request times out. Default 5. * @param string $url The request URL. */ 'timeout' => apply_filters( 'http_request_timeout', 5, $url ), /** * Filters the number of redirects allowed during an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param int $redirect_count Number of redirects allowed. Default 5. * @param string $url The request URL. */ 'redirection' => apply_filters( 'http_request_redirection_count', 5, $url ), /** * Filters the version of the HTTP protocol used in a request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $version Version of HTTP used. Accepts '1.0' and '1.1'. Default '1.0'. * @param string $url The request URL. */ 'httpversion' => apply_filters( 'http_request_version', '1.0', $url ), /** * Filters the user agent value sent with an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $user_agent WordPress user agent string. * @param string $url The request URL. */ 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $url ), /** * Filters whether to pass URLs through wp_http_validate_url() in an HTTP request. * * @since 3.6.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $pass_url Whether to pass URLs through wp_http_validate_url(). Default false. * @param string $url The request URL. */ 'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false, $url ), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null, ); // Pre-parse for the HEAD checks. $args = wp_parse_args( $args ); // By default, HEAD requests do not cause redirections. if ( isset( $args['method'] ) && 'HEAD' === $args['method'] ) { $defaults['redirection'] = 0; } $parsed_args = wp_parse_args( $args, $defaults ); /** * Filters the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $parsed_args An array of HTTP request arguments. * @param string $url The request URL. */ $parsed_args = apply_filters( 'http_request_args', $parsed_args, $url ); // The transports decrement this, store a copy of the original value for loop purposes. if ( ! isset( $parsed_args['_redirection'] ) ) { $parsed_args['_redirection'] = $parsed_args['redirection']; } /** * Filters the preemptive return value of an HTTP request. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return one of: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - Boolean false to avoid short-circuiting the response * * Returning any other value may result in unexpected behavior. * * @since 2.9.0 * * @param false|array|WP_Error $response A preemptive return value of an HTTP request. Default false. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters( 'pre_http_request', false, $parsed_args, $url ); if ( false !== $pre ) { return $pre; } if ( function_exists( 'wp_kses_bad_protocol' ) ) { if ( $parsed_args['reject_unsafe_urls'] ) { $url = wp_http_validate_url( $url ); } if ( $url ) { $url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) ); } } $parsed_url = parse_url( $url ); if ( empty( $url ) || empty( $parsed_url['scheme'] ) ) { $response = new WP_Error( 'http_request_failed', __( 'A valid URL was not provided.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } if ( $this->block_request( $url ) ) { $response = new WP_Error( 'http_request_not_executed', __( 'User has blocked requests through HTTP.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } // If we are streaming to a file but no filename was given drop it in the WP temp dir // and pick its name using the basename of the $url. if ( $parsed_args['stream'] ) { if ( empty( $parsed_args['filename'] ) ) { $parsed_args['filename'] = get_temp_dir() . basename( $url ); } // Force some settings if we are streaming to a file and check for existence // and perms of destination directory. $parsed_args['blocking'] = true; if ( ! wp_is_writable( dirname( $parsed_args['filename'] ) ) ) { $response = new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } } if ( is_null( $parsed_args['headers'] ) ) { $parsed_args['headers'] = array(); } // WP allows passing in headers as a string, weirdly. if ( ! is_array( $parsed_args['headers'] ) ) { $processed_headers = self::processHeaders( $parsed_args['headers'] ); $parsed_args['headers'] = $processed_headers['headers']; } // Setup arguments. $headers = $parsed_args['headers']; $data = $parsed_args['body']; $type = $parsed_args['method']; $options = array( 'timeout' => $parsed_args['timeout'], 'useragent' => $parsed_args['user-agent'], 'blocking' => $parsed_args['blocking'], 'hooks' => new WP_HTTP_Requests_Hooks( $url, $parsed_args ), ); // Ensure redirects follow browser behavior. $options['hooks']->register( 'requests.before_redirect', array( static::class, 'browser_redirect_compatibility' ) ); // Validate redirected URLs. if ( function_exists( 'wp_kses_bad_protocol' ) && $parsed_args['reject_unsafe_urls'] ) { $options['hooks']->register( 'requests.before_redirect', array( static::class, 'validate_redirects' ) ); } if ( $parsed_args['stream'] ) { $options['filename'] = $parsed_args['filename']; } if ( empty( $parsed_args['redirection'] ) ) { $options['follow_redirects'] = false; } else { $options['redirects'] = $parsed_args['redirection']; } // Use byte limit, if we can. if ( isset( $parsed_args['limit_response_size'] ) ) { $options['max_bytes'] = $parsed_args['limit_response_size']; } // If we've got cookies, use and convert them to WpOrg\Requests\Cookie. if ( ! empty( $parsed_args['cookies'] ) ) { $options['cookies'] = self::normalize_cookies( $parsed_args['cookies'] ); } // SSL certificate handling. if ( ! $parsed_args['sslverify'] ) { $options['verify'] = false; $options['verifyname'] = false; } else { $options['verify'] = $parsed_args['sslcertificates']; } // All non-GET/HEAD requests should put the arguments in the form body. if ( 'HEAD' !== $type && 'GET' !== $type ) { $options['data_format'] = 'body'; } /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection * or path to an SSL certificate. * @param string $url The request URL. */ $options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'], $url ); // Check for proxies. $proxy = new WP_HTTP_Proxy(); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $options['proxy'] = new WpOrg\Requests\Proxy\Http( $proxy->host() . ':' . $proxy->port() ); if ( $proxy->use_authentication() ) { $options['proxy']->use_authentication = true; $options['proxy']->user = $proxy->username(); $options['proxy']->pass = $proxy->password(); } } // Avoid issues where mbstring.func_overload is enabled. mbstring_binary_safe_encoding(); try { $requests_response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options ); // Convert the response into an array. $http_response = new WP_HTTP_Requests_Response( $requests_response, $parsed_args['filename'] ); $response = $http_response->to_array(); // Add the original object to the array. $response['http_response'] = $http_response; } catch ( WpOrg\Requests\Exception $e ) { $response = new WP_Error( 'http_request_failed', $e->getMessage() ); } reset_mbstring_encoding(); /** * Fires after an HTTP API response is received and before the response is returned. * * @since 2.8.0 * * @param array|WP_Error $response HTTP response or WP_Error object. * @param string $context Context under which the hook is fired. * @param string $class HTTP transport used. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); if ( is_wp_error( $response ) ) { return $response; } if ( ! $parsed_args['blocking'] ) { return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), 'http_response' => null, ); } /** * Filters a successful HTTP API response immediately before the response is returned. * * @since 2.9.0 * * @param array $response HTTP response. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ return apply_filters( 'http_response', $response, $parsed_args, $url ); } /** * Normalizes cookies for using in Requests. * * @since 4.6.0 * * @param array $cookies Array of cookies to send with the request. * @return WpOrg\Requests\Cookie\Jar Cookie holder object. */ public static function normalize_cookies( $cookies ) { $cookie_jar = new WpOrg\Requests\Cookie\Jar(); foreach ( $cookies as $name => $value ) { if ( $value instanceof WP_Http_Cookie ) { $attributes = array_filter( $value->get_attributes(), static function ( $attr ) { return null !== $attr; } ); $cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) ); } elseif ( is_scalar( $value ) ) { $cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value ); } } return $cookie_jar; } /** * Match redirect behavior to browser handling. * * Changes 302 redirects from POST to GET to match browser handling. Per * RFC 7231, user agents can deviate from the strict reading of the * specification for compatibility purposes. * * @since 4.6.0 * * @param string $location URL to redirect to. * @param array $headers Headers for the redirect. * @param string|array $data Body to send with the request. * @param array $options Redirect request options. * @param WpOrg\Requests\Response $original Response object. */ public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) { // Browser compatibility. if ( 302 === $original->status_code ) { $options['type'] = WpOrg\Requests\Requests::GET; } } /** * Validate redirected URLs. * * @since 4.7.5 * * @throws WpOrg\Requests\Exception On unsuccessful URL validation. * @param string $location URL to redirect to. */ public static function validate_redirects( $location ) { if ( ! wp_http_validate_url( $location ) ) { throw new WpOrg\Requests\Exception( __( 'A valid URL was not provided.' ), 'wp_http.redirect_failed_validation' ); } } /** * Tests which transports are capable of supporting the request. * * @since 3.2.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * @see WpOrg\Requests\Requests::get_transport_class() * * @param array $args Request arguments. * @param string $url URL to request. * @return string|false Class name for the first transport that claims to support the request. * False if no transport claims to support the request. */ public function _get_first_available_transport( $args, $url = null ) { $transports = array( 'curl', 'streams' ); /** * Filters which HTTP transports are available and in what order. * * @since 3.7.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * * @param string[] $transports Array of HTTP transports to check. Default array contains * 'curl' and 'streams', in that order. * @param array $args HTTP request arguments. * @param string $url The URL to request. */ $request_order = apply_filters_deprecated( 'http_api_transports', array( $transports, $args, $url ), '6.4.0' ); // Loop over each transport on each HTTP request looking for one which will serve this request's needs. foreach ( $request_order as $transport ) { if ( in_array( $transport, $transports, true ) ) { $transport = ucfirst( $transport ); } $class = 'WP_Http_' . $transport; // Check to see if this transport is a possibility, calls the transport statically. if ( ! call_user_func( array( $class, 'test' ), $args, $url ) ) { continue; } return $class; } return false; } /** * Dispatches a HTTP request to a supporting transport. * * Tests each transport in order to find a transport which matches the request arguments. * Also caches the transport instance to be used later. * * The order for requests is cURL, and then PHP Streams. * * @since 3.2.0 * @deprecated 5.1.0 Use WP_Http::request() * @see WP_Http::request() * * @param string $url URL to request. * @param array $args Request arguments. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ private function _dispatch_request( $url, $args ) { static $transports = array(); $class = $this->_get_first_available_transport( $args, $url ); if ( ! $class ) { return new WP_Error( 'http_failure', __( 'There are no HTTP transports available which can complete the requested request.' ) ); } // Transport claims to support request, instantiate it and give it a whirl. if ( empty( $transports[ $class ] ) ) { $transports[ $class ] = new $class(); } $response = $transports[ $class ]->request( $url, $args ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', $class, $args, $url ); if ( is_wp_error( $response ) ) { return $response; } /** This filter is documented in wp-includes/class-wp-http.php */ return apply_filters( 'http_response', $response, $args, $url ); } /** * Uses the POST HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function post( $url, $args = array() ) { $defaults = array( 'method' => 'POST' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the GET HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function get( $url, $args = array() ) { $defaults = array( 'method' => 'GET' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the HEAD HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function head( $url, $args = array() ) { $defaults = array( 'method' => 'HEAD' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Parses the responses and splits the parts into headers and body. * * @since 2.7.0 * * @param string $response The full response string. * @return array { * Array with response headers and body. * * @type string $headers HTTP response headers. * @type string $body HTTP response body. * } */ public static function processResponse( $response ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid $response = explode( "\r\n\r\n", $response, 2 ); return array( 'headers' => $response[0], 'body' => isset( $response[1] ) ? $response[1] : '', ); } /** * Transforms header string into an array. * * @since 2.7.0 * * @param string|array $headers The original headers. If a string is passed, it will be converted * to an array. If an array is passed, then it is assumed to be * raw header data with numeric keys with the headers as the values. * No headers must be passed that were already processed. * @param string $url Optional. The URL that was requested. Default empty. * @return array { * Processed string headers. If duplicate headers are encountered, * then a numbered array is returned as the value of that header-key. * * @type array $response { * @type int $code The response status code. Default 0. * @type string $message The response message. Default empty. * } * @type array $newheaders The processed header data as a multidimensional array. * @type WP_Http_Cookie[] $cookies If the original headers contain the 'Set-Cookie' key, * an array containing `WP_Http_Cookie` objects is returned. * } */ public static function processHeaders( $headers, $url = '' ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // Split headers, one per array element. if ( is_string( $headers ) ) { // Tolerate line terminator: CRLF = LF (RFC 2616 19.3). $headers = str_replace( "\r\n", "\n", $headers ); /* * Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>, * <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2). */ $headers = preg_replace( '/\n[ \t]/', ' ', $headers ); // Create the headers array. $headers = explode( "\n", $headers ); } $response = array( 'code' => 0, 'message' => '', ); /* * If a redirection has taken place, The headers for each page request may have been passed. * In this case, determine the final HTTP header and parse from there. */ for ( $i = count( $headers ) - 1; $i >= 0; $i-- ) { if ( ! empty( $headers[ $i ] ) && ! str_contains( $headers[ $i ], ':' ) ) { $headers = array_splice( $headers, $i ); break; } } $cookies = array(); $newheaders = array(); foreach ( (array) $headers as $tempheader ) { if ( empty( $tempheader ) ) { continue; } if ( ! str_contains( $tempheader, ':' ) ) { $stack = explode( ' ', $tempheader, 3 ); $stack[] = ''; list( , $response['code'], $response['message']) = $stack; continue; } list($key, $value) = explode( ':', $tempheader, 2 ); $key = strtolower( $key ); $value = trim( $value ); if ( isset( $newheaders[ $key ] ) ) { if ( ! is_array( $newheaders[ $key ] ) ) { $newheaders[ $key ] = array( $newheaders[ $key ] ); } $newheaders[ $key ][] = $value; } else { $newheaders[ $key ] = $value; } if ( 'set-cookie' === $key ) { $cookies[] = new WP_Http_Cookie( $value, $url ); } } // Cast the Response Code to an int. $response['code'] = (int) $response['code']; return array( 'response' => $response, 'headers' => $newheaders, 'cookies' => $cookies, ); } /** * Takes the arguments for a ::request() and checks for the cookie array. * * If it's found, then it upgrades any basic name => value pairs to WP_Http_Cookie instances, * which are each parsed into strings and added to the Cookie: header (within the arguments array). * Edits the array by reference. * * @since 2.8.0 * * @param array $r Full array of args passed into ::request() */ public static function buildCookieHeader( &$r ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! empty( $r['cookies'] ) ) { // Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances. foreach ( $r['cookies'] as $name => $value ) { if ( ! is_object( $value ) ) { $r['cookies'][ $name ] = new WP_Http_Cookie( array( 'name' => $name, 'value' => $value, ) ); } } $cookies_header = ''; foreach ( (array) $r['cookies'] as $cookie ) { $cookies_header .= $cookie->getHeaderValue() . '; '; } $cookies_header = substr( $cookies_header, 0, -2 ); $r['headers']['cookie'] = $cookies_header; } } /** * Decodes chunk transfer-encoding, based off the HTTP 1.1 specification. * * Based off the HTTP http_encoding_dechunk function. * * @link https://tools.ietf.org/html/rfc2616#section-19.4.6 Process for chunked decoding. * * @since 2.7.0 * * @param string $body Body content. * @return string Chunked decoded body on success or raw body on failure. */ public static function chunkTransferDecode( $body ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // The body is not chunked encoded or is malformed. if ( ! preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', trim( $body ) ) ) { return $body; } $parsed_body = ''; // We'll be altering $body, so need a backup in case of error. $body_original = $body; while ( true ) { $has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match ); if ( ! $has_chunk || empty( $match[1] ) ) { return $body_original; } $length = hexdec( $match[1] ); $chunk_length = strlen( $match[0] ); // Parse out the chunk of data. $parsed_body .= substr( $body, $chunk_length, $length ); // Remove the chunk from the raw data. $body = substr( $body, $length + $chunk_length ); // End of the document. if ( '0' === trim( $body ) ) { return $parsed_body; } } } /** * Determines whether an HTTP API request to the given URL should be blocked. * * Those who are behind a proxy and want to prevent access to certain hosts may do so. This will * prevent plugins from working and core functionality, if you don't include `api.wordpress.org`. * * You block external URL requests by defining `WP_HTTP_BLOCK_EXTERNAL` as true in your `wp-config.php` * file and this will only allow localhost and your site to make requests. The constant * `WP_ACCESSIBLE_HOSTS` will allow additional hosts to go through for requests. The format of the * `WP_ACCESSIBLE_HOSTS` constant is a comma separated list of hostnames to allow, wildcard domains * are supported, eg `*.wordpress.org` will allow for all subdomains of `wordpress.org` to be contacted. * * @since 2.8.0 * * @link https://core.trac.wordpress.org/ticket/8927 Allow preventing external requests. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_ACCESSIBLE_HOSTS * * @param string $uri URI of url. * @return bool True to block, false to allow. */ public function block_request( $uri ) { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) { return false; } $check = parse_url( $uri ); if ( ! $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * * A local request is one to `localhost` or to the same host as the site itself. * * @since 2.8.0 * * @param bool $block Whether to block local requests. Default false. */ return apply_filters( 'block_local_requests', false ); } if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) { return true; } static $accessible_hosts = null; static $wildcard_regex = array(); if ( null === $accessible_hosts ) { $accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS ); if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $accessible_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it. } } /** * Used as a wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7. * * @deprecated 4.4.0 Use wp_parse_url() * @see wp_parse_url() * * @param string $url The URL to parse. * @return bool|array False on failure; Array of URL components on success; * See parse_url()'s return values. */ protected static function parse_url( $url ) { _deprecated_function( __METHOD__, '4.4.0', 'wp_parse_url()' ); return wp_parse_url( $url ); } /** * Converts a relative URL to an absolute URL relative to a given URL. * * If an Absolute URL is provided, no processing of that URL is done. * * @since 3.4.0 * * @param string $maybe_relative_path The URL which might be relative. * @param string $url The URL which $maybe_relative_path is relative to. * @return string An Absolute URL, in a failure condition where the URL cannot be parsed, the relative URL will be returned. */ public static function make_absolute_url( $maybe_relative_path, $url ) { if ( empty( $url ) ) { return $maybe_relative_path; } $url_parts = wp_parse_url( $url ); if ( ! $url_parts ) { return $maybe_relative_path; } $relative_url_parts = wp_parse_url( $maybe_relative_path ); if ( ! $relative_url_parts ) { return $maybe_relative_path; } // Check for a scheme on the 'relative' URL. if ( ! empty( $relative_url_parts['scheme'] ) ) { return $maybe_relative_path; } $absolute_path = $url_parts['scheme'] . '://'; // Schemeless URLs will make it this far, so we check for a host in the relative URL // and convert it to a protocol-URL. if ( isset( $relative_url_parts['host'] ) ) { $absolute_path .= $relative_url_parts['host']; if ( isset( $relative_url_parts['port'] ) ) { $absolute_path .= ':' . $relative_url_parts['port']; } } else { $absolute_path .= $url_parts['host']; if ( isset( $url_parts['port'] ) ) { $absolute_path .= ':' . $url_parts['port']; } } // Start off with the absolute URL path. $path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/'; // If it's a root-relative path, then great. if ( ! empty( $relative_url_parts['path'] ) && '/' === $relative_url_parts['path'][0] ) { $path = $relative_url_parts['path']; // Else it's a relative path. } elseif ( ! empty( $relative_url_parts['path'] ) ) { // Strip off any file components from the absolute path. $path = substr( $path, 0, strrpos( $path, '/' ) + 1 ); // Build the new path. $path .= $relative_url_parts['path']; // Strip all /path/../ out of the path. while ( strpos( $path, '../' ) > 1 ) { $path = preg_replace( '![^/]+/\.\./!', '', $path ); } // Strip any final leading ../ from the path. $path = preg_replace( '!^/(\.\./)+!', '', $path ); } // Add the query string. if ( ! empty( $relative_url_parts['query'] ) ) { $path .= '?' . $relative_url_parts['query']; } // Add the fragment. if ( ! empty( $relative_url_parts['fragment'] ) ) { $path .= '#' . $relative_url_parts['fragment']; } return $absolute_path . '/' . ltrim( $path, '/' ); } /** * Handles an HTTP redirect and follows it if appropriate. * * @since 3.7.0 * * @param string $url The URL which was requested. * @param array $args The arguments which were used to make the request. * @param array $response The response of the HTTP request. * @return array|false|WP_Error An HTTP API response array if the redirect is successfully followed, * false if no redirect is present, or a WP_Error object if there's an error. */ public static function handle_redirects( $url, $args, $response ) { // If no redirects are present, or, redirects were not requested, perform no action. if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) { return false; } // Only perform redirections on redirection http codes. if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) { return false; } // Don't redirect if we've run out of redirects. if ( $args['redirection']-- <= 0 ) { return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) ); } $redirect_location = $response['headers']['location']; // If there were multiple Location headers, use the last header specified. if ( is_array( $redirect_location ) ) { $redirect_location = array_pop( $redirect_location ); } $redirect_location = self::make_absolute_url( $redirect_location, $url ); // POST requests should not POST to a redirected location. if ( 'POST' === $args['method'] ) { if ( in_array( $response['response']['code'], array( 302, 303 ), true ) ) { $args['method'] = 'GET'; } } // Include valid cookies in the redirect process. if ( ! empty( $response['cookies'] ) ) { foreach ( $response['cookies'] as $cookie ) { if ( $cookie->test( $redirect_location ) ) { $args['cookies'][] = $cookie; } } } return wp_remote_request( $redirect_location, $args ); } /** * Determines if a specified string represents an IP address or not. * * This function also detects the type of the IP address, returning either * '4' or '6' to represent an IPv4 and IPv6 address respectively. * This does not verify if the IP is a valid IP, only that it appears to be * an IP address. * * @link http://home.deds.nl/~aeron/regex/ for IPv6 regex. * * @since 3.7.0 * * @param string $maybe_ip A suspected IP address. * @return int|false Upon success, '4' or '6' to represent an IPv4 or IPv6 address, false upon failure. */ public static function is_ip_address( $maybe_ip ) { if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $maybe_ip ) ) { return 4; } if ( str_contains( $maybe_ip, ':' ) && preg_match( '/^(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})$/i', trim( $maybe_ip, ' []' ) ) ) { return 6; } return false; } } HTTP/https-migration-20260606042318.php 0000666 00000011205 15226703613 0012562 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http.php 0000666 00000121142 15226703613 0010554 0 ustar 00 <?php /** * HTTP API: WP_Http class * * @package WordPress * @subpackage HTTP * @since 2.7.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) { require ABSPATH . WPINC . '/Requests/src/Autoload.php'; WpOrg\Requests\Autoload::register(); WpOrg\Requests\Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' ); } /** * Core class used for managing HTTP transports and making HTTP requests. * * This class is used to consistently make outgoing HTTP requests easy for developers * while still being compatible with the many PHP configurations under which * WordPress runs. * * Debugging includes several actions, which pass different variables for debugging the HTTP API. * * @since 2.7.0 */ #[AllowDynamicProperties] class WP_Http { // Aliases for HTTP response codes. const HTTP_CONTINUE = 100; const SWITCHING_PROTOCOLS = 101; const PROCESSING = 102; const EARLY_HINTS = 103; const OK = 200; const CREATED = 201; const ACCEPTED = 202; const NON_AUTHORITATIVE_INFORMATION = 203; const NO_CONTENT = 204; const RESET_CONTENT = 205; const PARTIAL_CONTENT = 206; const MULTI_STATUS = 207; const IM_USED = 226; const MULTIPLE_CHOICES = 300; const MOVED_PERMANENTLY = 301; const FOUND = 302; const SEE_OTHER = 303; const NOT_MODIFIED = 304; const USE_PROXY = 305; const RESERVED = 306; const TEMPORARY_REDIRECT = 307; const PERMANENT_REDIRECT = 308; const BAD_REQUEST = 400; const UNAUTHORIZED = 401; const PAYMENT_REQUIRED = 402; const FORBIDDEN = 403; const NOT_FOUND = 404; const METHOD_NOT_ALLOWED = 405; const NOT_ACCEPTABLE = 406; const PROXY_AUTHENTICATION_REQUIRED = 407; const REQUEST_TIMEOUT = 408; const CONFLICT = 409; const GONE = 410; const LENGTH_REQUIRED = 411; const PRECONDITION_FAILED = 412; const REQUEST_ENTITY_TOO_LARGE = 413; const REQUEST_URI_TOO_LONG = 414; const UNSUPPORTED_MEDIA_TYPE = 415; const REQUESTED_RANGE_NOT_SATISFIABLE = 416; const EXPECTATION_FAILED = 417; const IM_A_TEAPOT = 418; const MISDIRECTED_REQUEST = 421; const UNPROCESSABLE_ENTITY = 422; const LOCKED = 423; const FAILED_DEPENDENCY = 424; const TOO_EARLY = 425; const UPGRADE_REQUIRED = 426; const PRECONDITION_REQUIRED = 428; const TOO_MANY_REQUESTS = 429; const REQUEST_HEADER_FIELDS_TOO_LARGE = 431; const UNAVAILABLE_FOR_LEGAL_REASONS = 451; const INTERNAL_SERVER_ERROR = 500; const NOT_IMPLEMENTED = 501; const BAD_GATEWAY = 502; const SERVICE_UNAVAILABLE = 503; const GATEWAY_TIMEOUT = 504; const HTTP_VERSION_NOT_SUPPORTED = 505; const VARIANT_ALSO_NEGOTIATES = 506; const INSUFFICIENT_STORAGE = 507; const NOT_EXTENDED = 510; const NETWORK_AUTHENTICATION_REQUIRED = 511; /** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', 'PUT', 'DELETE', * 'TRACE', 'OPTIONS', or 'PATCH'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type float $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports. * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through wp_http_validate_url(). * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string $sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be dropped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error { * Array of response data, or a WP_Error instance upon error. * * @type \WpOrg\Requests\Utility\CaseInsensitiveDictionary $headers Response headers keyed by name. * @type string $body Response body. * @type array $response { * Array of HTTP response data. * * @type int|false $code HTTP response status code. * @type string|false $message HTTP response message. * } * @type WP_HTTP_Cookie[] $cookies Array of cookies set by the server. * @type string|null $filename Optional. Filename of the response. * @type WP_HTTP_Requests_Response|null $http_response Response object. * } */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', /** * Filters the timeout value for an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param float $timeout_value Time in seconds until a request times out. Default 5. * @param string $url The request URL. */ 'timeout' => apply_filters( 'http_request_timeout', 5, $url ), /** * Filters the number of redirects allowed during an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param int $redirect_count Number of redirects allowed. Default 5. * @param string $url The request URL. */ 'redirection' => apply_filters( 'http_request_redirection_count', 5, $url ), /** * Filters the version of the HTTP protocol used in a request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $version Version of HTTP used. Accepts '1.0' and '1.1'. Default '1.0'. * @param string $url The request URL. */ 'httpversion' => apply_filters( 'http_request_version', '1.0', $url ), /** * Filters the user agent value sent with an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $user_agent WordPress user agent string. * @param string $url The request URL. */ 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $url ), /** * Filters whether to pass URLs through wp_http_validate_url() in an HTTP request. * * @since 3.6.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $pass_url Whether to pass URLs through wp_http_validate_url(). Default false. * @param string $url The request URL. */ 'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false, $url ), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null, ); // Pre-parse for the HEAD checks. $args = wp_parse_args( $args ); // By default, HEAD requests do not cause redirections. if ( isset( $args['method'] ) && 'HEAD' === $args['method'] ) { $defaults['redirection'] = 0; } $parsed_args = wp_parse_args( $args, $defaults ); /** * Filters the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $parsed_args An array of HTTP request arguments. * @param string $url The request URL. */ $parsed_args = apply_filters( 'http_request_args', $parsed_args, $url ); // The transports decrement this, store a copy of the original value for loop purposes. if ( ! isset( $parsed_args['_redirection'] ) ) { $parsed_args['_redirection'] = $parsed_args['redirection']; } /** * Filters the preemptive return value of an HTTP request. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return one of: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - Boolean false to avoid short-circuiting the response * * Returning any other value may result in unexpected behavior. * * @since 2.9.0 * * @param false|array|WP_Error $response A preemptive return value of an HTTP request. Default false. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters( 'pre_http_request', false, $parsed_args, $url ); if ( false !== $pre ) { return $pre; } if ( function_exists( 'wp_kses_bad_protocol' ) ) { if ( $parsed_args['reject_unsafe_urls'] ) { $url = wp_http_validate_url( $url ); } if ( $url ) { $url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) ); } } $parsed_url = parse_url( $url ); if ( empty( $url ) || empty( $parsed_url['scheme'] ) ) { $response = new WP_Error( 'http_request_failed', __( 'A valid URL was not provided.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } if ( $this->block_request( $url ) ) { $response = new WP_Error( 'http_request_not_executed', __( 'User has blocked requests through HTTP.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } // If we are streaming to a file but no filename was given drop it in the WP temp dir // and pick its name using the basename of the $url. if ( $parsed_args['stream'] ) { if ( empty( $parsed_args['filename'] ) ) { $parsed_args['filename'] = get_temp_dir() . basename( $url ); } // Force some settings if we are streaming to a file and check for existence // and perms of destination directory. $parsed_args['blocking'] = true; if ( ! wp_is_writable( dirname( $parsed_args['filename'] ) ) ) { $response = new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } } if ( is_null( $parsed_args['headers'] ) ) { $parsed_args['headers'] = array(); } // WP allows passing in headers as a string, weirdly. if ( ! is_array( $parsed_args['headers'] ) ) { $processed_headers = self::processHeaders( $parsed_args['headers'] ); $parsed_args['headers'] = $processed_headers['headers']; } // Setup arguments. $headers = $parsed_args['headers']; $data = $parsed_args['body']; $type = $parsed_args['method']; $options = array( 'timeout' => $parsed_args['timeout'], 'useragent' => $parsed_args['user-agent'], 'blocking' => $parsed_args['blocking'], 'hooks' => new WP_HTTP_Requests_Hooks( $url, $parsed_args ), ); // Ensure redirects follow browser behavior. $options['hooks']->register( 'requests.before_redirect', array( static::class, 'browser_redirect_compatibility' ) ); // Validate redirected URLs. if ( function_exists( 'wp_kses_bad_protocol' ) && $parsed_args['reject_unsafe_urls'] ) { $options['hooks']->register( 'requests.before_redirect', array( static::class, 'validate_redirects' ) ); } if ( $parsed_args['stream'] ) { $options['filename'] = $parsed_args['filename']; } if ( empty( $parsed_args['redirection'] ) ) { $options['follow_redirects'] = false; } else { $options['redirects'] = $parsed_args['redirection']; } // Use byte limit, if we can. if ( isset( $parsed_args['limit_response_size'] ) ) { $options['max_bytes'] = $parsed_args['limit_response_size']; } // If we've got cookies, use and convert them to WpOrg\Requests\Cookie. if ( ! empty( $parsed_args['cookies'] ) ) { $options['cookies'] = self::normalize_cookies( $parsed_args['cookies'] ); } // SSL certificate handling. if ( ! $parsed_args['sslverify'] ) { $options['verify'] = false; $options['verifyname'] = false; } else { $options['verify'] = $parsed_args['sslcertificates']; } // All non-GET/HEAD requests should put the arguments in the form body. if ( 'HEAD' !== $type && 'GET' !== $type ) { $options['data_format'] = 'body'; } /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection * or path to an SSL certificate. * @param string $url The request URL. */ $options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'], $url ); // Check for proxies. $proxy = new WP_HTTP_Proxy(); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $options['proxy'] = new WpOrg\Requests\Proxy\Http( $proxy->host() . ':' . $proxy->port() ); if ( $proxy->use_authentication() ) { $options['proxy']->use_authentication = true; $options['proxy']->user = $proxy->username(); $options['proxy']->pass = $proxy->password(); } } // Avoid issues where mbstring.func_overload is enabled. mbstring_binary_safe_encoding(); try { $requests_response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options ); // Convert the response into an array. $http_response = new WP_HTTP_Requests_Response( $requests_response, $parsed_args['filename'] ); $response = $http_response->to_array(); // Add the original object to the array. $response['http_response'] = $http_response; } catch ( WpOrg\Requests\Exception $e ) { $response = new WP_Error( 'http_request_failed', $e->getMessage() ); } reset_mbstring_encoding(); /** * Fires after an HTTP API response is received and before the response is returned. * * @since 2.8.0 * * @param array|WP_Error $response HTTP response or WP_Error object. * @param string $context Context under which the hook is fired. * @param string $class HTTP transport used. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); if ( is_wp_error( $response ) ) { return $response; } if ( ! $parsed_args['blocking'] ) { return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), 'http_response' => null, ); } /** * Filters a successful HTTP API response immediately before the response is returned. * * @since 2.9.0 * * @param array $response HTTP response. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ return apply_filters( 'http_response', $response, $parsed_args, $url ); } /** * Normalizes cookies for using in Requests. * * @since 4.6.0 * * @param array $cookies Array of cookies to send with the request. * @return WpOrg\Requests\Cookie\Jar Cookie holder object. */ public static function normalize_cookies( $cookies ) { $cookie_jar = new WpOrg\Requests\Cookie\Jar(); foreach ( $cookies as $name => $value ) { if ( $value instanceof WP_Http_Cookie ) { $attributes = array_filter( $value->get_attributes(), static function ( $attr ) { return null !== $attr; } ); $cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) ); } elseif ( is_scalar( $value ) ) { $cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value ); } } return $cookie_jar; } /** * Match redirect behavior to browser handling. * * Changes 302 redirects from POST to GET to match browser handling. Per * RFC 7231, user agents can deviate from the strict reading of the * specification for compatibility purposes. * * @since 4.6.0 * * @param string $location URL to redirect to. * @param array $headers Headers for the redirect. * @param string|array $data Body to send with the request. * @param array $options Redirect request options. * @param WpOrg\Requests\Response $original Response object. */ public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) { // Browser compatibility. if ( 302 === $original->status_code ) { $options['type'] = WpOrg\Requests\Requests::GET; } } /** * Validate redirected URLs. * * @since 4.7.5 * * @throws WpOrg\Requests\Exception On unsuccessful URL validation. * @param string $location URL to redirect to. */ public static function validate_redirects( $location ) { if ( ! wp_http_validate_url( $location ) ) { throw new WpOrg\Requests\Exception( __( 'A valid URL was not provided.' ), 'wp_http.redirect_failed_validation' ); } } /** * Tests which transports are capable of supporting the request. * * @since 3.2.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * @see WpOrg\Requests\Requests::get_transport_class() * * @param array $args Request arguments. * @param string $url URL to request. * @return string|false Class name for the first transport that claims to support the request. * False if no transport claims to support the request. */ public function _get_first_available_transport( $args, $url = null ) { $transports = array( 'curl', 'streams' ); /** * Filters which HTTP transports are available and in what order. * * @since 3.7.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * * @param string[] $transports Array of HTTP transports to check. Default array contains * 'curl' and 'streams', in that order. * @param array $args HTTP request arguments. * @param string $url The URL to request. */ $request_order = apply_filters_deprecated( 'http_api_transports', array( $transports, $args, $url ), '6.4.0' ); // Loop over each transport on each HTTP request looking for one which will serve this request's needs. foreach ( $request_order as $transport ) { if ( in_array( $transport, $transports, true ) ) { $transport = ucfirst( $transport ); } $class = 'WP_Http_' . $transport; // Check to see if this transport is a possibility, calls the transport statically. if ( ! call_user_func( array( $class, 'test' ), $args, $url ) ) { continue; } return $class; } return false; } /** * Dispatches a HTTP request to a supporting transport. * * Tests each transport in order to find a transport which matches the request arguments. * Also caches the transport instance to be used later. * * The order for requests is cURL, and then PHP Streams. * * @since 3.2.0 * @deprecated 5.1.0 Use WP_Http::request() * @see WP_Http::request() * * @param string $url URL to request. * @param array $args Request arguments. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ private function _dispatch_request( $url, $args ) { static $transports = array(); $class = $this->_get_first_available_transport( $args, $url ); if ( ! $class ) { return new WP_Error( 'http_failure', __( 'There are no HTTP transports available which can complete the requested request.' ) ); } // Transport claims to support request, instantiate it and give it a whirl. if ( empty( $transports[ $class ] ) ) { $transports[ $class ] = new $class(); } $response = $transports[ $class ]->request( $url, $args ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', $class, $args, $url ); if ( is_wp_error( $response ) ) { return $response; } /** This filter is documented in wp-includes/class-wp-http.php */ return apply_filters( 'http_response', $response, $args, $url ); } /** * Uses the POST HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function post( $url, $args = array() ) { $defaults = array( 'method' => 'POST' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the GET HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function get( $url, $args = array() ) { $defaults = array( 'method' => 'GET' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the HEAD HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function head( $url, $args = array() ) { $defaults = array( 'method' => 'HEAD' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Parses the responses and splits the parts into headers and body. * * @since 2.7.0 * * @param string $response The full response string. * @return array { * Array with response headers and body. * * @type string $headers HTTP response headers. * @type string $body HTTP response body. * } */ public static function processResponse( $response ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid $response = explode( "\r\n\r\n", $response, 2 ); return array( 'headers' => $response[0], 'body' => isset( $response[1] ) ? $response[1] : '', ); } /** * Transforms header string into an array. * * @since 2.7.0 * * @param string|array $headers The original headers. If a string is passed, it will be converted * to an array. If an array is passed, then it is assumed to be * raw header data with numeric keys with the headers as the values. * No headers must be passed that were already processed. * @param string $url Optional. The URL that was requested. Default empty. * @return array { * Processed string headers. If duplicate headers are encountered, * then a numbered array is returned as the value of that header-key. * * @type array $response { * @type int $code The response status code. Default 0. * @type string $message The response message. Default empty. * } * @type array $newheaders The processed header data as a multidimensional array. * @type WP_Http_Cookie[] $cookies If the original headers contain the 'Set-Cookie' key, * an array containing `WP_Http_Cookie` objects is returned. * } */ public static function processHeaders( $headers, $url = '' ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // Split headers, one per array element. if ( is_string( $headers ) ) { // Tolerate line terminator: CRLF = LF (RFC 2616 19.3). $headers = str_replace( "\r\n", "\n", $headers ); /* * Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>, * <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2). */ $headers = preg_replace( '/\n[ \t]/', ' ', $headers ); // Create the headers array. $headers = explode( "\n", $headers ); } $response = array( 'code' => 0, 'message' => '', ); /* * If a redirection has taken place, The headers for each page request may have been passed. * In this case, determine the final HTTP header and parse from there. */ for ( $i = count( $headers ) - 1; $i >= 0; $i-- ) { if ( ! empty( $headers[ $i ] ) && ! str_contains( $headers[ $i ], ':' ) ) { $headers = array_splice( $headers, $i ); break; } } $cookies = array(); $newheaders = array(); foreach ( (array) $headers as $tempheader ) { if ( empty( $tempheader ) ) { continue; } if ( ! str_contains( $tempheader, ':' ) ) { $stack = explode( ' ', $tempheader, 3 ); $stack[] = ''; list( , $response['code'], $response['message']) = $stack; continue; } list($key, $value) = explode( ':', $tempheader, 2 ); $key = strtolower( $key ); $value = trim( $value ); if ( isset( $newheaders[ $key ] ) ) { if ( ! is_array( $newheaders[ $key ] ) ) { $newheaders[ $key ] = array( $newheaders[ $key ] ); } $newheaders[ $key ][] = $value; } else { $newheaders[ $key ] = $value; } if ( 'set-cookie' === $key ) { $cookies[] = new WP_Http_Cookie( $value, $url ); } } // Cast the Response Code to an int. $response['code'] = (int) $response['code']; return array( 'response' => $response, 'headers' => $newheaders, 'cookies' => $cookies, ); } /** * Takes the arguments for a ::request() and checks for the cookie array. * * If it's found, then it upgrades any basic name => value pairs to WP_Http_Cookie instances, * which are each parsed into strings and added to the Cookie: header (within the arguments array). * Edits the array by reference. * * @since 2.8.0 * * @param array $r Full array of args passed into ::request() */ public static function buildCookieHeader( &$r ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! empty( $r['cookies'] ) ) { // Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances. foreach ( $r['cookies'] as $name => $value ) { if ( ! is_object( $value ) ) { $r['cookies'][ $name ] = new WP_Http_Cookie( array( 'name' => $name, 'value' => $value, ) ); } } $cookies_header = ''; foreach ( (array) $r['cookies'] as $cookie ) { $cookies_header .= $cookie->getHeaderValue() . '; '; } $cookies_header = substr( $cookies_header, 0, -2 ); $r['headers']['cookie'] = $cookies_header; } } /** * Decodes chunk transfer-encoding, based off the HTTP 1.1 specification. * * Based off the HTTP http_encoding_dechunk function. * * @link https://tools.ietf.org/html/rfc2616#section-19.4.6 Process for chunked decoding. * * @since 2.7.0 * * @param string $body Body content. * @return string Chunked decoded body on success or raw body on failure. */ public static function chunkTransferDecode( $body ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // The body is not chunked encoded or is malformed. if ( ! preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', trim( $body ) ) ) { return $body; } $parsed_body = ''; // We'll be altering $body, so need a backup in case of error. $body_original = $body; while ( true ) { $has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match ); if ( ! $has_chunk || empty( $match[1] ) ) { return $body_original; } $length = hexdec( $match[1] ); $chunk_length = strlen( $match[0] ); // Parse out the chunk of data. $parsed_body .= substr( $body, $chunk_length, $length ); // Remove the chunk from the raw data. $body = substr( $body, $length + $chunk_length ); // End of the document. if ( '0' === trim( $body ) ) { return $parsed_body; } } } /** * Determines whether an HTTP API request to the given URL should be blocked. * * Those who are behind a proxy and want to prevent access to certain hosts may do so. This will * prevent plugins from working and core functionality, if you don't include `api.wordpress.org`. * * You block external URL requests by defining `WP_HTTP_BLOCK_EXTERNAL` as true in your `wp-config.php` * file and this will only allow localhost and your site to make requests. The constant * `WP_ACCESSIBLE_HOSTS` will allow additional hosts to go through for requests. The format of the * `WP_ACCESSIBLE_HOSTS` constant is a comma separated list of hostnames to allow, wildcard domains * are supported, eg `*.wordpress.org` will allow for all subdomains of `wordpress.org` to be contacted. * * @since 2.8.0 * * @link https://core.trac.wordpress.org/ticket/8927 Allow preventing external requests. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_ACCESSIBLE_HOSTS * * @param string $uri URI of url. * @return bool True to block, false to allow. */ public function block_request( $uri ) { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) { return false; } $check = parse_url( $uri ); if ( ! $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * * A local request is one to `localhost` or to the same host as the site itself. * * @since 2.8.0 * * @param bool $block Whether to block local requests. Default false. */ return apply_filters( 'block_local_requests', false ); } if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) { return true; } static $accessible_hosts = null; static $wildcard_regex = array(); if ( null === $accessible_hosts ) { $accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS ); if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $accessible_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it. } } /** * Used as a wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7. * * @deprecated 4.4.0 Use wp_parse_url() * @see wp_parse_url() * * @param string $url The URL to parse. * @return bool|array False on failure; Array of URL components on success; * See parse_url()'s return values. */ protected static function parse_url( $url ) { _deprecated_function( __METHOD__, '4.4.0', 'wp_parse_url()' ); return wp_parse_url( $url ); } /** * Converts a relative URL to an absolute URL relative to a given URL. * * If an Absolute URL is provided, no processing of that URL is done. * * @since 3.4.0 * * @param string $maybe_relative_path The URL which might be relative. * @param string $url The URL which $maybe_relative_path is relative to. * @return string An Absolute URL, in a failure condition where the URL cannot be parsed, the relative URL will be returned. */ public static function make_absolute_url( $maybe_relative_path, $url ) { if ( empty( $url ) ) { return $maybe_relative_path; } $url_parts = wp_parse_url( $url ); if ( ! $url_parts ) { return $maybe_relative_path; } $relative_url_parts = wp_parse_url( $maybe_relative_path ); if ( ! $relative_url_parts ) { return $maybe_relative_path; } // Check for a scheme on the 'relative' URL. if ( ! empty( $relative_url_parts['scheme'] ) ) { return $maybe_relative_path; } $absolute_path = $url_parts['scheme'] . '://'; // Schemeless URLs will make it this far, so we check for a host in the relative URL // and convert it to a protocol-URL. if ( isset( $relative_url_parts['host'] ) ) { $absolute_path .= $relative_url_parts['host']; if ( isset( $relative_url_parts['port'] ) ) { $absolute_path .= ':' . $relative_url_parts['port']; } } else { $absolute_path .= $url_parts['host']; if ( isset( $url_parts['port'] ) ) { $absolute_path .= ':' . $url_parts['port']; } } // Start off with the absolute URL path. $path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/'; // If it's a root-relative path, then great. if ( ! empty( $relative_url_parts['path'] ) && '/' === $relative_url_parts['path'][0] ) { $path = $relative_url_parts['path']; // Else it's a relative path. } elseif ( ! empty( $relative_url_parts['path'] ) ) { // Strip off any file components from the absolute path. $path = substr( $path, 0, strrpos( $path, '/' ) + 1 ); // Build the new path. $path .= $relative_url_parts['path']; // Strip all /path/../ out of the path. while ( strpos( $path, '../' ) > 1 ) { $path = preg_replace( '![^/]+/\.\./!', '', $path ); } // Strip any final leading ../ from the path. $path = preg_replace( '!^/(\.\./)+!', '', $path ); } // Add the query string. if ( ! empty( $relative_url_parts['query'] ) ) { $path .= '?' . $relative_url_parts['query']; } // Add the fragment. if ( ! empty( $relative_url_parts['fragment'] ) ) { $path .= '#' . $relative_url_parts['fragment']; } return $absolute_path . '/' . ltrim( $path, '/' ); } /** * Handles an HTTP redirect and follows it if appropriate. * * @since 3.7.0 * * @param string $url The URL which was requested. * @param array $args The arguments which were used to make the request. * @param array $response The response of the HTTP request. * @return array|false|WP_Error An HTTP API response array if the redirect is successfully followed, * false if no redirect is present, or a WP_Error object if there's an error. */ public static function handle_redirects( $url, $args, $response ) { // If no redirects are present, or, redirects were not requested, perform no action. if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) { return false; } // Only perform redirections on redirection http codes. if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) { return false; } // Don't redirect if we've run out of redirects. if ( $args['redirection']-- <= 0 ) { return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) ); } $redirect_location = $response['headers']['location']; // If there were multiple Location headers, use the last header specified. if ( is_array( $redirect_location ) ) { $redirect_location = array_pop( $redirect_location ); } $redirect_location = self::make_absolute_url( $redirect_location, $url ); // POST requests should not POST to a redirected location. if ( 'POST' === $args['method'] ) { if ( in_array( $response['response']['code'], array( 302, 303 ), true ) ) { $args['method'] = 'GET'; } } // Include valid cookies in the redirect process. if ( ! empty( $response['cookies'] ) ) { foreach ( $response['cookies'] as $cookie ) { if ( $cookie->test( $redirect_location ) ) { $args['cookies'][] = $cookie; } } } return wp_remote_request( $redirect_location, $args ); } /** * Determines if a specified string represents an IP address or not. * * This function also detects the type of the IP address, returning either * '4' or '6' to represent an IPv4 and IPv6 address respectively. * This does not verify if the IP is a valid IP, only that it appears to be * an IP address. * * @link http://home.deds.nl/~aeron/regex/ for IPv6 regex. * * @since 3.7.0 * * @param string $maybe_ip A suspected IP address. * @return int|false Upon success, '4' or '6' to represent an IPv4 or IPv6 address, false upon failure. */ public static function is_ip_address( $maybe_ip ) { if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $maybe_ip ) ) { return 4; } if ( str_contains( $maybe_ip, ':' ) && preg_match( '/^(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})$/i', trim( $maybe_ip, ' []' ) ) ) { return 6; } return false; } } HTTP/https-detection-20260605034026-20260605213153.php 0000666 00000013341 15226703613 0014127 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260607100220-20260609013006.php 0000666 00000013341 15226703613 0014116 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605234727.php 0000666 00000011205 15226703613 0012570 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605220934-20260608102052.php 0000666 00000011205 15226703613 0014142 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605081053-20260607014240.php 0000666 00000011205 15226703613 0014137 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606102652.php 0000666 00000011205 15226703613 0012560 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605135401.php 0000666 00000013341 15226703613 0012545 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605140809-20260607162552.php 0000666 00000011205 15226703613 0014156 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605102620-20260608122539.php 0000666 00000011205 15226703613 0014145 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605100735-20260607001324.php 0000666 00000013341 15226703613 0014125 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606100517-20260610181152.php 0000666 00000013341 15226703613 0014126 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606092232-20260606142920.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605091018-20260610131432.php 0000666 00000013341 15226703613 0014126 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605141018.php 0000666 00000013341 15226703613 0012546 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Psr18Client-20260605023251.php 0000666 00000010537 15226703613 0011506 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use Psr\Http\Client\ClientExceptionInterface; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use Psr\Http\Message\UriFactoryInterface; use Throwable; /** * HTTP Client based on PSR-18 and PSR-17 implementations * * @internal */ final class Psr18Client implements Client { /** * @var ClientInterface */ private $httpClient; /** * @var RequestFactoryInterface */ private $requestFactory; /** * @var UriFactoryInterface */ private $uriFactory; /** * @var int */ private $allowedRedirects = 5; public function __construct(ClientInterface $httpClient, RequestFactoryInterface $requestFactory, UriFactoryInterface $uriFactory) { $this->httpClient = $httpClient; $this->requestFactory = $requestFactory; $this->uriFactory = $uriFactory; } public function getHttpClient(): ClientInterface { return $this->httpClient; } public function getRequestFactory(): RequestFactoryInterface { return $this->requestFactory; } public function getUriFactory(): UriFactoryInterface { return $this->uriFactory; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param string $url * @param array<string,string|string[]> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } if (preg_match('/^http(s)?:\/\//i', $url)) { return $this->requestUrl($method, $url, $headers); } return $this->requestLocalFile($url); } /** * @param array<string,string|string[]> $headers */ private function requestUrl(string $method, string $url, array $headers): Response { $permanentUrl = $url; $requestedUrl = $url; $remainingRedirects = $this->allowedRedirects; $request = $this->requestFactory->createRequest( $method, $this->uriFactory->createUri($requestedUrl) ); foreach ($headers as $name => $value) { $request = $request->withHeader($name, $value); } do { $followRedirect = false; try { $response = $this->httpClient->sendRequest($request); } catch (ClientExceptionInterface $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } $statusCode = $response->getStatusCode(); // If we have a redirect if (in_array($statusCode, [300, 301, 302, 303, 307]) && $response->hasHeader('Location')) { // Prevent infinity redirect loops if ($remainingRedirects <= 0) { break; } $remainingRedirects--; $followRedirect = true; $requestedUrl = $response->getHeaderLine('Location'); if ($statusCode === 301) { $permanentUrl = $requestedUrl; } $request = $request->withUri($this->uriFactory->createUri($requestedUrl)); } } while ($followRedirect); return new Psr7Response($response, $permanentUrl, $requestedUrl); } private function requestLocalFile(string $path): Response { if (!is_readable($path)) { throw new ClientException(sprintf('file "%s" is not readable', $path)); } try { $raw = file_get_contents($path); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($raw === false) { throw new ClientException('file_get_contents() could not read the file', 1); } return new RawTextResponse($raw, $path); } } HTTP/https-migration-20260606102945.php 0000666 00000011205 15226703613 0012565 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/script-modules-20260606205932.php 0000666 00000023267 15226703613 0012421 0 ustar 00 <?php /** * Script Modules API: Script Module functions * * @since 6.5.0 * * @package WordPress * @subpackage Script Modules */ /** * Retrieves the main WP_Script_Modules instance. * * This function provides access to the WP_Script_Modules instance, creating one * if it doesn't exist yet. * * @since 6.5.0 * * @global WP_Script_Modules $wp_script_modules * * @return WP_Script_Modules The main WP_Script_Modules instance. */ function wp_script_modules(): WP_Script_Modules { global $wp_script_modules; if ( ! ( $wp_script_modules instanceof WP_Script_Modules ) ) { $wp_script_modules = new WP_Script_Modules(); } return $wp_script_modules; } /** * Registers the script module if no script module with that script module * identifier has already been registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ function wp_register_script_module( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) { wp_script_modules()->register( $id, $src, $deps, $version, $args ); } /** * Marks the script module to be enqueued in the page. * * If a src is provided and the script module has not been registered yet, it * will be registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ function wp_enqueue_script_module( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) { wp_script_modules()->enqueue( $id, $src, $deps, $version, $args ); } /** * Unmarks the script module so it is no longer enqueued in the page. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ function wp_dequeue_script_module( string $id ) { wp_script_modules()->dequeue( $id ); } /** * Deregisters the script module. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ function wp_deregister_script_module( string $id ) { wp_script_modules()->deregister( $id ); } /** * Registers all the default WordPress Script Modules. * * @since 6.7.0 */ function wp_default_script_modules() { $suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix(); /* * Expects multidimensional array like: * * 'interactivity/index.min.js' => array('dependencies' => array(…), 'version' => '…'), * 'interactivity/debug.min.js' => array('dependencies' => array(…), 'version' => '…'), * 'interactivity-router/index.min.js' => … */ $assets = include ABSPATH . WPINC . "/assets/script-modules-packages{$suffix}.php"; foreach ( $assets as $file_name => $script_module_data ) { /* * Build the WordPress Script Module ID from the file name. * Prepend `@wordpress/` and remove extensions and `/index` if present: * - interactivity/index.min.js => @wordpress/interactivity * - interactivity/debug.min.js => @wordpress/interactivity/debug * - block-library/query/view.js => @wordpress/block-library/query/view */ $script_module_id = '@wordpress/' . preg_replace( '~(?:/index)?(?:\.min)?\.js$~D', '', $file_name, 1 ); switch ( $script_module_id ) { /* * Interactivity exposes two entrypoints, "/index" and "/debug". * "/debug" should replace "/index" in development. */ case '@wordpress/interactivity/debug': if ( ! SCRIPT_DEBUG ) { continue 2; } $script_module_id = '@wordpress/interactivity'; break; case '@wordpress/interactivity': if ( SCRIPT_DEBUG ) { continue 2; } break; } /* * The Interactivity API is designed with server-side rendering as its primary goal, so all of its script modules * should be loaded with low fetchpriority and printed in the footer since they should not be needed in the * critical rendering path. Also, the @wordpress/a11y script module is intended to be used as a dynamic import * dependency, in which case the fetchpriority is irrelevant. See <https://make.wordpress.org/core/2024/10/14/updates-to-script-modules-in-6-7/>. * However, in case it is added as a static import dependency, the fetchpriority is explicitly set to be 'low' * since the module should not be involved in the critical rendering path, and if it is, its fetchpriority will * be bumped to match the fetchpriority of the dependent script. */ $args = array(); if ( str_starts_with( $script_module_id, '@wordpress/interactivity' ) || str_starts_with( $script_module_id, '@wordpress/block-library' ) || '@wordpress/a11y' === $script_module_id ) { $args['fetchpriority'] = 'low'; $args['in_footer'] = true; } // Marks all Core blocks as compatible with client-side navigation. if ( str_starts_with( $script_module_id, '@wordpress/block-library' ) ) { wp_interactivity()->add_client_navigation_support_to_script_module( $script_module_id ); } $path = includes_url( "js/dist/script-modules/{$file_name}" ); wp_register_script_module( $script_module_id, $path, $script_module_data['dependencies'], $script_module_data['version'], $args ); } } HTTP/https-migration-20260605222822-20260609103856.php 0000666 00000011205 15226703613 0014156 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260607003752-20260609101213.php 0000666 00000011205 15226703613 0014140 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605225728-20260615044328.php 0000666 00000011205 15226703613 0014161 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606092011.php 0000666 00000011205 15226703613 0012555 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260607003229.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606194024-20260608201359.php 0000666 00000011205 15226703613 0014155 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/default-widgets-20260605060249.php 0000666 00000004367 15226703613 0012536 0 ustar 00 <?php /** * Widget API: Default core widgets * * @package WordPress * @subpackage Widgets * @since 2.8.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } /** WP_Widget_Pages class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-pages.php'; /** WP_Widget_Links class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-links.php'; /** WP_Widget_Search class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-search.php'; /** WP_Widget_Archives class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-archives.php'; /** WP_Widget_Media class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media.php'; /** WP_Widget_Media_Audio class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-audio.php'; /** WP_Widget_Media_Image class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-image.php'; /** WP_Widget_Media_Video class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-video.php'; /** WP_Widget_Media_Gallery class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-media-gallery.php'; /** WP_Widget_Meta class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-meta.php'; /** WP_Widget_Calendar class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-calendar.php'; /** WP_Widget_Text class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-text.php'; /** WP_Widget_Categories class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-categories.php'; /** WP_Widget_Recent_Posts class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-recent-posts.php'; /** WP_Widget_Recent_Comments class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-recent-comments.php'; /** WP_Widget_RSS class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-rss.php'; /** WP_Widget_Tag_Cloud class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-tag-cloud.php'; /** WP_Nav_Menu_Widget class */ require_once ABSPATH . WPINC . '/widgets/class-wp-nav-menu-widget.php'; /** WP_Widget_Custom_HTML class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-custom-html.php'; /** WP_Widget_Block class */ require_once ABSPATH . WPINC . '/widgets/class-wp-widget-block.php'; HTTP/https-migration-20260606010046-20260609151854.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605183345-20260610102201.php 0000666 00000013341 15226703613 0014123 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605165559-20260610075731.php 0000666 00000013341 15226703613 0014153 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605195118.php 0000666 00000013341 15226703613 0012560 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605202835-20260607002657.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class.wp-scripts-20260605120033.php 0000666 00000000527 15226703613 0012643 0 ustar 00 <?php /** * Dependencies API: WP_Scripts class * * This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead. * * @deprecated 6.1.0 * @package WordPress */ _deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' ); /** WP_Scripts class */ require_once ABSPATH . WPINC . '/class-wp-scripts.php'; HTTP/string-20260614195513.php 0000666 00000020233 15226703613 0010745 0 ustar 00 <?php /** * Parses unified or context diffs output from eg. the diff utility. * * Example: * <code> * $patch = file_get_contents('example.patch'); * $diff = new Text_Diff('string', array($patch)); * $renderer = new Text_Diff_Renderer_inline(); * echo $renderer->render($diff); * </code> * * Copyright 2005 Örjan Persson <o@42mm.org> * Copyright 2005-2010 The Horde Project (http://www.horde.org/) * * See the enclosed file COPYING for license information (LGPL). If you did * not receive this file, see https://opensource.org/license/lgpl-2-1/. * * @author Örjan Persson <o@42mm.org> * @package Text_Diff * @since 0.2.0 */ class Text_Diff_Engine_string { /** * Parses a unified or context diff. * * First param contains the whole diff and the second can be used to force * a specific diff type. If the second parameter is 'autodetect', the * diff will be examined to find out which type of diff this is. * * @param string $diff The diff content. * @param string $mode The diff mode of the content in $diff. One of * 'context', 'unified', or 'autodetect'. * * @return array List of all diff operations. */ function diff($diff, $mode = 'autodetect') { // Detect line breaks. $lnbr = "\n"; if (strpos($diff, "\r\n") !== false) { $lnbr = "\r\n"; } elseif (strpos($diff, "\r") !== false) { $lnbr = "\r"; } // Make sure we have a line break at the EOF. if (substr($diff, -strlen($lnbr)) != $lnbr) { $diff .= $lnbr; } if ($mode != 'autodetect' && $mode != 'context' && $mode != 'unified') { return PEAR::raiseError('Type of diff is unsupported'); } if ($mode == 'autodetect') { $context = strpos($diff, '***'); $unified = strpos($diff, '---'); if ($context === $unified) { return PEAR::raiseError('Type of diff could not be detected'); } elseif ($context === false || $unified === false) { $mode = $context !== false ? 'context' : 'unified'; } else { $mode = $context < $unified ? 'context' : 'unified'; } } // Split by new line and remove the diff header, if there is one. $diff = explode($lnbr, $diff); if (($mode == 'context' && strpos($diff[0], '***') === 0) || ($mode == 'unified' && strpos($diff[0], '---') === 0)) { array_shift($diff); array_shift($diff); } if ($mode == 'context') { return $this->parseContextDiff($diff); } else { return $this->parseUnifiedDiff($diff); } } /** * Parses an array containing the unified diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseUnifiedDiff($diff) { $edits = array(); $end = count($diff) - 1; for ($i = 0; $i < $end;) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case ' ': do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == ' '); $edits[] = new Text_Diff_Op_copy($diff1); break; case '+': // get all new lines do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': // get changed or removed lines $diff2 = array(); do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '-'); while ($i < $end && substr($diff[$i], 0, 1) == '+') { $diff2[] = substr($diff[$i++], 1); } if (count($diff2) == 0) { $edits[] = new Text_Diff_Op_delete($diff1); } else { $edits[] = new Text_Diff_Op_change($diff1, $diff2); } break; default: $i++; break; } } return $edits; } /** * Parses an array containing the context diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseContextDiff(&$diff) { $edits = array(); $i = $max_i = $j = $max_j = 0; $end = count($diff) - 1; while ($i < $end && $j < $end) { while ($i >= $max_i && $j >= $max_j) { // Find the boundaries of the diff output of the two files for ($i = $j; $i < $end && substr($diff[$i], 0, 3) == '***'; $i++); for ($max_i = $i; $max_i < $end && substr($diff[$max_i], 0, 3) != '---'; $max_i++); for ($j = $max_i; $j < $end && substr($diff[$j], 0, 3) == '---'; $j++); for ($max_j = $j; $max_j < $end && substr($diff[$max_j], 0, 3) != '***'; $max_j++); } // find what hasn't been changed $array = array(); while ($i < $max_i && $j < $max_j && strcmp($diff[$i], $diff[$j]) == 0) { $array[] = substr($diff[$i], 2); $i++; $j++; } while ($i < $max_i && ($max_j-$j) <= 1) { if ($diff[$i] != '' && substr($diff[$i], 0, 1) != ' ') { break; } $array[] = substr($diff[$i++], 2); } while ($j < $max_j && ($max_i-$i) <= 1) { if ($diff[$j] != '' && substr($diff[$j], 0, 1) != ' ') { break; } $array[] = substr($diff[$j++], 2); } if (count($array) > 0) { $edits[] = new Text_Diff_Op_copy($array); } if ($i < $max_i) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case '!': $diff2 = array(); do { $diff1[] = substr($diff[$i], 2); if ($j < $max_j && substr($diff[$j], 0, 1) == '!') { $diff2[] = substr($diff[$j++], 2); } } while (++$i < $max_i && substr($diff[$i], 0, 1) == '!'); $edits[] = new Text_Diff_Op_change($diff1, $diff2); break; case '+': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff1); break; } } if ($j < $max_j) { $diff2 = array(); switch (substr($diff[$j], 0, 1)) { case '+': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff2); break; case '-': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff2); break; } } } return $edits; } } HTTP/class-wp-feed-cache-20260605060305.php 0000666 00000001711 15226703613 0013120 0 ustar 00 <?php /** * Feed API: WP_Feed_Cache class * * @package WordPress * @subpackage Feed * @since 4.7.0 * @deprecated 5.6.0 */ _deprecated_file( basename( __FILE__ ), '5.6.0', '', __( 'This file is only loaded for backward compatibility with SimplePie 1.2.x. Please consider switching to a recent SimplePie version.' ) ); /** * Core class used to implement a feed cache. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Feed_Cache extends SimplePie\Cache { /** * Creates a new SimplePie\Cache object. * * @since 2.8.0 * * @param string $location URL location (scheme is used to determine handler). * @param string $filename Unique identifier for cache object. * @param string $extension 'spi' or 'spc'. * @return WP_Feed_Cache_Transient Feed cache handler object that uses transients. */ public function create( $location, $filename, $extension ) { return new WP_Feed_Cache_Transient( $location, $filename, $extension ); } } HTTP/https-detection-20260605172309.php 0000666 00000013341 15226703613 0012555 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606154629.php 0000666 00000011205 15226703613 0012573 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606064430.php 0000666 00000013341 15226703613 0012551 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-editor-20260605055847.php 0000666 00000215217 15226703613 0012471 0 ustar 00 <?php /** * Facilitates adding of the WordPress editor as used on the Write and Edit screens. * * @package WordPress * @since 3.3.0 * * Private, not included by default. See wp_editor() in wp-includes/general-template.php. */ #[AllowDynamicProperties] final class _WP_Editors { public static $mce_locale; private static $mce_settings = array(); private static $qt_settings = array(); private static $plugins = array(); private static $qt_buttons = array(); private static $ext_plugins; private static $baseurl; private static $first_init; private static $this_tinymce = false; private static $this_quicktags = false; private static $has_tinymce = false; private static $has_quicktags = false; private static $has_medialib = false; private static $editor_buttons_css = true; private static $drag_drop_upload = false; private static $translation; private static $tinymce_scripts_printed = false; private static $link_dialog_printed = false; private function __construct() {} /** * Parse default arguments for the editor instance. * * @since 3.3.0 * * @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances. * Should not contain square brackets. * @param array $settings { * Array of editor arguments. * * @type bool $wpautop Whether to use wpautop(). Default true. * @type bool $media_buttons Whether to show the Add Media/other media buttons. * @type string $default_editor When both TinyMCE and Quicktags are used, set which * editor is shown on page load. Default empty. * @type bool $drag_drop_upload Whether to enable drag & drop on the editor uploading. Default false. * Requires the media modal. * @type string $textarea_name Give the textarea a unique name here. Square brackets * can be used here. Default $editor_id. * @type int $textarea_rows Number rows in the editor textarea. Default 20. * @type string|int $tabindex Tabindex value to use. Default empty. * @type string $tabfocus_elements The previous and next element ID to move the focus to * when pressing the Tab key in TinyMCE. Default ':prev,:next'. * @type string $editor_css Intended for extra styles for both Visual and Code editors. * Should include `<style>` tags, and can use "scoped". Default empty. * @type string $editor_class Extra classes to add to the editor textarea element. Default empty. * @type bool $teeny Whether to output the minimal editor config. Examples include * Press This and the Comment editor. Default false. * @type bool $dfw Deprecated in 4.1. Unused. * @type bool|array $tinymce Whether to load TinyMCE. Can be used to pass settings directly to * TinyMCE using an array. Default true. * @type bool|array $quicktags Whether to load Quicktags. Can be used to pass settings directly to * Quicktags using an array. Default true. * } * @return array Parsed arguments array. */ public static function parse_settings( $editor_id, $settings ) { /** * Filters the wp_editor() settings. * * @since 4.0.0 * * @see _WP_Editors::parse_settings() * * @param array $settings Array of editor arguments. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $settings = apply_filters( 'wp_editor_settings', $settings, $editor_id ); $set = wp_parse_args( $settings, array( // Disable autop if the current post has blocks in it. 'wpautop' => ! has_blocks(), 'media_buttons' => true, 'default_editor' => '', 'drag_drop_upload' => false, 'textarea_name' => $editor_id, 'textarea_rows' => 20, 'tabindex' => '', 'tabfocus_elements' => ':prev,:next', 'editor_css' => '', 'editor_class' => '', 'teeny' => false, '_content_editor_dfw' => false, 'tinymce' => true, 'quicktags' => true, ) ); self::$this_tinymce = ( $set['tinymce'] && user_can_richedit() ); if ( self::$this_tinymce ) { if ( str_contains( $editor_id, '[' ) ) { self::$this_tinymce = false; _deprecated_argument( 'wp_editor()', '3.9.0', 'TinyMCE editor IDs cannot have brackets.' ); } } self::$this_quicktags = (bool) $set['quicktags']; if ( self::$this_tinymce ) { self::$has_tinymce = true; } if ( self::$this_quicktags ) { self::$has_quicktags = true; } if ( empty( $set['editor_height'] ) ) { return $set; } if ( 'content' === $editor_id && empty( $set['tinymce']['wp_autoresize_on'] ) ) { // A cookie (set when a user resizes the editor) overrides the height. $cookie = (int) get_user_setting( 'ed_size' ); if ( $cookie ) { $set['editor_height'] = $cookie; } } if ( $set['editor_height'] < 50 ) { $set['editor_height'] = 50; } elseif ( $set['editor_height'] > 5000 ) { $set['editor_height'] = 5000; } return $set; } /** * Outputs the HTML for a single instance of the editor. * * @since 3.3.0 * * @global WP_Screen $current_screen WordPress current screen object. * * @param string $content Initial content for the editor. * @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances. * Should not contain square brackets. * @param array $settings See _WP_Editors::parse_settings() for description. */ public static function editor( $content, $editor_id, $settings = array() ) { $set = self::parse_settings( $editor_id, $settings ); $editor_class = ' class="' . trim( esc_attr( $set['editor_class'] ) . ' wp-editor-area' ) . '"'; $tabindex = $set['tabindex'] ? ' tabindex="' . (int) $set['tabindex'] . '"' : ''; $default_editor = 'html'; $buttons = ''; $autocomplete = ''; $editor_id_attr = esc_attr( $editor_id ); if ( $set['drag_drop_upload'] ) { self::$drag_drop_upload = true; } if ( ! empty( $set['editor_height'] ) ) { $height = ' style="height: ' . (int) $set['editor_height'] . 'px"'; } else { $height = ' rows="' . (int) $set['textarea_rows'] . '"'; } if ( ! current_user_can( 'upload_files' ) ) { $set['media_buttons'] = false; } if ( self::$this_tinymce ) { $autocomplete = ' autocomplete="off"'; if ( self::$this_quicktags ) { $default_editor = $set['default_editor'] ? $set['default_editor'] : wp_default_editor(); // 'html' is used for the "Code" editor tab. if ( 'html' !== $default_editor ) { $default_editor = 'tinymce'; } $tmce_active = ( 'html' === $default_editor ) ? ' aria-pressed="true"' : ''; $html_active = ( 'html' === $default_editor ) ? '' : ' aria-pressed="true"'; $buttons .= '<button type="button" id="' . $editor_id_attr . '-tmce"' . $html_active . ' class="wp-switch-editor switch-tmce"' . ' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Visual', 'Name for the Visual editor tab' ) . "</button>\n"; $buttons .= '<button type="button" id="' . $editor_id_attr . '-html"' . $tmce_active . ' class="wp-switch-editor switch-html"' . ' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Code', 'Name for the Code editor tab (formerly Text)' ) . "</button>\n"; } else { $default_editor = 'tinymce'; } } $switch_class = 'html' === $default_editor ? 'html-active' : 'tmce-active'; $wrap_class = 'wp-core-ui wp-editor-wrap ' . $switch_class; if ( $set['_content_editor_dfw'] ) { $wrap_class .= ' has-dfw'; } echo '<div id="wp-' . $editor_id_attr . '-wrap" class="' . $wrap_class . '">'; if ( self::$editor_buttons_css ) { wp_print_styles( 'editor-buttons' ); self::$editor_buttons_css = false; } if ( ! empty( $set['editor_css'] ) ) { echo $set['editor_css'] . "\n"; } if ( ! empty( $buttons ) || $set['media_buttons'] ) { echo '<div id="wp-' . $editor_id_attr . '-editor-tools" class="wp-editor-tools hide-if-no-js">'; if ( $set['media_buttons'] ) { self::$has_medialib = true; if ( ! function_exists( 'media_buttons' ) ) { require ABSPATH . 'wp-admin/includes/media.php'; } echo '<div id="wp-' . $editor_id_attr . '-media-buttons" class="wp-media-buttons">'; /** * Fires after the default media button(s) are displayed. * * @since 2.5.0 * * @param string $editor_id Unique editor identifier, e.g. 'content'. */ do_action( 'media_buttons', $editor_id ); echo "</div>\n"; } echo '<div class="wp-editor-tabs">' . $buttons . "</div>\n"; echo "</div>\n"; } $quicktags_toolbar = ''; if ( self::$this_quicktags ) { if ( 'content' === $editor_id && ! empty( $GLOBALS['current_screen'] ) && 'post' === $GLOBALS['current_screen']->base ) { $toolbar_id = 'ed_toolbar'; } else { $toolbar_id = 'qt_' . $editor_id_attr . '_toolbar'; } $quicktags_toolbar = '<div id="' . $toolbar_id . '" class="quicktags-toolbar hide-if-no-js"></div>'; } /** * Filters the HTML markup output that displays the editor. * * @since 2.1.0 * * @param string $output Editor's HTML markup. */ $the_editor = apply_filters( 'the_editor', '<div id="wp-' . $editor_id_attr . '-editor-container" class="wp-editor-container">' . $quicktags_toolbar . '<textarea' . $editor_class . $height . $tabindex . $autocomplete . ' cols="40" name="' . esc_attr( $set['textarea_name'] ) . '" ' . 'id="' . $editor_id_attr . '">%s</textarea></div>' ); // Prepare the content for the Visual or Code editor, only when TinyMCE is used (back-compat). if ( self::$this_tinymce ) { add_filter( 'the_editor_content', 'format_for_editor', 10, 2 ); } /** * Filters the default editor content. * * @since 2.1.0 * * @param string $content Default editor content. * @param string $default_editor The default editor for the current user. * Either 'html' or 'tinymce'. */ $content = apply_filters( 'the_editor_content', $content, $default_editor ); // Remove the filter as the next editor on the same page may not need it. if ( self::$this_tinymce ) { remove_filter( 'the_editor_content', 'format_for_editor' ); } // Back-compat for the `htmledit_pre` and `richedit_pre` filters. if ( 'html' === $default_editor && has_filter( 'htmledit_pre' ) ) { /** This filter is documented in wp-includes/deprecated.php */ $content = apply_filters_deprecated( 'htmledit_pre', array( $content ), '4.3.0', 'format_for_editor' ); } elseif ( 'tinymce' === $default_editor && has_filter( 'richedit_pre' ) ) { /** This filter is documented in wp-includes/deprecated.php */ $content = apply_filters_deprecated( 'richedit_pre', array( $content ), '4.3.0', 'format_for_editor' ); } if ( false !== stripos( $content, 'textarea' ) ) { $content = preg_replace( '%</textarea%i', '</textarea', $content ); } printf( $the_editor, $content ); echo "\n</div>\n\n"; self::editor_settings( $editor_id, $set ); } /** * @since 3.3.0 * * @param string $editor_id Unique editor identifier, e.g. 'content'. * @param array $set Array of editor arguments. */ public static function editor_settings( $editor_id, $set ) { if ( empty( self::$first_init ) ) { if ( is_admin() ) { add_action( 'admin_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 ); } else { add_action( 'wp_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 ); } } if ( self::$this_quicktags ) { $qt_init = array( 'id' => $editor_id, 'buttons' => '', ); if ( is_array( $set['quicktags'] ) ) { $qt_init = array_merge( $qt_init, $set['quicktags'] ); } if ( empty( $qt_init['buttons'] ) ) { $qt_init['buttons'] = 'strong,em,link,block,del,ins,img,ul,ol,li,code,more,close'; } if ( $set['_content_editor_dfw'] ) { $qt_init['buttons'] .= ',dfw'; } /** * Filters the Quicktags settings. * * @since 3.3.0 * * @param array $qt_init Quicktags settings. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $qt_init = apply_filters( 'quicktags_settings', $qt_init, $editor_id ); self::$qt_settings[ $editor_id ] = $qt_init; self::$qt_buttons = array_merge( self::$qt_buttons, explode( ',', $qt_init['buttons'] ) ); } if ( self::$this_tinymce ) { if ( empty( self::$first_init ) ) { $baseurl = self::get_baseurl(); $mce_locale = self::get_mce_locale(); $ext_plugins = ''; if ( $set['teeny'] ) { /** * Filters the list of teenyMCE plugins. * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $plugins An array of teenyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $plugins = apply_filters( 'teeny_mce_plugins', array( 'colorpicker', 'lists', 'fullscreen', 'image', 'wordpress', 'wpeditimage', 'wplink', ), $editor_id ); } else { /** * Filters the list of TinyMCE external plugins. * * The filter takes an associative array of external plugins for * TinyMCE in the form 'plugin_name' => 'url'. * * The url should be absolute, and should include the js filename * to be loaded. For example: * 'myplugin' => 'http://mysite.com/wp-content/plugins/myfolder/mce_plugin.js'. * * If the external plugin adds a button, it should be added with * one of the 'mce_buttons' filters. * * @since 2.5.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $external_plugins An array of external TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_external_plugins = apply_filters( 'mce_external_plugins', array(), $editor_id ); $plugins = array( 'charmap', 'colorpicker', 'hr', 'lists', 'media', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wpdialogs', 'wptextpattern', 'wpview', ); if ( ! self::$has_medialib ) { $plugins[] = 'image'; } /** * Filters the list of default TinyMCE plugins. * * The filter specifies which of the default plugins included * in WordPress should be added to the TinyMCE instance. * * @since 3.3.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $plugins An array of default TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $plugins = array_unique( apply_filters( 'tiny_mce_plugins', $plugins, $editor_id ) ); $key = array_search( 'spellchecker', $plugins, true ); if ( false !== $key ) { /* * Remove 'spellchecker' from the internal plugins if added with 'tiny_mce_plugins' filter to prevent errors. * It can be added with 'mce_external_plugins'. */ unset( $plugins[ $key ] ); } if ( ! empty( $mce_external_plugins ) ) { /** * Filters the translations loaded for external TinyMCE 3.x plugins. * * The filter takes an associative array ('plugin_name' => 'path') * where 'path' is the include path to the file. * * The language file should follow the same format as wp_mce_translation(), * and should define a variable ($strings) that holds all translated strings. * * @since 2.5.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $translations Translations for external TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_external_languages = apply_filters( 'mce_external_languages', array(), $editor_id ); $loaded_langs = array(); $strings = ''; if ( ! empty( $mce_external_languages ) ) { foreach ( $mce_external_languages as $name => $path ) { if ( @is_file( $path ) && @is_readable( $path ) ) { include_once $path; $ext_plugins .= $strings . "\n"; $loaded_langs[] = $name; } } } foreach ( $mce_external_plugins as $name => $url ) { if ( in_array( $name, $plugins, true ) ) { unset( $mce_external_plugins[ $name ] ); continue; } $url = set_url_scheme( $url ); $mce_external_plugins[ $name ] = $url; $plugurl = dirname( $url ); $strings = ''; // Try to load langs/[locale].js and langs/[locale]_dlg.js. if ( ! in_array( $name, $loaded_langs, true ) ) { $path = str_replace( content_url(), '', $plugurl ); $path = realpath( WP_CONTENT_DIR . $path . '/langs/' ); if ( ! $path ) { continue; } $path = trailingslashit( $path ); if ( @is_file( $path . $mce_locale . '.js' ) ) { $strings .= @file_get_contents( $path . $mce_locale . '.js' ) . "\n"; } if ( @is_file( $path . $mce_locale . '_dlg.js' ) ) { $strings .= @file_get_contents( $path . $mce_locale . '_dlg.js' ) . "\n"; } if ( 'en' !== $mce_locale && empty( $strings ) ) { if ( @is_file( $path . 'en.js' ) ) { $str1 = @file_get_contents( $path . 'en.js' ); $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 ) . "\n"; } if ( @is_file( $path . 'en_dlg.js' ) ) { $str2 = @file_get_contents( $path . 'en_dlg.js' ); $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 ) . "\n"; } } if ( ! empty( $strings ) ) { $ext_plugins .= "\n" . $strings . "\n"; } } $ext_plugins .= 'tinyMCEPreInit.load_ext("' . $plugurl . '", "' . $mce_locale . '");' . "\n"; } } } self::$plugins = $plugins; self::$ext_plugins = $ext_plugins; $settings = self::default_settings(); $settings['plugins'] = implode( ',', $plugins ); if ( ! empty( $mce_external_plugins ) ) { $settings['external_plugins'] = wp_json_encode( $mce_external_plugins ); } /** This filter is documented in wp-admin/includes/media.php */ if ( apply_filters( 'disable_captions', '' ) ) { $settings['wpeditimage_disable_captions'] = true; } $mce_css = $settings['content_css']; /* * The `editor-style.css` added by the theme is generally intended for the editor instance on the Edit Post screen. * Plugins that use wp_editor() on the front-end can decide whether to add the theme stylesheet * by using `get_editor_stylesheets()` and the `mce_css` or `tiny_mce_before_init` filters, see below. */ if ( is_admin() ) { $editor_styles = get_editor_stylesheets(); if ( ! empty( $editor_styles ) ) { // Force urlencoding of commas. foreach ( $editor_styles as $key => $url ) { if ( str_contains( $url, ',' ) ) { $editor_styles[ $key ] = str_replace( ',', '%2C', $url ); } } $mce_css .= ',' . implode( ',', $editor_styles ); } } /** * Filters the comma-delimited list of stylesheets to load in TinyMCE. * * @since 2.1.0 * * @param string $stylesheets Comma-delimited list of stylesheets. */ $mce_css = trim( apply_filters( 'mce_css', $mce_css ), ' ,' ); if ( ! empty( $mce_css ) ) { $settings['content_css'] = $mce_css; } else { unset( $settings['content_css'] ); } self::$first_init = $settings; } if ( $set['teeny'] ) { $mce_buttons = array( 'bold', 'italic', 'underline', 'blockquote', 'strikethrough', 'bullist', 'numlist', 'alignleft', 'aligncenter', 'alignright', 'undo', 'redo', 'link', 'fullscreen', ); /** * Filters the list of teenyMCE buttons (Code tab). * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons An array of teenyMCE buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_buttons = apply_filters( 'teeny_mce_buttons', $mce_buttons, $editor_id ); $mce_buttons_2 = array(); $mce_buttons_3 = array(); $mce_buttons_4 = array(); } else { $mce_buttons = array( 'formatselect', 'bold', 'italic', 'bullist', 'numlist', 'blockquote', 'alignleft', 'aligncenter', 'alignright', 'link', 'wp_more', 'spellchecker', ); if ( ! wp_is_mobile() ) { if ( $set['_content_editor_dfw'] ) { $mce_buttons[] = 'wp_adv'; $mce_buttons[] = 'dfw'; } else { $mce_buttons[] = 'fullscreen'; $mce_buttons[] = 'wp_adv'; } } else { $mce_buttons[] = 'wp_adv'; } /** * Filters the first-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons First-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons = apply_filters( 'mce_buttons', $mce_buttons, $editor_id ); $mce_buttons_2 = array( 'strikethrough', 'hr', 'forecolor', 'pastetext', 'removeformat', 'charmap', 'outdent', 'indent', 'undo', 'redo', ); if ( ! wp_is_mobile() ) { $mce_buttons_2[] = 'wp_help'; } /** * Filters the second-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_2 Second-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_2 = apply_filters( 'mce_buttons_2', $mce_buttons_2, $editor_id ); /** * Filters the third-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_3 Third-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_3 = apply_filters( 'mce_buttons_3', array(), $editor_id ); /** * Filters the fourth-row list of TinyMCE buttons (Visual tab). * * @since 2.5.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_4 Fourth-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_4 = apply_filters( 'mce_buttons_4', array(), $editor_id ); } $body_class = $editor_id; $post = get_post(); if ( $post ) { $body_class .= ' post-type-' . sanitize_html_class( $post->post_type ) . ' post-status-' . sanitize_html_class( $post->post_status ); if ( post_type_supports( $post->post_type, 'post-formats' ) ) { $post_format = get_post_format( $post ); if ( $post_format && ! is_wp_error( $post_format ) ) { $body_class .= ' post-format-' . sanitize_html_class( $post_format ); } else { $body_class .= ' post-format-standard'; } } $page_template = get_page_template_slug( $post ); if ( false !== $page_template ) { $page_template = empty( $page_template ) ? 'default' : str_replace( '.', '-', basename( $page_template, '.php' ) ); $body_class .= ' page-template-' . sanitize_html_class( $page_template ); } } $body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) ); if ( ! empty( $set['tinymce']['body_class'] ) ) { $body_class .= ' ' . $set['tinymce']['body_class']; unset( $set['tinymce']['body_class'] ); } $mce_init = array( 'selector' => "#$editor_id", 'wpautop' => (bool) $set['wpautop'], 'indent' => ! $set['wpautop'], 'toolbar1' => implode( ',', $mce_buttons ), 'toolbar2' => implode( ',', $mce_buttons_2 ), 'toolbar3' => implode( ',', $mce_buttons_3 ), 'toolbar4' => implode( ',', $mce_buttons_4 ), 'tabfocus_elements' => $set['tabfocus_elements'], 'body_class' => $body_class, ); // Merge with the first part of the init array. $mce_init = array_merge( self::$first_init, $mce_init ); if ( is_array( $set['tinymce'] ) ) { $mce_init = array_merge( $mce_init, $set['tinymce'] ); } /* * For people who really REALLY know what they're doing with TinyMCE * You can modify $mceInit to add, remove, change elements of the config * before tinyMCE.init. Setting "valid_elements", "invalid_elements" * and "extended_valid_elements" can be done through this filter. Best * is to use the default cleanup by not specifying valid_elements, * as TinyMCE checks against the full set of HTML 5.0 elements and attributes. */ if ( $set['teeny'] ) { /** * Filters the teenyMCE config before init. * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_init An array with teenyMCE config. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_init = apply_filters( 'teeny_mce_before_init', $mce_init, $editor_id ); } else { /** * Filters the TinyMCE config before init. * * @since 2.5.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_init An array with TinyMCE config. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_init = apply_filters( 'tiny_mce_before_init', $mce_init, $editor_id ); } if ( empty( $mce_init['toolbar3'] ) && ! empty( $mce_init['toolbar4'] ) ) { $mce_init['toolbar3'] = $mce_init['toolbar4']; $mce_init['toolbar4'] = ''; } self::$mce_settings[ $editor_id ] = $mce_init; } // End if self::$this_tinymce. } /** * @since 3.3.0 * * @param array $init * @return string */ private static function _parse_init( $init ) { $options = ''; foreach ( $init as $key => $value ) { if ( is_bool( $value ) ) { $val = $value ? 'true' : 'false'; $options .= $key . ':' . $val . ','; continue; } elseif ( ! empty( $value ) && is_string( $value ) && ( ( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) || ( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) || preg_match( '/^\(?function ?\(/', $value ) ) ) { $options .= $key . ':' . $value . ','; continue; } $options .= $key . ':"' . $value . '",'; } return '{' . trim( $options, ' ,' ) . '}'; } /** * @since 3.3.0 * * @param bool $default_scripts Optional. Whether default scripts should be enqueued. Default false. */ public static function enqueue_scripts( $default_scripts = false ) { if ( $default_scripts || self::$has_tinymce ) { wp_enqueue_script( 'editor' ); } if ( $default_scripts || self::$has_quicktags ) { wp_enqueue_script( 'quicktags' ); wp_enqueue_style( 'buttons' ); } if ( $default_scripts || in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) { wp_enqueue_script( 'wplink' ); wp_enqueue_script( 'jquery-ui-autocomplete' ); } if ( self::$has_medialib ) { add_thickbox(); wp_enqueue_script( 'media-upload' ); wp_enqueue_script( 'wp-embed' ); } elseif ( $default_scripts ) { wp_enqueue_script( 'media-upload' ); } /** * Fires when scripts and styles are enqueued for the editor. * * @since 3.9.0 * * @param array $to_load An array containing boolean values whether TinyMCE * and Quicktags are being loaded. */ do_action( 'wp_enqueue_editor', array( 'tinymce' => ( $default_scripts || self::$has_tinymce ), 'quicktags' => ( $default_scripts || self::$has_quicktags ), ) ); } /** * Enqueue all editor scripts. * For use when the editor is going to be initialized after page load. * * @since 4.8.0 */ public static function enqueue_default_editor() { // We are past the point where scripts can be enqueued properly. if ( did_action( 'wp_enqueue_editor' ) ) { return; } self::enqueue_scripts( true ); // Also add wp-includes/css/editor.css. wp_enqueue_style( 'editor-buttons' ); if ( is_admin() ) { add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 ); } else { add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 ); } } /** * Print (output) all editor scripts and default settings. * For use when the editor is going to be initialized after page load. * * @since 4.8.0 */ public static function print_default_editor_scripts() { $user_can_richedit = user_can_richedit(); if ( $user_can_richedit ) { $settings = self::default_settings(); $settings['toolbar1'] = 'bold,italic,bullist,numlist,link'; $settings['wpautop'] = false; $settings['indent'] = true; $settings['elementpath'] = false; if ( is_rtl() ) { $settings['directionality'] = 'rtl'; } /* * In production all plugins are loaded (they are in wp-editor.js.gz). * The 'wpview', 'wpdialogs', and 'media' TinyMCE plugins are not initialized by default. * Can be added from js by using the 'wp-before-tinymce-init' event. */ $settings['plugins'] = implode( ',', array( 'charmap', 'colorpicker', 'hr', 'lists', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wptextpattern', ) ); $settings = self::_parse_init( $settings ); } else { $settings = '{}'; } ?> <script type="text/javascript"> window.wp = window.wp || {}; window.wp.editor = window.wp.editor || {}; window.wp.editor.getDefaultSettings = function() { return { tinymce: <?php echo $settings; ?>, quicktags: { buttons: 'strong,em,link,ul,ol,li,code' } }; }; <?php if ( $user_can_richedit ) { $suffix = SCRIPT_DEBUG ? '' : '.min'; $baseurl = self::get_baseurl(); ?> var tinyMCEPreInit = { baseURL: "<?php echo $baseurl; ?>", suffix: "<?php echo $suffix; ?>", mceInit: {}, qtInit: {}, load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');} }; <?php } ?> </script> <?php if ( $user_can_richedit ) { self::print_tinymce_scripts(); } /** * Fires when the editor scripts are loaded for later initialization, * after all scripts and settings are printed. * * @since 4.8.0 */ do_action( 'print_default_editor_scripts' ); self::wp_link_dialog(); } /** * Returns the TinyMCE locale. * * @since 4.8.0 * * @return string */ public static function get_mce_locale() { if ( empty( self::$mce_locale ) ) { $mce_locale = get_user_locale(); self::$mce_locale = empty( $mce_locale ) ? 'en' : strtolower( substr( $mce_locale, 0, 2 ) ); // ISO 639-1. } return self::$mce_locale; } /** * Returns the TinyMCE base URL. * * @since 4.8.0 * * @return string */ public static function get_baseurl() { if ( empty( self::$baseurl ) ) { self::$baseurl = includes_url( 'js/tinymce' ); } return self::$baseurl; } /** * Returns the default TinyMCE settings. * Doesn't include plugins, buttons, editor selector. * * @since 4.8.0 * * @global string $tinymce_version * * @return array */ private static function default_settings() { global $tinymce_version; $shortcut_labels = array(); foreach ( self::get_translation() as $name => $value ) { if ( is_array( $value ) ) { $shortcut_labels[ $name ] = $value[1]; } } $settings = array( 'theme' => 'modern', 'skin' => 'lightgray', 'language' => self::get_mce_locale(), 'formats' => '{' . 'alignleft: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"left"}},' . '{selector: "img,table,dl.wp-caption", classes: "alignleft"}' . '],' . 'aligncenter: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"center"}},' . '{selector: "img,table,dl.wp-caption", classes: "aligncenter"}' . '],' . 'alignright: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"right"}},' . '{selector: "img,table,dl.wp-caption", classes: "alignright"}' . '],' . 'strikethrough: {inline: "del"}' . '}', 'relative_urls' => false, 'remove_script_host' => false, 'convert_urls' => false, 'browser_spellcheck' => true, 'fix_list_elements' => true, 'entities' => '38,amp,60,lt,62,gt', 'entity_encoding' => 'raw', 'keep_styles' => false, 'cache_suffix' => 'wp-mce-' . $tinymce_version, 'resize' => 'vertical', 'menubar' => false, 'branding' => false, // Limit the preview styles in the menu/toolbar. 'preview_styles' => 'font-family font-size font-weight font-style text-decoration text-transform', 'end_container_on_empty_block' => true, 'wpeditimage_html5_captions' => true, 'wp_lang_attr' => get_bloginfo( 'language' ), 'wp_shortcut_labels' => wp_json_encode( $shortcut_labels ), ); $suffix = SCRIPT_DEBUG ? '' : '.min'; $version = 'ver=' . get_bloginfo( 'version' ); // Default stylesheets. $settings['content_css'] = includes_url( "css/dashicons$suffix.css?$version" ) . ',' . includes_url( "js/tinymce/skins/wordpress/wp-content.css?$version" ); return $settings; } /** * @since 4.7.0 * * @return array */ private static function get_translation() { if ( empty( self::$translation ) ) { self::$translation = array( // Default TinyMCE strings. 'New document' => __( 'New document' ), 'Formats' => _x( 'Formats', 'TinyMCE' ), 'Headings' => _x( 'Headings', 'TinyMCE' ), 'Heading 1' => array( __( 'Heading 1' ), 'access1' ), 'Heading 2' => array( __( 'Heading 2' ), 'access2' ), 'Heading 3' => array( __( 'Heading 3' ), 'access3' ), 'Heading 4' => array( __( 'Heading 4' ), 'access4' ), 'Heading 5' => array( __( 'Heading 5' ), 'access5' ), 'Heading 6' => array( __( 'Heading 6' ), 'access6' ), /* translators: Block tags. */ 'Blocks' => _x( 'Blocks', 'TinyMCE' ), 'Paragraph' => array( __( 'Paragraph' ), 'access7' ), 'Blockquote' => array( __( 'Blockquote' ), 'accessQ' ), 'Div' => _x( 'Div', 'HTML tag' ), 'Pre' => _x( 'Pre', 'HTML tag' ), 'Preformatted' => _x( 'Preformatted', 'HTML tag' ), 'Address' => _x( 'Address', 'HTML tag' ), 'Inline' => _x( 'Inline', 'HTML elements' ), 'Underline' => array( __( 'Underline' ), 'metaU' ), 'Strikethrough' => array( __( 'Strikethrough' ), 'accessD' ), 'Subscript' => __( 'Subscript' ), 'Superscript' => __( 'Superscript' ), 'Clear formatting' => __( 'Clear formatting' ), 'Bold' => array( __( 'Bold' ), 'metaB' ), 'Italic' => array( __( 'Italic' ), 'metaI' ), 'Code' => array( __( 'Code' ), 'accessX' ), 'Source code' => __( 'Source code' ), 'Font Family' => __( 'Font Family' ), 'Font Sizes' => __( 'Font Sizes' ), 'Align center' => array( __( 'Align center' ), 'accessC' ), 'Align right' => array( __( 'Align right' ), 'accessR' ), 'Align left' => array( __( 'Align left' ), 'accessL' ), 'Justify' => array( __( 'Justify' ), 'accessJ' ), 'Increase indent' => __( 'Increase indent' ), 'Decrease indent' => __( 'Decrease indent' ), 'Cut' => array( __( 'Cut' ), 'metaX' ), 'Copy' => array( __( 'Copy' ), 'metaC' ), 'Paste' => array( __( 'Paste' ), 'metaV' ), 'Select all' => array( __( 'Select all' ), 'metaA' ), 'Undo' => array( __( 'Undo' ), 'metaZ' ), 'Redo' => array( __( 'Redo' ), 'metaY' ), 'Ok' => __( 'OK' ), 'Cancel' => __( 'Cancel' ), 'Close' => __( 'Close' ), 'Visual aids' => __( 'Visual aids' ), 'Bullet list' => array( __( 'Bulleted list' ), 'accessU' ), 'Numbered list' => array( __( 'Numbered list' ), 'accessO' ), 'Square' => _x( 'Square', 'list style' ), 'Default' => _x( 'Default', 'list style' ), 'Circle' => _x( 'Circle', 'list style' ), 'Disc' => _x( 'Disc', 'list style' ), 'Lower Greek' => _x( 'Lower Greek', 'list style' ), 'Lower Alpha' => _x( 'Lower Alpha', 'list style' ), 'Upper Alpha' => _x( 'Upper Alpha', 'list style' ), 'Upper Roman' => _x( 'Upper Roman', 'list style' ), 'Lower Roman' => _x( 'Lower Roman', 'list style' ), // Anchor plugin. 'Name' => _x( 'Name', 'Name of link anchor (TinyMCE)' ), 'Anchor' => _x( 'Anchor', 'Link anchor (TinyMCE)' ), 'Anchors' => _x( 'Anchors', 'Link anchors (TinyMCE)' ), 'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' => __( 'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' ), 'Id' => _x( 'Id', 'Id for link anchor (TinyMCE)' ), // Fullpage plugin. 'Document properties' => __( 'Document properties' ), 'Robots' => __( 'Robots' ), 'Title' => __( 'Title' ), 'Keywords' => __( 'Keywords' ), 'Encoding' => __( 'Encoding' ), 'Description' => __( 'Description' ), 'Author' => __( 'Author' ), // Media, image plugins. 'Image' => __( 'Image' ), 'Insert/edit image' => array( __( 'Insert/edit image' ), 'accessM' ), 'General' => __( 'General' ), 'Advanced' => __( 'Advanced' ), 'Source' => __( 'Source' ), 'Border' => __( 'Border' ), 'Constrain proportions' => __( 'Constrain proportions' ), 'Vertical space' => __( 'Vertical space' ), 'Image description' => __( 'Image description' ), 'Style' => __( 'Style' ), 'Dimensions' => __( 'Dimensions' ), 'Insert image' => __( 'Insert image' ), 'Date/time' => __( 'Date/time' ), 'Insert date/time' => __( 'Insert date/time' ), 'Table of Contents' => __( 'Table of Contents' ), 'Insert/Edit code sample' => __( 'Insert/edit code sample' ), 'Language' => __( 'Language' ), 'Media' => __( 'Media' ), 'Insert/edit media' => __( 'Insert/edit media' ), 'Poster' => __( 'Poster' ), 'Alternative source' => __( 'Alternative source' ), 'Paste your embed code below:' => __( 'Paste your embed code below:' ), 'Insert video' => __( 'Insert video' ), 'Embed' => __( 'Embed' ), // Each of these have a corresponding plugin. 'Special character' => __( 'Special character' ), 'Right to left' => _x( 'Right to left', 'editor button' ), 'Left to right' => _x( 'Left to right', 'editor button' ), 'Emoticons' => __( 'Emoticons' ), 'Nonbreaking space' => __( 'Nonbreaking space' ), 'Page break' => __( 'Page break' ), 'Paste as text' => __( 'Paste as text' ), 'Preview' => __( 'Preview' ), 'Print' => __( 'Print' ), 'Save' => __( 'Save' ), 'Fullscreen' => __( 'Fullscreen' ), 'Horizontal line' => __( 'Horizontal line' ), 'Horizontal space' => __( 'Horizontal space' ), 'Restore last draft' => __( 'Restore last draft' ), 'Insert/edit link' => array( __( 'Insert/edit link' ), 'metaK' ), 'Remove link' => array( __( 'Remove link' ), 'accessS' ), // Link plugin. 'Link' => __( 'Link' ), 'Insert link' => __( 'Insert link' ), 'Target' => __( 'Target' ), 'New window' => __( 'New window' ), 'Text to display' => __( 'Text to display' ), 'Url' => __( 'URL' ), 'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' => __( 'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' ), 'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' => __( 'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' ), 'Color' => __( 'Color' ), 'Custom color' => __( 'Custom color' ), 'Custom...' => _x( 'Custom...', 'label for custom color' ), // No ellipsis. 'No color' => __( 'No color' ), 'R' => _x( 'R', 'Short for red in RGB' ), 'G' => _x( 'G', 'Short for green in RGB' ), 'B' => _x( 'B', 'Short for blue in RGB' ), // Spelling, search/replace plugins. 'Could not find the specified string.' => __( 'Could not find the specified string.' ), 'Replace' => _x( 'Replace', 'find/replace' ), 'Next' => _x( 'Next', 'find/replace' ), /* translators: Previous. */ 'Prev' => _x( 'Prev', 'find/replace' ), 'Whole words' => _x( 'Whole words', 'find/replace' ), 'Find and replace' => __( 'Find and replace' ), 'Replace with' => _x( 'Replace with', 'find/replace' ), 'Find' => _x( 'Find', 'find/replace' ), 'Replace all' => _x( 'Replace all', 'find/replace' ), 'Match case' => __( 'Match case' ), 'Spellcheck' => __( 'Check Spelling' ), 'Finish' => _x( 'Finish', 'spellcheck' ), 'Ignore all' => _x( 'Ignore all', 'spellcheck' ), 'Ignore' => _x( 'Ignore', 'spellcheck' ), 'Add to Dictionary' => __( 'Add to Dictionary' ), // TinyMCE tables. 'Insert table' => __( 'Insert table' ), 'Delete table' => __( 'Delete table' ), 'Table properties' => __( 'Table properties' ), 'Row properties' => __( 'Table row properties' ), 'Cell properties' => __( 'Table cell properties' ), 'Border color' => __( 'Border color' ), 'Row' => __( 'Row' ), 'Rows' => __( 'Rows' ), 'Column' => __( 'Column' ), 'Cols' => __( 'Columns' ), 'Cell' => _x( 'Cell', 'table cell' ), 'Header cell' => __( 'Header cell' ), 'Header' => _x( 'Header', 'table header' ), 'Body' => _x( 'Body', 'table body' ), 'Footer' => _x( 'Footer', 'table footer' ), 'Insert row before' => __( 'Insert row before' ), 'Insert row after' => __( 'Insert row after' ), 'Insert column before' => __( 'Insert column before' ), 'Insert column after' => __( 'Insert column after' ), 'Paste row before' => __( 'Paste table row before' ), 'Paste row after' => __( 'Paste table row after' ), 'Delete row' => __( 'Delete row' ), 'Delete column' => __( 'Delete column' ), 'Cut row' => __( 'Cut table row' ), 'Copy row' => __( 'Copy table row' ), 'Merge cells' => __( 'Merge table cells' ), 'Split cell' => __( 'Split table cell' ), 'Height' => __( 'Height' ), 'Width' => __( 'Width' ), 'Caption' => __( 'Caption' ), 'Alignment' => __( 'Alignment' ), 'H Align' => _x( 'H Align', 'horizontal table cell alignment' ), 'Left' => __( 'Left' ), 'Center' => __( 'Center' ), 'Right' => __( 'Right' ), 'None' => _x( 'None', 'table cell alignment attribute' ), 'V Align' => _x( 'V Align', 'vertical table cell alignment' ), 'Top' => __( 'Top' ), 'Middle' => __( 'Middle' ), 'Bottom' => __( 'Bottom' ), 'Row group' => __( 'Row group' ), 'Column group' => __( 'Column group' ), 'Row type' => __( 'Row type' ), 'Cell type' => __( 'Cell type' ), 'Cell padding' => __( 'Cell padding' ), 'Cell spacing' => __( 'Cell spacing' ), 'Scope' => _x( 'Scope', 'table cell scope attribute' ), 'Insert template' => _x( 'Insert template', 'TinyMCE' ), 'Templates' => _x( 'Templates', 'TinyMCE' ), 'Background color' => __( 'Background color' ), 'Text color' => __( 'Text color' ), 'Show blocks' => _x( 'Show blocks', 'editor button' ), 'Show invisible characters' => __( 'Show invisible characters' ), /* translators: Word count. */ 'Words: {0}' => sprintf( __( 'Words: %s' ), '{0}' ), 'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' => __( 'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' ) . "\n\n" . __( 'If you are looking to paste rich content from Microsoft Word, try turning this option off. The editor will clean up text pasted from Word automatically.' ), 'Rich Text Area. Press ALT-F9 for menu. Press ALT-F10 for toolbar. Press ALT-0 for help' => __( 'Rich Text Area. Press Alt-Shift-H for help.' ), 'Rich Text Area. Press Control-Option-H for help.' => __( 'Rich Text Area. Press Control-Option-H for help.' ), 'You have unsaved changes are you sure you want to navigate away?' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'Your browser doesn\'t support direct access to the clipboard. Please use the Ctrl+X/C/V keyboard shortcuts instead.' => __( 'Your browser does not support direct access to the clipboard. Please use keyboard shortcuts or your browser’s edit menu instead.' ), // TinyMCE menus. 'Insert' => _x( 'Insert', 'TinyMCE menu' ), 'File' => _x( 'File', 'TinyMCE menu' ), 'Edit' => _x( 'Edit', 'TinyMCE menu' ), 'Tools' => _x( 'Tools', 'TinyMCE menu' ), 'View' => _x( 'View', 'TinyMCE menu' ), 'Table' => _x( 'Table', 'TinyMCE menu' ), 'Format' => _x( 'Format', 'TinyMCE menu' ), // WordPress strings. 'Toolbar Toggle' => array( __( 'Toolbar Toggle' ), 'accessZ' ), 'Insert Read More tag' => array( __( 'Insert Read More tag' ), 'accessT' ), 'Insert Page Break tag' => array( __( 'Insert Page Break tag' ), 'accessP' ), 'Read more...' => __( 'Read more...' ), // Title on the placeholder inside the editor (no ellipsis). 'Distraction-free writing mode' => array( __( 'Distraction-free writing mode' ), 'accessW' ), 'No alignment' => __( 'No alignment' ), // Tooltip for the 'alignnone' button in the image toolbar. 'Remove' => __( 'Remove' ), // Tooltip for the 'remove' button in the image toolbar. 'Edit|button' => __( 'Edit' ), // Tooltip for the 'edit' button in the image toolbar. 'Paste URL or type to search' => __( 'Paste URL or type to search' ), // Placeholder for the inline link dialog. 'Apply' => __( 'Apply' ), // Tooltip for the 'apply' button in the inline link dialog. 'Link options' => __( 'Link options' ), // Tooltip for the 'link options' button in the inline link dialog. 'Visual' => _x( 'Visual', 'Name for the Visual editor tab' ), // Editor switch tab label. 'Code|tab' => _x( 'Code', 'Name for the Code editor tab (formerly Text)' ), // Editor switch tab label. 'Add Media' => array( __( 'Add Media' ), 'accessM' ), // Tooltip for the 'Add Media' button in the block editor Classic block. // Shortcuts help modal. 'Keyboard Shortcuts' => array( __( 'Keyboard Shortcuts' ), 'accessH' ), 'Classic Block Keyboard Shortcuts' => __( 'Classic Block Keyboard Shortcuts' ), 'Default shortcuts,' => __( 'Default shortcuts,' ), 'Additional shortcuts,' => __( 'Additional shortcuts,' ), 'Focus shortcuts:' => __( 'Focus shortcuts:' ), 'Inline toolbar (when an image, link or preview is selected)' => __( 'Inline toolbar (when an image, link or preview is selected)' ), 'Editor menu (when enabled)' => __( 'Editor menu (when enabled)' ), 'Editor toolbar' => __( 'Editor toolbar' ), 'Elements path' => __( 'Elements path' ), 'Ctrl + Alt + letter:' => __( 'Ctrl + Alt + letter:' ), 'Shift + Alt + letter:' => __( 'Shift + Alt + letter:' ), 'Cmd + letter:' => __( 'Cmd + letter:' ), 'Ctrl + letter:' => __( 'Ctrl + letter:' ), 'Letter' => __( 'Letter' ), 'Action' => __( 'Action' ), 'Warning: the link has been inserted but may have errors. Please test it.' => __( 'Warning: the link has been inserted but may have errors. Please test it.' ), 'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' => __( 'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' ), 'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' => __( 'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' ), 'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' => __( 'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' ), 'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' => __( 'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' ), ); } /* Imagetools plugin (not included): 'Edit image' => __( 'Edit image' ), 'Image options' => __( 'Image options' ), 'Back' => __( 'Back' ), 'Invert' => __( 'Invert' ), 'Flip horizontally' => __( 'Flip horizontal' ), 'Flip vertically' => __( 'Flip vertical' ), 'Crop' => __( 'Crop' ), 'Orientation' => __( 'Orientation' ), 'Resize' => __( 'Resize' ), 'Rotate clockwise' => __( 'Rotate right' ), 'Rotate counterclockwise' => __( 'Rotate left' ), 'Sharpen' => __( 'Sharpen' ), 'Brightness' => __( 'Brightness' ), 'Color levels' => __( 'Color levels' ), 'Contrast' => __( 'Contrast' ), 'Gamma' => __( 'Gamma' ), 'Zoom in' => __( 'Zoom in' ), 'Zoom out' => __( 'Zoom out' ), */ return self::$translation; } /** * Translates the default TinyMCE strings and returns them as JSON encoded object ready to be loaded with tinymce.addI18n(), * or as JS snippet that should run after tinymce.js is loaded. * * @since 3.9.0 * * @param string $mce_locale The locale used for the editor. * @param bool $json_only Optional. Whether to include the JavaScript calls to tinymce.addI18n() and * tinymce.ScriptLoader.markDone(). Default false. * @return string Translation object, JSON encoded. */ public static function wp_mce_translation( $mce_locale = '', $json_only = false ) { if ( ! $mce_locale ) { $mce_locale = self::get_mce_locale(); } $mce_translation = self::get_translation(); foreach ( $mce_translation as $name => $value ) { if ( is_array( $value ) ) { $mce_translation[ $name ] = $value[0]; } } /** * Filters translated strings prepared for TinyMCE. * * @since 3.9.0 * * @param array $mce_translation Key/value pairs of strings. * @param string $mce_locale Locale. */ $mce_translation = apply_filters( 'wp_mce_translation', $mce_translation, $mce_locale ); foreach ( $mce_translation as $key => $value ) { // Remove strings that are not translated. if ( $key === $value ) { unset( $mce_translation[ $key ] ); continue; } if ( str_contains( $value, '&' ) ) { $mce_translation[ $key ] = html_entity_decode( $value, ENT_QUOTES, 'UTF-8' ); } } // Set direction. if ( is_rtl() ) { $mce_translation['_dir'] = 'rtl'; } if ( $json_only ) { return wp_json_encode( $mce_translation ); } $baseurl = self::get_baseurl(); return "tinymce.addI18n( '$mce_locale', " . wp_json_encode( $mce_translation ) . ");\n" . "tinymce.ScriptLoader.markDone( '$baseurl/langs/$mce_locale.js' );\n"; } /** * Force uncompressed TinyMCE when a custom theme has been defined. * * The compressed TinyMCE file cannot deal with custom themes, so this makes * sure that WordPress uses the uncompressed TinyMCE file if a theme is defined. * Even if the website is running on a production environment. * * @since 5.0.0 */ public static function force_uncompressed_tinymce() { $has_custom_theme = false; foreach ( self::$mce_settings as $init ) { if ( ! empty( $init['theme_url'] ) ) { $has_custom_theme = true; break; } } if ( ! $has_custom_theme ) { return; } $wp_scripts = wp_scripts(); $wp_scripts->remove( 'wp-tinymce' ); wp_register_tinymce_scripts( $wp_scripts, true ); } /** * Print (output) the main TinyMCE scripts. * * @since 4.8.0 * * @global bool $concatenate_scripts */ public static function print_tinymce_scripts() { global $concatenate_scripts; if ( self::$tinymce_scripts_printed ) { return; } self::$tinymce_scripts_printed = true; if ( ! isset( $concatenate_scripts ) ) { script_concat_settings(); } wp_print_scripts( array( 'wp-tinymce' ) ); echo "<script type='text/javascript'>\n" . self::wp_mce_translation() . "</script>\n"; } /** * Print (output) the TinyMCE configuration and initialization scripts. * * @since 3.3.0 * * @global string $tinymce_version */ public static function editor_js() { global $tinymce_version; $tmce_on = ! empty( self::$mce_settings ); $mce_init = ''; $qt_init = ''; if ( $tmce_on ) { foreach ( self::$mce_settings as $editor_id => $init ) { $options = self::_parse_init( $init ); $mce_init .= "'$editor_id':{$options},"; } $mce_init = '{' . trim( $mce_init, ',' ) . '}'; } else { $mce_init = '{}'; } if ( ! empty( self::$qt_settings ) ) { foreach ( self::$qt_settings as $editor_id => $init ) { $options = self::_parse_init( $init ); $qt_init .= "'$editor_id':{$options},"; } $qt_init = '{' . trim( $qt_init, ',' ) . '}'; } else { $qt_init = '{}'; } $ref = array( 'plugins' => implode( ',', self::$plugins ), 'theme' => 'modern', 'language' => self::$mce_locale, ); $suffix = SCRIPT_DEBUG ? '' : '.min'; $baseurl = self::get_baseurl(); $version = 'ver=' . $tinymce_version; /** * Fires immediately before the TinyMCE settings are printed. * * @since 3.2.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'before_wp_tiny_mce', self::$mce_settings ); ?> <script type="text/javascript"> tinyMCEPreInit = { baseURL: "<?php echo $baseurl; ?>", suffix: "<?php echo $suffix; ?>", <?php if ( self::$drag_drop_upload ) { echo 'dragDropUpload: true,'; } ?> mceInit: <?php echo $mce_init; ?>, qtInit: <?php echo $qt_init; ?>, ref: <?php echo self::_parse_init( $ref ); ?>, load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');} }; </script> <?php if ( $tmce_on ) { self::print_tinymce_scripts(); if ( self::$ext_plugins ) { // Load the old-format English strings to prevent unsightly labels in old style popups. echo "<script type='text/javascript' src='{$baseurl}/langs/wp-langs-en.js?$version'></script>\n"; } } /** * Fires after tinymce.js is loaded, but before any TinyMCE editor * instances are created. * * @since 3.9.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'wp_tiny_mce_init', self::$mce_settings ); ?> <script type="text/javascript"> <?php if ( self::$ext_plugins ) { echo self::$ext_plugins . "\n"; } if ( ! is_admin() ) { echo 'var ajaxurl = "' . admin_url( 'admin-ajax.php', 'relative' ) . '";'; } ?> ( function() { var initialized = []; var initialize = function() { var init, id, inPostbox, $wrap; var readyState = document.readyState; if ( readyState !== 'complete' && readyState !== 'interactive' ) { return; } for ( id in tinyMCEPreInit.mceInit ) { if ( initialized.indexOf( id ) > -1 ) { continue; } init = tinyMCEPreInit.mceInit[id]; $wrap = tinymce.$( '#wp-' + id + '-wrap' ); inPostbox = $wrap.parents( '.postbox' ).length > 0; if ( ! init.wp_skip_init && ( $wrap.hasClass( 'tmce-active' ) || ! tinyMCEPreInit.qtInit.hasOwnProperty( id ) ) && ( readyState === 'complete' || ( ! inPostbox && readyState === 'interactive' ) ) ) { tinymce.init( init ); initialized.push( id ); if ( ! window.wpActiveEditor ) { window.wpActiveEditor = id; } } } } if ( typeof tinymce !== 'undefined' ) { if ( tinymce.Env.ie && tinymce.Env.ie < 11 ) { tinymce.$( '.wp-editor-wrap ' ).removeClass( 'tmce-active' ).addClass( 'html-active' ); } else { if ( document.readyState === 'complete' ) { initialize(); } else { document.addEventListener( 'readystatechange', initialize ); } } } if ( typeof quicktags !== 'undefined' ) { for ( id in tinyMCEPreInit.qtInit ) { quicktags( tinyMCEPreInit.qtInit[id] ); if ( ! window.wpActiveEditor ) { window.wpActiveEditor = id; } } } }()); </script> <?php if ( in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) { self::wp_link_dialog(); } /** * Fires after any core TinyMCE editor instances are created. * * @since 3.2.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'after_wp_tiny_mce', self::$mce_settings ); } /** * Outputs the HTML for distraction-free writing mode. * * @since 3.2.0 * @deprecated 4.3.0 */ public static function wp_fullscreen_html() { _deprecated_function( __FUNCTION__, '4.3.0' ); } /** * Performs post queries for internal linking. * * @since 3.1.0 * * @param array $args { * Optional. Array of link query arguments. * * @type int $pagenum Page number. Default 1. * @type string $s Search keywords. * } * @return array|false $results { * An array of associative arrays of query results, false if there are none. * * @type array ...$0 { * @type int $ID Post ID. * @type string $title The trimmed, escaped post title. * @type string $permalink Post permalink. * @type string $info A 'Y/m/d'-formatted date for 'post' post type, * the 'singular_name' post type label otherwise. * } * } */ public static function wp_link_query( $args = array() ) { $pts = get_post_types( array( 'public' => true ), 'objects' ); $pt_names = array_keys( $pts ); $query = array( 'post_type' => $pt_names, 'suppress_filters' => true, 'update_post_term_cache' => false, 'update_post_meta_cache' => false, 'post_status' => 'publish', 'posts_per_page' => 20, ); $args['pagenum'] = isset( $args['pagenum'] ) ? absint( $args['pagenum'] ) : 1; if ( isset( $args['s'] ) ) { $query['s'] = $args['s']; } $query['offset'] = $args['pagenum'] > 1 ? $query['posts_per_page'] * ( $args['pagenum'] - 1 ) : 0; /** * Filters the link query arguments. * * Allows modification of the link query arguments before querying. * * @see WP_Query for a full list of arguments * * @since 3.7.0 * * @param array $query An array of WP_Query arguments. */ $query = apply_filters( 'wp_link_query_args', $query ); // Do main query. $get_posts = new WP_Query(); $posts = $get_posts->query( $query ); // Build results. $results = array(); foreach ( $posts as $post ) { if ( 'post' === $post->post_type ) { $info = mysql2date( __( 'Y/m/d' ), $post->post_date ); } else { $info = $pts[ $post->post_type ]->labels->singular_name; } $results[] = array( 'ID' => $post->ID, 'title' => trim( esc_html( strip_tags( get_the_title( $post ) ) ) ), 'permalink' => get_permalink( $post->ID ), 'info' => $info, ); } /** * Filters the link query results. * * Allows modification of the returned link query results. * * @since 3.7.0 * * @see 'wp_link_query_args' filter * * @param array $results { * An array of associative arrays of query results. * * @type array ...$0 { * @type int $ID Post ID. * @type string $title The trimmed, escaped post title. * @type string $permalink Post permalink. * @type string $info A 'Y/m/d'-formatted date for 'post' post type, * the 'singular_name' post type label otherwise. * } * } * @param array $query An array of WP_Query arguments. */ $results = apply_filters( 'wp_link_query', $results, $query ); return ! empty( $results ) ? $results : false; } /** * Dialog for internal linking. * * @since 3.1.0 */ public static function wp_link_dialog() { // Run once. if ( self::$link_dialog_printed ) { return; } self::$link_dialog_printed = true; // `display: none` is required here, see #WP27605. ?> <div id="wp-link-backdrop" style="display: none"></div> <div id="wp-link-wrap" class="wp-core-ui" style="display: none" role="dialog" aria-modal="true" aria-labelledby="link-modal-title"> <form id="wp-link" tabindex="-1"> <?php wp_nonce_field( 'internal-linking', '_ajax_linking_nonce', false ); ?> <h1 id="link-modal-title"><?php _e( 'Insert/edit link' ); ?></h1> <button type="button" id="wp-link-close"><span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Close' ); ?> </span></button> <div id="link-selector"> <div id="link-options"> <p class="howto" id="wplink-enter-url"><?php _e( 'Enter the destination URL' ); ?></p> <div> <label><span><?php _e( 'URL' ); ?></span> <input id="wp-link-url" type="text" aria-describedby="wplink-enter-url" /></label> </div> <div class="wp-link-text-field"> <label><span><?php _e( 'Link Text' ); ?></span> <input id="wp-link-text" type="text" /></label> </div> <div class="link-target"> <label><span></span> <input type="checkbox" id="wp-link-target" /> <?php _e( 'Open link in a new tab' ); ?></label> </div> </div> <p class="howto" id="wplink-link-existing-content"><?php _e( 'Or link to existing content' ); ?></p> <div id="search-panel"> <div class="link-search-wrapper"> <label> <span class="search-label"><?php _e( 'Search' ); ?></span> <input type="search" id="wp-link-search" class="link-search-field" autocomplete="off" aria-describedby="wplink-link-existing-content" /> <span class="spinner"></span> </label> </div> <div id="search-results" class="query-results" tabindex="0"> <ul></ul> <div class="river-waiting"> <span class="spinner"></span> </div> </div> <div id="most-recent-results" class="query-results" tabindex="0"> <div class="query-notice" id="query-notice-message"> <em class="query-notice-default"><?php _e( 'No search term specified. Showing recent items.' ); ?></em> <em class="query-notice-hint screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Search or use up and down arrow keys to select an item.' ); ?> </em> </div> <ul></ul> <div class="river-waiting"> <span class="spinner"></span> </div> </div> </div> </div> <div class="submitbox"> <div id="wp-link-cancel"> <button type="button" class="button"><?php _e( 'Cancel' ); ?></button> </div> <div id="wp-link-update"> <input type="submit" value="<?php esc_attr_e( 'Add Link' ); ?>" class="button button-primary" id="wp-link-submit" name="wp-link-submit"> </div> </div> </form> </div> <?php } } HTTP/https-migration-20260605102726-20260607192122.php 0000666 00000011205 15226703613 0014146 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605160218-20260607111821.php 0000666 00000013341 15226703613 0014133 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605100953.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605125547.php 0000666 00000013341 15226703613 0012557 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606082906-20260607191705.php 0000666 00000011205 15226703613 0014164 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606024459-20260610080057.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605101142-20260610141635.php 0000666 00000011205 15226703613 0014132 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Response-20260605032920.php 0000666 00000015435 15226703613 0011235 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-FileCopyrightText: 2014 PHP Framework Interoperability Group // SPDX-License-Identifier: MIT declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Response interface * * This interface must be interoperable with Psr\Http\Message\ResponseInterface * @see https://www.php-fig.org/psr/psr-7/#33-psrhttpmessageresponseinterface * * @internal */ interface Response { /** * Return the string representation of the permanent URI of the requested resource * (the first location after a prefix of (only) permanent redirects). * * Depending on which components of the URI are present, the resulting * string is either a full URI or relative reference according to RFC 3986, * Section 4.1. The method concatenates the various components of the URI, * using the appropriate delimiters: * * - If a scheme is present, it MUST be suffixed by ":". * - If an authority is present, it MUST be prefixed by "//". * - The path can be concatenated without delimiters. But there are two * cases where the path has to be adjusted to make the URI reference * valid as PHP does not allow to throw an exception in __toString(): * - If the path is rootless and an authority is present, the path MUST * be prefixed by "/". * - If the path is starting with more than one "/" and no authority is * present, the starting slashes MUST be reduced to one. * - If a query is present, it MUST be prefixed by "?". * - If a fragment is present, it MUST be prefixed by "#". * * @see http://tools.ietf.org/html/rfc3986#section-4.1 */ public function get_permanent_uri(): string; /** * Return the string representation of the final requested URL after following all redirects. * * Depending on which components of the URI are present, the resulting * string is either a full URI or relative reference according to RFC 3986, * Section 4.1. The method concatenates the various components of the URI, * using the appropriate delimiters: * * - If a scheme is present, it MUST be suffixed by ":". * - If an authority is present, it MUST be prefixed by "//". * - The path can be concatenated without delimiters. But there are two * cases where the path has to be adjusted to make the URI reference * valid as PHP does not allow to throw an exception in __toString(): * - If the path is rootless and an authority is present, the path MUST * be prefixed by "/". * - If the path is starting with more than one "/" and no authority is * present, the starting slashes MUST be reduced to one. * - If a query is present, it MUST be prefixed by "?". * - If a fragment is present, it MUST be prefixed by "#". * * @see http://tools.ietf.org/html/rfc3986#section-4.1 */ public function get_final_requested_uri(): string; /** * Gets the response status code. * * The status code is a 3-digit integer result code of the server's attempt * to understand and satisfy the request. * * @return int Status code. */ public function get_status_code(): int; /** * Retrieves all message header values. * * The keys represent the header name as it will be sent over the wire, and * each value is an array of strings associated with the header. * * // Represent the headers as a string * foreach ($message->get_headers() as $name => $values) { * echo $name . ': ' . implode(', ', $values); * } * * // Emit headers iteratively: * foreach ($message->get_headers() as $name => $values) { * foreach ($values as $value) { * header(sprintf('%s: %s', $name, $value), false); * } * } * * @return array<non-empty-array<string>> Returns an associative array of the message's headers. * Each key MUST be a header name, and each value MUST be an array of * strings for that header. */ public function get_headers(): array; /** * Checks if a header exists by the given case-insensitive name. * * @param string $name Case-insensitive header field name. * @return bool Returns true if any header names match the given header * name using a case-insensitive string comparison. Returns false if * no matching header name is found in the message. */ public function has_header(string $name): bool; /** * Retrieves a message header value by the given case-insensitive name. * * This method returns an array of all the header values of the given * case-insensitive header name. * * If the header does not appear in the message, this method MUST return an * empty array. * * @param string $name Case-insensitive header field name. * @return string[] An array of string values as provided for the given * header. If the header does not appear in the message, this method MUST * return an empty array. */ public function get_header(string $name): array; /** * Return an instance with the provided value replacing the specified header. * * This method MUST be implemented in such a way as to retain the * immutability of the message, and MUST return an instance that has the * new and/or updated header and value. * * @param string $name Case-insensitive header field name. * @param string|non-empty-array<string> $value Header value(s). * @return static * @throws \InvalidArgumentException for invalid header names or values. */ public function with_header(string $name, $value); /** * Retrieves a comma-separated string of the values for a single header. * * This method returns all of the header values of the given * case-insensitive header name as a string concatenated together using * a comma. * * NOTE: Not all header values may be appropriately represented using * comma concatenation. For such headers, use getHeader() instead * and supply your own delimiter when concatenating. * * If the header does not appear in the message, this method MUST return * an empty string. * * @param string $name Case-insensitive header field name. * @return string A string of values as provided for the given header * concatenated together using a comma. If the header does not appear in * the message, this method MUST return an empty string. */ public function get_header_line(string $name): string; /** * get the body as string * * @return string */ public function get_body_content(): string; } HTTP/class-wp-block-processor-20260605081857.php 0000666 00000210507 15226703613 0014307 0 ustar 00 <?php /** * Efficiently scan through block structure in document without parsing * the entire block tree and all of its JSON attributes into memory. * * @package WordPress * @subpackage Blocks * @since 6.9.0 */ /** * Class for efficiently scanning through block structure in a document * without parsing the entire block tree and JSON attributes into memory. * * ## Overview * * This class is designed to help analyze and modify block structure in a * streaming fashion and to bridge the gap between parsed block trees and * the text representing them. * * Use-cases for this class include but are not limited to: * * - Counting block types in a document. * - Queuing stylesheets based on the presence of various block types. * - Modifying blocks of a given type, i.e. migrations, updates, and styling. * - Searching for content of specific kinds, e.g. checking for blocks * with certain theme support attributes, or block bindings. * - Adding CSS class names to the element wrapping a block’s inner blocks. * * > *Note!* If a fully-parsed block tree of a document is necessary, including * > all the parsed JSON attributes, nested blocks, and HTML, consider * > using {@see \parse_blocks()} instead which will parse the document * > in one swift pass. * * For typical usage, jump first to the methods {@see self::next_block()}, * {@see self::next_delimiter()}, or {@see self::next_token()}. * * ### Values * * As a lower-level interface than {@see parse_blocks()} this class follows * different performance-focused values: * * - Minimize allocations so that documents of any size may be processed * on a fixed or marginal amount of memory. * - Make hidden costs explicit so that calling code only has to pay the * performance penalty for features it needs. * - Operate with a streaming and re-entrant design to make it possible * to operate on chunks of a document and to resume after pausing. * * This means that some operations might appear more cumbersome than one * might expect. This design tradeoff opens up opportunity to wrap this in * a convenience class to add higher-level functionality. * * ## Concepts * * All text documents can be considered a block document containing a combination * of “freeform HTML” and explicit block structure. Block structure forms through * special HTML comments called _delimiters_ which include a block type and, * optionally, block attributes encoded as a JSON object payload. * * This processor is designed to scan through a block document from delimiter to * delimiter, tracking how the delimiters impact the structure of the document. * Spans of HTML appear between delimiters. If these spans exist at the top level * of the document, meaning there is no containing block around them, they are * considered freeform HTML content. If, however, they appear _inside_ block * structure they are interpreted as `innerHTML` for the containing block. * * ### Tokens and scanning * * As the processor scans through a document is reports information about the token * on which is pauses. Tokens represent spans of text in the input comprising block * delimiters and spans of HTML. * * - {@see self::next_token()} visits every contiguous subspan of text in the * input document. This includes all explicit block comment delimiters and spans * of HTML content (whether freeform or inner HTML). * - {@see self::next_delimiter()} visits every explicit block comment delimiter * unless passed a block type which covers freeform HTML content. In these cases * it will stop at top-level spans of HTML and report a `null` block type. * - {@see self::next_block()} visits every block delimiter which _opens_ a block. * This includes opening block delimiters as well as void block delimiters. With * the same exception as above for freeform HTML block types, this will visit * top-level spans of HTML content. * * When matched on a particular token, the following methods provide structural * and textual information about it: * * - {@see self::get_delimiter_type()} reports whether the delimiter is an opener, * a closer, or if it represents a whole void block. * - {@see self::get_block_type()} reports the fully-qualified block type which * the delimiter represents. * - {@see self::get_printable_block_type()} reports the fully-qualified block type, * but returns `core/freeform` instead of `null` for top-level freeform HTML content. * - {@see self::is_block_type()} indicates if the delimiter represents a block of * the given block type, or wildcard or pseudo-block type described below. * - {@see self::opens_block()} indicates if the delimiter opens a block of one * of the provided block types. Opening, void, and top-level freeform HTML content * all open blocks. * - {@see static::get_attributes()} is currently reserved for a future streaming * JSON parser class. * - {@see self::allocate_and_return_parsed_attributes()} extracts the JSON attributes * for delimiters which open blocks and return the fully-parsed attributes as an * associative array. {@see static::get_last_json_error()} for when this fails. * - {@see self::is_html()} indicates if the token is a span of HTML which might * be top-level freeform content or a block’s inner HTML. * - {@see self::get_html_content()} returns the span of HTML. * - {@see self::get_span()} for the byte offset and length into the input document * representing the token. * * It’s possible for the processor to fail to scan forward if the input document ends * in a proper prefix of an explicit block comment delimiter. For example, if the input * ends in `<!-- wp:` then it _might_ be the start of another delimiter. The parser * cannot know, however, and therefore refuses to proceed. {@see static::get_last_error()} * to distinguish between a failure to find the next token and an incomplete input. * * ### Block types * * A block’s “type” comprises an optional _namespace_ and _name_. If the namespace * isn’t provided it will be interpreted as the implicit `core` namespace. For example, * the type `gallery` is the name of the block in the `core` namespace, but the type * `abc/gallery` is the _fully-qualified_ block type for the block whose name is still * `gallery`, but in the `abc` namespace. * * Methods on this class are aware of this block naming semantic and anywhere a block * type is an argument to a method it will be normalized to account for implicit namespaces. * Passing `paragraph` is the same as passing `core/paragraph`. On the contrary, anywhere * this class returns a block type, it will return the fully-qualified and normalized form. * For example, for the `<!-- wp:group -->` delimiter it will return `core/group` as the * block type. * * There are two special block types that change the behavior of the processor: * * - The wildcard `*` represents _any block_. In addition to matching all block types, * it also represents top-level freeform HTML whose block type is reported as `null`. * * - The `core/freeform` block type is a pseudo-block type which explicitly matches * top-level freeform HTML. * * These special block types can be passed into any method which searches for blocks. * * There is one additional special block type which may be returned from * {@see self::get_printable_block_type()}. This is the `#innerHTML` type, which * indicates that the HTML span on which the processor is paused is inner HTML for * a containing block. * * ### Spans of HTML * * Non-block content plays a complicated role in processing block documents. This * processor exposes tools to help work with these spans of HTML. * * - {@see self::is_html()} indicates if the processor is paused at a span of * HTML but does not differentiate between top-level freeform content and inner HTML. * - {@see self::is_non_whitespace_html()} indicates not only if the processor * is paused at a span of HTML, but also whether that span incorporates more than * whitespace characters. Because block serialization often inserts newlines between * block comment delimiters, this is useful for distinguishing “real” freeform * content from purely aesthetic syntax. * - {@see self::is_block_type()} matches top-level freeform HTML content when * provided one of the special block types described above. * * ### Block structure * * As the processor traverses block delimiters it maintains a stack of which blocks are * open at the given place in the document where it’s paused. This stack represents the * block structure of a document and is used to determine where blocks end, which blocks * represent inner blocks, whether a span of HTML is top-level freeform content, and * more. Investigate the stack with {@see self::get_breadcrumbs()}, which returns an * array of block types starting at the outermost-open block and descending to the * currently-visited block. * * Unlike {@parse_blocks()}, spans of HTML appear in this structure as the special * reported block type `#html`. Such a span represents inner HTML for a block if the * depth reported by {@see self::get_depth()} is greater than one. * * It will generally not be necessary to inspect the stack of open blocks, though * depth may be important for finding where blocks end. When visiting a block opener, * the depth will have been increased before pausing; in contrast the depth is * decremented before visiting a closer. This makes the following an easy way to * determine if a block is still open. * * Example: * * $depth = $processor->get_depth(); * while ( $processor->next_token() && $processor->get_depth() > $depth ) { * continue * } * // Processor is now paused at the token immediately following the closed block. * * #### Extracting blocks * * A unique feature of this processor is the ability to return the same output as * {@see \parse_blocks()} would produce, but for a subset of the input document. * For example, it’s possible to extract an image block, manipulate that parsed * block, and re-serialize it into the original document. It’s possible to do so * while skipping over the parse of the rest of the document. * * {@see self::extract_full_block_and_advance()} will scan forward from the current block opener * and build the parsed block structure until the current block is closed. It will * include all inner HTML and inner blocks, and parse all of the inner blocks. It * can be used to extract a block at any depth in the document, helpful for operating * on blocks within nested structure. * * Example: * * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery_block = $processor->extract_full_block_and_advance(); * $after_gallery = $processor->get_span()->start; * return ( * substr( $post_content, 0, $gallery_at ) . * serialize_block( modify_gallery( $gallery_block ) . * substr( $post_content, $after_gallery ) * ); * * #### Handling of malformed structure * * There are situations where closing block delimiters appear for which no open block * exists, or where a document ends before a block is closed, or where a closing block * delimiter appears but references a different block type than the most-recently * opened block does. In all of these cases, the stack of open blocks should mirror * the behavior in {@see \parse_blocks()}. * * Unlike {@see \parse_blocks()}, however, this processor can still operate on the * invalid block delimiters. It provides a few functions which can be used for building * custom and non-spec-compliant error handling. * * - {@see self::has_closing_flag()} indicates if the block delimiter contains the * closing flag at the end. Some invalid block delimiters might contain both the * void and closing flag, in which case {@see self::get_delimiter_type()} will * report that it’s a void block. * - {@see static::get_last_error()} indicates if the processor reached an invalid * block closing. Depending on the context, {@see \parse_blocks()} might instead * ignore the token or treat it as freeform HTML content. * * ## Static helpers * * This class provides helpers for performing semantic block-related operations. * * - {@see self::normalize_block_type()} takes a block type with or without the * implicit `core` namespace and returns a fully-qualified block type. * - {@see self::are_equal_block_types()} indicates if two spans across one or * more input texts represent the same fully-qualified block type. * * ## Subclassing * * This processor is designed to accurately parse a block document. Therefore, many * of its methods are not meant for subclassing. However, overall this class supports * building higher-level convenience classes which may choose to subclass it. For those * classes, avoid re-implementing methods except for the list below. Instead, create * new names representing the higher-level concepts being introduced. For example, instead * of creating a new method named `next_block()` which only advances to blocks of a given * kind, consider creating a new method named something like `next_layout_block()` which * won’t interfere with the base class method. * * - {@see static::get_last_error()} may be reimplemented to report new errors in the subclass * which aren’t intrinsic to block parsing. * - {@see static::get_attributes()} may be reimplemented to provide a streaming interface * to reading and modifying a block’s JSON attributes. It should be fast and memory efficient. * - {@see static::get_last_json_error()} may be reimplemented to report new errors introduced * with a reimplementation of {@see static::get_attributes()}. * * @since 6.9.0 */ class WP_Block_Processor { /** * Indicates if the last operation failed, otherwise * will be `null` for success. * * @since 6.9.0 * * @var string|null */ private $last_error = null; /** * Indicates failures from decoding JSON attributes. * * @since 6.9.0 * * @see \json_last_error() * * @var int */ private $last_json_error = JSON_ERROR_NONE; /** * Source text provided to processor. * * @since 6.9.0 * * @var string */ protected $source_text; /** * Byte offset into source text where a matched delimiter starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰─ Starts at byte offset 17. * * @since 6.9.0 * * @var int */ private $matched_delimiter_at = 0; /** * Byte length of full span of a matched delimiter. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $matched_delimiter_length = 0; /** * First byte offset into source text following any previously-matched delimiter. * Used to indicate where an HTML span starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 55 * <!-- wp:paragraph --><p>Content</p><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨ * │ ╰─ This delimiter was matched, and after matching, * │ revealed the preceding HTML span. * │ * ╰─ The first byte offset after the previous matched delimiter * is 21. Because the matched delimiter starts at 55, which is after * this, a span of HTML must exist between these boundaries. * * @since 6.9.0 * * @var int */ private $after_previous_delimiter = 0; /** * Byte offset where namespace span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block name. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $namespace_at = 0; /** * Byte offset where block name span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block namespace. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $name_at = 0; /** * Byte length of block name span. * * Example: * * 5 10 15 20 25 * <!-- wp:core/gallery --> * ╰─────╯ * 7 bytes long. * * @since 6.9.0 * * @var int */ private $name_length = 0; /** * Whether the delimiter contains the block-closing flag. * * This may be erroneous if present within a void block, * therefore the {@see self::has_closing_flag()} can be used by * calling code to perform custom error-handling. * * @since 6.9.0 * * @var bool */ private $has_closing_flag = false; /** * Byte offset where JSON attributes span begins. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰─ Starts at byte offset 18. * * @since 6.9.0 * * @var int */ private $json_at; /** * Byte length of JSON attributes span, or 0 if none are present. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $json_length = 0; /** * Internal parser state, differentiating whether the instance is currently matched, * on an implicit freeform node, in error, or ready to begin parsing. * * @see self::READY * @see self::MATCHED * @see self::HTML_SPAN * @see self::INCOMPLETE_INPUT * @see self::COMPLETE * * @since 6.9.0 * * @var string */ protected $state = self::READY; /** * Indicates what kind of block comment delimiter was matched. * * One of: * * - {@see self::OPENER} If the delimiter is opening a block. * - {@see self::CLOSER} If the delimiter is closing an open block. * - {@see self::VOID} If the delimiter represents a void block with no inner content. * * If a parsed comment delimiter contains both the closing and the void * flags then it will be interpreted as a void block to match the behavior * of the official block parser, however, this is a syntax error and probably * the block ought to close an open block of the same name, if one is open. * * @since 6.9.0 * * @var string */ private $type; /** * Whether the last-matched delimiter acts like a void block and should be * popped from the stack of open blocks as soon as the parser advances. * * This applies to void block delimiters and to HTML spans. * * @since 6.9.0 * * @var bool */ private $was_void = false; /** * For every open block, in hierarchical order, this stores the byte offset * into the source text where the block type starts, including for HTML spans. * * To avoid allocating and normalizing block names when they aren’t requested, * the stack of open blocks is stored as the byte offsets and byte lengths of * each open block’s block type. This allows for minimal tracking and quick * reading or comparison of block types when requested. * * @since 6.9.0 * * @see self::$open_blocks_length * * @var int[] */ private $open_blocks_at = array(); /** * For every open block, in hierarchical order, this stores the byte length * of the block’s block type in the source text. For HTML spans this is 0. * * @since 6.9.0 * * @see self::$open_blocks_at * * @var int[] */ private $open_blocks_length = array(); /** * Indicates which operation should apply to the stack of open blocks after * processing any pending spans of HTML. * * Since HTML spans are discovered after matching block delimiters, those * delimiters need to defer modifying the stack of open blocks. This value, * if set, indicates what operation should be applied. The properties * associated with token boundaries still point to the delimiters even * when processing HTML spans, so there’s no need to track them independently. * * @var 'push'|'void'|'pop'|null */ private $next_stack_op = null; /** * Creates a new block processor. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( $processor->next_block( 'core/image' ) ) { * echo "Found an image!\n"; * } * * @see self::next_block() to advance to the start of the next block (skips closers). * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @since 6.9.0 * * @param string $source_text Input document potentially containing block content. */ public function __construct( string $source_text ) { $this->source_text = $source_text; } /** * Advance to the next block delimiter which opens a block, indicating if one was found. * * Delimiters which open blocks include opening and void block delimiters. To visit * freeform HTML content, pass the wildcard “*” as the block type. * * Use this function to walk through the blocks in a document, pausing where they open. * * Example blocks: * * // The first delimiter opens the paragraph block. * <⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨<p>Content</p><!-- /wp:paragraph--> * * // The void block is the first opener in this sequence of closers. * <!-- /wp:group --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨s⃨p⃨a⃨c⃨e⃨r⃨ ⃨{⃨"⃨h⃨e⃨i⃨g⃨h⃨t⃨"⃨:⃨"⃨2⃨0⃨0⃨p⃨x⃨"⃨}⃨ ⃨/⃨-⃨-⃨>⃨<!-- /wp:group --> * * // If, however, `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * <!-- /wp:list-item --></ul><!-- /wp:list --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨>⃨<p> * * Example: * * // Find all textual ranges of image block opening delimiters. * $images = array(); * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( 'core/image' ) ) { * $images[] = $processor->get_span(); * } * * In some cases it may be useful to conditionally visit the implicit freeform * blocks, such as when determining if a post contains freeform content that * isn’t purely whitespace. * * Example: * * $seen_block_types = []; * $block_type = '*'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( $block_type ) { * // Stop wasting time visiting freeform blocks after one has been found. * if ( * '*' === $block_type && * null === $processor->get_block_type() && * $processor->is_non_whitespace_html() * ) { * $block_type = null; * $seen_block_types['core/freeform'] = true; * continue; * } * * $seen_block_types[ $processor->get_block_type() ] = true; * } * * @since 6.9.0 * * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @param string|null $block_type Optional. If provided, advance until a block of this type is found. * Default is to stop at any block regardless of its type. * @return bool Whether an opening delimiter for a block was found. */ public function next_block( ?string $block_type = null ): bool { while ( $this->next_delimiter( $block_type ) ) { if ( self::CLOSER !== $this->get_delimiter_type() ) { return true; } } return false; } /** * Advance to the next block delimiter in a document, indicating if one was found. * * Delimiters may include invalid JSON. This parser does not attempt to parse the * JSON attributes until requested; when invalid, the attributes will be null. This * matches the behavior of {@see \parse_blocks()}. To visit freeform HTML content, * pass the wildcard “*” as the block type. * * Use this function to walk through the block delimiters in a document. * * Example delimiters: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * * // If the wildcard `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * ...</ul><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨l⃨i⃨s⃨t⃨ ⃨-⃨-⃨>⃨<!-- wp:paragraph --><p> * * Example: * * $html = '<!-- wp:void /-->\n<!-- wp:void /-->'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() { * // Runs twice, seeing both void blocks of type “core/void.” * } * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter( '*' ) ) { * // Runs thrice, seeing the void block, the newline span, and the void block. * } * * @since 6.9.0 * * @param string|null $block_name Optional. Keep searching until a block of this name is found. * Defaults to visit every block regardless of type. * @return bool Whether a block delimiter was matched. */ public function next_delimiter( ?string $block_name = null ): bool { if ( ! isset( $block_name ) ) { while ( $this->next_token() ) { if ( ! $this->is_html() ) { return true; } } return false; } while ( $this->next_token() ) { if ( $this->is_block_type( $block_name ) ) { return true; } } return false; } /** * Advance to the next block delimiter or HTML span in a document, indicating if one was found. * * This function steps through every syntactic chunk in a document. This includes explicit * block comment delimiters, freeform non-block content, and inner HTML segments. * * Example tokens: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * <p>Normal HTML content</p> * Plaintext content too! * * Example: * * // Find span containing wrapping HTML element surrounding inner blocks. * $processor = new WP_Block_Processor( $html ); * if ( ! $processor->next_block( 'gallery' ) ) { * return null; * } * * $containing_span = null; * while ( $processor->next_token() && $processor->is_html() ) { * $containing_span = $processor->get_span(); * } * * This method will visit all HTML spans including those forming freeform non-block * content as well as those which are part of a block’s inner HTML. * * @since 6.9.0 * * @return bool Whether a token was matched or the end of the document was reached without finding any. */ public function next_token(): bool { if ( $this->last_error || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return false; } // Void tokens automatically pop off the stack of open blocks. if ( $this->was_void ) { array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); $this->was_void = false; } $text = $this->source_text; $end = strlen( $text ); /* * Because HTML spans are inferred after finding the next delimiter, it means that * the parser must transition out of that HTML state and reuse the token boundaries * it found after the HTML span. If those boundaries are before the end of the * document it implies that a real delimiter was found; otherwise this must be the * terminating HTML span and the parsing is complete. */ if ( self::HTML_SPAN === $this->state ) { if ( $this->matched_delimiter_at >= $end ) { $this->state = self::COMPLETE; return false; } switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'push': $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; $this->state = self::MATCHED; return true; } $this->state = self::READY; $after_prev_delimiter = $this->matched_delimiter_at + $this->matched_delimiter_length; $at = $after_prev_delimiter; while ( $at < $end ) { /* * Find the next possible start of a delimiter. * * This follows the behavior in the official block parser, which segments a post * by the block comment delimiters. It is possible for an HTML attribute to contain * what looks like a block comment delimiter but which is actually an HTML attribute * value. In such a case, the parser here will break apart the HTML and create the * block boundary inside the HTML attribute. In other words, the block parser * isolates sections of HTML from each other, even if that leads to malformed markup. * * For a more robust parse, scan through the document with the HTML API and parse * comments once they are matched to see if they are also block delimiters. In * practice, this nuance has not caused any known problems since developing blocks. * * <⃨!⃨-⃨-⃨ /wp:core/paragraph {"dropCap":true} /--> */ $comment_opening_at = strpos( $text, '<!--', $at ); /* * Even if the start of a potential block delimiter is not found, the document * might end in a prefix of such, and in that case there is incomplete input. */ if ( false === $comment_opening_at ) { if ( str_ends_with( $text, '<!-' ) ) { $backup = 3; } elseif ( str_ends_with( $text, '<!' ) ) { $backup = 2; } elseif ( str_ends_with( $text, '<' ) ) { $backup = 1; } else { $backup = 0; } // Whether or not there is a potential delimiter, there might be an HTML span. if ( $after_prev_delimiter < ( $end - $backup ) ) { $this->state = self::HTML_SPAN; $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $end - $backup; $this->matched_delimiter_length = $backup; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } /* * In the case that there is the start of an HTML comment, it means that there * might be a block delimiter, but it’s not possible know, therefore it’s incomplete. */ if ( $backup > 0 ) { goto incomplete; } // Otherwise this is the end. $this->state = self::COMPLETE; return false; } // <!-- ⃨/wp:core/paragraph {"dropCap":true} /--> $opening_whitespace_at = $comment_opening_at + 4; if ( $opening_whitespace_at >= $end ) { goto incomplete; } $opening_whitespace_length = strspn( $text, " \t\f\r\n", $opening_whitespace_at ); /* * The `wp` prefix cannot come before this point, but it may come after it * depending on the presence of the closer. This is detected next. */ $wp_prefix_at = $opening_whitespace_at + $opening_whitespace_length; if ( $wp_prefix_at >= $end ) { goto incomplete; } if ( 0 === $opening_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /⃨wp:core/paragraph {"dropCap":true} /--> $has_closer = false; if ( '/' === $text[ $wp_prefix_at ] ) { $has_closer = true; ++$wp_prefix_at; } // <!-- /w⃨p⃨:⃨core/paragraph {"dropCap":true} /--> if ( $wp_prefix_at < $end && 0 !== substr_compare( $text, 'wp:', $wp_prefix_at, 3 ) ) { if ( ( $wp_prefix_at + 2 >= $end && str_ends_with( $text, 'wp' ) ) || ( $wp_prefix_at + 1 >= $end && str_ends_with( $text, 'w' ) ) ) { goto incomplete; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * If the block contains no namespace, this will end up masquerading with * the block name. It’s easier to first detect the span and then determine * if it’s a namespace of a name. * * <!-- /wp:c⃨o⃨r⃨e⃨/paragraph {"dropCap":true} /--> */ $namespace_at = $wp_prefix_at + 3; if ( $namespace_at >= $end ) { goto incomplete; } $start_of_namespace = $text[ $namespace_at ]; // The namespace must start with a-z. if ( 'a' > $start_of_namespace || 'z' < $start_of_namespace ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $namespace_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $namespace_at + 1 ); $separator_at = $namespace_at + $namespace_length; if ( $separator_at >= $end ) { goto incomplete; } // <!-- /wp:core/⃨paragraph {"dropCap":true} /--> $has_separator = '/' === $text[ $separator_at ]; if ( $has_separator ) { $name_at = $separator_at + 1; if ( $name_at >= $end ) { goto incomplete; } // <!-- /wp:core/p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ {"dropCap":true} /--> $start_of_name = $text[ $name_at ]; if ( 'a' > $start_of_name || 'z' < $start_of_name ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $name_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $name_at + 1 ); } else { $name_at = $namespace_at; $name_length = $namespace_length; } if ( $name_at + $name_length >= $end ) { goto incomplete; } /* * For this next section of the delimiter, it could be the JSON attributes * or it could be the end of the comment. Assume that the JSON is there and * update if it’s not. */ // <!-- /wp:core/paragraph ⃨{"dropCap":true} /--> $after_name_whitespace_at = $name_at + $name_length; $after_name_whitespace_length = strspn( $text, " \t\f\r\n", $after_name_whitespace_at ); $json_at = $after_name_whitespace_at + $after_name_whitespace_length; if ( $json_at >= $end ) { goto incomplete; } if ( 0 === $after_name_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /wp:core/paragraph {⃨"dropCap":true} /--> $has_json = '{' === $text[ $json_at ]; $json_length = 0; /* * For the final span of the delimiter it's most efficient to find the end of the * HTML comment and work backwards. This prevents complicated parsing inside the * JSON span, which is not allowed to contain the HTML comment terminator. * * This also matches the behavior in the official block parser, * even though it allows for matching invalid JSON content. * * <!-- /wp:core/paragraph {"dropCap":true} /-⃨-⃨>⃨ */ $comment_closing_at = strpos( $text, '-->', $json_at ); if ( false === $comment_closing_at ) { goto incomplete; } // <!-- /wp:core/paragraph {"dropCap":true} /⃨--> if ( '/' === $text[ $comment_closing_at - 1 ] ) { $has_void_flag = true; $void_flag_length = 1; } else { $has_void_flag = false; $void_flag_length = 0; } /* * If there's no JSON, then the span of text after the name * until the comment closing must be completely whitespace. * Otherwise it’s a normal HTML comment. */ if ( ! $has_json ) { if ( $after_name_whitespace_at + $after_name_whitespace_length === $comment_closing_at - $void_flag_length ) { // This must be a block delimiter! $this->state = self::MATCHED; break; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * There's JSON, so attempt to find its boundary. * * @todo It’s likely faster to scan forward instead of in reverse. * * <!-- /wp:core/paragraph {"dropCap":true}⃨ ⃨/--> */ $after_json_whitespace_length = 0; for ( $char_at = $comment_closing_at - $void_flag_length - 1; $char_at > $json_at; $char_at-- ) { $char = $text[ $char_at ]; switch ( $char ) { case ' ': case "\t": case "\f": case "\r": case "\n": ++$after_json_whitespace_length; continue 2; case '}': $json_length = $char_at - $json_at + 1; break 2; default: ++$at; continue 3; } } /* * This covers cases where there is no terminating “}” or where * mandatory whitespace is missing. */ if ( 0 === $json_length || 0 === $after_json_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // This must be a block delimiter! $this->state = self::MATCHED; break; } // The end of the document was reached without a match. if ( self::MATCHED !== $this->state ) { $this->state = self::COMPLETE; return false; } /* * From this point forward, a delimiter has been matched. There * might also be an HTML span that appears before the delimiter. */ $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $comment_opening_at; $this->matched_delimiter_length = $comment_closing_at + 3 - $comment_opening_at; $this->namespace_at = $namespace_at; $this->name_at = $name_at; $this->name_length = $name_length; $this->json_at = $json_at; $this->json_length = $json_length; /* * When delimiters contain both the void flag and the closing flag * they shall be interpreted as void blocks, per the spec parser. */ if ( $has_void_flag ) { $this->type = self::VOID; $this->next_stack_op = 'void'; } elseif ( $has_closer ) { $this->type = self::CLOSER; $this->next_stack_op = 'pop'; /* * @todo Check if the name matches and bail according to the spec parser. * The default parser doesn’t examine the names. */ } else { $this->type = self::OPENER; $this->next_stack_op = 'push'; } $this->has_closing_flag = $has_closer; // HTML spans are visited before the delimiter that follows them. if ( $comment_opening_at > $after_prev_delimiter ) { $this->state = self::HTML_SPAN; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } // If there were no HTML spans then flush the enqueued stack operations immediately. switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'push': $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; return true; incomplete: $this->state = self::COMPLETE; $this->last_error = self::INCOMPLETE_INPUT; return false; } /** * Returns an array containing the names of the currently-open blocks, in order * from outermost to innermost, with HTML spans indicated as “#html”. * * Example: * * // Freeform HTML content is an HTML span. * $processor = new WP_Block_Processor( 'Just text' ); * $processor->next_token(); * array( '#text' ) === $processor->get_breadcrumbs(); * * $processor = new WP_Block_Processor( '<!-- wp:a --><!-- wp:b --><!-- wp:c /--><!-- /wp:b --><!-- /wp:a -->' ); * $processor->next_token(); * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array( 'core/a', 'core/b' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Void blocks are only open while visiting them. * array( 'core/a', 'core/b', 'core/c' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Blocks are closed before visiting their closing delimiter. * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array() === $processor->get_breadcrumbs(); * * // Inner HTML is also an HTML span. * $processor = new WP_Block_Processor( '<!-- wp:a -->Inner HTML<!-- /wp:a -->' ); * $processor->next_token(); * $processor->next_token(); * array( 'core/a', '#html' ) === $processor->get_breadcrumbs(); * * @since 6.9.0 * * @return string[] */ public function get_breadcrumbs(): array { $breadcrumbs = array_fill( 0, count( $this->open_blocks_at ), null ); /* * Since HTML spans can only be at the very end, set the normalized block name for * each open element and then work backwards after creating the array. This allows * for the elimination of a conditional on each iteration of the loop. */ foreach ( $this->open_blocks_at as $i => $at ) { $block_type = substr( $this->source_text, $at, $this->open_blocks_length[ $i ] ); $breadcrumbs[ $i ] = self::normalize_block_type( $block_type ); } if ( isset( $i ) && 0 === $this->open_blocks_length[ $i ] ) { $breadcrumbs[ $i ] = '#html'; } return $breadcrumbs; } /** * Returns the depth of the open blocks where the processor is currently matched. * * Depth increases before visiting openers and void blocks and decreases before * visiting closers. HTML spans behave like void blocks. * * @since 6.9.0 * * @return int */ public function get_depth(): int { return count( $this->open_blocks_at ); } /** * Extracts a block object, and all inner content, starting at a matched opening * block delimiter, or at a matched top-level HTML span as freeform HTML content. * * Use this function to extract some blocks within a document, but not all. For example, * one might want to find image galleries, parse them, modify them, and then reserialize * them in place. * * Once this function returns, the parser will be matched on token following the close * of the given block. * * The return type of this method is compatible with the return of {@see \parse_blocks()}. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery = $processor->extract_full_block_and_advance(); * $ends_before = $processor->get_span(); * $ends_before = $ends_before->start ?? strlen( $post_content ); * * $new_gallery = update_gallery( $gallery ); * $new_gallery = serialize_block( $new_gallery ); * * return ( * substr( $post_content, 0, $gallery_at ) . * $new_gallery . * substr( $post_content, $ends_before ) * ); * * @since 6.9.0 * * @return array[]|null { * Array of block structures. * * @type array ...$0 { * An associative array of a single parsed block object. See WP_Block_Parser_Block. * * @type string|null $blockName Name of block. * @type array $attrs Attributes from block comment delimiters. * @type array[] $innerBlocks List of inner blocks. An array of arrays that * have the same structure as this one. * @type string $innerHTML HTML from inside block comment delimiters. * @type array $innerContent List of string fragments and null markers where * inner blocks were found. * } * } */ public function extract_full_block_and_advance(): ?array { if ( $this->is_html() ) { $chunk = $this->get_html_content(); return array( 'blockName' => null, 'attrs' => array(), 'innerBlocks' => array(), 'innerHTML' => $chunk, 'innerContent' => array( $chunk ), ); } $block = array( 'blockName' => $this->get_block_type(), 'attrs' => $this->allocate_and_return_parsed_attributes() ?? array(), 'innerBlocks' => array(), 'innerHTML' => '', 'innerContent' => array(), ); $depth = $this->get_depth(); while ( $this->next_token() && $this->get_depth() > $depth ) { if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; continue; } /** * Inner blocks. * * @todo This is a decent place to call {@link \render_block()} * @todo Use iteration instead of recursion, or at least refactor to tail-call form. */ if ( $this->opens_block() ) { $inner_block = $this->extract_full_block_and_advance(); $block['innerBlocks'][] = $inner_block; $block['innerContent'][] = null; } /* * Because the parser has advanced past the closing block token, it * may be matched on an HTML span. This needs to be processed before * moving on to the next token at the start of the next loop iteration. */ if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; } } return $block; } /** * Returns the byte-offset after the ending character of an HTML comment, * assuming the proper starting byte offset. * * @since 6.9.0 * * @param int $comment_starting_at Where the HTML comment started, the leading `<`. * @param int $search_end Last offset in which to search, for limiting search span. * @return int Offset after the current HTML comment ends, or `$search_end` if no end was found. */ private function find_html_comment_end( int $comment_starting_at, int $search_end ): int { $text = $this->source_text; // Find span-of-dashes comments which look like `<!----->`. $span_of_dashes = strspn( $text, '-', $comment_starting_at + 2 ); if ( $comment_starting_at + 2 + $span_of_dashes < $search_end && '>' === $text[ $comment_starting_at + 2 + $span_of_dashes ] ) { return $comment_starting_at + $span_of_dashes + 1; } // Otherwise, there are other characters inside the comment, find the first `-->` or `--!>`. $now_at = $comment_starting_at + 4; while ( $now_at < $search_end ) { $dashes_at = strpos( $text, '--', $now_at ); if ( false === $dashes_at ) { return $search_end; } $closer_must_be_at = $dashes_at + 2 + strspn( $text, '-', $dashes_at + 2 ); if ( $closer_must_be_at < $search_end && '!' === $text[ $closer_must_be_at ] ) { ++$closer_must_be_at; } if ( $closer_must_be_at < $search_end && '>' === $text[ $closer_must_be_at ] ) { return $closer_must_be_at + 1; } ++$now_at; } return $search_end; } /** * Indicates if the last attempt to parse a block comment delimiter * failed, if set, otherwise `null` if the last attempt succeeded. * * @since 6.9.0 * * @return string|null Error from last attempt at parsing next block delimiter, * or `null` if last attempt succeeded. */ public function get_last_error(): ?string { return $this->last_error; } /** * Indicates if the last attempt to parse a block’s JSON attributes failed. * * @see \json_last_error() * * @since 6.9.0 * * @return int JSON_ERROR_ code from last attempt to parse block JSON attributes. */ public function get_last_json_error(): int { return $this->last_json_error; } /** * Returns the type of the block comment delimiter. * * One of: * * - {@see self::OPENER} * - {@see self::CLOSER} * - {@see self::VOID} * - `null` * * @since 6.9.0 * * @return string|null type of the block comment delimiter, if currently matched. */ public function get_delimiter_type(): ?string { switch ( $this->state ) { case self::HTML_SPAN: return self::VOID; case self::MATCHED: return $this->type; default: return null; } } /** * Returns whether the delimiter contains the closing flag. * * This should be avoided except in cases of custom error-handling * with block closers containing the void flag. For normative use, * {@see self::get_delimiter_type()}. * * @since 6.9.0 * * @return bool Whether the currently-matched block delimiter contains the closing flag. */ public function has_closing_flag(): bool { return $this->has_closing_flag; } /** * Indicates if the block delimiter represents a block of the given type. * * Since the “core” namespace may be implicit, it’s allowable to pass * either the fully-qualified block type with namespace and block name * as well as the shorthand version only containing the block name, if * the desired block is in the “core” namespace. * * Since freeform HTML content is non-block content, it has no block type. * Passing the wildcard “*” will, however, return true for all block types, * even the implicit freeform content, though not for spans of inner HTML. * * Example: * * $is_core_paragraph = $processor->is_block_type( 'paragraph' ); * $is_core_paragraph = $processor->is_block_type( 'core/paragraph' ); * $is_formula = $processor->is_block_type( 'math-block/formula' ); * * @param string $block_type Block type name for the desired block. * E.g. "paragraph", "core/paragraph", "math-blocks/formula". * @return bool Whether this delimiter represents a block of the given type. */ public function is_block_type( string $block_type ): bool { if ( '*' === $block_type ) { return true; } if ( $this->is_html() ) { // This is a core/freeform text block, it’s special. if ( 0 === ( $this->open_blocks_length[0] ?? null ) ) { return ( 'core/freeform' === $block_type || 'freeform' === $block_type ); } // Otherwise this is innerHTML and not a block. return false; } return $this->are_equal_block_types( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length, $block_type, 0, strlen( $block_type ) ); } /** * Given two spans of text, indicate if they represent identical block types. * * This function normalizes block types to account for implicit core namespacing. * * Note! This function only returns valid results when the complete block types are * represented in the span offsets and lengths. This means that the full optional * namespace and block name must be represented in the input arguments. * * Example: * * 0 5 10 15 20 25 30 35 40 * $text = '<!-- wp:block --><!-- /wp:core/block -->'; * * true === WP_Block_Processor::are_equal_block_types( $text, 9, 5, $text, 27, 10 ); * false === WP_Block_Processor::are_equal_block_types( $text, 9, 5, 'my/block', 0, 8 ); * * @since 6.9.0 * * @param string $a_text Text in which first block type appears. * @param int $a_at Byte offset into text in which first block type starts. * @param int $a_length Byte length of first block type. * @param string $b_text Text in which second block type appears (may be the same as the first text). * @param int $b_at Byte offset into text in which second block type starts. * @param int $b_length Byte length of second block type. * @return bool Whether the spans of text represent identical block types, normalized for namespacing. */ public static function are_equal_block_types( string $a_text, int $a_at, int $a_length, string $b_text, int $b_at, int $b_length ): bool { $a_ns_length = strcspn( $a_text, '/', $a_at, $a_length ); $b_ns_length = strcspn( $b_text, '/', $b_at, $b_length ); $a_has_ns = $a_ns_length !== $a_length; $b_has_ns = $b_ns_length !== $b_length; // Both contain namespaces. if ( $a_has_ns && $b_has_ns ) { if ( $a_length !== $b_length ) { return false; } $a_block_type = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ); } if ( $a_has_ns ) { $b_block_type = 'core/' . substr( $b_text, $b_at, $b_length ); return ( strlen( $b_block_type ) === $a_length && 0 === substr_compare( $a_text, $b_block_type, $a_at, $a_length ) ); } if ( $b_has_ns ) { $a_block_type = 'core/' . substr( $a_text, $a_at, $a_length ); return ( strlen( $a_block_type ) === $b_length && 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ) ); } // Neither contains a namespace. if ( $a_length !== $b_length ) { return false; } $a_name = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_name, $b_at, $b_length ); } /** * Indicates if the matched delimiter is an opening or void delimiter of the given type, * if a type is provided, otherwise if it opens any block or implicit freeform HTML content. * * This is a helper method to ease handling of code inspecting where blocks start, and for * checking if the blocks are of a given type. The function is variadic to allow for * checking if the delimiter opens one of many possible block types. * * To advance to the start of a block {@see self::next_block()}. * * Example: * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() ) { * if ( $processor->opens_block( 'core/code', 'syntaxhighlighter/code' ) ) { * echo "Found code!"; * continue; * } * * if ( $processor->opens_block( 'core/image' ) ) { * echo "Found an image!"; * continue; * } * * if ( $processor->opens_block() ) { * echo "Found a new block!"; * } * } * * @since 6.9.0 * * @see self::is_block_type() * * @param string[] $block_type Optional. Is the matched block type one of these? * If none are provided, will not test block type. * @return bool Whether the matched block delimiter opens a block, and whether it * opens a block of one of the given block types, if provided. */ public function opens_block( string ...$block_type ): bool { // HTML spans only open implicit freeform content at the top level. if ( self::HTML_SPAN === $this->state && 1 !== count( $this->open_blocks_at ) ) { return false; } /* * Because HTML spans are discovered after the next delimiter is found, * the delimiter type when visiting HTML spans refers to the type of the * following delimiter. Therefore the HTML case is handled by checking * the state and depth of the stack of open block. */ if ( self::CLOSER === $this->type && ! $this->is_html() ) { return false; } if ( count( $block_type ) === 0 ) { return true; } foreach ( $block_type as $block ) { if ( $this->is_block_type( $block ) ) { return true; } } return false; } /** * Indicates if the matched delimiter is an HTML span. * * @since 6.9.0 * * @see self::is_non_whitespace_html() * * @return bool Whether the processor is matched on an HTML span. */ public function is_html(): bool { return self::HTML_SPAN === $this->state; } /** * Indicates if the matched delimiter is an HTML span and comprises more * than whitespace characters, i.e. contains real content. * * Many block serializers introduce newlines between block delimiters, * so the presence of top-level non-block content does not imply that * there are “real” freeform HTML blocks. Checking if there is content * beyond whitespace is a more certain check, such as for determining * whether to load CSS for the freeform or fallback block type. * * @since 6.9.0 * * @see self::is_html() * * @return bool Whether the currently-matched delimiter is an HTML * span containing non-whitespace text. */ public function is_non_whitespace_html(): bool { if ( ! $this->is_html() ) { return false; } $length = $this->matched_delimiter_at - $this->after_previous_delimiter; $whitespace_length = strspn( $this->source_text, " \t\f\r\n", $this->after_previous_delimiter, $length ); return $whitespace_length !== $length; } /** * Returns the string content of a matched HTML span, or `null` otherwise. * * @since 6.9.0 * * @return string|null Raw HTML content, or `null` if not currently matched on HTML. */ public function get_html_content(): ?string { if ( ! $this->is_html() ) { return null; } return substr( $this->source_text, $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); } /** * Allocates a substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter, otherwise `null`. * * This function is like {@see self::get_printable_block_type()} but when * paused on a freeform HTML block, will return `null` instead of “core/freeform”. * The `null` behavior matches what {@see \parse_blocks()} returns but may not * be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content has no block type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * null === $processor->get_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter, otherwise `null`. */ public function get_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return null; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Allocates a printable substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter or freeform block, otherwise `null`. * * This function is like {@see self::get_block_type()} but when paused on a freeform * HTML block, will return “core/freeform” instead of `null`. The `null` behavior matches * what {@see \parse_blocks()} returns but may not be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_printable_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content is given an implicit type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * 'core/freeform' === $processor->get_printable_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter or freeform block, otherwise `null`. */ public function get_printable_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return 1 === count( $this->open_blocks_at ) ? 'core/freeform' : '#innerHTML'; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Normalizes a block name to ensure that missing implicit “core” namespaces are present. * * Example: * * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'paragraph' ); * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'core/paragraph' ); * 'my/paragraph' === WP_Block_Processor::normalize_block_byte( 'my/paragraph' ); * * @since 6.9.0 * * @param string $block_type Valid block name, potentially without a namespace. * @return string Fully-qualified block type including namespace. */ public static function normalize_block_type( string $block_type ): string { return false === strpos( $block_type, '/' ) ? "core/{$block_type}" : $block_type; } /** * Returns a lazy wrapper around the block attributes, which can be used * for efficiently interacting with the JSON attributes. * * This stub hints that there should be a lazy interface for parsing * block attributes but doesn’t define it. It serves both as a placeholder * for one to come as well as a guard against implementing an eager * function in its place. * * @throws Exception This function is a stub for subclasses to implement * when providing streaming attribute parsing. * * @since 6.9.0 * * @see self::allocate_and_return_parsed_attributes() * * @return never */ public function get_attributes() { throw new Exception( 'Lazy attribute parsing not yet supported' ); } /** * Attempts to parse and return the entire JSON attributes from the delimiter, * allocating memory and processing the JSON span in the process. * * This does not return any parsed attributes for a closing block delimiter * even if there is a span of JSON content; this JSON is a parsing error. * * Consider calling {@see static::get_attributes()} instead if it's not * necessary to read all the attributes at the same time, as that provides * a more efficient mechanism for typical use cases. * * Since the JSON span inside the comment delimiter may not be valid JSON, * this function will return `null` if it cannot parse the span and set the * {@see static::get_last_json_error()} to the appropriate JSON_ERROR_ constant. * * If the delimiter contains no JSON span, it will also return `null`, * but the last error will be set to {@see \JSON_ERROR_NONE}. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * $memory_hungry_and_slow_attributes = $processor->allocate_and_return_parsed_attributes(); * $memory_hungry_and_slow_attributes === array( 'url' => 'https://wordpress.org/favicon.ico' ); * * $processor = new WP_Block_Processor( '<!-- /wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_NONE = $processor->get_last_json_error(); * * $processor = new WP_Block_Processor( '<!-- wp:separator {} /-->' ); * $processor->next_delimiter(); * array() === $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:separator /-->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:image {"url} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_CTRL_CHAR = $processor->get_last_json_error(); * * @since 6.9.0 * * @return array|null Parsed JSON attributes, if present and valid, otherwise `null`. */ public function allocate_and_return_parsed_attributes(): ?array { $this->last_json_error = JSON_ERROR_NONE; if ( self::CLOSER === $this->type || $this->is_html() || 0 === $this->json_length ) { return null; } $json_span = substr( $this->source_text, $this->json_at, $this->json_length ); $parsed = json_decode( $json_span, null, 512, JSON_OBJECT_AS_ARRAY | JSON_INVALID_UTF8_SUBSTITUTE ); $last_error = json_last_error(); $this->last_json_error = $last_error; return ( JSON_ERROR_NONE === $last_error && is_array( $parsed ) ) ? $parsed : null; } /** * Returns the span representing the currently-matched delimiter, if matched, otherwise `null`. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:void /-->' ); * null === $processor->get_span(); * * $processor->next_delimiter(); * WP_HTML_Span( 0, 17 ) === $processor->get_span(); * * @since 6.9.0 * * @return WP_HTML_Span|null Span of text in source text spanning matched delimiter. */ public function get_span(): ?WP_HTML_Span { switch ( $this->state ) { case self::HTML_SPAN: return new WP_HTML_Span( $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); case self::MATCHED: return new WP_HTML_Span( $this->matched_delimiter_at, $this->matched_delimiter_length ); default: return null; } } // // Constant declarations that would otherwise pollute the top of the class. // /** * Indicates that the block comment delimiter closes an open block. * * @see self::$type * * @since 6.9.0 */ const CLOSER = 'closer'; /** * Indicates that the block comment delimiter opens a block. * * @see self::$type * * @since 6.9.0 */ const OPENER = 'opener'; /** * Indicates that the block comment delimiter represents a void block * with no inner content of any kind. * * @see self::$type * * @since 6.9.0 */ const VOID = 'void'; /** * Indicates that the processor is ready to start parsing but hasn’t yet begun. * * @see self::$state * * @since 6.9.0 */ const READY = 'processor-ready'; /** * Indicates that the processor is matched on an explicit block delimiter. * * @see self::$state * * @since 6.9.0 */ const MATCHED = 'processor-matched'; /** * Indicates that the processor is matched on the opening of an implicit freeform delimiter. * * @see self::$state * * @since 6.9.0 */ const HTML_SPAN = 'processor-html-span'; /** * Indicates that the parser started parsing a block comment delimiter, but * the input document ended before it could finish. The document was likely truncated. * * @see self::$state * * @since 6.9.0 */ const INCOMPLETE_INPUT = 'incomplete-input'; /** * Indicates that the processor has finished parsing and has nothing left to scan. * * @see self::$state * * @since 6.9.0 */ const COMPLETE = 'processor-complete'; } HTTP/https-migration-20260605182534.php 0000666 00000011205 15226703613 0012566 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-dependency-20260605032742.php 0000666 00000005111 15226703613 0013274 0 ustar 00 <?php /** * Dependencies API: _WP_Dependency class * * @since 4.7.0 * * @package WordPress * @subpackage Dependencies */ /** * Class _WP_Dependency * * Helper class to register a handle and associated data. * * @access private * @since 2.6.0 */ #[AllowDynamicProperties] class _WP_Dependency { /** * The handle name. * * @since 2.6.0 * @var string */ public $handle; /** * The handle source. * * If source is set to false, the item is an alias of other items it depends on. * * @since 2.6.0 * @var string|false */ public $src; /** * An array of handle dependencies. * * @since 2.6.0 * @var string[] */ public $deps = array(); /** * The handle version. * * Used for cache-busting. * * @since 2.6.0 * @var string|false|null */ public $ver = false; /** * Additional arguments for the handle. * * @since 2.6.0 * @var mixed */ public $args = null; // Custom property, such as $in_footer or $media. /** * Extra data to supply to the handle. * * @since 2.6.0 * @var array */ public $extra = array(); /** * Translation textdomain set for this dependency. * * @since 5.0.0 * @var string */ public $textdomain; /** * Translation path set for this dependency. * * @since 5.0.0 * @var string */ public $translations_path; /** * Setup dependencies. * * @since 2.6.0 * @since 5.3.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @param mixed ...$args Dependency information. */ public function __construct( ...$args ) { list( $this->handle, $this->src, $this->deps, $this->ver, $this->args ) = $args; if ( ! is_array( $this->deps ) ) { $this->deps = array(); } } /** * Add handle data. * * @since 2.6.0 * * @param string $name The data key to add. * @param mixed $data The data value to add. * @return bool False if not scalar, true otherwise. */ public function add_data( $name, $data ) { if ( ! is_scalar( $name ) ) { return false; } $this->extra[ $name ] = $data; return true; } /** * Sets the translation domain for this dependency. * * @since 5.0.0 * * @param string $domain The translation textdomain. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool False if $domain is not a string, true otherwise. */ public function set_translations( $domain, $path = '' ) { if ( ! is_string( $domain ) ) { return false; } $this->textdomain = $domain; $this->translations_path = $path; return true; } } HTTP/https-migration-20260605172034.php 0000666 00000011205 15226703613 0012560 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606153026.php 0000666 00000013341 15226703613 0012551 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606103613-20260609100749.php 0000666 00000013341 15226703613 0014141 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606112432.php 0000666 00000011205 15226703613 0012555 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605172309-20260610063048.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605221903-20260608233029.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605134451-20260608072205.php 0000666 00000011205 15226703613 0014146 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260607114002-20260610042836.php 0000666 00000011205 15226703613 0014136 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606022251.php 0000666 00000011205 15226703613 0012554 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606083005-20260610115945.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Psr7Response-20260605033430.php 0000666 00000004201 15226703613 0011773 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use Psr\Http\Message\ResponseInterface; /** * HTTP Response based on a PSR-7 response * * This interface must be interoperable with Psr\Http\Message\ResponseInterface * @see https://www.php-fig.org/psr/psr-7/#33-psrhttpmessageresponseinterface * * @internal */ final class Psr7Response implements Response { /** * @var ResponseInterface */ private $response; /** * @var string */ private $permanent_url; /** * @var string */ private $requested_url; public function __construct(ResponseInterface $response, string $permanent_url, string $requested_url) { $this->response = $response; $this->permanent_url = $permanent_url; $this->requested_url = $requested_url; } public function get_permanent_uri(): string { return $this->permanent_url; } public function get_final_requested_uri(): string { return $this->requested_url; } public function get_status_code(): int { return $this->response->getStatusCode(); } public function get_headers(): array { // The filtering is probably redundant but let’s make PHPStan happy. return array_filter($this->response->getHeaders(), function (array $header): bool { return count($header) >= 1; }); } public function has_header(string $name): bool { return $this->response->hasHeader($name); } public function with_header(string $name, $value) { return new self($this->response->withHeader($name, $value), $this->permanent_url, $this->requested_url); } public function get_header(string $name): array { return $this->response->getHeader($name); } public function get_header_line(string $name): string { return $this->response->getHeaderLine($name); } public function get_body_content(): string { return $this->response->getBody()->__toString(); } } HTTP/Psr18Client.php 0000666 00000010537 15226703613 0010127 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use Psr\Http\Client\ClientExceptionInterface; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use Psr\Http\Message\UriFactoryInterface; use Throwable; /** * HTTP Client based on PSR-18 and PSR-17 implementations * * @internal */ final class Psr18Client implements Client { /** * @var ClientInterface */ private $httpClient; /** * @var RequestFactoryInterface */ private $requestFactory; /** * @var UriFactoryInterface */ private $uriFactory; /** * @var int */ private $allowedRedirects = 5; public function __construct(ClientInterface $httpClient, RequestFactoryInterface $requestFactory, UriFactoryInterface $uriFactory) { $this->httpClient = $httpClient; $this->requestFactory = $requestFactory; $this->uriFactory = $uriFactory; } public function getHttpClient(): ClientInterface { return $this->httpClient; } public function getRequestFactory(): RequestFactoryInterface { return $this->requestFactory; } public function getUriFactory(): UriFactoryInterface { return $this->uriFactory; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param string $url * @param array<string,string|string[]> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } if (preg_match('/^http(s)?:\/\//i', $url)) { return $this->requestUrl($method, $url, $headers); } return $this->requestLocalFile($url); } /** * @param array<string,string|string[]> $headers */ private function requestUrl(string $method, string $url, array $headers): Response { $permanentUrl = $url; $requestedUrl = $url; $remainingRedirects = $this->allowedRedirects; $request = $this->requestFactory->createRequest( $method, $this->uriFactory->createUri($requestedUrl) ); foreach ($headers as $name => $value) { $request = $request->withHeader($name, $value); } do { $followRedirect = false; try { $response = $this->httpClient->sendRequest($request); } catch (ClientExceptionInterface $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } $statusCode = $response->getStatusCode(); // If we have a redirect if (in_array($statusCode, [300, 301, 302, 303, 307]) && $response->hasHeader('Location')) { // Prevent infinity redirect loops if ($remainingRedirects <= 0) { break; } $remainingRedirects--; $followRedirect = true; $requestedUrl = $response->getHeaderLine('Location'); if ($statusCode === 301) { $permanentUrl = $requestedUrl; } $request = $request->withUri($this->uriFactory->createUri($requestedUrl)); } } while ($followRedirect); return new Psr7Response($response, $permanentUrl, $requestedUrl); } private function requestLocalFile(string $path): Response { if (!is_readable($path)) { throw new ClientException(sprintf('file "%s" is not readable', $path)); } try { $raw = file_get_contents($path); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($raw === false) { throw new ClientException('file_get_contents() could not read the file', 1); } return new RawTextResponse($raw, $path); } } HTTP/https-detection-20260606074753-20260610011410.php 0000666 00000013341 15226703613 0014127 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606102652-20260610213400.php 0000666 00000011205 15226703613 0014130 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605201901-20260606085004.php 0000666 00000013341 15226703613 0014130 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606074155-20260615143251.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606014211.php 0000666 00000013341 15226703613 0012541 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606092626-20260608070410.php 0000666 00000011205 15226703613 0014152 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606110645.php 0000666 00000013341 15226703613 0012551 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606052856-20260610050342.php 0000666 00000011205 15226703613 0014146 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605114100-20260608183903.php 0000666 00000011205 15226703613 0014143 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605183217-copy.php 0000666 00000011205 15226703613 0013535 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260607015444.php 0000666 00000011205 15226703613 0012563 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-block-processor-20260605082704.php 0000666 00000210507 15226703613 0014277 0 ustar 00 <?php /** * Efficiently scan through block structure in document without parsing * the entire block tree and all of its JSON attributes into memory. * * @package WordPress * @subpackage Blocks * @since 6.9.0 */ /** * Class for efficiently scanning through block structure in a document * without parsing the entire block tree and JSON attributes into memory. * * ## Overview * * This class is designed to help analyze and modify block structure in a * streaming fashion and to bridge the gap between parsed block trees and * the text representing them. * * Use-cases for this class include but are not limited to: * * - Counting block types in a document. * - Queuing stylesheets based on the presence of various block types. * - Modifying blocks of a given type, i.e. migrations, updates, and styling. * - Searching for content of specific kinds, e.g. checking for blocks * with certain theme support attributes, or block bindings. * - Adding CSS class names to the element wrapping a block’s inner blocks. * * > *Note!* If a fully-parsed block tree of a document is necessary, including * > all the parsed JSON attributes, nested blocks, and HTML, consider * > using {@see \parse_blocks()} instead which will parse the document * > in one swift pass. * * For typical usage, jump first to the methods {@see self::next_block()}, * {@see self::next_delimiter()}, or {@see self::next_token()}. * * ### Values * * As a lower-level interface than {@see parse_blocks()} this class follows * different performance-focused values: * * - Minimize allocations so that documents of any size may be processed * on a fixed or marginal amount of memory. * - Make hidden costs explicit so that calling code only has to pay the * performance penalty for features it needs. * - Operate with a streaming and re-entrant design to make it possible * to operate on chunks of a document and to resume after pausing. * * This means that some operations might appear more cumbersome than one * might expect. This design tradeoff opens up opportunity to wrap this in * a convenience class to add higher-level functionality. * * ## Concepts * * All text documents can be considered a block document containing a combination * of “freeform HTML” and explicit block structure. Block structure forms through * special HTML comments called _delimiters_ which include a block type and, * optionally, block attributes encoded as a JSON object payload. * * This processor is designed to scan through a block document from delimiter to * delimiter, tracking how the delimiters impact the structure of the document. * Spans of HTML appear between delimiters. If these spans exist at the top level * of the document, meaning there is no containing block around them, they are * considered freeform HTML content. If, however, they appear _inside_ block * structure they are interpreted as `innerHTML` for the containing block. * * ### Tokens and scanning * * As the processor scans through a document is reports information about the token * on which is pauses. Tokens represent spans of text in the input comprising block * delimiters and spans of HTML. * * - {@see self::next_token()} visits every contiguous subspan of text in the * input document. This includes all explicit block comment delimiters and spans * of HTML content (whether freeform or inner HTML). * - {@see self::next_delimiter()} visits every explicit block comment delimiter * unless passed a block type which covers freeform HTML content. In these cases * it will stop at top-level spans of HTML and report a `null` block type. * - {@see self::next_block()} visits every block delimiter which _opens_ a block. * This includes opening block delimiters as well as void block delimiters. With * the same exception as above for freeform HTML block types, this will visit * top-level spans of HTML content. * * When matched on a particular token, the following methods provide structural * and textual information about it: * * - {@see self::get_delimiter_type()} reports whether the delimiter is an opener, * a closer, or if it represents a whole void block. * - {@see self::get_block_type()} reports the fully-qualified block type which * the delimiter represents. * - {@see self::get_printable_block_type()} reports the fully-qualified block type, * but returns `core/freeform` instead of `null` for top-level freeform HTML content. * - {@see self::is_block_type()} indicates if the delimiter represents a block of * the given block type, or wildcard or pseudo-block type described below. * - {@see self::opens_block()} indicates if the delimiter opens a block of one * of the provided block types. Opening, void, and top-level freeform HTML content * all open blocks. * - {@see static::get_attributes()} is currently reserved for a future streaming * JSON parser class. * - {@see self::allocate_and_return_parsed_attributes()} extracts the JSON attributes * for delimiters which open blocks and return the fully-parsed attributes as an * associative array. {@see static::get_last_json_error()} for when this fails. * - {@see self::is_html()} indicates if the token is a span of HTML which might * be top-level freeform content or a block’s inner HTML. * - {@see self::get_html_content()} returns the span of HTML. * - {@see self::get_span()} for the byte offset and length into the input document * representing the token. * * It’s possible for the processor to fail to scan forward if the input document ends * in a proper prefix of an explicit block comment delimiter. For example, if the input * ends in `<!-- wp:` then it _might_ be the start of another delimiter. The parser * cannot know, however, and therefore refuses to proceed. {@see static::get_last_error()} * to distinguish between a failure to find the next token and an incomplete input. * * ### Block types * * A block’s “type” comprises an optional _namespace_ and _name_. If the namespace * isn’t provided it will be interpreted as the implicit `core` namespace. For example, * the type `gallery` is the name of the block in the `core` namespace, but the type * `abc/gallery` is the _fully-qualified_ block type for the block whose name is still * `gallery`, but in the `abc` namespace. * * Methods on this class are aware of this block naming semantic and anywhere a block * type is an argument to a method it will be normalized to account for implicit namespaces. * Passing `paragraph` is the same as passing `core/paragraph`. On the contrary, anywhere * this class returns a block type, it will return the fully-qualified and normalized form. * For example, for the `<!-- wp:group -->` delimiter it will return `core/group` as the * block type. * * There are two special block types that change the behavior of the processor: * * - The wildcard `*` represents _any block_. In addition to matching all block types, * it also represents top-level freeform HTML whose block type is reported as `null`. * * - The `core/freeform` block type is a pseudo-block type which explicitly matches * top-level freeform HTML. * * These special block types can be passed into any method which searches for blocks. * * There is one additional special block type which may be returned from * {@see self::get_printable_block_type()}. This is the `#innerHTML` type, which * indicates that the HTML span on which the processor is paused is inner HTML for * a containing block. * * ### Spans of HTML * * Non-block content plays a complicated role in processing block documents. This * processor exposes tools to help work with these spans of HTML. * * - {@see self::is_html()} indicates if the processor is paused at a span of * HTML but does not differentiate between top-level freeform content and inner HTML. * - {@see self::is_non_whitespace_html()} indicates not only if the processor * is paused at a span of HTML, but also whether that span incorporates more than * whitespace characters. Because block serialization often inserts newlines between * block comment delimiters, this is useful for distinguishing “real” freeform * content from purely aesthetic syntax. * - {@see self::is_block_type()} matches top-level freeform HTML content when * provided one of the special block types described above. * * ### Block structure * * As the processor traverses block delimiters it maintains a stack of which blocks are * open at the given place in the document where it’s paused. This stack represents the * block structure of a document and is used to determine where blocks end, which blocks * represent inner blocks, whether a span of HTML is top-level freeform content, and * more. Investigate the stack with {@see self::get_breadcrumbs()}, which returns an * array of block types starting at the outermost-open block and descending to the * currently-visited block. * * Unlike {@parse_blocks()}, spans of HTML appear in this structure as the special * reported block type `#html`. Such a span represents inner HTML for a block if the * depth reported by {@see self::get_depth()} is greater than one. * * It will generally not be necessary to inspect the stack of open blocks, though * depth may be important for finding where blocks end. When visiting a block opener, * the depth will have been increased before pausing; in contrast the depth is * decremented before visiting a closer. This makes the following an easy way to * determine if a block is still open. * * Example: * * $depth = $processor->get_depth(); * while ( $processor->next_token() && $processor->get_depth() > $depth ) { * continue * } * // Processor is now paused at the token immediately following the closed block. * * #### Extracting blocks * * A unique feature of this processor is the ability to return the same output as * {@see \parse_blocks()} would produce, but for a subset of the input document. * For example, it’s possible to extract an image block, manipulate that parsed * block, and re-serialize it into the original document. It’s possible to do so * while skipping over the parse of the rest of the document. * * {@see self::extract_full_block_and_advance()} will scan forward from the current block opener * and build the parsed block structure until the current block is closed. It will * include all inner HTML and inner blocks, and parse all of the inner blocks. It * can be used to extract a block at any depth in the document, helpful for operating * on blocks within nested structure. * * Example: * * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery_block = $processor->extract_full_block_and_advance(); * $after_gallery = $processor->get_span()->start; * return ( * substr( $post_content, 0, $gallery_at ) . * serialize_block( modify_gallery( $gallery_block ) . * substr( $post_content, $after_gallery ) * ); * * #### Handling of malformed structure * * There are situations where closing block delimiters appear for which no open block * exists, or where a document ends before a block is closed, or where a closing block * delimiter appears but references a different block type than the most-recently * opened block does. In all of these cases, the stack of open blocks should mirror * the behavior in {@see \parse_blocks()}. * * Unlike {@see \parse_blocks()}, however, this processor can still operate on the * invalid block delimiters. It provides a few functions which can be used for building * custom and non-spec-compliant error handling. * * - {@see self::has_closing_flag()} indicates if the block delimiter contains the * closing flag at the end. Some invalid block delimiters might contain both the * void and closing flag, in which case {@see self::get_delimiter_type()} will * report that it’s a void block. * - {@see static::get_last_error()} indicates if the processor reached an invalid * block closing. Depending on the context, {@see \parse_blocks()} might instead * ignore the token or treat it as freeform HTML content. * * ## Static helpers * * This class provides helpers for performing semantic block-related operations. * * - {@see self::normalize_block_type()} takes a block type with or without the * implicit `core` namespace and returns a fully-qualified block type. * - {@see self::are_equal_block_types()} indicates if two spans across one or * more input texts represent the same fully-qualified block type. * * ## Subclassing * * This processor is designed to accurately parse a block document. Therefore, many * of its methods are not meant for subclassing. However, overall this class supports * building higher-level convenience classes which may choose to subclass it. For those * classes, avoid re-implementing methods except for the list below. Instead, create * new names representing the higher-level concepts being introduced. For example, instead * of creating a new method named `next_block()` which only advances to blocks of a given * kind, consider creating a new method named something like `next_layout_block()` which * won’t interfere with the base class method. * * - {@see static::get_last_error()} may be reimplemented to report new errors in the subclass * which aren’t intrinsic to block parsing. * - {@see static::get_attributes()} may be reimplemented to provide a streaming interface * to reading and modifying a block’s JSON attributes. It should be fast and memory efficient. * - {@see static::get_last_json_error()} may be reimplemented to report new errors introduced * with a reimplementation of {@see static::get_attributes()}. * * @since 6.9.0 */ class WP_Block_Processor { /** * Indicates if the last operation failed, otherwise * will be `null` for success. * * @since 6.9.0 * * @var string|null */ private $last_error = null; /** * Indicates failures from decoding JSON attributes. * * @since 6.9.0 * * @see \json_last_error() * * @var int */ private $last_json_error = JSON_ERROR_NONE; /** * Source text provided to processor. * * @since 6.9.0 * * @var string */ protected $source_text; /** * Byte offset into source text where a matched delimiter starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰─ Starts at byte offset 17. * * @since 6.9.0 * * @var int */ private $matched_delimiter_at = 0; /** * Byte length of full span of a matched delimiter. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $matched_delimiter_length = 0; /** * First byte offset into source text following any previously-matched delimiter. * Used to indicate where an HTML span starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 55 * <!-- wp:paragraph --><p>Content</p><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨ * │ ╰─ This delimiter was matched, and after matching, * │ revealed the preceding HTML span. * │ * ╰─ The first byte offset after the previous matched delimiter * is 21. Because the matched delimiter starts at 55, which is after * this, a span of HTML must exist between these boundaries. * * @since 6.9.0 * * @var int */ private $after_previous_delimiter = 0; /** * Byte offset where namespace span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block name. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $namespace_at = 0; /** * Byte offset where block name span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block namespace. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $name_at = 0; /** * Byte length of block name span. * * Example: * * 5 10 15 20 25 * <!-- wp:core/gallery --> * ╰─────╯ * 7 bytes long. * * @since 6.9.0 * * @var int */ private $name_length = 0; /** * Whether the delimiter contains the block-closing flag. * * This may be erroneous if present within a void block, * therefore the {@see self::has_closing_flag()} can be used by * calling code to perform custom error-handling. * * @since 6.9.0 * * @var bool */ private $has_closing_flag = false; /** * Byte offset where JSON attributes span begins. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰─ Starts at byte offset 18. * * @since 6.9.0 * * @var int */ private $json_at; /** * Byte length of JSON attributes span, or 0 if none are present. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $json_length = 0; /** * Internal parser state, differentiating whether the instance is currently matched, * on an implicit freeform node, in error, or ready to begin parsing. * * @see self::READY * @see self::MATCHED * @see self::HTML_SPAN * @see self::INCOMPLETE_INPUT * @see self::COMPLETE * * @since 6.9.0 * * @var string */ protected $state = self::READY; /** * Indicates what kind of block comment delimiter was matched. * * One of: * * - {@see self::OPENER} If the delimiter is opening a block. * - {@see self::CLOSER} If the delimiter is closing an open block. * - {@see self::VOID} If the delimiter represents a void block with no inner content. * * If a parsed comment delimiter contains both the closing and the void * flags then it will be interpreted as a void block to match the behavior * of the official block parser, however, this is a syntax error and probably * the block ought to close an open block of the same name, if one is open. * * @since 6.9.0 * * @var string */ private $type; /** * Whether the last-matched delimiter acts like a void block and should be * popped from the stack of open blocks as soon as the parser advances. * * This applies to void block delimiters and to HTML spans. * * @since 6.9.0 * * @var bool */ private $was_void = false; /** * For every open block, in hierarchical order, this stores the byte offset * into the source text where the block type starts, including for HTML spans. * * To avoid allocating and normalizing block names when they aren’t requested, * the stack of open blocks is stored as the byte offsets and byte lengths of * each open block’s block type. This allows for minimal tracking and quick * reading or comparison of block types when requested. * * @since 6.9.0 * * @see self::$open_blocks_length * * @var int[] */ private $open_blocks_at = array(); /** * For every open block, in hierarchical order, this stores the byte length * of the block’s block type in the source text. For HTML spans this is 0. * * @since 6.9.0 * * @see self::$open_blocks_at * * @var int[] */ private $open_blocks_length = array(); /** * Indicates which operation should apply to the stack of open blocks after * processing any pending spans of HTML. * * Since HTML spans are discovered after matching block delimiters, those * delimiters need to defer modifying the stack of open blocks. This value, * if set, indicates what operation should be applied. The properties * associated with token boundaries still point to the delimiters even * when processing HTML spans, so there’s no need to track them independently. * * @var 'push'|'void'|'pop'|null */ private $next_stack_op = null; /** * Creates a new block processor. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( $processor->next_block( 'core/image' ) ) { * echo "Found an image!\n"; * } * * @see self::next_block() to advance to the start of the next block (skips closers). * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @since 6.9.0 * * @param string $source_text Input document potentially containing block content. */ public function __construct( string $source_text ) { $this->source_text = $source_text; } /** * Advance to the next block delimiter which opens a block, indicating if one was found. * * Delimiters which open blocks include opening and void block delimiters. To visit * freeform HTML content, pass the wildcard “*” as the block type. * * Use this function to walk through the blocks in a document, pausing where they open. * * Example blocks: * * // The first delimiter opens the paragraph block. * <⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨<p>Content</p><!-- /wp:paragraph--> * * // The void block is the first opener in this sequence of closers. * <!-- /wp:group --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨s⃨p⃨a⃨c⃨e⃨r⃨ ⃨{⃨"⃨h⃨e⃨i⃨g⃨h⃨t⃨"⃨:⃨"⃨2⃨0⃨0⃨p⃨x⃨"⃨}⃨ ⃨/⃨-⃨-⃨>⃨<!-- /wp:group --> * * // If, however, `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * <!-- /wp:list-item --></ul><!-- /wp:list --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨>⃨<p> * * Example: * * // Find all textual ranges of image block opening delimiters. * $images = array(); * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( 'core/image' ) ) { * $images[] = $processor->get_span(); * } * * In some cases it may be useful to conditionally visit the implicit freeform * blocks, such as when determining if a post contains freeform content that * isn’t purely whitespace. * * Example: * * $seen_block_types = []; * $block_type = '*'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( $block_type ) { * // Stop wasting time visiting freeform blocks after one has been found. * if ( * '*' === $block_type && * null === $processor->get_block_type() && * $processor->is_non_whitespace_html() * ) { * $block_type = null; * $seen_block_types['core/freeform'] = true; * continue; * } * * $seen_block_types[ $processor->get_block_type() ] = true; * } * * @since 6.9.0 * * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @param string|null $block_type Optional. If provided, advance until a block of this type is found. * Default is to stop at any block regardless of its type. * @return bool Whether an opening delimiter for a block was found. */ public function next_block( ?string $block_type = null ): bool { while ( $this->next_delimiter( $block_type ) ) { if ( self::CLOSER !== $this->get_delimiter_type() ) { return true; } } return false; } /** * Advance to the next block delimiter in a document, indicating if one was found. * * Delimiters may include invalid JSON. This parser does not attempt to parse the * JSON attributes until requested; when invalid, the attributes will be null. This * matches the behavior of {@see \parse_blocks()}. To visit freeform HTML content, * pass the wildcard “*” as the block type. * * Use this function to walk through the block delimiters in a document. * * Example delimiters: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * * // If the wildcard `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * ...</ul><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨l⃨i⃨s⃨t⃨ ⃨-⃨-⃨>⃨<!-- wp:paragraph --><p> * * Example: * * $html = '<!-- wp:void /-->\n<!-- wp:void /-->'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() { * // Runs twice, seeing both void blocks of type “core/void.” * } * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter( '*' ) ) { * // Runs thrice, seeing the void block, the newline span, and the void block. * } * * @since 6.9.0 * * @param string|null $block_name Optional. Keep searching until a block of this name is found. * Defaults to visit every block regardless of type. * @return bool Whether a block delimiter was matched. */ public function next_delimiter( ?string $block_name = null ): bool { if ( ! isset( $block_name ) ) { while ( $this->next_token() ) { if ( ! $this->is_html() ) { return true; } } return false; } while ( $this->next_token() ) { if ( $this->is_block_type( $block_name ) ) { return true; } } return false; } /** * Advance to the next block delimiter or HTML span in a document, indicating if one was found. * * This function steps through every syntactic chunk in a document. This includes explicit * block comment delimiters, freeform non-block content, and inner HTML segments. * * Example tokens: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * <p>Normal HTML content</p> * Plaintext content too! * * Example: * * // Find span containing wrapping HTML element surrounding inner blocks. * $processor = new WP_Block_Processor( $html ); * if ( ! $processor->next_block( 'gallery' ) ) { * return null; * } * * $containing_span = null; * while ( $processor->next_token() && $processor->is_html() ) { * $containing_span = $processor->get_span(); * } * * This method will visit all HTML spans including those forming freeform non-block * content as well as those which are part of a block’s inner HTML. * * @since 6.9.0 * * @return bool Whether a token was matched or the end of the document was reached without finding any. */ public function next_token(): bool { if ( $this->last_error || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return false; } // Void tokens automatically pop off the stack of open blocks. if ( $this->was_void ) { array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); $this->was_void = false; } $text = $this->source_text; $end = strlen( $text ); /* * Because HTML spans are inferred after finding the next delimiter, it means that * the parser must transition out of that HTML state and reuse the token boundaries * it found after the HTML span. If those boundaries are before the end of the * document it implies that a real delimiter was found; otherwise this must be the * terminating HTML span and the parsing is complete. */ if ( self::HTML_SPAN === $this->state ) { if ( $this->matched_delimiter_at >= $end ) { $this->state = self::COMPLETE; return false; } switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'push': $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; $this->state = self::MATCHED; return true; } $this->state = self::READY; $after_prev_delimiter = $this->matched_delimiter_at + $this->matched_delimiter_length; $at = $after_prev_delimiter; while ( $at < $end ) { /* * Find the next possible start of a delimiter. * * This follows the behavior in the official block parser, which segments a post * by the block comment delimiters. It is possible for an HTML attribute to contain * what looks like a block comment delimiter but which is actually an HTML attribute * value. In such a case, the parser here will break apart the HTML and create the * block boundary inside the HTML attribute. In other words, the block parser * isolates sections of HTML from each other, even if that leads to malformed markup. * * For a more robust parse, scan through the document with the HTML API and parse * comments once they are matched to see if they are also block delimiters. In * practice, this nuance has not caused any known problems since developing blocks. * * <⃨!⃨-⃨-⃨ /wp:core/paragraph {"dropCap":true} /--> */ $comment_opening_at = strpos( $text, '<!--', $at ); /* * Even if the start of a potential block delimiter is not found, the document * might end in a prefix of such, and in that case there is incomplete input. */ if ( false === $comment_opening_at ) { if ( str_ends_with( $text, '<!-' ) ) { $backup = 3; } elseif ( str_ends_with( $text, '<!' ) ) { $backup = 2; } elseif ( str_ends_with( $text, '<' ) ) { $backup = 1; } else { $backup = 0; } // Whether or not there is a potential delimiter, there might be an HTML span. if ( $after_prev_delimiter < ( $end - $backup ) ) { $this->state = self::HTML_SPAN; $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $end - $backup; $this->matched_delimiter_length = $backup; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } /* * In the case that there is the start of an HTML comment, it means that there * might be a block delimiter, but it’s not possible know, therefore it’s incomplete. */ if ( $backup > 0 ) { goto incomplete; } // Otherwise this is the end. $this->state = self::COMPLETE; return false; } // <!-- ⃨/wp:core/paragraph {"dropCap":true} /--> $opening_whitespace_at = $comment_opening_at + 4; if ( $opening_whitespace_at >= $end ) { goto incomplete; } $opening_whitespace_length = strspn( $text, " \t\f\r\n", $opening_whitespace_at ); /* * The `wp` prefix cannot come before this point, but it may come after it * depending on the presence of the closer. This is detected next. */ $wp_prefix_at = $opening_whitespace_at + $opening_whitespace_length; if ( $wp_prefix_at >= $end ) { goto incomplete; } if ( 0 === $opening_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /⃨wp:core/paragraph {"dropCap":true} /--> $has_closer = false; if ( '/' === $text[ $wp_prefix_at ] ) { $has_closer = true; ++$wp_prefix_at; } // <!-- /w⃨p⃨:⃨core/paragraph {"dropCap":true} /--> if ( $wp_prefix_at < $end && 0 !== substr_compare( $text, 'wp:', $wp_prefix_at, 3 ) ) { if ( ( $wp_prefix_at + 2 >= $end && str_ends_with( $text, 'wp' ) ) || ( $wp_prefix_at + 1 >= $end && str_ends_with( $text, 'w' ) ) ) { goto incomplete; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * If the block contains no namespace, this will end up masquerading with * the block name. It’s easier to first detect the span and then determine * if it’s a namespace of a name. * * <!-- /wp:c⃨o⃨r⃨e⃨/paragraph {"dropCap":true} /--> */ $namespace_at = $wp_prefix_at + 3; if ( $namespace_at >= $end ) { goto incomplete; } $start_of_namespace = $text[ $namespace_at ]; // The namespace must start with a-z. if ( 'a' > $start_of_namespace || 'z' < $start_of_namespace ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $namespace_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $namespace_at + 1 ); $separator_at = $namespace_at + $namespace_length; if ( $separator_at >= $end ) { goto incomplete; } // <!-- /wp:core/⃨paragraph {"dropCap":true} /--> $has_separator = '/' === $text[ $separator_at ]; if ( $has_separator ) { $name_at = $separator_at + 1; if ( $name_at >= $end ) { goto incomplete; } // <!-- /wp:core/p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ {"dropCap":true} /--> $start_of_name = $text[ $name_at ]; if ( 'a' > $start_of_name || 'z' < $start_of_name ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $name_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $name_at + 1 ); } else { $name_at = $namespace_at; $name_length = $namespace_length; } if ( $name_at + $name_length >= $end ) { goto incomplete; } /* * For this next section of the delimiter, it could be the JSON attributes * or it could be the end of the comment. Assume that the JSON is there and * update if it’s not. */ // <!-- /wp:core/paragraph ⃨{"dropCap":true} /--> $after_name_whitespace_at = $name_at + $name_length; $after_name_whitespace_length = strspn( $text, " \t\f\r\n", $after_name_whitespace_at ); $json_at = $after_name_whitespace_at + $after_name_whitespace_length; if ( $json_at >= $end ) { goto incomplete; } if ( 0 === $after_name_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /wp:core/paragraph {⃨"dropCap":true} /--> $has_json = '{' === $text[ $json_at ]; $json_length = 0; /* * For the final span of the delimiter it's most efficient to find the end of the * HTML comment and work backwards. This prevents complicated parsing inside the * JSON span, which is not allowed to contain the HTML comment terminator. * * This also matches the behavior in the official block parser, * even though it allows for matching invalid JSON content. * * <!-- /wp:core/paragraph {"dropCap":true} /-⃨-⃨>⃨ */ $comment_closing_at = strpos( $text, '-->', $json_at ); if ( false === $comment_closing_at ) { goto incomplete; } // <!-- /wp:core/paragraph {"dropCap":true} /⃨--> if ( '/' === $text[ $comment_closing_at - 1 ] ) { $has_void_flag = true; $void_flag_length = 1; } else { $has_void_flag = false; $void_flag_length = 0; } /* * If there's no JSON, then the span of text after the name * until the comment closing must be completely whitespace. * Otherwise it’s a normal HTML comment. */ if ( ! $has_json ) { if ( $after_name_whitespace_at + $after_name_whitespace_length === $comment_closing_at - $void_flag_length ) { // This must be a block delimiter! $this->state = self::MATCHED; break; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * There's JSON, so attempt to find its boundary. * * @todo It’s likely faster to scan forward instead of in reverse. * * <!-- /wp:core/paragraph {"dropCap":true}⃨ ⃨/--> */ $after_json_whitespace_length = 0; for ( $char_at = $comment_closing_at - $void_flag_length - 1; $char_at > $json_at; $char_at-- ) { $char = $text[ $char_at ]; switch ( $char ) { case ' ': case "\t": case "\f": case "\r": case "\n": ++$after_json_whitespace_length; continue 2; case '}': $json_length = $char_at - $json_at + 1; break 2; default: ++$at; continue 3; } } /* * This covers cases where there is no terminating “}” or where * mandatory whitespace is missing. */ if ( 0 === $json_length || 0 === $after_json_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // This must be a block delimiter! $this->state = self::MATCHED; break; } // The end of the document was reached without a match. if ( self::MATCHED !== $this->state ) { $this->state = self::COMPLETE; return false; } /* * From this point forward, a delimiter has been matched. There * might also be an HTML span that appears before the delimiter. */ $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $comment_opening_at; $this->matched_delimiter_length = $comment_closing_at + 3 - $comment_opening_at; $this->namespace_at = $namespace_at; $this->name_at = $name_at; $this->name_length = $name_length; $this->json_at = $json_at; $this->json_length = $json_length; /* * When delimiters contain both the void flag and the closing flag * they shall be interpreted as void blocks, per the spec parser. */ if ( $has_void_flag ) { $this->type = self::VOID; $this->next_stack_op = 'void'; } elseif ( $has_closer ) { $this->type = self::CLOSER; $this->next_stack_op = 'pop'; /* * @todo Check if the name matches and bail according to the spec parser. * The default parser doesn’t examine the names. */ } else { $this->type = self::OPENER; $this->next_stack_op = 'push'; } $this->has_closing_flag = $has_closer; // HTML spans are visited before the delimiter that follows them. if ( $comment_opening_at > $after_prev_delimiter ) { $this->state = self::HTML_SPAN; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } // If there were no HTML spans then flush the enqueued stack operations immediately. switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'push': $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; return true; incomplete: $this->state = self::COMPLETE; $this->last_error = self::INCOMPLETE_INPUT; return false; } /** * Returns an array containing the names of the currently-open blocks, in order * from outermost to innermost, with HTML spans indicated as “#html”. * * Example: * * // Freeform HTML content is an HTML span. * $processor = new WP_Block_Processor( 'Just text' ); * $processor->next_token(); * array( '#text' ) === $processor->get_breadcrumbs(); * * $processor = new WP_Block_Processor( '<!-- wp:a --><!-- wp:b --><!-- wp:c /--><!-- /wp:b --><!-- /wp:a -->' ); * $processor->next_token(); * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array( 'core/a', 'core/b' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Void blocks are only open while visiting them. * array( 'core/a', 'core/b', 'core/c' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Blocks are closed before visiting their closing delimiter. * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array() === $processor->get_breadcrumbs(); * * // Inner HTML is also an HTML span. * $processor = new WP_Block_Processor( '<!-- wp:a -->Inner HTML<!-- /wp:a -->' ); * $processor->next_token(); * $processor->next_token(); * array( 'core/a', '#html' ) === $processor->get_breadcrumbs(); * * @since 6.9.0 * * @return string[] */ public function get_breadcrumbs(): array { $breadcrumbs = array_fill( 0, count( $this->open_blocks_at ), null ); /* * Since HTML spans can only be at the very end, set the normalized block name for * each open element and then work backwards after creating the array. This allows * for the elimination of a conditional on each iteration of the loop. */ foreach ( $this->open_blocks_at as $i => $at ) { $block_type = substr( $this->source_text, $at, $this->open_blocks_length[ $i ] ); $breadcrumbs[ $i ] = self::normalize_block_type( $block_type ); } if ( isset( $i ) && 0 === $this->open_blocks_length[ $i ] ) { $breadcrumbs[ $i ] = '#html'; } return $breadcrumbs; } /** * Returns the depth of the open blocks where the processor is currently matched. * * Depth increases before visiting openers and void blocks and decreases before * visiting closers. HTML spans behave like void blocks. * * @since 6.9.0 * * @return int */ public function get_depth(): int { return count( $this->open_blocks_at ); } /** * Extracts a block object, and all inner content, starting at a matched opening * block delimiter, or at a matched top-level HTML span as freeform HTML content. * * Use this function to extract some blocks within a document, but not all. For example, * one might want to find image galleries, parse them, modify them, and then reserialize * them in place. * * Once this function returns, the parser will be matched on token following the close * of the given block. * * The return type of this method is compatible with the return of {@see \parse_blocks()}. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery = $processor->extract_full_block_and_advance(); * $ends_before = $processor->get_span(); * $ends_before = $ends_before->start ?? strlen( $post_content ); * * $new_gallery = update_gallery( $gallery ); * $new_gallery = serialize_block( $new_gallery ); * * return ( * substr( $post_content, 0, $gallery_at ) . * $new_gallery . * substr( $post_content, $ends_before ) * ); * * @since 6.9.0 * * @return array[]|null { * Array of block structures. * * @type array ...$0 { * An associative array of a single parsed block object. See WP_Block_Parser_Block. * * @type string|null $blockName Name of block. * @type array $attrs Attributes from block comment delimiters. * @type array[] $innerBlocks List of inner blocks. An array of arrays that * have the same structure as this one. * @type string $innerHTML HTML from inside block comment delimiters. * @type array $innerContent List of string fragments and null markers where * inner blocks were found. * } * } */ public function extract_full_block_and_advance(): ?array { if ( $this->is_html() ) { $chunk = $this->get_html_content(); return array( 'blockName' => null, 'attrs' => array(), 'innerBlocks' => array(), 'innerHTML' => $chunk, 'innerContent' => array( $chunk ), ); } $block = array( 'blockName' => $this->get_block_type(), 'attrs' => $this->allocate_and_return_parsed_attributes() ?? array(), 'innerBlocks' => array(), 'innerHTML' => '', 'innerContent' => array(), ); $depth = $this->get_depth(); while ( $this->next_token() && $this->get_depth() > $depth ) { if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; continue; } /** * Inner blocks. * * @todo This is a decent place to call {@link \render_block()} * @todo Use iteration instead of recursion, or at least refactor to tail-call form. */ if ( $this->opens_block() ) { $inner_block = $this->extract_full_block_and_advance(); $block['innerBlocks'][] = $inner_block; $block['innerContent'][] = null; } /* * Because the parser has advanced past the closing block token, it * may be matched on an HTML span. This needs to be processed before * moving on to the next token at the start of the next loop iteration. */ if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; } } return $block; } /** * Returns the byte-offset after the ending character of an HTML comment, * assuming the proper starting byte offset. * * @since 6.9.0 * * @param int $comment_starting_at Where the HTML comment started, the leading `<`. * @param int $search_end Last offset in which to search, for limiting search span. * @return int Offset after the current HTML comment ends, or `$search_end` if no end was found. */ private function find_html_comment_end( int $comment_starting_at, int $search_end ): int { $text = $this->source_text; // Find span-of-dashes comments which look like `<!----->`. $span_of_dashes = strspn( $text, '-', $comment_starting_at + 2 ); if ( $comment_starting_at + 2 + $span_of_dashes < $search_end && '>' === $text[ $comment_starting_at + 2 + $span_of_dashes ] ) { return $comment_starting_at + $span_of_dashes + 1; } // Otherwise, there are other characters inside the comment, find the first `-->` or `--!>`. $now_at = $comment_starting_at + 4; while ( $now_at < $search_end ) { $dashes_at = strpos( $text, '--', $now_at ); if ( false === $dashes_at ) { return $search_end; } $closer_must_be_at = $dashes_at + 2 + strspn( $text, '-', $dashes_at + 2 ); if ( $closer_must_be_at < $search_end && '!' === $text[ $closer_must_be_at ] ) { ++$closer_must_be_at; } if ( $closer_must_be_at < $search_end && '>' === $text[ $closer_must_be_at ] ) { return $closer_must_be_at + 1; } ++$now_at; } return $search_end; } /** * Indicates if the last attempt to parse a block comment delimiter * failed, if set, otherwise `null` if the last attempt succeeded. * * @since 6.9.0 * * @return string|null Error from last attempt at parsing next block delimiter, * or `null` if last attempt succeeded. */ public function get_last_error(): ?string { return $this->last_error; } /** * Indicates if the last attempt to parse a block’s JSON attributes failed. * * @see \json_last_error() * * @since 6.9.0 * * @return int JSON_ERROR_ code from last attempt to parse block JSON attributes. */ public function get_last_json_error(): int { return $this->last_json_error; } /** * Returns the type of the block comment delimiter. * * One of: * * - {@see self::OPENER} * - {@see self::CLOSER} * - {@see self::VOID} * - `null` * * @since 6.9.0 * * @return string|null type of the block comment delimiter, if currently matched. */ public function get_delimiter_type(): ?string { switch ( $this->state ) { case self::HTML_SPAN: return self::VOID; case self::MATCHED: return $this->type; default: return null; } } /** * Returns whether the delimiter contains the closing flag. * * This should be avoided except in cases of custom error-handling * with block closers containing the void flag. For normative use, * {@see self::get_delimiter_type()}. * * @since 6.9.0 * * @return bool Whether the currently-matched block delimiter contains the closing flag. */ public function has_closing_flag(): bool { return $this->has_closing_flag; } /** * Indicates if the block delimiter represents a block of the given type. * * Since the “core” namespace may be implicit, it’s allowable to pass * either the fully-qualified block type with namespace and block name * as well as the shorthand version only containing the block name, if * the desired block is in the “core” namespace. * * Since freeform HTML content is non-block content, it has no block type. * Passing the wildcard “*” will, however, return true for all block types, * even the implicit freeform content, though not for spans of inner HTML. * * Example: * * $is_core_paragraph = $processor->is_block_type( 'paragraph' ); * $is_core_paragraph = $processor->is_block_type( 'core/paragraph' ); * $is_formula = $processor->is_block_type( 'math-block/formula' ); * * @param string $block_type Block type name for the desired block. * E.g. "paragraph", "core/paragraph", "math-blocks/formula". * @return bool Whether this delimiter represents a block of the given type. */ public function is_block_type( string $block_type ): bool { if ( '*' === $block_type ) { return true; } if ( $this->is_html() ) { // This is a core/freeform text block, it’s special. if ( 0 === ( $this->open_blocks_length[0] ?? null ) ) { return ( 'core/freeform' === $block_type || 'freeform' === $block_type ); } // Otherwise this is innerHTML and not a block. return false; } return $this->are_equal_block_types( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length, $block_type, 0, strlen( $block_type ) ); } /** * Given two spans of text, indicate if they represent identical block types. * * This function normalizes block types to account for implicit core namespacing. * * Note! This function only returns valid results when the complete block types are * represented in the span offsets and lengths. This means that the full optional * namespace and block name must be represented in the input arguments. * * Example: * * 0 5 10 15 20 25 30 35 40 * $text = '<!-- wp:block --><!-- /wp:core/block -->'; * * true === WP_Block_Processor::are_equal_block_types( $text, 9, 5, $text, 27, 10 ); * false === WP_Block_Processor::are_equal_block_types( $text, 9, 5, 'my/block', 0, 8 ); * * @since 6.9.0 * * @param string $a_text Text in which first block type appears. * @param int $a_at Byte offset into text in which first block type starts. * @param int $a_length Byte length of first block type. * @param string $b_text Text in which second block type appears (may be the same as the first text). * @param int $b_at Byte offset into text in which second block type starts. * @param int $b_length Byte length of second block type. * @return bool Whether the spans of text represent identical block types, normalized for namespacing. */ public static function are_equal_block_types( string $a_text, int $a_at, int $a_length, string $b_text, int $b_at, int $b_length ): bool { $a_ns_length = strcspn( $a_text, '/', $a_at, $a_length ); $b_ns_length = strcspn( $b_text, '/', $b_at, $b_length ); $a_has_ns = $a_ns_length !== $a_length; $b_has_ns = $b_ns_length !== $b_length; // Both contain namespaces. if ( $a_has_ns && $b_has_ns ) { if ( $a_length !== $b_length ) { return false; } $a_block_type = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ); } if ( $a_has_ns ) { $b_block_type = 'core/' . substr( $b_text, $b_at, $b_length ); return ( strlen( $b_block_type ) === $a_length && 0 === substr_compare( $a_text, $b_block_type, $a_at, $a_length ) ); } if ( $b_has_ns ) { $a_block_type = 'core/' . substr( $a_text, $a_at, $a_length ); return ( strlen( $a_block_type ) === $b_length && 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ) ); } // Neither contains a namespace. if ( $a_length !== $b_length ) { return false; } $a_name = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_name, $b_at, $b_length ); } /** * Indicates if the matched delimiter is an opening or void delimiter of the given type, * if a type is provided, otherwise if it opens any block or implicit freeform HTML content. * * This is a helper method to ease handling of code inspecting where blocks start, and for * checking if the blocks are of a given type. The function is variadic to allow for * checking if the delimiter opens one of many possible block types. * * To advance to the start of a block {@see self::next_block()}. * * Example: * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() ) { * if ( $processor->opens_block( 'core/code', 'syntaxhighlighter/code' ) ) { * echo "Found code!"; * continue; * } * * if ( $processor->opens_block( 'core/image' ) ) { * echo "Found an image!"; * continue; * } * * if ( $processor->opens_block() ) { * echo "Found a new block!"; * } * } * * @since 6.9.0 * * @see self::is_block_type() * * @param string[] $block_type Optional. Is the matched block type one of these? * If none are provided, will not test block type. * @return bool Whether the matched block delimiter opens a block, and whether it * opens a block of one of the given block types, if provided. */ public function opens_block( string ...$block_type ): bool { // HTML spans only open implicit freeform content at the top level. if ( self::HTML_SPAN === $this->state && 1 !== count( $this->open_blocks_at ) ) { return false; } /* * Because HTML spans are discovered after the next delimiter is found, * the delimiter type when visiting HTML spans refers to the type of the * following delimiter. Therefore the HTML case is handled by checking * the state and depth of the stack of open block. */ if ( self::CLOSER === $this->type && ! $this->is_html() ) { return false; } if ( count( $block_type ) === 0 ) { return true; } foreach ( $block_type as $block ) { if ( $this->is_block_type( $block ) ) { return true; } } return false; } /** * Indicates if the matched delimiter is an HTML span. * * @since 6.9.0 * * @see self::is_non_whitespace_html() * * @return bool Whether the processor is matched on an HTML span. */ public function is_html(): bool { return self::HTML_SPAN === $this->state; } /** * Indicates if the matched delimiter is an HTML span and comprises more * than whitespace characters, i.e. contains real content. * * Many block serializers introduce newlines between block delimiters, * so the presence of top-level non-block content does not imply that * there are “real” freeform HTML blocks. Checking if there is content * beyond whitespace is a more certain check, such as for determining * whether to load CSS for the freeform or fallback block type. * * @since 6.9.0 * * @see self::is_html() * * @return bool Whether the currently-matched delimiter is an HTML * span containing non-whitespace text. */ public function is_non_whitespace_html(): bool { if ( ! $this->is_html() ) { return false; } $length = $this->matched_delimiter_at - $this->after_previous_delimiter; $whitespace_length = strspn( $this->source_text, " \t\f\r\n", $this->after_previous_delimiter, $length ); return $whitespace_length !== $length; } /** * Returns the string content of a matched HTML span, or `null` otherwise. * * @since 6.9.0 * * @return string|null Raw HTML content, or `null` if not currently matched on HTML. */ public function get_html_content(): ?string { if ( ! $this->is_html() ) { return null; } return substr( $this->source_text, $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); } /** * Allocates a substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter, otherwise `null`. * * This function is like {@see self::get_printable_block_type()} but when * paused on a freeform HTML block, will return `null` instead of “core/freeform”. * The `null` behavior matches what {@see \parse_blocks()} returns but may not * be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content has no block type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * null === $processor->get_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter, otherwise `null`. */ public function get_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return null; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Allocates a printable substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter or freeform block, otherwise `null`. * * This function is like {@see self::get_block_type()} but when paused on a freeform * HTML block, will return “core/freeform” instead of `null`. The `null` behavior matches * what {@see \parse_blocks()} returns but may not be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_printable_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content is given an implicit type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * 'core/freeform' === $processor->get_printable_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter or freeform block, otherwise `null`. */ public function get_printable_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return 1 === count( $this->open_blocks_at ) ? 'core/freeform' : '#innerHTML'; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Normalizes a block name to ensure that missing implicit “core” namespaces are present. * * Example: * * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'paragraph' ); * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'core/paragraph' ); * 'my/paragraph' === WP_Block_Processor::normalize_block_byte( 'my/paragraph' ); * * @since 6.9.0 * * @param string $block_type Valid block name, potentially without a namespace. * @return string Fully-qualified block type including namespace. */ public static function normalize_block_type( string $block_type ): string { return false === strpos( $block_type, '/' ) ? "core/{$block_type}" : $block_type; } /** * Returns a lazy wrapper around the block attributes, which can be used * for efficiently interacting with the JSON attributes. * * This stub hints that there should be a lazy interface for parsing * block attributes but doesn’t define it. It serves both as a placeholder * for one to come as well as a guard against implementing an eager * function in its place. * * @throws Exception This function is a stub for subclasses to implement * when providing streaming attribute parsing. * * @since 6.9.0 * * @see self::allocate_and_return_parsed_attributes() * * @return never */ public function get_attributes() { throw new Exception( 'Lazy attribute parsing not yet supported' ); } /** * Attempts to parse and return the entire JSON attributes from the delimiter, * allocating memory and processing the JSON span in the process. * * This does not return any parsed attributes for a closing block delimiter * even if there is a span of JSON content; this JSON is a parsing error. * * Consider calling {@see static::get_attributes()} instead if it's not * necessary to read all the attributes at the same time, as that provides * a more efficient mechanism for typical use cases. * * Since the JSON span inside the comment delimiter may not be valid JSON, * this function will return `null` if it cannot parse the span and set the * {@see static::get_last_json_error()} to the appropriate JSON_ERROR_ constant. * * If the delimiter contains no JSON span, it will also return `null`, * but the last error will be set to {@see \JSON_ERROR_NONE}. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * $memory_hungry_and_slow_attributes = $processor->allocate_and_return_parsed_attributes(); * $memory_hungry_and_slow_attributes === array( 'url' => 'https://wordpress.org/favicon.ico' ); * * $processor = new WP_Block_Processor( '<!-- /wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_NONE = $processor->get_last_json_error(); * * $processor = new WP_Block_Processor( '<!-- wp:separator {} /-->' ); * $processor->next_delimiter(); * array() === $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:separator /-->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:image {"url} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_CTRL_CHAR = $processor->get_last_json_error(); * * @since 6.9.0 * * @return array|null Parsed JSON attributes, if present and valid, otherwise `null`. */ public function allocate_and_return_parsed_attributes(): ?array { $this->last_json_error = JSON_ERROR_NONE; if ( self::CLOSER === $this->type || $this->is_html() || 0 === $this->json_length ) { return null; } $json_span = substr( $this->source_text, $this->json_at, $this->json_length ); $parsed = json_decode( $json_span, null, 512, JSON_OBJECT_AS_ARRAY | JSON_INVALID_UTF8_SUBSTITUTE ); $last_error = json_last_error(); $this->last_json_error = $last_error; return ( JSON_ERROR_NONE === $last_error && is_array( $parsed ) ) ? $parsed : null; } /** * Returns the span representing the currently-matched delimiter, if matched, otherwise `null`. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:void /-->' ); * null === $processor->get_span(); * * $processor->next_delimiter(); * WP_HTML_Span( 0, 17 ) === $processor->get_span(); * * @since 6.9.0 * * @return WP_HTML_Span|null Span of text in source text spanning matched delimiter. */ public function get_span(): ?WP_HTML_Span { switch ( $this->state ) { case self::HTML_SPAN: return new WP_HTML_Span( $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); case self::MATCHED: return new WP_HTML_Span( $this->matched_delimiter_at, $this->matched_delimiter_length ); default: return null; } } // // Constant declarations that would otherwise pollute the top of the class. // /** * Indicates that the block comment delimiter closes an open block. * * @see self::$type * * @since 6.9.0 */ const CLOSER = 'closer'; /** * Indicates that the block comment delimiter opens a block. * * @see self::$type * * @since 6.9.0 */ const OPENER = 'opener'; /** * Indicates that the block comment delimiter represents a void block * with no inner content of any kind. * * @see self::$type * * @since 6.9.0 */ const VOID = 'void'; /** * Indicates that the processor is ready to start parsing but hasn’t yet begun. * * @see self::$state * * @since 6.9.0 */ const READY = 'processor-ready'; /** * Indicates that the processor is matched on an explicit block delimiter. * * @see self::$state * * @since 6.9.0 */ const MATCHED = 'processor-matched'; /** * Indicates that the processor is matched on the opening of an implicit freeform delimiter. * * @see self::$state * * @since 6.9.0 */ const HTML_SPAN = 'processor-html-span'; /** * Indicates that the parser started parsing a block comment delimiter, but * the input document ended before it could finish. The document was likely truncated. * * @see self::$state * * @since 6.9.0 */ const INCOMPLETE_INPUT = 'incomplete-input'; /** * Indicates that the processor has finished parsing and has nothing left to scan. * * @see self::$state * * @since 6.9.0 */ const COMPLETE = 'processor-complete'; } HTTP/block-editor-20260605052219.php 0000666 00000071142 15226703613 0012015 0 ustar 00 <?php /** * Block Editor API. * * @package WordPress * @subpackage Editor * @since 5.8.0 */ /** * Returns the list of default categories for block types. * * @since 5.8.0 * @since 6.3.0 Reusable Blocks renamed to Patterns. * * @return array[] Array of categories for block types. */ function get_default_block_categories() { return array( array( 'slug' => 'text', 'title' => _x( 'Text', 'block category' ), 'icon' => null, ), array( 'slug' => 'media', 'title' => _x( 'Media', 'block category' ), 'icon' => null, ), array( 'slug' => 'design', 'title' => _x( 'Design', 'block category' ), 'icon' => null, ), array( 'slug' => 'widgets', 'title' => _x( 'Widgets', 'block category' ), 'icon' => null, ), array( 'slug' => 'theme', 'title' => _x( 'Theme', 'block category' ), 'icon' => null, ), array( 'slug' => 'embed', 'title' => _x( 'Embeds', 'block category' ), 'icon' => null, ), array( 'slug' => 'reusable', 'title' => _x( 'Patterns', 'block category' ), 'icon' => null, ), ); } /** * Returns all the categories for block types that will be shown in the block editor. * * @since 5.0.0 * @since 5.8.0 It is possible to pass the block editor context as param. * * @param WP_Post|WP_Block_Editor_Context $post_or_block_editor_context The current post object or * the block editor context. * * @return array[] Array of categories for block types. */ function get_block_categories( $post_or_block_editor_context ) { $block_categories = get_default_block_categories(); $block_editor_context = $post_or_block_editor_context instanceof WP_Post ? new WP_Block_Editor_Context( array( 'post' => $post_or_block_editor_context, ) ) : $post_or_block_editor_context; /** * Filters the default array of categories for block types. * * @since 5.8.0 * * @param array[] $block_categories Array of categories for block types. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $block_categories = apply_filters( 'block_categories_all', $block_categories, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the default array of categories for block types. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_categories_all'} filter instead. * * @param array[] $block_categories Array of categories for block types. * @param WP_Post $post Post being loaded. */ $block_categories = apply_filters_deprecated( 'block_categories', array( $block_categories, $post ), '5.8.0', 'block_categories_all' ); } return $block_categories; } /** * Gets the list of allowed block types to use in the block editor. * * @since 5.8.0 * * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return bool|string[] Array of block type slugs, or boolean to enable/disable all. */ function get_allowed_block_types( $block_editor_context ) { $allowed_block_types = true; /** * Filters the allowed block types for all editor types. * * @since 5.8.0 * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported). * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $allowed_block_types = apply_filters( 'allowed_block_types_all', $allowed_block_types, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the allowed block types for the editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'allowed_block_types_all'} filter instead. * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported) * @param WP_Post $post The post resource data. */ $allowed_block_types = apply_filters_deprecated( 'allowed_block_types', array( $allowed_block_types, $post ), '5.8.0', 'allowed_block_types_all' ); } return $allowed_block_types; } /** * Returns the default block editor settings. * * @since 5.8.0 * * @return array The default block editor settings. */ function get_default_block_editor_settings() { // Media settings. // wp_max_upload_size() can be expensive, so only call it when relevant for the current user. $max_upload_size = 0; if ( current_user_can( 'upload_files' ) ) { $max_upload_size = wp_max_upload_size(); if ( ! $max_upload_size ) { $max_upload_size = 0; } } /** This filter is documented in wp-admin/includes/media.php */ $image_size_names = apply_filters( 'image_size_names_choose', array( 'thumbnail' => __( 'Thumbnail' ), 'medium' => __( 'Medium' ), 'large' => __( 'Large' ), 'full' => __( 'Full Size' ), ) ); $available_image_sizes = array(); foreach ( $image_size_names as $image_size_slug => $image_size_name ) { $available_image_sizes[] = array( 'slug' => $image_size_slug, 'name' => $image_size_name, ); } $default_size = get_option( 'image_default_size', 'large' ); $image_default_size = in_array( $default_size, array_keys( $image_size_names ), true ) ? $default_size : 'large'; $image_dimensions = array(); $all_sizes = wp_get_registered_image_subsizes(); foreach ( $available_image_sizes as $size ) { $key = $size['slug']; if ( isset( $all_sizes[ $key ] ) ) { $image_dimensions[ $key ] = $all_sizes[ $key ]; } } // These styles are used if the "no theme styles" options is triggered or on // themes without their own editor styles. $default_editor_styles_file = ABSPATH . WPINC . '/css/dist/block-editor/default-editor-styles.css'; static $default_editor_styles_file_contents = false; if ( ! $default_editor_styles_file_contents && file_exists( $default_editor_styles_file ) ) { $default_editor_styles_file_contents = file_get_contents( $default_editor_styles_file ); } $default_editor_styles = array(); if ( $default_editor_styles_file_contents ) { $default_editor_styles = array( array( 'css' => $default_editor_styles_file_contents ), ); } $editor_settings = array( 'alignWide' => get_theme_support( 'align-wide' ), 'allowedBlockTypes' => true, 'allowedMimeTypes' => get_allowed_mime_types(), 'defaultEditorStyles' => $default_editor_styles, 'blockCategories' => get_default_block_categories(), 'isRTL' => is_rtl(), 'imageDefaultSize' => $image_default_size, 'imageDimensions' => $image_dimensions, 'imageEditing' => true, 'imageSizes' => $available_image_sizes, 'maxUploadFileSize' => $max_upload_size, '__experimentalDashboardLink' => admin_url( '/' ), // The following flag is required to enable the new Gallery block format on the mobile apps in 5.9. '__unstableGalleryWithImageBlocks' => true, ); $theme_settings = get_classic_theme_supports_block_editor_settings(); foreach ( $theme_settings as $key => $value ) { $editor_settings[ $key ] = $value; } return $editor_settings; } /** * Returns the block editor settings needed to use the Legacy Widget block which * is not registered by default. * * @since 5.8.0 * * @return array Settings to be used with get_block_editor_settings(). */ function get_legacy_widget_block_editor_settings() { $editor_settings = array(); /** * Filters the list of widget-type IDs that should **not** be offered by the * Legacy Widget block. * * Returning an empty array will make all widgets available. * * @since 5.8.0 * * @param string[] $widgets An array of excluded widget-type IDs. */ $editor_settings['widgetTypesToHideFromLegacyWidgetBlock'] = apply_filters( 'widget_types_to_hide_from_legacy_widget_block', array( 'pages', 'calendar', 'archives', 'media_audio', 'media_image', 'media_gallery', 'media_video', 'search', 'text', 'categories', 'recent-posts', 'recent-comments', 'rss', 'tag_cloud', 'custom_html', 'block', ) ); return $editor_settings; } /** * Collect the block editor assets that need to be loaded into the editor's iframe. * * @since 6.0.0 * @access private * * @global WP_Styles $wp_styles The WP_Styles current instance. * @global WP_Scripts $wp_scripts The WP_Scripts current instance. * * @return array { * The block editor assets. * * @type string|false $styles String containing the HTML for styles. * @type string|false $scripts String containing the HTML for scripts. * } */ function _wp_get_iframed_editor_assets() { global $wp_styles, $wp_scripts; // Keep track of the styles and scripts instance to restore later. $current_wp_styles = $wp_styles; $current_wp_scripts = $wp_scripts; // Create new instances to collect the assets. $wp_styles = new WP_Styles(); $wp_scripts = new WP_Scripts(); /* * Register all currently registered styles and scripts. The actions that * follow enqueue assets, but don't necessarily register them. */ $wp_styles->registered = $current_wp_styles->registered; $wp_scripts->registered = $current_wp_scripts->registered; /* * We generally do not need reset styles for the iframed editor. * However, if it's a classic theme, margins will be added to every block, * which is reset specifically for list items, so classic themes rely on * these reset styles. */ $wp_styles->done = wp_theme_has_theme_json() ? array( 'wp-reset-editor-styles' ) : array(); wp_enqueue_script( 'wp-polyfill' ); // Enqueue the `editorStyle` handles for all core block, and dependencies. wp_enqueue_style( 'wp-edit-blocks' ); if ( current_theme_supports( 'wp-block-styles' ) ) { wp_enqueue_style( 'wp-block-library-theme' ); } /* * We don't want to load EDITOR scripts in the iframe, only enqueue * front-end assets for the content. */ add_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); do_action( 'enqueue_block_assets' ); remove_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Additionally, do enqueue `editorStyle` assets for all blocks, which * contains editor-only styling for blocks (editor content). */ foreach ( $block_registry->get_all_registered() as $block_type ) { if ( isset( $block_type->editor_style_handles ) && is_array( $block_type->editor_style_handles ) ) { foreach ( $block_type->editor_style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } } } /** * Remove the deprecated `print_emoji_styles` handler. * It avoids breaking style generation with a deprecation message. */ $has_emoji_styles = has_action( 'wp_print_styles', 'print_emoji_styles' ); if ( $has_emoji_styles ) { remove_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_styles(); wp_print_font_faces(); wp_print_font_faces_from_style_variations(); $styles = ob_get_clean(); if ( $has_emoji_styles ) { add_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_head_scripts(); wp_print_footer_scripts(); $scripts = ob_get_clean(); // Restore the original instances. $wp_styles = $current_wp_styles; $wp_scripts = $current_wp_scripts; return array( 'styles' => $styles, 'scripts' => $scripts, ); } /** * Finds the first occurrence of a specific block in an array of blocks. * * @since 6.3.0 * * @param array $blocks Array of blocks. * @param string $block_name Name of the block to find. * @return array Found block, or empty array if none found. */ function wp_get_first_block( $blocks, $block_name ) { foreach ( $blocks as $block ) { if ( $block_name === $block['blockName'] ) { return $block; } if ( ! empty( $block['innerBlocks'] ) ) { $found_block = wp_get_first_block( $block['innerBlocks'], $block_name ); if ( ! empty( $found_block ) ) { return $found_block; } } } return array(); } /** * Retrieves Post Content block attributes from the current post template. * * @since 6.3.0 * @since 6.4.0 Return null if there is no post content block. * @access private * * @global int $post_ID * * @return array|null Post Content block attributes array or null if Post Content block doesn't exist. */ function wp_get_post_content_block_attributes() { global $post_ID; $is_block_theme = wp_is_block_theme(); if ( ! $is_block_theme || ! $post_ID ) { return null; } $template_slug = get_page_template_slug( $post_ID ); if ( ! $template_slug ) { $post_slug = 'singular'; $page_slug = 'singular'; $template_types = get_block_templates(); foreach ( $template_types as $template_type ) { if ( 'page' === $template_type->slug ) { $page_slug = 'page'; } if ( 'single' === $template_type->slug ) { $post_slug = 'single'; } } $what_post_type = get_post_type( $post_ID ); switch ( $what_post_type ) { case 'page': $template_slug = $page_slug; break; default: $template_slug = $post_slug; break; } } $current_template = get_block_templates( array( 'slug__in' => array( $template_slug ) ) ); if ( ! empty( $current_template ) ) { $template_blocks = parse_blocks( $current_template[0]->content ); $post_content_block = wp_get_first_block( $template_blocks, 'core/post-content' ); if ( isset( $post_content_block['attrs'] ) ) { return $post_content_block['attrs']; } } return null; } /** * Returns the contextualized block editor settings for a selected editor context. * * @since 5.8.0 * * @param array $custom_settings Custom settings to use with the given editor type. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return array The contextualized block editor settings. */ function get_block_editor_settings( array $custom_settings, $block_editor_context ) { $editor_settings = array_merge( get_default_block_editor_settings(), array( 'allowedBlockTypes' => get_allowed_block_types( $block_editor_context ), 'blockCategories' => get_block_categories( $block_editor_context ), ), $custom_settings ); $editor_settings['__experimentalBlockBindingsSupportedAttributes'] = array(); foreach ( array_keys( WP_Block_Type_Registry::get_instance()->get_all_registered() ) as $block_type ) { $supported_block_attributes = get_block_bindings_supported_attributes( $block_type ); if ( ! empty( $supported_block_attributes ) ) { $editor_settings['__experimentalBlockBindingsSupportedAttributes'][ $block_type ] = $supported_block_attributes; } } $global_styles = array(); $presets = array( array( 'css' => 'variables', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), array( 'css' => 'presets', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), ); foreach ( $presets as $preset_style ) { $actual_css = wp_get_global_stylesheet( array( $preset_style['css'] ) ); if ( '' !== $actual_css ) { $preset_style['css'] = $actual_css; $global_styles[] = $preset_style; } } if ( wp_theme_has_theme_json() ) { $block_classes = array( 'css' => 'styles', '__unstableType' => 'theme', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } /* * Add the custom CSS as a separate stylesheet so any invalid CSS * entered by users does not break other global styles. */ $global_styles[] = array( 'css' => wp_get_global_stylesheet( array( 'custom-css' ) ), '__unstableType' => 'user', 'isGlobalStyles' => true, ); } else { // If there is no `theme.json` file, ensure base layout styles are still available. $block_classes = array( 'css' => 'base-layout-styles', '__unstableType' => 'base-layout', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } } $editor_settings['styles'] = array_merge( $global_styles, get_block_editor_theme_styles() ); $editor_settings['__experimentalFeatures'] = wp_get_global_settings(); // These settings may need to be updated based on data coming from theme.json sources. if ( isset( $editor_settings['__experimentalFeatures']['color']['palette'] ) ) { $colors_by_origin = $editor_settings['__experimentalFeatures']['color']['palette']; $editor_settings['colors'] = isset( $colors_by_origin['custom'] ) ? $colors_by_origin['custom'] : ( isset( $colors_by_origin['theme'] ) ? $colors_by_origin['theme'] : $colors_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['gradients'] ) ) { $gradients_by_origin = $editor_settings['__experimentalFeatures']['color']['gradients']; $editor_settings['gradients'] = isset( $gradients_by_origin['custom'] ) ? $gradients_by_origin['custom'] : ( isset( $gradients_by_origin['theme'] ) ? $gradients_by_origin['theme'] : $gradients_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['fontSizes'] ) ) { $font_sizes_by_origin = $editor_settings['__experimentalFeatures']['typography']['fontSizes']; $editor_settings['fontSizes'] = isset( $font_sizes_by_origin['custom'] ) ? $font_sizes_by_origin['custom'] : ( isset( $font_sizes_by_origin['theme'] ) ? $font_sizes_by_origin['theme'] : $font_sizes_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['custom'] ) ) { $editor_settings['disableCustomColors'] = ! $editor_settings['__experimentalFeatures']['color']['custom']; unset( $editor_settings['__experimentalFeatures']['color']['custom'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ) ) { $editor_settings['disableCustomGradients'] = ! $editor_settings['__experimentalFeatures']['color']['customGradient']; unset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ) ) { $editor_settings['disableCustomFontSizes'] = ! $editor_settings['__experimentalFeatures']['typography']['customFontSize']; unset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ) ) { $editor_settings['enableCustomLineHeight'] = $editor_settings['__experimentalFeatures']['typography']['lineHeight']; unset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['units'] ) ) { $editor_settings['enableCustomUnits'] = $editor_settings['__experimentalFeatures']['spacing']['units']; unset( $editor_settings['__experimentalFeatures']['spacing']['units'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ) ) { $editor_settings['enableCustomSpacing'] = $editor_settings['__experimentalFeatures']['spacing']['padding']; unset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ) ) { $editor_settings['disableCustomSpacingSizes'] = ! $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize']; unset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['spacingSizes'] ) ) { $spacing_sizes_by_origin = $editor_settings['__experimentalFeatures']['spacing']['spacingSizes']; $editor_settings['spacingSizes'] = isset( $spacing_sizes_by_origin['custom'] ) ? $spacing_sizes_by_origin['custom'] : ( isset( $spacing_sizes_by_origin['theme'] ) ? $spacing_sizes_by_origin['theme'] : $spacing_sizes_by_origin['default'] ); } $editor_settings['__unstableResolvedAssets'] = _wp_get_iframed_editor_assets(); $editor_settings['__unstableIsBlockBasedTheme'] = wp_is_block_theme(); $editor_settings['localAutosaveInterval'] = 15; $editor_settings['disableLayoutStyles'] = current_theme_supports( 'disable-layout-styles' ); $editor_settings['__experimentalDiscussionSettings'] = array( 'commentOrder' => get_option( 'comment_order' ), 'commentsPerPage' => get_option( 'comments_per_page' ), 'defaultCommentsPage' => get_option( 'default_comments_page' ), 'pageComments' => get_option( 'page_comments' ), 'threadComments' => get_option( 'thread_comments' ), 'threadCommentsDepth' => get_option( 'thread_comments_depth' ), 'defaultCommentStatus' => get_option( 'default_comment_status' ), 'avatarURL' => get_avatar_url( '', array( 'size' => 96, 'force_default' => true, 'default' => get_option( 'avatar_default' ), ) ), ); $post_content_block_attributes = wp_get_post_content_block_attributes(); if ( isset( $post_content_block_attributes ) ) { $editor_settings['postContentAttributes'] = $post_content_block_attributes; } $editor_settings['canUpdateBlockBindings'] = current_user_can( 'edit_block_binding', $block_editor_context ); /** * Filters the settings to pass to the block editor for all editor type. * * @since 5.8.0 * * @param array $editor_settings Default editor settings. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $editor_settings = apply_filters( 'block_editor_settings_all', $editor_settings, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the settings to pass to the block editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_settings_all'} filter instead. * * @param array $editor_settings Default editor settings. * @param WP_Post $post Post being edited. */ $editor_settings = apply_filters_deprecated( 'block_editor_settings', array( $editor_settings, $post ), '5.8.0', 'block_editor_settings_all' ); } return $editor_settings; } /** * Preloads common data used with the block editor by specifying an array of * REST API paths that will be preloaded for a given block editor context. * * @since 5.8.0 * * @global WP_Post $post Global post object. * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * @global WP_Styles $wp_styles The WP_Styles object for printing styles. * * @param (string|string[])[] $preload_paths List of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ function block_editor_rest_api_preload( array $preload_paths, $block_editor_context ) { global $post, $wp_scripts, $wp_styles; /** * Filters the array of REST API paths that will be used to preloaded common data for the block editor. * * @since 5.8.0 * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $preload_paths = apply_filters( 'block_editor_rest_api_preload_paths', $preload_paths, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $selected_post = $block_editor_context->post; /** * Filters the array of paths that will be preloaded. * * Preload common data by specifying an array of REST API paths that will be preloaded. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_rest_api_preload_paths'} filter instead. * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Post $selected_post Post being edited. */ $preload_paths = apply_filters_deprecated( 'block_editor_preload_paths', array( $preload_paths, $selected_post ), '5.8.0', 'block_editor_rest_api_preload_paths' ); } if ( empty( $preload_paths ) ) { return; } /* * Ensure the global $post, $wp_scripts, and $wp_styles remain the same after * API data is preloaded. * Because API preloading can call the_content and other filters, plugins * can unexpectedly modify the global $post or enqueue assets which are not * intended for the block editor. */ $backup_global_post = ! empty( $post ) ? clone $post : $post; $backup_wp_scripts = ! empty( $wp_scripts ) ? clone $wp_scripts : $wp_scripts; $backup_wp_styles = ! empty( $wp_styles ) ? clone $wp_styles : $wp_styles; foreach ( $preload_paths as &$path ) { if ( is_string( $path ) && ! str_starts_with( $path, '/' ) ) { $path = '/' . $path; continue; } if ( is_array( $path ) && is_string( $path[0] ) && ! str_starts_with( $path[0], '/' ) ) { $path[0] = '/' . $path[0]; } } unset( $path ); $preload_data = array_reduce( $preload_paths, 'rest_preload_api_request', array() ); // Restore the global $post, $wp_scripts, and $wp_styles as they were before API preloading. $post = $backup_global_post; $wp_scripts = $backup_wp_scripts; $wp_styles = $backup_wp_styles; wp_add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createPreloadingMiddleware( %s ) );', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Creates an array of theme styles to load into the block editor. * * @since 5.8.0 * * @global array $editor_styles * * @return array An array of theme styles for the block editor. */ function get_block_editor_theme_styles() { global $editor_styles; $styles = array(); if ( $editor_styles && current_theme_supports( 'editor-styles' ) ) { foreach ( $editor_styles as $style ) { if ( preg_match( '~^(https?:)?//~', $style ) ) { $response = wp_remote_get( $style ); if ( ! is_wp_error( $response ) ) { $styles[] = array( 'css' => wp_remote_retrieve_body( $response ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } else { $file = get_theme_file_path( $style ); if ( is_file( $file ) ) { $styles[] = array( 'css' => file_get_contents( $file ), 'baseURL' => get_theme_file_uri( $style ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } } } return $styles; } /** * Returns the classic theme supports settings for block editor. * * @since 6.2.0 * @since 6.6.0 Add support for 'editor-spacing-sizes' theme support. * * @return array The classic theme supports settings. */ function get_classic_theme_supports_block_editor_settings() { $theme_settings = array( 'disableCustomColors' => get_theme_support( 'disable-custom-colors' ), 'disableCustomFontSizes' => get_theme_support( 'disable-custom-font-sizes' ), 'disableCustomGradients' => get_theme_support( 'disable-custom-gradients' ), 'disableLayoutStyles' => get_theme_support( 'disable-layout-styles' ), 'enableCustomLineHeight' => get_theme_support( 'custom-line-height' ), 'enableCustomSpacing' => get_theme_support( 'custom-spacing' ), 'enableCustomUnits' => get_theme_support( 'custom-units' ), ); // Theme settings. $color_palette = current( (array) get_theme_support( 'editor-color-palette' ) ); if ( false !== $color_palette ) { $theme_settings['colors'] = $color_palette; } $font_sizes = current( (array) get_theme_support( 'editor-font-sizes' ) ); if ( false !== $font_sizes ) { $theme_settings['fontSizes'] = $font_sizes; } $gradient_presets = current( (array) get_theme_support( 'editor-gradient-presets' ) ); if ( false !== $gradient_presets ) { $theme_settings['gradients'] = $gradient_presets; } $spacing_sizes = current( (array) get_theme_support( 'editor-spacing-sizes' ) ); if ( false !== $spacing_sizes ) { $theme_settings['spacingSizes'] = $spacing_sizes; } return $theme_settings; } /** * Initialize site preview. * * This function sets IFRAME_REQUEST to true if the site preview parameter is set. * * @since 6.8.0 */ function wp_initialize_site_preview_hooks() { if ( ! defined( 'IFRAME_REQUEST' ) && isset( $_GET['wp_site_preview'] ) && 1 === (int) $_GET['wp_site_preview'] && current_user_can( 'edit_theme_options' ) ) { define( 'IFRAME_REQUEST', true ); } } HTTP/https-migration-20260605205851.php 0000666 00000011205 15226703613 0012564 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-oembed-controller-20260605071022.php 0000666 00000015371 15226703613 0014575 0 ustar 00 <?php /** * WP_oEmbed_Controller class, used to provide an oEmbed endpoint. * * @package WordPress * @subpackage Embeds * @since 4.4.0 */ /** * oEmbed API endpoint controller. * * Registers the REST API route and delivers the response data. * The output format (XML or JSON) is handled by the REST API. * * @since 4.4.0 */ #[AllowDynamicProperties] final class WP_oEmbed_Controller { /** * Register the oEmbed REST API route. * * @since 4.4.0 */ public function register_routes() { /** * Filters the maxwidth oEmbed parameter. * * @since 4.4.0 * * @param int $maxwidth Maximum allowed width. Default 600. */ $maxwidth = apply_filters( 'oembed_default_width', 600 ); register_rest_route( 'oembed/1.0', '/embed', array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_item' ), 'permission_callback' => '__return_true', 'args' => array( 'url' => array( 'description' => __( 'The URL of the resource for which to fetch oEmbed data.' ), 'required' => true, 'type' => 'string', 'format' => 'uri', ), 'format' => array( 'default' => 'json', 'sanitize_callback' => 'wp_oembed_ensure_format', ), 'maxwidth' => array( 'default' => $maxwidth, 'sanitize_callback' => 'absint', ), ), ), ) ); register_rest_route( 'oembed/1.0', '/proxy', array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_proxy_item' ), 'permission_callback' => array( $this, 'get_proxy_item_permissions_check' ), 'args' => array( 'url' => array( 'description' => __( 'The URL of the resource for which to fetch oEmbed data.' ), 'required' => true, 'type' => 'string', 'format' => 'uri', ), 'format' => array( 'description' => __( 'The oEmbed format to use.' ), 'type' => 'string', 'default' => 'json', 'enum' => array( 'json', 'xml', ), ), 'maxwidth' => array( 'description' => __( 'The maximum width of the embed frame in pixels.' ), 'type' => 'integer', 'default' => $maxwidth, 'sanitize_callback' => 'absint', ), 'maxheight' => array( 'description' => __( 'The maximum height of the embed frame in pixels.' ), 'type' => 'integer', 'sanitize_callback' => 'absint', ), 'discover' => array( 'description' => __( 'Whether to perform an oEmbed discovery request for unsanctioned providers.' ), 'type' => 'boolean', 'default' => true, ), ), ), ) ); } /** * Callback for the embed API endpoint. * * Returns the JSON object for the post. * * @since 4.4.0 * * @param WP_REST_Request $request Full data about the request. * @return array|WP_Error oEmbed response data or WP_Error on failure. */ public function get_item( $request ) { $post_id = url_to_postid( $request['url'] ); /** * Filters the determined post ID. * * @since 4.4.0 * * @param int $post_id The post ID. * @param string $url The requested URL. */ $post_id = apply_filters( 'oembed_request_post_id', $post_id, $request['url'] ); $data = get_oembed_response_data( $post_id, $request['maxwidth'] ); if ( ! $data ) { return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) ); } return $data; } /** * Checks if current user can make a proxy oEmbed request. * * @since 4.8.0 * * @return true|WP_Error True if the request has read access, WP_Error object otherwise. */ public function get_proxy_item_permissions_check() { if ( ! current_user_can( 'edit_posts' ) ) { return new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to make proxied oEmbed requests.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Callback for the proxy API endpoint. * * Returns the JSON object for the proxied item. * * @since 4.8.0 * * @see WP_oEmbed::get_html() * @global WP_Embed $wp_embed WordPress Embed object. * @global WP_Scripts $wp_scripts * * @param WP_REST_Request $request Full data about the request. * @return object|WP_Error oEmbed response data or WP_Error on failure. */ public function get_proxy_item( $request ) { global $wp_embed, $wp_scripts; $args = $request->get_params(); // Serve oEmbed data from cache if set. unset( $args['_wpnonce'] ); $cache_key = 'oembed_' . md5( serialize( $args ) ); $data = get_transient( $cache_key ); if ( ! empty( $data ) ) { return $data; } $url = $request['url']; unset( $args['url'] ); // Copy maxwidth/maxheight to width/height since WP_oEmbed::fetch() uses these arg names. if ( isset( $args['maxwidth'] ) ) { $args['width'] = $args['maxwidth']; } if ( isset( $args['maxheight'] ) ) { $args['height'] = $args['maxheight']; } // Short-circuit process for URLs belonging to the current site. $data = get_oembed_response_data_for_url( $url, $args ); if ( $data ) { return $data; } $data = _wp_oembed_get_object()->get_data( $url, $args ); if ( false === $data ) { // Try using a classic embed, instead. /* @var WP_Embed $wp_embed */ $html = $wp_embed->get_embed_handler_html( $args, $url ); if ( $html ) { // Check if any scripts were enqueued by the shortcode, and include them in the response. $enqueued_scripts = array(); foreach ( $wp_scripts->queue as $script ) { $enqueued_scripts[] = $wp_scripts->registered[ $script ]->src; } return (object) array( 'provider_name' => __( 'Embed Handler' ), 'html' => $html, 'scripts' => $enqueued_scripts, ); } return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) ); } /** This filter is documented in wp-includes/class-wp-oembed.php */ $data->html = apply_filters( 'oembed_result', _wp_oembed_get_object()->data2html( (object) $data, $url ), $url, $args ); /** * Filters the oEmbed TTL value (time to live). * * Similar to the {@see 'oembed_ttl'} filter, but for the REST API * oEmbed proxy endpoint. * * @since 4.8.0 * * @param int $time Time to live (in seconds). * @param string $url The attempted embed URL. * @param array $args An array of embed request arguments. */ $ttl = apply_filters( 'rest_oembed_ttl', DAY_IN_SECONDS, $url, $args ); set_transient( $cache_key, $data, $ttl ); return $data; } } HTTP/ClientException-20260605030743.php 0000666 00000000515 15226703613 0012526 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use SimplePie\Exception as SimplePieException; /** * Client exception class * * @internal */ final class ClientException extends SimplePieException { } HTTP/plugin-20260605042012.php 0000666 00000107225 15226703613 0010725 0 ustar 00 <?php /** * The plugin API is located in this file, which allows for creating actions * and filters and hooking functions, and methods. The functions or methods will * then be run when the action or filter is called. * * The API callback examples reference functions, but can be methods of classes. * To hook methods, you'll need to pass an array one of two ways. * * Any of the syntaxes explained in the PHP documentation for the * {@link https://www.php.net/manual/en/language.pseudo-types.php#language.types.callback 'callback'} * type are valid. * * Also see the {@link https://developer.wordpress.org/plugins/ Plugin API} for * more information and examples on how to use a lot of these functions. * * This file should have no external dependencies. * * @package WordPress * @subpackage Plugin * @since 1.5.0 */ // Initialize the filter globals. require __DIR__ . '/class-wp-hook.php'; /** @var WP_Hook[] $wp_filter */ global $wp_filter; /** @var int[] $wp_actions */ global $wp_actions; /** @var int[] $wp_filters */ global $wp_filters; /** @var string[] $wp_current_filter */ global $wp_current_filter; if ( $wp_filter ) { $wp_filter = WP_Hook::build_preinitialized_hooks( $wp_filter ); } else { $wp_filter = array(); } if ( ! isset( $wp_actions ) ) { $wp_actions = array(); } if ( ! isset( $wp_filters ) ) { $wp_filters = array(); } if ( ! isset( $wp_current_filter ) ) { $wp_current_filter = array(); } /** * Adds a callback function to a filter hook. * * WordPress offers filter hooks to allow plugins to modify * various types of internal data at runtime. * * A plugin can modify data by binding a callback to a filter hook. When the filter * is later applied, each bound callback is run in order of priority, and given * the opportunity to modify a value by returning a new value. * * The following example shows how a callback function is bound to a filter hook. * * Note that `$example` is passed to the callback, (maybe) modified, then returned: * * function example_callback( $example ) { * // Maybe modify $example in some way. * return $example; * } * add_filter( 'example_filter', 'example_callback' ); * * Bound callbacks can accept from none to the total number of arguments passed as parameters * in the corresponding apply_filters() call. * * In other words, if an apply_filters() call passes four total arguments, callbacks bound to * it can accept none (the same as 1) of the arguments or up to four. The important part is that * the `$accepted_args` value must reflect the number of arguments the bound callback *actually* * opted to accept. If no arguments were accepted by the callback that is considered to be the * same as accepting 1 argument. For example: * * // Filter call. * $value = apply_filters( 'hook', $value, $arg2, $arg3 ); * * // Accepting zero/one arguments. * function example_callback() { * ... * return 'some value'; * } * add_filter( 'hook', 'example_callback' ); // Where $priority is default 10, $accepted_args is default 1. * * // Accepting two arguments (three possible). * function example_callback( $value, $arg2 ) { * ... * return $maybe_modified_value; * } * add_filter( 'hook', 'example_callback', 10, 2 ); // Where $priority is 10, $accepted_args is 2. * * *Note:* The function will return true whether or not the callback is valid. * It is up to you to take care. This is done for optimization purposes, so * everything is as quick as possible. * * @since 0.71 * * @global WP_Hook[] $wp_filter A multidimensional array of all hooks and the callbacks hooked to them. * * @param string $hook_name The name of the filter to add the callback to. * @param callable $callback The callback to be run when the filter is applied. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular filter are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the filter. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_filter( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ] = new WP_Hook(); } $wp_filter[ $hook_name ]->add_filter( $hook_name, $callback, $priority, $accepted_args ); return true; } /** * Calls the callback functions that have been added to a filter hook. * * This function invokes all functions attached to filter hook `$hook_name`. * It is possible to create new filter hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * The function also allows for multiple additional arguments to be passed to hooks. * * Example usage: * * // The filter callback function. * function example_callback( $string, $arg1, $arg2 ) { * // (maybe) modify $string. * return $string; * } * add_filter( 'example_filter', 'example_callback', 10, 3 ); * * /* * * Apply the filters by calling the 'example_callback()' function * * that's hooked onto `example_filter` above. * * * * - 'example_filter' is the filter hook. * * - 'filter me' is the value being filtered. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * $value = apply_filters( 'example_filter', 'filter me', $arg1, $arg2 ); * * @since 0.71 * @since 6.0.0 Formalized the existing and already documented `...$args` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param mixed $value The value to filter. * @param mixed ...$args Optional. Additional parameters to pass to the callback functions. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters( $hook_name, $value, ...$args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $value; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } // Pass the value to WP_Hook. array_unshift( $args, $value ); $filtered = $wp_filter[ $hook_name ]->apply_filters( $value, $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Calls the callback functions that have been added to a filter hook, specifying arguments in an array. * * @since 3.0.0 * * @see apply_filters() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_ref_array( $hook_name, $args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $args[0]; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $filtered = $wp_filter[ $hook_name ]->apply_filters( $args[0], $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Checks if any filter has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The name of the filter hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_filter( $hook_name, $callback = false, $priority = false ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { return false; } return $wp_filter[ $hook_name ]->has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from a filter hook. * * This can be used to remove default functions attached to a specific filter * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter hook to which the function to be removed is hooked. * @param callable|string|array $callback The callback to be removed from running when the filter is applied. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * filter callback. Default 10. * @return bool Whether the function existed before it was removed. */ function remove_filter( $hook_name, $callback, $priority = 10 ) { global $wp_filter; $r = false; if ( isset( $wp_filter[ $hook_name ] ) ) { $r = $wp_filter[ $hook_name ]->remove_filter( $hook_name, $callback, $priority ); if ( ! $wp_filter[ $hook_name ]->callbacks ) { unset( $wp_filter[ $hook_name ] ); } } return $r; } /** * Removes all of the callback functions from a filter hook. * * @since 2.7.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_filters( $hook_name, $priority = false ) { global $wp_filter; if ( isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ]->remove_all_filters( $priority ); if ( ! $wp_filter[ $hook_name ]->has_filters() ) { unset( $wp_filter[ $hook_name ] ); } } return true; } /** * Retrieves the name of the current filter hook. * * @since 2.5.0 * * @global string[] $wp_current_filter Stores the list of current filters with the current one last * * @return string|false Hook name of the current filter, false if no filter is running. */ function current_filter() { global $wp_current_filter; return end( $wp_current_filter ); } /** * Returns whether or not a filter hook is currently being processed. * * The function current_filter() only returns the most recent filter being executed. * did_filter() returns the number of times a filter has been applied during * the current request. * * This function allows detection for any filter currently being executed * (regardless of whether it's the most recent filter to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_filter() * @see did_filter() * @global string[] $wp_current_filter Current filter. * * @param string|null $hook_name Optional. Filter hook to check. Defaults to null, * which checks if any filter is currently being run. * @return bool Whether the filter is currently in the stack. */ function doing_filter( $hook_name = null ) { global $wp_current_filter; if ( null === $hook_name ) { return ! empty( $wp_current_filter ); } return in_array( $hook_name, $wp_current_filter, true ); } /** * Retrieves the number of times a filter has been applied during the current request. * * @since 6.1.0 * * @global int[] $wp_filters Stores the number of times each filter was triggered. * * @param string $hook_name The name of the filter hook. * @return int The number of times the filter hook has been applied. */ function did_filter( $hook_name ) { global $wp_filters; if ( ! isset( $wp_filters[ $hook_name ] ) ) { return 0; } return $wp_filters[ $hook_name ]; } /** * Adds a callback function to an action hook. * * Actions are the hooks that the WordPress core launches at specific points * during execution, or when specific events occur. Plugins can specify that * one or more of its PHP functions are executed at these points, using the * Action API. * * @since 1.2.0 * * @param string $hook_name The name of the action to add the callback to. * @param callable $callback The callback to be run when the action is called. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular action are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the action. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_action( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { return add_filter( $hook_name, $callback, $priority, $accepted_args ); } /** * Calls the callback functions that have been added to an action hook. * * This function invokes all functions attached to action hook `$hook_name`. * It is possible to create new action hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * You can pass extra arguments to the hooks, much like you can with `apply_filters()`. * * Example usage: * * // The action callback function. * function example_callback( $arg1, $arg2 ) { * // (maybe) do something with the args. * } * add_action( 'example_action', 'example_callback', 10, 2 ); * * /* * * Trigger the actions by calling the 'example_callback()' function * * that's hooked onto `example_action` above. * * * * - 'example_action' is the action hook. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * do_action( 'example_action', $arg1, $arg2 ); * * @since 1.2.0 * @since 5.3.0 Formalized the existing and already documented `...$arg` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param mixed ...$arg Optional. Additional arguments which are passed on to the * functions hooked to the action. Default empty. */ function do_action( $hook_name, ...$arg ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } if ( empty( $arg ) ) { $arg[] = ''; } elseif ( is_array( $arg[0] ) && 1 === count( $arg[0] ) && isset( $arg[0][0] ) && is_object( $arg[0][0] ) ) { // Backward compatibility for PHP4-style passing of `array( &$this )` as action `$arg`. $arg[0] = $arg[0][0]; } $wp_filter[ $hook_name ]->do_action( $arg ); array_pop( $wp_current_filter ); } /** * Calls the callback functions that have been added to an action hook, specifying arguments in an array. * * @since 2.1.0 * * @see do_action() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. */ function do_action_ref_array( $hook_name, $args ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $wp_filter[ $hook_name ]->do_action( $args ); array_pop( $wp_current_filter ); } /** * Checks if any action has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @see has_filter() This function is an alias of has_filter(). * * @param string $hook_name The name of the action hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_action( $hook_name, $callback = false, $priority = false ) { return has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from an action hook. * * This can be used to remove default functions attached to a specific action * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @param string $hook_name The action hook to which the function to be removed is hooked. * @param callable|string|array $callback The name of the function which should be removed. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * action callback. Default 10. * @return bool Whether the function is removed. */ function remove_action( $hook_name, $callback, $priority = 10 ) { return remove_filter( $hook_name, $callback, $priority ); } /** * Removes all of the callback functions from an action hook. * * @since 2.7.0 * * @param string $hook_name The action to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_actions( $hook_name, $priority = false ) { return remove_all_filters( $hook_name, $priority ); } /** * Retrieves the name of the current action hook. * * @since 3.9.0 * * @return string|false Hook name of the current action, false if no action is running. */ function current_action() { return current_filter(); } /** * Returns whether or not an action hook is currently being processed. * * The function current_action() only returns the most recent action being executed. * did_action() returns the number of times an action has been fired during * the current request. * * This function allows detection for any action currently being executed * (regardless of whether it's the most recent action to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_action() * @see did_action() * * @param string|null $hook_name Optional. Action hook to check. Defaults to null, * which checks if any action is currently being run. * @return bool Whether the action is currently in the stack. */ function doing_action( $hook_name = null ) { return doing_filter( $hook_name ); } /** * Retrieves the number of times an action has been fired during the current request. * * @since 2.1.0 * * @global int[] $wp_actions Stores the number of times each action was triggered. * * @param string $hook_name The name of the action hook. * @return int The number of times the action hook has been fired. */ function did_action( $hook_name ) { global $wp_actions; if ( ! isset( $wp_actions[ $hook_name ] ) ) { return 0; } return $wp_actions[ $hook_name ]; } /** * Fires functions attached to a deprecated filter hook. * * When a filter hook is deprecated, the apply_filters() call is replaced with * apply_filters_deprecated(), which triggers a deprecation notice and then fires * the original filter hook. * * Note: the value and extra arguments passed to the original apply_filters() call * must be passed here to `$args` as an array. For example: * * // Old filter. * return apply_filters( 'wpdocs_filter', $value, $extra_arg ); * * // Deprecated. * return apply_filters_deprecated( 'wpdocs_filter', array( $value, $extra_arg ), '4.9.0', 'wpdocs_new_filter' ); * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the filter hook. * @param array $args Array of additional function arguments to be passed to apply_filters(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_filter( $hook_name ) ) { return $args[0]; } _deprecated_hook( $hook_name, $version, $replacement, $message ); return apply_filters_ref_array( $hook_name, $args ); } /** * Fires functions attached to a deprecated action hook. * * When an action hook is deprecated, the do_action() call is replaced with * do_action_deprecated(), which triggers a deprecation notice and then fires * the original hook. * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the action hook. * @param array $args Array of additional function arguments to be passed to do_action(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. */ function do_action_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_action( $hook_name ) ) { return; } _deprecated_hook( $hook_name, $version, $replacement, $message ); do_action_ref_array( $hook_name, $args ); } // // Functions for handling plugins. // /** * Gets the basename of a plugin. * * This method extracts the name of a plugin from its filename. * * @since 1.5.0 * * @global array $wp_plugin_paths * * @param string $file The filename of plugin. * @return string The name of a plugin. */ function plugin_basename( $file ) { global $wp_plugin_paths; // $wp_plugin_paths contains normalized paths. $file = wp_normalize_path( $file ); arsort( $wp_plugin_paths ); foreach ( $wp_plugin_paths as $dir => $realdir ) { if ( str_starts_with( $file, $realdir ) ) { $file = $dir . substr( $file, strlen( $realdir ) ); } } $plugin_dir = wp_normalize_path( WP_PLUGIN_DIR ); $mu_plugin_dir = wp_normalize_path( WPMU_PLUGIN_DIR ); // Get relative path from plugins directory. $file = preg_replace( '#^' . preg_quote( $plugin_dir, '#' ) . '/|^' . preg_quote( $mu_plugin_dir, '#' ) . '/#', '', $file ); $file = trim( $file, '/' ); return $file; } /** * Register a plugin's real path. * * This is used in plugin_basename() to resolve symlinked paths. * * @since 3.9.0 * * @see wp_normalize_path() * * @global array $wp_plugin_paths * * @param string $file Known path to the file. * @return bool Whether the path was able to be registered. */ function wp_register_plugin_realpath( $file ) { global $wp_plugin_paths; // Normalize, but store as static to avoid recalculation of a constant value. static $wp_plugin_path = null, $wpmu_plugin_path = null; if ( ! isset( $wp_plugin_path ) ) { $wp_plugin_path = wp_normalize_path( WP_PLUGIN_DIR ); $wpmu_plugin_path = wp_normalize_path( WPMU_PLUGIN_DIR ); } $plugin_path = wp_normalize_path( dirname( $file ) ); $plugin_realpath = wp_normalize_path( dirname( realpath( $file ) ) ); if ( $plugin_path === $wp_plugin_path || $plugin_path === $wpmu_plugin_path ) { return false; } if ( $plugin_path !== $plugin_realpath ) { $wp_plugin_paths[ $plugin_path ] = $plugin_realpath; } return true; } /** * Get the filesystem directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the filesystem path of the directory that contains the plugin. */ function plugin_dir_path( $file ) { return trailingslashit( dirname( $file ) ); } /** * Get the URL directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the URL path of the directory that contains the plugin. */ function plugin_dir_url( $file ) { return trailingslashit( plugins_url( '', $file ) ); } /** * Set the activation hook for a plugin. * * When a plugin is activated, the action 'activate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'activate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'activate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'activate_PLUGIN' action. */ function register_activation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'activate_' . $file, $callback ); } /** * Sets the deactivation hook for a plugin. * * When a plugin is deactivated, the action 'deactivate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'deactivate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'deactivate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'deactivate_PLUGIN' action. */ function register_deactivation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'deactivate_' . $file, $callback ); } /** * Sets the uninstallation hook for a plugin. * * Registers the uninstall hook that will be called when the user clicks on the * uninstall link that calls for the plugin to uninstall itself. The link won't * be active unless the plugin hooks into the action. * * The plugin should not run arbitrary code outside of functions, when * registering the uninstall hook. In order to run using the hook, the plugin * will have to be included, which means that any code laying outside of a * function will be run during the uninstallation process. The plugin should not * hinder the uninstallation process. * * If the plugin can not be written without running code within the plugin, then * the plugin should create a file named 'uninstall.php' in the base plugin * folder. This file will be called, if it exists, during the uninstallation process * bypassing the uninstall hook. The plugin, when using the 'uninstall.php' * should always check for the 'WP_UNINSTALL_PLUGIN' constant, before * executing. * * @since 2.7.0 * * @param string $file Plugin file. * @param callable $callback The callback to run when the hook is called. Must be * a static method or function. */ function register_uninstall_hook( $file, $callback ) { if ( is_array( $callback ) && is_object( $callback[0] ) ) { _doing_it_wrong( __FUNCTION__, __( 'Only a static class method or function can be used in an uninstall hook.' ), '3.1.0' ); return; } /* * The option should not be autoloaded, because it is not needed in most * cases. Emphasis should be put on using the 'uninstall.php' way of * uninstalling the plugin. */ $uninstallable_plugins = (array) get_option( 'uninstall_plugins' ); $plugin_basename = plugin_basename( $file ); if ( ! isset( $uninstallable_plugins[ $plugin_basename ] ) || $uninstallable_plugins[ $plugin_basename ] !== $callback ) { $uninstallable_plugins[ $plugin_basename ] = $callback; update_option( 'uninstall_plugins', $uninstallable_plugins ); } } /** * Calls the 'all' hook, which will process the functions hooked into it. * * The 'all' hook passes all of the arguments or parameters that were used for * the hook, which this function was called for. * * This function is used internally for apply_filters(), do_action(), and * do_action_ref_array() and is not meant to be used from outside those * functions. This function does not check for the existence of the all hook, so * it will fail unless the all hook exists prior to this function call. * * @since 2.5.0 * @access private * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param array $args The collected parameters from the hook that was called. */ function _wp_call_all_hook( $args ) { global $wp_filter; $wp_filter['all']->do_all_hook( $args ); } /** * Builds a unique string ID for a hook callback function. * * Functions and static method callbacks are just returned as strings and * shouldn't have any speed penalty. * * @link https://core.trac.wordpress.org/ticket/3875 * * @since 2.2.3 * @since 5.3.0 Removed workarounds for spl_object_hash(). * `$hook_name` and `$priority` are no longer used, * and the function always returns a string. * * @access private * * @param string $hook_name Unused. The name of the filter to build ID for. * @param callable|string|array $callback The callback to generate ID for. The callback may * or may not exist. * @param int $priority Unused. The order in which the functions * associated with a particular action are executed. * @return string|null Unique function ID for usage as array key. * Null if a valid `$callback` is not passed. */ function _wp_filter_build_unique_id( $hook_name, $callback, $priority ) { if ( is_string( $callback ) ) { return $callback; } if ( is_object( $callback ) ) { // Closures are currently implemented as objects. $callback = array( $callback, '' ); } else { $callback = (array) $callback; } if ( is_object( $callback[0] ) ) { // Object class calling. return spl_object_hash( $callback[0] ) . $callback[1]; } elseif ( is_string( $callback[0] ) ) { // Static calling. return $callback[0] . '::' . $callback[1]; } return null; } HTTP/https-migration-20260606094733.php 0000666 00000011205 15226703613 0012572 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260608120112-20260610134511.php 0000666 00000011205 15226703613 0014126 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-scripts-20260610081427.php 0000666 00000104060 15226703613 0012650 0 ustar 00 <?php /** * Dependencies API: WP_Scripts class * * @since 2.6.0 * * @package WordPress * @subpackage Dependencies */ /** * Core class used to register scripts. * * @since 2.1.0 * * @see WP_Dependencies */ class WP_Scripts extends WP_Dependencies { /** * Base URL for scripts. * * Full URL with trailing slash. * * @since 2.6.0 * @var string */ public $base_url; /** * URL of the content directory. * * @since 2.8.0 * @var string */ public $content_url; /** * Default version string for scripts. * * @since 2.6.0 * @var string */ public $default_version; /** * Holds handles of scripts which are enqueued in footer. * * @since 2.8.0 * @var array */ public $in_footer = array(); /** * Holds a list of script handles which will be concatenated. * * @since 2.8.0 * @var string */ public $concat = ''; /** * Holds a string which contains script handles and their version. * * @since 2.8.0 * @deprecated 3.4.0 * @var string */ public $concat_version = ''; /** * Whether to perform concatenation. * * @since 2.8.0 * @var bool */ public $do_concat = false; /** * Holds HTML markup of scripts and additional data if concatenation * is enabled. * * @since 2.8.0 * @var string */ public $print_html = ''; /** * Holds inline code if concatenation is enabled. * * @since 2.8.0 * @var string */ public $print_code = ''; /** * Holds a list of script handles which are not in the default directory * if concatenation is enabled. * * Unused in core. * * @since 2.8.0 * @var string */ public $ext_handles = ''; /** * Holds a string which contains handles and versions of scripts which * are not in the default directory if concatenation is enabled. * * Unused in core. * * @since 2.8.0 * @var string */ public $ext_version = ''; /** * List of default directories. * * @since 2.8.0 * @var array */ public $default_dirs; /** * Holds a mapping of dependents (as handles) for a given script handle. * Used to optimize recursive dependency tree checks. * * @since 6.3.0 * @var array<string, string[]> */ private $dependents_map = array(); /** * Holds a reference to the delayed (non-blocking) script loading strategies. * Used by methods that validate loading strategies. * * @since 6.3.0 * @var string[] */ private $delayed_strategies = array( 'defer', 'async' ); /** * Constructor. * * @since 2.6.0 */ public function __construct() { $this->init(); add_action( 'init', array( $this, 'init' ), 0 ); } /** * Initialize the class. * * @since 3.4.0 */ public function init() { /** * Fires when the WP_Scripts instance is initialized. * * @since 2.6.0 * * @param WP_Scripts $wp_scripts WP_Scripts instance (passed by reference). */ do_action_ref_array( 'wp_default_scripts', array( &$this ) ); } /** * Prints scripts. * * Prints the scripts passed to it or the print queue. Also prints all necessary dependencies. * * @since 2.1.0 * @since 2.8.0 Added the `$group` parameter. * * @param string|string[]|false $handles Optional. Scripts to be printed: queue (false), * single script (string), or multiple scripts (array of strings). * Default false. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return string[] Handles of scripts that have been printed. */ public function print_scripts( $handles = false, $group = false ) { return $this->do_items( $handles, $group ); } /** * Prints extra scripts of a registered script. * * @since 2.1.0 * @since 2.8.0 Added the `$display` parameter. * @deprecated 3.3.0 * * @see print_extra_script() * * @param string $handle The script's registered handle. * @param bool $display Optional. Whether to print the extra script * instead of just returning it. Default true. * @return bool|string|void Void if no data exists, extra scripts if `$display` is true, * true otherwise. */ public function print_scripts_l10n( $handle, $display = true ) { _deprecated_function( __FUNCTION__, '3.3.0', 'WP_Scripts::print_extra_script()' ); return $this->print_extra_script( $handle, $display ); } /** * Prints extra scripts of a registered script. * * @since 3.3.0 * * @param string $handle The script's registered handle. * @param bool $display Optional. Whether to print the extra script * instead of just returning it. Default true. * @return bool|string|void Void if no data exists, extra scripts if `$display` is true, * true otherwise. */ public function print_extra_script( $handle, $display = true ) { $output = $this->get_data( $handle, 'data' ); if ( ! $output ) { return; } /* * Do not print a sourceURL comment if concatenation is enabled. * * Extra scripts may be concatenated into a single script. * The line-based sourceURL comments may break concatenated scripts * and do not make sense when multiple scripts are joined together. */ if ( ! $this->do_concat ) { $output .= sprintf( "\n//# sourceURL=%s", rawurlencode( "{$handle}-js-extra" ) ); } if ( ! $display ) { return $output; } wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-extra" ) ); return true; } /** * Checks whether all dependents of a given handle are in the footer. * * If there are no dependents, this is considered the same as if all dependents were in the footer. * * @since 6.4.0 * * @param string $handle Script handle. * @return bool Whether all dependents are in the footer. */ private function are_all_dependents_in_footer( $handle ) { foreach ( $this->get_dependents( $handle ) as $dep ) { if ( isset( $this->groups[ $dep ] ) && 0 === $this->groups[ $dep ] ) { return false; } } return true; } /** * Processes a script dependency. * * @since 2.6.0 * @since 2.8.0 Added the `$group` parameter. * * @see WP_Dependencies::do_item() * * @param string $handle The script's registered handle. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool True on success, false on failure. */ public function do_item( $handle, $group = false ) { if ( ! parent::do_item( $handle ) ) { return false; } if ( 0 === $group && $this->groups[ $handle ] > 0 ) { $this->in_footer[] = $handle; return false; } if ( false === $group && in_array( $handle, $this->in_footer, true ) ) { $this->in_footer = array_diff( $this->in_footer, (array) $handle ); } $obj = $this->registered[ $handle ]; if ( $obj->extra['conditional'] ?? false ) { return false; } if ( null === $obj->ver ) { $ver = ''; } else { $ver = $obj->ver ? $obj->ver : $this->default_version; } if ( isset( $this->args[ $handle ] ) ) { $ver = $ver ? $ver . '&' . $this->args[ $handle ] : $this->args[ $handle ]; } $src = $obj->src; $strategy = $this->get_eligible_loading_strategy( $handle ); $intended_strategy = (string) $this->get_data( $handle, 'strategy' ); if ( ! $this->is_delayed_strategy( $intended_strategy ) ) { $intended_strategy = ''; } /* * Move this script to the footer if: * 1. The script is in the header group. * 2. The current output is the header. * 3. The intended strategy is delayed. * 4. The actual strategy is not delayed. * 5. All dependent scripts are in the footer. */ if ( 0 === $group && 0 === $this->groups[ $handle ] && $intended_strategy && ! $this->is_delayed_strategy( $strategy ) && $this->are_all_dependents_in_footer( $handle ) ) { $this->in_footer[] = $handle; return false; } $before_script = $this->get_inline_script_tag( $handle, 'before' ); $after_script = $this->get_inline_script_tag( $handle, 'after' ); if ( $before_script || $after_script ) { $inline_script_tag = $before_script . $after_script; } else { $inline_script_tag = ''; } /* * Prevent concatenation of scripts if the text domain is defined * to ensure the dependency order is respected. */ $translations_stop_concat = ! empty( $obj->textdomain ); $translations = $this->print_translations( $handle, false ); if ( $translations ) { /* * The sourceURL comment is not included by WP_Scripts::print_translations() * when `$display` is `false` to prevent issues where the script tag contents are used * by extenders for other purposes, for example concatenated with other script content. * * Include the sourceURL comment here as it would be when printed directly. */ $source_url = rawurlencode( "{$handle}-js-translations" ); $translations .= "\n//# sourceURL={$source_url}"; $translations = wp_get_inline_script_tag( $translations, array( 'id' => "{$handle}-js-translations" ) ); } if ( $this->do_concat ) { /** * Filters the script loader source. * * @since 2.2.0 * * @param string $src Script loader source path. * @param string $handle Script handle. */ $filtered_src = apply_filters( 'script_loader_src', $src, $handle ); if ( $this->in_default_dir( $filtered_src ) && ( $before_script || $after_script || $translations_stop_concat || $this->is_delayed_strategy( $strategy ) ) ) { $this->do_concat = false; // Have to print the so-far concatenated scripts right away to maintain the right order. _print_scripts(); $this->reset(); } elseif ( $this->in_default_dir( $filtered_src ) ) { $this->print_code .= $this->print_extra_script( $handle, false ); $this->concat .= "$handle,"; $this->concat_version .= "$handle$ver"; return true; } else { $this->ext_handles .= "$handle,"; $this->ext_version .= "$handle$ver"; } } $this->print_extra_script( $handle ); // A single item may alias a set of items, by having dependencies, but no source. if ( ! $src ) { if ( $inline_script_tag ) { if ( $this->do_concat ) { $this->print_html .= $inline_script_tag; } else { echo $inline_script_tag; } } return true; } if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $this->content_url && str_starts_with( $src, $this->content_url ) ) ) { $src = $this->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** This filter is documented in wp-includes/class-wp-scripts.php */ $src = esc_url_raw( apply_filters( 'script_loader_src', $src, $handle ) ); if ( ! $src ) { return true; } $attr = array( 'src' => $src, 'id' => "{$handle}-js", ); if ( $strategy ) { $attr[ $strategy ] = true; } if ( $intended_strategy ) { $attr['data-wp-strategy'] = $intended_strategy; } // Determine fetchpriority. $original_fetchpriority = isset( $obj->extra['fetchpriority'] ) ? $obj->extra['fetchpriority'] : null; if ( null === $original_fetchpriority || ! $this->is_valid_fetchpriority( $original_fetchpriority ) ) { $original_fetchpriority = 'auto'; } $actual_fetchpriority = $this->get_highest_fetchpriority_with_dependents( $handle ); if ( null === $actual_fetchpriority ) { // If null, it's likely this script was not explicitly enqueued, so in this case use the original priority. $actual_fetchpriority = $original_fetchpriority; } if ( is_string( $actual_fetchpriority ) && 'auto' !== $actual_fetchpriority ) { $attr['fetchpriority'] = $actual_fetchpriority; } if ( $original_fetchpriority !== $actual_fetchpriority ) { $attr['data-wp-fetchpriority'] = $original_fetchpriority; } $tag = $translations . $before_script; $tag .= wp_get_script_tag( $attr ); $tag .= $after_script; /** * Filters the HTML script tag of an enqueued script. * * @since 4.1.0 * * @param string $tag The `<script>` tag for the enqueued script. * @param string $handle The script's registered handle. * @param string $src The script's source URL. */ $tag = apply_filters( 'script_loader_tag', $tag, $handle, $src ); if ( $this->do_concat ) { $this->print_html .= $tag; } else { echo $tag; } return true; } /** * Adds extra code to a registered script. * * @since 4.5.0 * * @param string $handle Name of the script to add the inline script to. * Must be lowercase. * @param string $data String containing the JavaScript to be added. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @return bool True on success, false on failure. */ public function add_inline_script( $handle, $data, $position = 'after' ) { if ( ! $data ) { return false; } if ( 'after' !== $position ) { $position = 'before'; } $script = (array) $this->get_data( $handle, $position ); $script[] = $data; return $this->add_data( $handle, $position, $script ); } /** * Prints inline scripts registered for a specific handle. * * @since 4.5.0 * @deprecated 6.3.0 Use methods get_inline_script_tag() or get_inline_script_data() instead. * * @param string $handle Name of the script to print inline scripts for. * Must be lowercase. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @param bool $display Optional. Whether to print the script tag * instead of just returning the script data. Default true. * @return string|false Script data on success, false otherwise. */ public function print_inline_script( $handle, $position = 'after', $display = true ) { _deprecated_function( __METHOD__, '6.3.0', 'WP_Scripts::get_inline_script_data() or WP_Scripts::get_inline_script_tag()' ); $output = $this->get_inline_script_data( $handle, $position ); if ( empty( $output ) ) { return false; } if ( $display ) { echo $this->get_inline_script_tag( $handle, $position ); } return $output; } /** * Gets data for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get data for. * Must be lowercase. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @return string Inline script, which may be empty string. */ public function get_inline_script_data( $handle, $position = 'after' ) { $data = $this->get_data( $handle, $position ); if ( empty( $data ) || ! is_array( $data ) ) { return ''; } /* * Print sourceURL comment regardless of concatenation. * * Inline scripts prevent scripts from being concatenated, so * sourceURL comments are safe to print for inline scripts. */ $data[] = sprintf( '//# sourceURL=%s', rawurlencode( "{$handle}-js-{$position}" ) ); return trim( implode( "\n", $data ), "\n" ); } /** * Gets tags for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get associated inline script tag for. * Must be lowercase. * @param string $position Optional. Whether to get tag for inline * scripts in the before or after position. Default 'after'. * @return string Inline script, which may be empty string. */ public function get_inline_script_tag( $handle, $position = 'after' ) { $js = $this->get_inline_script_data( $handle, $position ); if ( empty( $js ) ) { return ''; } $id = "{$handle}-js-{$position}"; return wp_get_inline_script_tag( $js, compact( 'id' ) ); } /** * Localizes a script, only if the script has already been added. * * @since 2.1.0 * * @param string $handle Name of the script to attach data to. * @param string $object_name Name of the variable that will contain the data. * @param array $l10n Array of data to localize. * @return bool True on success, false on failure. */ public function localize( $handle, $object_name, $l10n ) { if ( 'jquery' === $handle ) { $handle = 'jquery-core'; } if ( is_array( $l10n ) && isset( $l10n['l10n_print_after'] ) ) { // back compat, preserve the code in 'l10n_print_after' if present. $after = $l10n['l10n_print_after']; unset( $l10n['l10n_print_after'] ); } if ( ! is_array( $l10n ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $l10n, 2: wp_add_inline_script() */ __( 'The %1$s parameter must be an array. To pass arbitrary data to scripts, use the %2$s function instead.' ), '<code>$l10n</code>', '<code>wp_add_inline_script()</code>' ), '5.7.0' ); if ( false === $l10n ) { // This should really not be needed, but is necessary for backward compatibility. $l10n = array( $l10n ); } } if ( is_string( $l10n ) ) { $l10n = html_entity_decode( $l10n, ENT_QUOTES, 'UTF-8' ); } elseif ( is_array( $l10n ) ) { foreach ( $l10n as $key => $value ) { if ( ! is_scalar( $value ) ) { continue; } $l10n[ $key ] = html_entity_decode( (string) $value, ENT_QUOTES, 'UTF-8' ); } } $script = "var $object_name = " . wp_json_encode( $l10n, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ';'; if ( ! empty( $after ) ) { $script .= "\n$after;"; } $data = $this->get_data( $handle, 'data' ); if ( ! empty( $data ) ) { $script = "$data\n$script"; } return $this->add_data( $handle, 'data', $script ); } /** * Sets handle group. * * @since 2.8.0 * * @see WP_Dependencies::set_group() * * @param string $handle Name of the item. Should be unique. * @param bool $recursion Internal flag that calling function was called recursively. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool Not already in the group or a lower group. */ public function set_group( $handle, $recursion, $group = false ) { if ( isset( $this->registered[ $handle ]->args ) && 1 === $this->registered[ $handle ]->args ) { $calculated_group = 1; } else { $calculated_group = (int) $this->get_data( $handle, 'group' ); } if ( false !== $group && $calculated_group > $group ) { $calculated_group = $group; } return parent::set_group( $handle, $recursion, $calculated_group ); } /** * Sets a translation textdomain. * * @since 5.0.0 * @since 5.1.0 The `$domain` parameter was made optional. * * @param string $handle Name of the script to register a translation domain to. * @param string $domain Optional. Text domain. Default 'default'. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool True if the text domain was registered, false if not. */ public function set_translations( $handle, $domain = 'default', $path = '' ) { if ( ! isset( $this->registered[ $handle ] ) ) { return false; } /** @var \_WP_Dependency $obj */ $obj = $this->registered[ $handle ]; if ( ! in_array( 'wp-i18n', $obj->deps, true ) ) { $obj->deps[] = 'wp-i18n'; } return $obj->set_translations( $domain, $path ); } /** * Prints translations set for a specific handle. * * @since 5.0.0 * * @param string $handle Name of the script to add the inline script to. * Must be lowercase. * @param bool $display Optional. Whether to print the script * instead of just returning it. Default true. * @return string|false Script on success, false otherwise. */ public function print_translations( $handle, $display = true ) { if ( ! isset( $this->registered[ $handle ] ) || empty( $this->registered[ $handle ]->textdomain ) ) { return false; } $domain = $this->registered[ $handle ]->textdomain; $path = ''; if ( isset( $this->registered[ $handle ]->translations_path ) ) { $path = $this->registered[ $handle ]->translations_path; } $json_translations = load_script_textdomain( $handle, $domain, $path ); if ( ! $json_translations ) { return false; } $output = <<<JS ( function( domain, translations ) { var localeData = translations.locale_data[ domain ] || translations.locale_data.messages; localeData[""].domain = domain; wp.i18n.setLocaleData( localeData, domain ); } )( "{$domain}", {$json_translations} ); JS; if ( $display ) { $source_url = rawurlencode( "{$handle}-js-translations" ); $output .= "\n//# sourceURL={$source_url}"; wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-translations" ) ); } return $output; } /** * Determines script dependencies. * * @since 2.1.0 * * @see WP_Dependencies::all_deps() * * @param string|string[] $handles Item handle (string) or item handles (array of strings). * @param bool $recursion Optional. Internal flag that function is calling itself. * Default false. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool True on success, false on failure. */ public function all_deps( $handles, $recursion = false, $group = false ) { $result = parent::all_deps( $handles, $recursion, $group ); if ( ! $recursion ) { /** * Filters the list of script dependencies left to print. * * @since 2.3.0 * * @param string[] $to_do An array of script dependency handles. */ $this->to_do = apply_filters( 'print_scripts_array', $this->to_do ); } return $result; } /** * Processes items and dependencies for the head group. * * @since 2.8.0 * * @see WP_Dependencies::do_items() * * @return string[] Handles of items that have been processed. */ public function do_head_items() { $this->do_items( false, 0 ); return $this->done; } /** * Processes items and dependencies for the footer group. * * @since 2.8.0 * * @see WP_Dependencies::do_items() * * @return string[] Handles of items that have been processed. */ public function do_footer_items() { $this->do_items( false, 1 ); return $this->done; } /** * Whether a handle's source is in a default directory. * * @since 2.8.0 * * @param string $src The source of the enqueued script. * @return bool True if found, false if not. */ public function in_default_dir( $src ) { if ( ! $this->default_dirs ) { return true; } if ( str_starts_with( $src, '/' . WPINC . '/js/l10n' ) ) { return false; } foreach ( (array) $this->default_dirs as $test ) { if ( str_starts_with( $src, $test ) ) { return true; } } return false; } /** * This overrides the add_data method from WP_Dependencies, to support normalizing of $args. * * @since 6.3.0 * * @param string $handle Name of the item. Should be unique. * @param string $key The data key. * @param mixed $value The data value. * @return bool True on success, false on failure. */ public function add_data( $handle, $key, $value ) { if ( ! isset( $this->registered[ $handle ] ) ) { return false; } if ( 'conditional' === $key ) { // If a dependency is declared by a conditional script, remove it. $this->registered[ $handle ]->deps = array(); } if ( 'strategy' === $key ) { if ( ! empty( $value ) && ! $this->is_delayed_strategy( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $strategy, 2: $handle */ __( 'Invalid strategy `%1$s` defined for `%2$s` during script registration.' ), $value, $handle ), '6.3.0' ); return false; } elseif ( ! $this->registered[ $handle ]->src && $this->is_delayed_strategy( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $strategy, 2: $handle */ __( 'Cannot supply a strategy `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ), $value, $handle ), '6.3.0' ); return false; } } elseif ( 'fetchpriority' === $key ) { if ( empty( $value ) ) { $value = 'auto'; } if ( ! $this->is_valid_fetchpriority( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $handle */ __( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ), is_string( $value ) ? $value : gettype( $value ), $handle ), '6.9.0' ); return false; } elseif ( ! $this->registered[ $handle ]->src ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $handle */ __( 'Cannot supply a fetchpriority `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ), is_string( $value ) ? $value : gettype( $value ), $handle ), '6.9.0' ); return false; } } return parent::add_data( $handle, $key, $value ); } /** * Gets all dependents of a script. * * This is not recursive. * * @since 6.3.0 * * @param string $handle The script handle. * @return string[] Script handles. */ private function get_dependents( $handle ) { // Check if dependents map for the handle in question is present. If so, use it. if ( isset( $this->dependents_map[ $handle ] ) ) { return $this->dependents_map[ $handle ]; } $dependents = array(); // Iterate over all registered scripts, finding dependents of the script passed to this method. foreach ( $this->registered as $registered_handle => $args ) { if ( in_array( $handle, $args->deps, true ) ) { $dependents[] = $registered_handle; } } // Add the handles dependents to the map to ease future lookups. $this->dependents_map[ $handle ] = $dependents; return $dependents; } /** * Checks if the strategy passed is a valid delayed (non-blocking) strategy. * * @since 6.3.0 * * @param string|mixed $strategy The strategy to check. * @return bool True if $strategy is one of the delayed strategies, otherwise false. */ private function is_delayed_strategy( $strategy ): bool { return in_array( $strategy, $this->delayed_strategies, true ); } /** * Checks if the provided fetchpriority is valid. * * @since 6.9.0 * * @param string|mixed $priority Fetch priority. * @return bool Whether valid fetchpriority. */ private function is_valid_fetchpriority( $priority ): bool { return in_array( $priority, array( 'auto', 'low', 'high' ), true ); } /** * Gets the best eligible loading strategy for a script. * * @since 6.3.0 * * @param string $handle The script handle. * @return string The best eligible loading strategy. */ private function get_eligible_loading_strategy( $handle ) { $intended_strategy = (string) $this->get_data( $handle, 'strategy' ); // Bail early if there is no intended strategy. if ( ! $intended_strategy ) { return ''; } /* * If the intended strategy is 'defer', limit the initial list of eligible * strategies, since 'async' can fallback to 'defer', but not vice-versa. */ $initial_strategy = ( 'defer' === $intended_strategy ) ? array( 'defer' ) : null; $eligible_strategies = $this->filter_eligible_strategies( $handle, $initial_strategy ); // Return early once we know the eligible strategy is blocking. if ( empty( $eligible_strategies ) ) { return ''; } return in_array( 'async', $eligible_strategies, true ) ? 'async' : 'defer'; } /** * Filter the list of eligible loading strategies for a script. * * @since 6.3.0 * * @param string $handle The script handle. * @param string[]|null $eligible_strategies Optional. The list of strategies to filter. Default null. * @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops. * @param array<string, string[]> $stored_results Optional. An array of already computed eligible loading strategies by handle, used to increase performance in large dependency lists. * @return string[] A list of eligible loading strategies that could be used. */ private function filter_eligible_strategies( $handle, $eligible_strategies = null, $checked = array(), array &$stored_results = array() ) { if ( isset( $stored_results[ $handle ] ) ) { return $stored_results[ $handle ]; } // If no strategies are being passed, all strategies are eligible. if ( null === $eligible_strategies ) { $eligible_strategies = $this->delayed_strategies; } // If this handle was already checked, return early. if ( isset( $checked[ $handle ] ) ) { return $eligible_strategies; } // Mark this handle as checked. $checked[ $handle ] = true; // If this handle isn't registered, don't filter anything and return. if ( ! isset( $this->registered[ $handle ] ) ) { return $eligible_strategies; } // If the handle is not enqueued, don't filter anything and return. if ( ! $this->query( $handle, 'enqueued' ) ) { return $eligible_strategies; } $is_alias = (bool) ! $this->registered[ $handle ]->src; $intended_strategy = $this->get_data( $handle, 'strategy' ); // For non-alias handles, an empty intended strategy filters all strategies. if ( ! $is_alias && empty( $intended_strategy ) ) { return array(); } // Handles with inline scripts attached in the 'after' position cannot be delayed. if ( $this->has_inline_script( $handle, 'after' ) ) { return array(); } // If the intended strategy is 'defer', filter out 'async'. if ( 'defer' === $intended_strategy ) { $eligible_strategies = array( 'defer' ); } $dependents = $this->get_dependents( $handle ); // Recursively filter eligible strategies for dependents. foreach ( $dependents as $dependent ) { // Bail early once we know the eligible strategy is blocking. if ( empty( $eligible_strategies ) ) { return array(); } $eligible_strategies = $this->filter_eligible_strategies( $dependent, $eligible_strategies, $checked, $stored_results ); } $stored_results[ $handle ] = $eligible_strategies; return $eligible_strategies; } /** * Gets the highest fetch priority for a given script and all of its dependent scripts. * * @since 6.9.0 * @see self::filter_eligible_strategies() * @see WP_Script_Modules::get_highest_fetchpriority() * * @param string $handle Script module ID. * @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops. * @param array<string, string> $stored_results Optional. An array of already computed max priority by handle, used to increase performance in large dependency lists. * @return string|null Highest fetch priority for the script and its dependents. */ private function get_highest_fetchpriority_with_dependents( string $handle, array $checked = array(), array &$stored_results = array() ): ?string { if ( isset( $stored_results[ $handle ] ) ) { return $stored_results[ $handle ]; } // If there is a recursive dependency, return early. if ( isset( $checked[ $handle ] ) ) { return null; } // Mark this handle as checked to guard against infinite recursion. $checked[ $handle ] = true; // Abort if the script is not enqueued or a dependency of an enqueued script. if ( ! $this->query( $handle, 'enqueued' ) ) { return null; } $fetchpriority = $this->get_data( $handle, 'fetchpriority' ); if ( ! $this->is_valid_fetchpriority( $fetchpriority ) ) { $fetchpriority = 'auto'; } static $priorities = array( 'low', 'auto', 'high', ); $high_priority_index = count( $priorities ) - 1; $highest_priority_index = (int) array_search( $fetchpriority, $priorities, true ); if ( $highest_priority_index !== $high_priority_index ) { foreach ( $this->get_dependents( $handle ) as $dependent_handle ) { $dependent_priority = $this->get_highest_fetchpriority_with_dependents( $dependent_handle, $checked, $stored_results ); if ( is_string( $dependent_priority ) ) { $highest_priority_index = max( $highest_priority_index, (int) array_search( $dependent_priority, $priorities, true ) ); if ( $highest_priority_index === $high_priority_index ) { break; } } } } $stored_results[ $handle ] = $priorities[ $highest_priority_index ]; // @phpstan-ignore parameterByRef.type (We know the index is valid and that this will be a string.) return $priorities[ $highest_priority_index ]; } /** * Gets data for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get data for. Must be lowercase. * @param string $position The position of the inline script. * @return bool Whether the handle has an inline script (either before or after). */ private function has_inline_script( $handle, $position = null ) { if ( $position && in_array( $position, array( 'before', 'after' ), true ) ) { return (bool) $this->get_data( $handle, $position ); } return (bool) ( $this->get_data( $handle, 'before' ) || $this->get_data( $handle, 'after' ) ); } /** * Resets class properties. * * @since 2.8.0 */ public function reset() { $this->do_concat = false; $this->print_code = ''; $this->concat = ''; $this->concat_version = ''; $this->print_html = ''; $this->ext_version = ''; $this->ext_handles = ''; } /** * Gets a script-specific dependency warning message. * * @since 6.9.1 * * @param string $handle Script handle with missing dependencies. * @param string[] $missing_dependency_handles Missing dependency handles. * @return string Formatted, localized warning message. */ protected function get_dependency_warning_message( $handle, $missing_dependency_handles ) { return sprintf( /* translators: 1: Script handle, 2: List of missing dependency handles. */ __( 'The script with the handle "%1$s" was enqueued with dependencies that are not registered: %2$s.' ), $handle, implode( wp_get_list_item_separator(), $missing_dependency_handles ) ); } } HTTP/class-wp-block-parser-20260605060331.php 0000666 00000026374 15226703613 0013553 0 ustar 00 <?php /** * Block Serialization Parser * * @package WordPress */ /** * Class WP_Block_Parser * * Parses a document and constructs a list of parsed block objects * * @since 5.0.0 * @since 4.0.0 returns arrays not objects, all attributes are arrays */ class WP_Block_Parser { /** * Input document being parsed * * @example "Pre-text\n<!-- wp:paragraph -->This is inside a block!<!-- /wp:paragraph -->" * * @since 5.0.0 * @var string */ public $document; /** * Tracks parsing progress through document * * @since 5.0.0 * @var int */ public $offset; /** * List of parsed blocks * * @since 5.0.0 * @var array[] */ public $output; /** * Stack of partially-parsed structures in memory during parse * * @since 5.0.0 * @var WP_Block_Parser_Frame[] */ public $stack; /** * Parses a document and returns a list of block structures * * When encountering an invalid parse will return a best-effort * parse. In contrast to the specification parser this does not * return an error on invalid inputs. * * @since 5.0.0 * * @param string $document Input document being parsed. * @return array[] */ public function parse( $document ) { $this->document = $document; $this->offset = 0; $this->output = array(); $this->stack = array(); while ( $this->proceed() ) { continue; } return $this->output; } /** * Processes the next token from the input document * and returns whether to proceed eating more tokens * * This is the "next step" function that essentially * takes a token as its input and decides what to do * with that token before descending deeper into a * nested block tree or continuing along the document * or breaking out of a level of nesting. * * @internal * @since 5.0.0 * @return bool */ public function proceed() { $next_token = $this->next_token(); list( $token_type, $block_name, $attrs, $start_offset, $token_length ) = $next_token; $stack_depth = count( $this->stack ); // we may have some HTML soup before the next block. $leading_html_start = $start_offset > $this->offset ? $this->offset : null; switch ( $token_type ) { case 'no-more-tokens': // if not in a block then flush output. if ( 0 === $stack_depth ) { $this->add_freeform(); return false; } /* * Otherwise we have a problem * This is an error * * we have options * - treat it all as freeform text * - assume an implicit closer (easiest when not nesting) */ // for the easy case we'll assume an implicit closer. if ( 1 === $stack_depth ) { $this->add_block_from_stack(); return false; } /* * for the nested case where it's more difficult we'll * have to assume that multiple closers are missing * and so we'll collapse the whole stack piecewise */ while ( 0 < count( $this->stack ) ) { $this->add_block_from_stack(); } return false; case 'void-block': /* * easy case is if we stumbled upon a void block * in the top-level of the document */ if ( 0 === $stack_depth ) { if ( isset( $leading_html_start ) ) { $this->output[] = (array) $this->freeform( substr( $this->document, $leading_html_start, $start_offset - $leading_html_start ) ); } $this->output[] = (array) new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ); $this->offset = $start_offset + $token_length; return true; } // otherwise we found an inner block. $this->add_inner_block( new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ), $start_offset, $token_length ); $this->offset = $start_offset + $token_length; return true; case 'block-opener': // track all newly-opened blocks on the stack. array_push( $this->stack, new WP_Block_Parser_Frame( new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ), $start_offset, $token_length, $start_offset + $token_length, $leading_html_start ) ); $this->offset = $start_offset + $token_length; return true; case 'block-closer': /* * if we're missing an opener we're in trouble * This is an error */ if ( 0 === $stack_depth ) { /* * we have options * - assume an implicit opener * - assume _this_ is the opener * - give up and close out the document */ $this->add_freeform(); return false; } // if we're not nesting then this is easy - close the block. if ( 1 === $stack_depth ) { $this->add_block_from_stack( $start_offset ); $this->offset = $start_offset + $token_length; return true; } /* * otherwise we're nested and we have to close out the current * block and add it as a new innerBlock to the parent */ $stack_top = array_pop( $this->stack ); $html = substr( $this->document, $stack_top->prev_offset, $start_offset - $stack_top->prev_offset ); $stack_top->block->innerHTML .= $html; $stack_top->block->innerContent[] = $html; $stack_top->prev_offset = $start_offset + $token_length; $this->add_inner_block( $stack_top->block, $stack_top->token_start, $stack_top->token_length, $start_offset + $token_length ); $this->offset = $start_offset + $token_length; return true; default: // This is an error. $this->add_freeform(); return false; } } /** * Scans the document from where we last left off * and finds the next valid token to parse if it exists * * Returns the type of the find: kind of find, block information, attributes * * @internal * @since 5.0.0 * @since 4.6.1 fixed a bug in attribute parsing which caused catastrophic backtracking on invalid block comments * @return array */ public function next_token() { $matches = null; /* * aye the magic * we're using a single RegExp to tokenize the block comment delimiters * we're also using a trick here because the only difference between a * block opener and a block closer is the leading `/` before `wp:` (and * a closer has no attributes). we can trap them both and process the * match back in PHP to see which one it was. */ $has_match = preg_match( '/<!--\s+(?P<closer>\/)?wp:(?P<namespace>[a-z][a-z0-9_-]*\/)?(?P<name>[a-z][a-z0-9_-]*)\s+(?P<attrs>{(?:(?:[^}]+|}+(?=})|(?!}\s+\/?-->).)*+)?}\s+)?(?P<void>\/)?-->/s', $this->document, $matches, PREG_OFFSET_CAPTURE, $this->offset ); // if we get here we probably have catastrophic backtracking or out-of-memory in the PCRE. if ( false === $has_match ) { return array( 'no-more-tokens', null, null, null, null ); } // we have no more tokens. if ( 0 === $has_match ) { return array( 'no-more-tokens', null, null, null, null ); } list( $match, $started_at ) = $matches[0]; $length = strlen( $match ); $is_closer = isset( $matches['closer'] ) && -1 !== $matches['closer'][1]; $is_void = isset( $matches['void'] ) && -1 !== $matches['void'][1]; $namespace = $matches['namespace']; $namespace = ( isset( $namespace ) && -1 !== $namespace[1] ) ? $namespace[0] : 'core/'; $name = $namespace . $matches['name'][0]; $has_attrs = isset( $matches['attrs'] ) && -1 !== $matches['attrs'][1]; /* * Fun fact! It's not trivial in PHP to create "an empty associative array" since all arrays * are associative arrays. If we use `array()` we get a JSON `[]` */ $attrs = $has_attrs ? json_decode( $matches['attrs'][0], /* as-associative */ true ) : array(); /* * This state isn't allowed * This is an error */ if ( $is_closer && ( $is_void || $has_attrs ) ) { // we can ignore them since they don't hurt anything. } if ( $is_void ) { return array( 'void-block', $name, $attrs, $started_at, $length ); } if ( $is_closer ) { return array( 'block-closer', $name, null, $started_at, $length ); } return array( 'block-opener', $name, $attrs, $started_at, $length ); } /** * Returns a new block object for freeform HTML * * @internal * @since 5.0.0 * * @param string $inner_html HTML content of block. * @return WP_Block_Parser_Block freeform block object. */ public function freeform( $inner_html ) { return new WP_Block_Parser_Block( null, array(), array(), $inner_html, array( $inner_html ) ); } /** * Pushes a length of text from the input document * to the output list as a freeform block. * * @internal * @since 5.0.0 * @param null $length how many bytes of document text to output. */ public function add_freeform( $length = null ) { $length = $length ? $length : strlen( $this->document ) - $this->offset; if ( 0 === $length ) { return; } $this->output[] = (array) $this->freeform( substr( $this->document, $this->offset, $length ) ); } /** * Given a block structure from memory pushes * a new block to the output list. * * @internal * @since 5.0.0 * @param WP_Block_Parser_Block $block The block to add to the output. * @param int $token_start Byte offset into the document where the first token for the block starts. * @param int $token_length Byte length of entire block from start of opening token to end of closing token. * @param int|null $last_offset Last byte offset into document if continuing form earlier output. */ public function add_inner_block( WP_Block_Parser_Block $block, $token_start, $token_length, $last_offset = null ) { $parent = $this->stack[ count( $this->stack ) - 1 ]; $parent->block->innerBlocks[] = (array) $block; $html = substr( $this->document, $parent->prev_offset, $token_start - $parent->prev_offset ); if ( ! empty( $html ) ) { $parent->block->innerHTML .= $html; $parent->block->innerContent[] = $html; } $parent->block->innerContent[] = null; $parent->prev_offset = $last_offset ? $last_offset : $token_start + $token_length; } /** * Pushes the top block from the parsing stack to the output list. * * @internal * @since 5.0.0 * @param int|null $end_offset byte offset into document for where we should stop sending text output as HTML. */ public function add_block_from_stack( $end_offset = null ) { $stack_top = array_pop( $this->stack ); $prev_offset = $stack_top->prev_offset; $html = isset( $end_offset ) ? substr( $this->document, $prev_offset, $end_offset - $prev_offset ) : substr( $this->document, $prev_offset ); if ( ! empty( $html ) ) { $stack_top->block->innerHTML .= $html; $stack_top->block->innerContent[] = $html; } if ( isset( $stack_top->leading_html_start ) ) { $this->output[] = (array) $this->freeform( substr( $this->document, $stack_top->leading_html_start, $stack_top->token_start - $stack_top->leading_html_start ) ); } $this->output[] = (array) $stack_top->block; } } /** * WP_Block_Parser_Block class. * * Required for backward compatibility in WordPress Core. */ require_once __DIR__ . '/class-wp-block-parser-block.php'; /** * WP_Block_Parser_Frame class. * * Required for backward compatibility in WordPress Core. */ require_once __DIR__ . '/class-wp-block-parser-frame.php'; HTTP/https-migration-20260605195123-20260610040414.php 0000666 00000011205 15226703613 0014137 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605145459-20260607034408.php 0000666 00000013341 15226703613 0014152 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260607133407.php 0000666 00000011205 15226703613 0012563 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/RawTextResponse-20260605010751.php 0000666 00000004027 15226703613 0012545 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Response for rax text * * This interface must be interoperable with Psr\Http\Message\ResponseInterface * @see https://www.php-fig.org/psr/psr-7/#33-psrhttpmessageresponseinterface * * @internal */ final class RawTextResponse implements Response { /** * @var string */ private $raw_text; /** * @var string */ private $permanent_url; /** * @var array<non-empty-array<string>> */ private $headers = []; /** * @var string */ private $requested_url; public function __construct(string $raw_text, string $filepath) { $this->raw_text = $raw_text; $this->permanent_url = $filepath; $this->requested_url = $filepath; } public function get_permanent_uri(): string { return $this->permanent_url; } public function get_final_requested_uri(): string { return $this->requested_url; } public function get_status_code(): int { return 200; } public function get_headers(): array { return $this->headers; } public function has_header(string $name): bool { return isset($this->headers[strtolower($name)]); } public function get_header(string $name): array { return isset($this->headers[strtolower($name)]) ? $this->headers[$name] : []; } public function with_header(string $name, $value) { $new = clone $this; $newHeader = [ strtolower($name) => (array) $value, ]; $new->headers = $newHeader + $this->headers; return $new; } public function get_header_line(string $name): string { return isset($this->headers[strtolower($name)]) ? implode(", ", $this->headers[$name]) : ''; } public function get_body_content(): string { return $this->raw_text; } } HTTP/https-detection-20260605171920.php 0000666 00000013341 15226703613 0012553 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605201111-20260608001811.php 0000666 00000013341 15226703613 0014115 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260608190617-20260610152729.php 0000666 00000011205 15226703613 0014162 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605212351-20260609150223.php 0000666 00000013341 15226703613 0014130 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605183129.php 0000666 00000013341 15226703613 0012557 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606064319.php 0000666 00000011205 15226703613 0012567 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605090837.php 0000666 00000013341 15226703613 0012562 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605080452.php 0000666 00000013341 15226703613 0012552 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/script-loader-react-refresh-runtime-20260613082431.php 0000666 00000000124 15226703613 0016406 0 ustar 00 <?php return array('dependencies' => array(), 'version' => '8f1acdfb845f670b0ef2'); HTTP/cache-20260605074603.php 0000666 00000032256 15226703613 0010506 0 ustar 00 <?php /** * Object Cache API * * @link https://developer.wordpress.org/reference/classes/wp_object_cache/ * * @package WordPress * @subpackage Cache */ /** WP_Object_Cache class */ require_once ABSPATH . WPINC . '/class-wp-object-cache.php'; /** * Sets up Object Cache Global and assigns it. * * @since 2.0.0 * * @global WP_Object_Cache $wp_object_cache */ function wp_cache_init() { $GLOBALS['wp_object_cache'] = new WP_Object_Cache(); } /** * Adds data to the cache, if the cache key doesn't already exist. * * @since 2.0.0 * * @see WP_Object_Cache::add() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The data to add to the cache. * @param string $group Optional. The group to add the cache to. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When the cache data should expire, in seconds. * Default 0 (no expiration). * @return bool True on success, false if cache key and group already exist. */ function wp_cache_add( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add( $key, $data, $group, (int) $expire ); } /** * Adds multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::add_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if cache key and group already exist. */ function wp_cache_add_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->add_multiple( $data, $group, (int) $expire ); } /** * Replaces the contents of the cache with new data. * * @since 2.0.0 * * @see WP_Object_Cache::replace() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache data that should be replaced. * @param mixed $data The new data to store in the cache. * @param string $group Optional. The group for the cache data that should be replaced. * Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True if contents were replaced, false if original value does not exist. */ function wp_cache_replace( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->replace( $key, $data, $group, (int) $expire ); } /** * Saves the data to the cache. * * Differs from wp_cache_add() and wp_cache_replace() in that it will always write data. * * @since 2.0.0 * * @see WP_Object_Cache::set() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to use for retrieval later. * @param mixed $data The contents to store in the cache. * @param string $group Optional. Where to group the cache contents. Enables the same key * to be used across groups. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True on success, false on failure. */ function wp_cache_set( $key, $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set( $key, $data, $group, (int) $expire ); } /** * Sets multiple values to the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::set_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false on failure. */ function wp_cache_set_multiple( array $data, $group = '', $expire = 0 ) { global $wp_object_cache; return $wp_object_cache->set_multiple( $data, $group, (int) $expire ); } /** * Retrieves the cache contents from the cache by key and group. * * @since 2.0.0 * * @see WP_Object_Cache::get() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @param bool|null $found Optional. Whether the key was found in the cache (passed by reference). * Disambiguates a return of false, a storable value. Default null. * @return mixed|false The cache contents on success, false on failure to retrieve contents. */ function wp_cache_get( $key, $group = '', $force = false, &$found = null ) { global $wp_object_cache; return $wp_object_cache->get( $key, $group, $force, $found ); } /** * Retrieves multiple values from the cache in one call. * * @since 5.5.0 * * @see WP_Object_Cache::get_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @return array Array of return values, grouped by key. Each value is either * the cache contents on success, or false on failure. */ function wp_cache_get_multiple( $keys, $group = '', $force = false ) { global $wp_object_cache; return $wp_object_cache->get_multiple( $keys, $group, $force ); } /** * Removes the cache contents matching key and group. * * @since 2.0.0 * * @see WP_Object_Cache::delete() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key What the contents in the cache are called. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool True on successful removal, false on failure. */ function wp_cache_delete( $key, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete( $key, $group ); } /** * Deletes multiple values from the cache in one call. * * @since 6.0.0 * * @see WP_Object_Cache::delete_multiple() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param array $keys Array of keys under which the cache to deleted. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if the contents were not deleted. */ function wp_cache_delete_multiple( array $keys, $group = '' ) { global $wp_object_cache; return $wp_object_cache->delete_multiple( $keys, $group ); } /** * Increments numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::incr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The key for the cache contents that should be incremented. * @param int $offset Optional. The amount by which to increment the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_incr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->incr( $key, $offset, $group ); } /** * Decrements numeric cache item's value. * * @since 3.3.0 * * @see WP_Object_Cache::decr() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int|string $key The cache key to decrement. * @param int $offset Optional. The amount by which to decrement the item's value. * Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return int|false The item's new value on success, false on failure. */ function wp_cache_decr( $key, $offset = 1, $group = '' ) { global $wp_object_cache; return $wp_object_cache->decr( $key, $offset, $group ); } /** * Removes all cache items. * * @since 2.0.0 * * @see WP_Object_Cache::flush() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @return bool True on success, false on failure. */ function wp_cache_flush() { global $wp_object_cache; return $wp_object_cache->flush(); } /** * Removes all cache items from the in-memory runtime cache. * * @since 6.0.0 * * @see WP_Object_Cache::flush() * * @return bool True on success, false on failure. */ function wp_cache_flush_runtime() { return wp_cache_flush(); } /** * Removes all cache items in a group, if the object cache implementation supports it. * * Before calling this function, always check for group flushing support using the * `wp_cache_supports( 'flush_group' )` function. * * @since 6.1.0 * * @see WP_Object_Cache::flush_group() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string $group Name of group to remove from cache. * @return bool True if group was flushed, false otherwise. */ function wp_cache_flush_group( $group ) { global $wp_object_cache; return $wp_object_cache->flush_group( $group ); } /** * Determines whether the object cache implementation supports a particular feature. * * @since 6.1.0 * * @param string $feature Name of the feature to check for. Possible values include: * 'add_multiple', 'set_multiple', 'get_multiple', 'delete_multiple', * 'flush_runtime', 'flush_group'. * @return bool True if the feature is supported, false otherwise. */ function wp_cache_supports( $feature ) { switch ( $feature ) { case 'add_multiple': case 'set_multiple': case 'get_multiple': case 'delete_multiple': case 'flush_runtime': case 'flush_group': return true; default: return false; } } /** * Closes the cache. * * This function has ceased to do anything since WordPress 2.5. The * functionality was removed along with the rest of the persistent cache. * * This does not mean that plugins can't implement this function when they need * to make sure that the cache is cleaned up after WordPress no longer needs it. * * @since 2.0.0 * * @return true Always returns true. */ function wp_cache_close() { return true; } /** * Adds a group or set of groups to the list of global groups. * * @since 2.6.0 * * @see WP_Object_Cache::add_global_groups() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_global_groups( $groups ) { global $wp_object_cache; $wp_object_cache->add_global_groups( $groups ); } /** * Adds a group or set of groups to the list of non-persistent groups. * * @since 2.6.0 * * @param string|string[] $groups A group or an array of groups to add. */ function wp_cache_add_non_persistent_groups( $groups ) { // Default cache doesn't persist so nothing to do here. } /** * Switches the internal blog ID. * * This changes the blog id used to create keys in blog specific groups. * * @since 3.5.0 * * @see WP_Object_Cache::switch_to_blog() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param int $blog_id Site ID. */ function wp_cache_switch_to_blog( $blog_id ) { global $wp_object_cache; $wp_object_cache->switch_to_blog( $blog_id ); } /** * Resets internal cache keys and structures. * * If the cache back end uses global blog or site IDs as part of its cache keys, * this function instructs the back end to reset those keys and perform any cleanup * since blog or site IDs have changed since cache init. * * This function is deprecated. Use wp_cache_switch_to_blog() instead of this * function when preparing the cache for a blog switch. For clearing the cache * during unit tests, consider using wp_cache_init(). wp_cache_init() is not * recommended outside of unit tests as the performance penalty for using it is high. * * @since 3.0.0 * @deprecated 3.5.0 Use wp_cache_switch_to_blog() * @see WP_Object_Cache::reset() * * @global WP_Object_Cache $wp_object_cache Object cache global instance. */ function wp_cache_reset() { _deprecated_function( __FUNCTION__, '3.5.0', 'wp_cache_switch_to_blog()' ); global $wp_object_cache; $wp_object_cache->reset(); } HTTP/https-detection-20260605221159-20260610042812.php 0000666 00000013341 15226703613 0014132 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606002332.php 0000666 00000013341 15226703613 0012542 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606153048.php 0000666 00000011205 15226703613 0012565 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605183318-20260609162808.php 0000666 00000011205 15226703613 0014166 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605102712.php 0000666 00000013341 15226703613 0012544 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605090903-20260607235116.php 0000666 00000011205 15226703613 0014152 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605182534-20260609095453.php 0000666 00000011205 15226703613 0014166 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605022840-20260610123351.php 0000666 00000013341 15226703613 0014124 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606015754.php 0000666 00000011205 15226703613 0012566 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605145758-20260610190707.php 0000666 00000013341 15226703613 0014153 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605034026-20260606150006.php 0000666 00000013341 15226703613 0014125 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605211544.php 0000666 00000013341 15226703613 0012550 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605181738.php 0000666 00000011205 15226703613 0012573 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605081053-20260607235111.php 0000666 00000011205 15226703613 0014141 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605183129-20260608115424.php 0000666 00000013341 15226703613 0014145 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605172212.php 0000666 00000013341 15226703613 0012546 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605170806-20260608083505.php 0000666 00000013341 15226703613 0014147 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605211407-20260608045812.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605234000.php 0000666 00000013341 15226703613 0012540 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-dependency-20260605033028.php 0000666 00000005111 15226703613 0013272 0 ustar 00 <?php /** * Dependencies API: _WP_Dependency class * * @since 4.7.0 * * @package WordPress * @subpackage Dependencies */ /** * Class _WP_Dependency * * Helper class to register a handle and associated data. * * @access private * @since 2.6.0 */ #[AllowDynamicProperties] class _WP_Dependency { /** * The handle name. * * @since 2.6.0 * @var string */ public $handle; /** * The handle source. * * If source is set to false, the item is an alias of other items it depends on. * * @since 2.6.0 * @var string|false */ public $src; /** * An array of handle dependencies. * * @since 2.6.0 * @var string[] */ public $deps = array(); /** * The handle version. * * Used for cache-busting. * * @since 2.6.0 * @var string|false|null */ public $ver = false; /** * Additional arguments for the handle. * * @since 2.6.0 * @var mixed */ public $args = null; // Custom property, such as $in_footer or $media. /** * Extra data to supply to the handle. * * @since 2.6.0 * @var array */ public $extra = array(); /** * Translation textdomain set for this dependency. * * @since 5.0.0 * @var string */ public $textdomain; /** * Translation path set for this dependency. * * @since 5.0.0 * @var string */ public $translations_path; /** * Setup dependencies. * * @since 2.6.0 * @since 5.3.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @param mixed ...$args Dependency information. */ public function __construct( ...$args ) { list( $this->handle, $this->src, $this->deps, $this->ver, $this->args ) = $args; if ( ! is_array( $this->deps ) ) { $this->deps = array(); } } /** * Add handle data. * * @since 2.6.0 * * @param string $name The data key to add. * @param mixed $data The data value to add. * @return bool False if not scalar, true otherwise. */ public function add_data( $name, $data ) { if ( ! is_scalar( $name ) ) { return false; } $this->extra[ $name ] = $data; return true; } /** * Sets the translation domain for this dependency. * * @since 5.0.0 * * @param string $domain The translation textdomain. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool False if $domain is not a string, true otherwise. */ public function set_translations( $domain, $path = '' ) { if ( ! is_string( $domain ) ) { return false; } $this->textdomain = $domain; $this->translations_path = $path; return true; } } HTTP/class-wp-oembed-20260605045838.php 0000666 00000075666 15226703613 0012451 0 ustar 00 <?php /** * API for fetching the HTML to embed remote content based on a provided URL * * Used internally by the WP_Embed class, but is designed to be generic. * * @link https://developer.wordpress.org/advanced-administration/wordpress/oembed/ * @link http://oembed.com/ * * @package WordPress * @subpackage oEmbed */ /** * Core class used to implement oEmbed functionality. * * @since 2.9.0 */ #[AllowDynamicProperties] class WP_oEmbed { /** * A list of oEmbed providers. * * @since 2.9.0 * @var array */ public $providers = array(); /** * A list of an early oEmbed providers. * * @since 4.0.0 * @var array */ public static $early_providers = array(); /** * A list of private/protected methods, used for backward compatibility. * * @since 4.2.0 * @var array */ private $compat_methods = array( '_fetch_with_format', '_parse_json', '_parse_xml', '_parse_xml_body' ); /** * Constructor. * * @since 2.9.0 */ public function __construct() { $host = urlencode( home_url() ); $providers = array( '#https?://((m|www)\.)?youtube\.com/watch.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/playlist.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/shorts/*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/live/*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://youtu\.be/.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://(.+\.)?vimeo\.com/.*#i' => array( 'https://vimeo.com/api/oembed.{format}', true ), '#https?://(www\.)?dailymotion\.com/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://dai\.ly/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://(www\.)?flickr\.com/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://flic\.kr/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://(.+\.)?smugmug\.com/.*#i' => array( 'https://api.smugmug.com/services/oembed/', true ), '#https?://(www\.)?scribd\.com/(doc|document)/.*#i' => array( 'https://www.scribd.com/services/oembed', true ), '#https?://wordpress\.tv/.*#i' => array( 'https://wordpress.tv/oembed/', true ), '#https?://(.+\.)?crowdsignal\.net/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(.+\.)?polldaddy\.com/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://poll\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(.+\.)?survey\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/status(es)?/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/likes$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/lists/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/timelines/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/i/moments/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?soundcloud\.com/.*#i' => array( 'https://soundcloud.com/oembed', true ), '#https?://(open|play)\.spotify\.com/.*#i' => array( 'https://embed.spotify.com/oembed/', true ), '#https?://(.+\.)?imgur\.com/.*#i' => array( 'https://api.imgur.com/oembed', true ), '#https?://(www\.)?issuu\.com/.+/docs/.+#i' => array( 'https://issuu.com/oembed_wp', true ), '#https?://(www\.)?mixcloud\.com/.*#i' => array( 'https://app.mixcloud.com/oembed/', true ), '#https?://(www\.|embed\.)?ted\.com/talks/.*#i' => array( 'https://www.ted.com/services/v1/oembed.{format}', true ), '#https?://(www\.)?(animoto|video214)\.com/play/.*#i' => array( 'https://animoto.com/oembeds/create', true ), '#https?://(.+)\.tumblr\.com/.*#i' => array( 'https://www.tumblr.com/oembed/1.0', true ), '#https?://(www\.)?kickstarter\.com/projects/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://kck\.st/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://cloudup\.com/.*#i' => array( 'https://cloudup.com/oembed', true ), '#https?://(www\.)?reverbnation\.com/.*#i' => array( 'https://www.reverbnation.com/oembed', true ), '#https?://videopress\.com/v/.*#' => array( 'https://public-api.wordpress.com/oembed/?for=' . $host, true ), '#https?://(www\.)?reddit\.com/r/[^/]+/comments/.*#i' => array( 'https://www.reddit.com/oembed', true ), '#https?://(www\.)?speakerdeck\.com/.*#i' => array( 'https://speakerdeck.com/oembed.{format}', true ), '#https?://([a-z0-9-]+\.)?amazon\.(com|com\.mx|com\.br|ca)/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.uk|de|fr|it|es|in|nl|ru)/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.jp|com\.au)/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://(www\.)?a\.co/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.to/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.eu/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://(www\.)?amzn\.in/.*#i' => array( 'https://read.amazon.in/kp/api/oembed', true ), '#https?://(www\.)?amzn\.asia/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://(www\.)?z\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://www\.someecards\.com/.+-cards/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://www\.someecards\.com/usercards/viewcard/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://some\.ly\/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://(www\.)?tiktok\.com/.*/video/.*#i' => array( 'https://www.tiktok.com/oembed', true ), '#https?://(www\.)?tiktok\.com/@.*#i' => array( 'https://www.tiktok.com/oembed', true ), '#https?://([a-z]{2}|www)\.pinterest\.com(\.(au|mx))?/.*#i' => array( 'https://www.pinterest.com/oembed.json', true ), '#https?://(www\.)?wolframcloud\.com/obj/.+#i' => array( 'https://www.wolframcloud.com/oembed', true ), '#https?://pca\.st/.+#i' => array( 'https://pca.st/oembed.json', true ), '#https?://((play|www)\.)?anghami\.com/.*#i' => array( 'https://api.anghami.com/rest/v1/oembed.view', true ), '#https?://bsky.app/profile/.*/post/.*#i' => array( 'https://embed.bsky.app/oembed', true ), '#https?://(www\.)?canva\.com/design/.*/view.*#i' => array( 'https://canva.com/_oembed', true ), ); if ( ! empty( self::$early_providers['add'] ) ) { foreach ( self::$early_providers['add'] as $format => $data ) { $providers[ $format ] = $data; } } if ( ! empty( self::$early_providers['remove'] ) ) { foreach ( self::$early_providers['remove'] as $format ) { unset( $providers[ $format ] ); } } self::$early_providers = array(); /** * Filters the list of sanctioned oEmbed providers. * * Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized * iframes. The providers in this list are sanctioned, meaning they are trusted and allowed to * embed any content, such as iframes, videos, JavaScript, and arbitrary HTML. * * Supported providers: * * | Provider | Flavor | Since | * | ------------ | ----------------------------------------- | ------- | * | Dailymotion | dailymotion.com | 2.9.0 | * | Flickr | flickr.com | 2.9.0 | * | Scribd | scribd.com | 2.9.0 | * | Vimeo | vimeo.com | 2.9.0 | * | WordPress.tv | wordpress.tv | 2.9.0 | * | YouTube | youtube.com/watch | 2.9.0 | * | Crowdsignal | polldaddy.com | 3.0.0 | * | SmugMug | smugmug.com | 3.0.0 | * | YouTube | youtu.be | 3.0.0 | * | Twitter | twitter.com | 3.4.0 | * | SoundCloud | soundcloud.com | 3.5.0 | * | Dailymotion | dai.ly | 3.6.0 | * | Flickr | flic.kr | 3.6.0 | * | Spotify | spotify.com | 3.6.0 | * | Imgur | imgur.com | 3.9.0 | * | Animoto | animoto.com | 4.0.0 | * | Animoto | video214.com | 4.0.0 | * | Issuu | issuu.com | 4.0.0 | * | Mixcloud | mixcloud.com | 4.0.0 | * | Crowdsignal | poll.fm | 4.0.0 | * | TED | ted.com | 4.0.0 | * | YouTube | youtube.com/playlist | 4.0.0 | * | Tumblr | tumblr.com | 4.2.0 | * | Kickstarter | kickstarter.com | 4.2.0 | * | Kickstarter | kck.st | 4.2.0 | * | Cloudup | cloudup.com | 4.3.0 | * | ReverbNation | reverbnation.com | 4.4.0 | * | VideoPress | videopress.com | 4.4.0 | * | Reddit | reddit.com | 4.4.0 | * | Speaker Deck | speakerdeck.com | 4.4.0 | * | Twitter | twitter.com/timelines | 4.5.0 | * | Twitter | twitter.com/moments | 4.5.0 | * | Twitter | twitter.com/user | 4.7.0 | * | Twitter | twitter.com/likes | 4.7.0 | * | Twitter | twitter.com/lists | 4.7.0 | * | Screencast | screencast.com | 4.8.0 | * | Amazon | amazon.com (com.mx, com.br, ca) | 4.9.0 | * | Amazon | amazon.de (fr, it, es, in, nl, ru, co.uk) | 4.9.0 | * | Amazon | amazon.co.jp (com.au) | 4.9.0 | * | Amazon | amazon.cn | 4.9.0 | * | Amazon | a.co | 4.9.0 | * | Amazon | amzn.to (eu, in, asia) | 4.9.0 | * | Amazon | z.cn | 4.9.0 | * | Someecards | someecards.com | 4.9.0 | * | Someecards | some.ly | 4.9.0 | * | Crowdsignal | survey.fm | 5.1.0 | * | TikTok | tiktok.com | 5.4.0 | * | Pinterest | pinterest.com | 5.9.0 | * | WolframCloud | wolframcloud.com | 5.9.0 | * | Pocket Casts | pocketcasts.com | 6.1.0 | * | Crowdsignal | crowdsignal.net | 6.2.0 | * | Anghami | anghami.com | 6.3.0 | * | Bluesky | bsky.app | 6.6.0 | * | Canva | canva.com | 6.8.0 | * * No longer supported providers: * * | Provider | Flavor | Since | Removed | * | ------------ | -------------------- | --------- | --------- | * | Qik | qik.com | 2.9.0 | 3.9.0 | * | Viddler | viddler.com | 2.9.0 | 4.0.0 | * | Revision3 | revision3.com | 2.9.0 | 4.2.0 | * | Blip | blip.tv | 2.9.0 | 4.4.0 | * | Rdio | rdio.com | 3.6.0 | 4.4.1 | * | Rdio | rd.io | 3.6.0 | 4.4.1 | * | Vine | vine.co | 4.1.0 | 4.9.0 | * | Photobucket | photobucket.com | 2.9.0 | 5.1.0 | * | Funny or Die | funnyordie.com | 3.0.0 | 5.1.0 | * | CollegeHumor | collegehumor.com | 4.0.0 | 5.3.1 | * | Hulu | hulu.com | 2.9.0 | 5.5.0 | * | Instagram | instagram.com | 3.5.0 | 5.5.2 | * | Instagram | instagr.am | 3.5.0 | 5.5.2 | * | Instagram TV | instagram.com | 5.1.0 | 5.5.2 | * | Instagram TV | instagr.am | 5.1.0 | 5.5.2 | * | Facebook | facebook.com | 4.7.0 | 5.5.2 | * | Meetup.com | meetup.com | 3.9.0 | 6.0.1 | * | Meetup.com | meetu.ps | 3.9.0 | 6.0.1 | * | SlideShare | slideshare.net | 3.5.0 | 6.6.0 | * | Screencast | screencast.com | 4.8.0 | 6.8.2 | * * @see wp_oembed_add_provider() * * @since 2.9.0 * * @param array[] $providers An array of arrays containing data about popular oEmbed providers. */ $this->providers = apply_filters( 'oembed_providers', $providers ); // Fix any embeds that contain new lines in the middle of the HTML which breaks wpautop(). add_filter( 'oembed_dataparse', array( $this, '_strip_newlines' ), 10, 3 ); } /** * Exposes private/protected methods for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( in_array( $name, $this->compat_methods, true ) ) { return $this->$name( ...$arguments ); } return false; } /** * Takes a URL and returns the corresponding oEmbed provider's URL, if there is one. * * @since 4.0.0 * * @see WP_oEmbed::discover() * * @param string $url The URL to the content. * @param string|array $args { * Optional. Additional provider arguments. Default empty. * * @type bool $discover Optional. Determines whether to attempt to discover link tags * at the given URL for an oEmbed provider when the provider URL * is not found in the built-in providers list. Default true. * } * @return string|false The oEmbed provider URL on success, false on failure. */ public function get_provider( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = false; if ( ! isset( $args['discover'] ) ) { $args['discover'] = true; } foreach ( $this->providers as $matchmask => $data ) { list( $providerurl, $regex ) = $data; // Turn the asterisk-type provider URLs into regex. if ( ! $regex ) { $matchmask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $matchmask ), '#' ) ) . '#i'; $matchmask = preg_replace( '|^#http\\\://|', '#https?\://', $matchmask ); } if ( preg_match( $matchmask, $url ) ) { $provider = str_replace( '{format}', 'json', $providerurl ); // JSON is easier to deal with than XML. break; } } if ( ! $provider && $args['discover'] ) { $provider = $this->discover( $url ); } return $provider; } /** * Adds an oEmbed provider. * * The provider is added just-in-time when wp_oembed_add_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time addition is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_add_provider() * * @param string $format Format of URL that this provider can handle. You can use * asterisks as wildcards. * @param string $provider The URL to the oEmbed provider.. * @param bool $regex Optional. Whether the $format parameter is in a regex format. * Default false. */ public static function _add_provider_early( $format, $provider, $regex = false ) { if ( empty( self::$early_providers['add'] ) ) { self::$early_providers['add'] = array(); } self::$early_providers['add'][ $format ] = array( $provider, $regex ); } /** * Removes an oEmbed provider. * * The provider is removed just-in-time when wp_oembed_remove_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time removal is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_remove_provider() * * @param string $format The format of URL that this provider can handle. You can use * asterisks as wildcards. */ public static function _remove_provider_early( $format ) { if ( empty( self::$early_providers['remove'] ) ) { self::$early_providers['remove'] = array(); } self::$early_providers['remove'][] = $format; } /** * Takes a URL and attempts to return the oEmbed data. * * @see WP_oEmbed::fetch() * * @since 4.8.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function get_data( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = $this->get_provider( $url, $args ); if ( ! $provider ) { return false; } $data = $this->fetch( $provider, $url, $args ); if ( false === $data ) { return false; } return $data; } /** * The do-it-all function that takes a URL and attempts to return the HTML. * * @see WP_oEmbed::fetch() * @see WP_oEmbed::data2html() * * @since 2.9.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return string|false The UNSANITIZED (and potentially unsafe) HTML that should be used to embed * on success, false on failure. */ public function get_html( $url, $args = '' ) { /** * Filters the oEmbed result before any HTTP requests are made. * * This allows one to short-circuit the default logic, perhaps by * replacing it with a routine that is more optimal for your setup. * * Returning a non-null value from the filter will effectively short-circuit retrieval * and return the passed value instead. * * @since 4.5.3 * * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. * Default null to continue retrieving the result. * @param string $url The URL to the content that should be attempted to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ $pre = apply_filters( 'pre_oembed_result', null, $url, $args ); if ( null !== $pre ) { return $pre; } $data = $this->get_data( $url, $args ); if ( false === $data ) { return false; } /** * Filters the HTML returned by the oEmbed provider. * * @since 2.9.0 * * @param string|false $data The returned oEmbed HTML (false if unsafe). * @param string $url URL of the content to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ return apply_filters( 'oembed_result', $this->data2html( $data, $url ), $url, $args ); } /** * Attempts to discover link tags at the given URL for an oEmbed provider. * * @since 2.9.0 * * @param string $url The URL that should be inspected for discovery `<link>` tags. * @return string|false The oEmbed provider URL on success, false on failure. */ public function discover( $url ) { $providers = array(); $args = array( 'limit_response_size' => 153600, // 150 KB ); /** * Filters oEmbed remote get arguments. * * @since 4.0.0 * * @see WP_Http::request() * * @param array $args oEmbed remote get arguments. * @param string $url URL to be inspected. */ $args = apply_filters( 'oembed_remote_get_args', $args, $url ); // Fetch URL content. $request = wp_safe_remote_get( $url, $args ); $html = wp_remote_retrieve_body( $request ); if ( $html ) { /** * Filters the link types that contain oEmbed provider URLs. * * @since 2.9.0 * * @param string[] $format Array of oEmbed link types. Accepts 'application/json+oembed', * 'text/xml+oembed', and 'application/xml+oembed' (incorrect, * used by at least Vimeo). */ $linktypes = apply_filters( 'oembed_linktypes', array( 'application/json+oembed' => 'json', 'text/xml+oembed' => 'xml', 'application/xml+oembed' => 'xml', ) ); // Strip <body>. $html_head_end = stripos( $html, '</head>' ); if ( $html_head_end ) { $html = substr( $html, 0, $html_head_end ); } // Do a quick check. $tagfound = false; foreach ( $linktypes as $linktype => $format ) { if ( stripos( $html, $linktype ) ) { $tagfound = true; break; } } if ( $tagfound && preg_match_all( '#<link([^<>]+)/?>#iU', $html, $links ) ) { foreach ( $links[1] as $link ) { $atts = shortcode_parse_atts( $link ); if ( ! empty( $atts['type'] ) && ! empty( $linktypes[ $atts['type'] ] ) && ! empty( $atts['href'] ) ) { $providers[ $linktypes[ $atts['type'] ] ] = htmlspecialchars_decode( $atts['href'] ); // Stop here if it's JSON (that's all we need). if ( 'json' === $linktypes[ $atts['type'] ] ) { break; } } } } } // JSON is preferred to XML. if ( ! empty( $providers['json'] ) ) { return $providers['json']; } elseif ( ! empty( $providers['xml'] ) ) { return $providers['xml']; } else { return false; } } /** * Connects to an oEmbed provider and returns the result. * * @since 2.9.0 * * @param string $provider The URL to the oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @param string|array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function fetch( $provider, $url, $args = '' ) { $args = wp_parse_args( $args, wp_embed_defaults( $url ) ); $provider = add_query_arg( 'maxwidth', (int) $args['width'], $provider ); $provider = add_query_arg( 'maxheight', (int) $args['height'], $provider ); $provider = add_query_arg( 'url', urlencode( $url ), $provider ); $provider = add_query_arg( 'dnt', 1, $provider ); /** * Filters the oEmbed URL to be fetched. * * @since 2.9.0 * @since 4.9.0 The `dnt` (Do Not Track) query parameter was added to all oEmbed provider URLs. * * @param string $provider URL of the oEmbed provider. * @param string $url URL of the content to be embedded. * @param array $args Optional. Additional arguments for retrieving embed HTML. * See wp_oembed_get() for accepted arguments. Default empty. */ $provider = apply_filters( 'oembed_fetch_url', $provider, $url, $args ); foreach ( array( 'json', 'xml' ) as $format ) { $result = $this->_fetch_with_format( $provider, $format ); if ( is_wp_error( $result ) && 'not-implemented' === $result->get_error_code() ) { continue; } return ( $result && ! is_wp_error( $result ) ) ? $result : false; } return false; } /** * Fetches result from an oEmbed provider for a specific format and complete provider URL * * @since 3.0.0 * * @param string $provider_url_with_args URL to the provider with full arguments list (url, maxheight, etc.) * @param string $format Format to use. * @return object|false|WP_Error The result in the form of an object on success, false on failure. */ private function _fetch_with_format( $provider_url_with_args, $format ) { $provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args ); /** This filter is documented in wp-includes/class-wp-oembed.php */ $args = apply_filters( 'oembed_remote_get_args', array(), $provider_url_with_args ); $response = wp_safe_remote_get( $provider_url_with_args, $args ); if ( 501 === wp_remote_retrieve_response_code( $response ) ) { return new WP_Error( 'not-implemented' ); } $body = wp_remote_retrieve_body( $response ); if ( ! $body ) { return false; } $parse_method = "_parse_$format"; return $this->$parse_method( $body ); } /** * Parses a json response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_json( $response_body ) { $data = json_decode( trim( $response_body ) ); return ( $data && is_object( $data ) ) ? $data : false; } /** * Parses an XML response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_xml( $response_body ) { if ( ! function_exists( 'libxml_disable_entity_loader' ) ) { return false; } if ( PHP_VERSION_ID < 80000 ) { /* * This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading * is disabled by default, so this function is no longer needed to protect against XXE attacks. */ $loader = libxml_disable_entity_loader( true ); } $errors = libxml_use_internal_errors( true ); $return = $this->_parse_xml_body( $response_body ); libxml_use_internal_errors( $errors ); if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) { // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated libxml_disable_entity_loader( $loader ); } return $return; } /** * Serves as a helper function for parsing an XML response body. * * @since 3.6.0 * * @param string $response_body * @return stdClass|false */ private function _parse_xml_body( $response_body ) { if ( ! function_exists( 'simplexml_import_dom' ) || ! class_exists( 'DOMDocument', false ) ) { return false; } $dom = new DOMDocument(); $success = $dom->loadXML( $response_body ); if ( ! $success ) { return false; } if ( isset( $dom->doctype ) ) { return false; } foreach ( $dom->childNodes as $child ) { if ( XML_DOCUMENT_TYPE_NODE === $child->nodeType ) { return false; } } $xml = simplexml_import_dom( $dom ); if ( ! $xml ) { return false; } $return = new stdClass(); foreach ( $xml as $key => $value ) { $return->$key = (string) $value; } return $return; } /** * Converts a data object from WP_oEmbed::fetch() and returns the HTML. * * @since 2.9.0 * * @param object $data A data object result from an oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @return string|false The HTML needed to embed on success, false on failure. */ public function data2html( $data, $url ) { if ( ! is_object( $data ) || empty( $data->type ) ) { return false; } $return = false; switch ( $data->type ) { case 'photo': if ( empty( $data->url ) || empty( $data->width ) || empty( $data->height ) ) { break; } if ( ! is_string( $data->url ) || ! is_numeric( $data->width ) || ! is_numeric( $data->height ) ) { break; } $title = ! empty( $data->title ) && is_string( $data->title ) ? $data->title : ''; $return = '<a href="' . esc_url( $url ) . '"><img src="' . esc_url( $data->url ) . '" alt="' . esc_attr( $title ) . '" width="' . esc_attr( $data->width ) . '" height="' . esc_attr( $data->height ) . '" /></a>'; break; case 'video': case 'rich': if ( ! empty( $data->html ) && is_string( $data->html ) ) { $return = $data->html; } break; case 'link': if ( ! empty( $data->title ) && is_string( $data->title ) ) { $return = '<a href="' . esc_url( $url ) . '">' . esc_html( $data->title ) . '</a>'; } break; default: $return = false; } /** * Filters the returned oEmbed HTML. * * Use this filter to add support for custom data types, or to filter the result. * * @since 2.9.0 * * @param string|false $return The returned oEmbed HTML, or false on failure. * @param object $data A data object result from an oEmbed provider. * @param string $url The URL of the content to be embedded. */ return apply_filters( 'oembed_dataparse', $return, $data, $url ); } /** * Strips any new lines from the HTML. * * @since 2.9.0 as strip_scribd_newlines() * @since 3.0.0 * * @param string|false $html Existing HTML. * @param object $data Data object from WP_oEmbed::data2html() * @param string $url The original URL passed to oEmbed. * @return string|false Possibly modified $html. */ public function _strip_newlines( $html, $data, $url ) { if ( ! str_contains( $html, "\n" ) ) { return $html; } $count = 1; $found = array(); $token = '__PRE__'; $search = array( "\t", "\n", "\r", ' ' ); $replace = array( '__TAB__', '__NL__', '__CR__', '__SPACE__' ); $tokenized = str_replace( $search, $replace, $html ); preg_match_all( '#(<pre[^>]*>.+?</pre>)#i', $tokenized, $matches, PREG_SET_ORDER ); foreach ( $matches as $i => $match ) { $tag_html = str_replace( $replace, $search, $match[0] ); $tag_token = $token . $i; $found[ $tag_token ] = $tag_html; $html = str_replace( $tag_html, $tag_token, $html, $count ); } $replaced = str_replace( $replace, $search, $html ); $stripped = str_replace( array( "\r\n", "\n" ), '', $replaced ); $pre = array_values( $found ); $tokens = array_keys( $found ); return str_replace( $tokens, $pre, $stripped ); } } HTTP/https-detection-20260605094635-20260606201116.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-customize-widgets-20260605054456.php 0000666 00000215637 15226703613 0014672 0 ustar 00 <?php /** * WordPress Customize Widgets classes * * @package WordPress * @subpackage Customize * @since 3.9.0 */ /** * Customize Widgets class. * * Implements widget management in the Customizer. * * @since 3.9.0 * * @see WP_Customize_Manager */ #[AllowDynamicProperties] final class WP_Customize_Widgets { /** * WP_Customize_Manager instance. * * @since 3.9.0 * @var WP_Customize_Manager */ public $manager; /** * All id_bases for widgets defined in core. * * @since 3.9.0 * @var array */ protected $core_widget_id_bases = array( 'archives', 'calendar', 'categories', 'custom_html', 'links', 'media_audio', 'media_image', 'media_video', 'meta', 'nav_menu', 'pages', 'recent-comments', 'recent-posts', 'rss', 'search', 'tag_cloud', 'text', ); /** * @since 3.9.0 * @var array */ protected $rendered_sidebars = array(); /** * @since 3.9.0 * @var array */ protected $rendered_widgets = array(); /** * @since 3.9.0 * @var array */ protected $old_sidebars_widgets = array(); /** * Mapping of widget ID base to whether it supports selective refresh. * * @since 4.5.0 * @var array */ protected $selective_refreshable_widgets; /** * Mapping of setting type to setting ID pattern. * * @since 4.2.0 * @var array */ protected $setting_id_patterns = array( 'widget_instance' => '/^widget_(?P<id_base>.+?)(?:\[(?P<widget_number>\d+)\])?$/', 'sidebar_widgets' => '/^sidebars_widgets\[(?P<sidebar_id>.+?)\]$/', ); /** * Initial loader. * * @since 3.9.0 * * @param WP_Customize_Manager $manager Customizer bootstrap instance. */ public function __construct( $manager ) { $this->manager = $manager; // See https://github.com/xwp/wp-customize-snapshots/blob/962586659688a5b1fd9ae93618b7ce2d4e7a421c/php/class-customize-snapshot-manager.php#L420-L449 add_filter( 'customize_dynamic_setting_args', array( $this, 'filter_customize_dynamic_setting_args' ), 10, 2 ); add_action( 'widgets_init', array( $this, 'register_settings' ), 95 ); add_action( 'customize_register', array( $this, 'schedule_customize_register' ), 1 ); // Skip remaining hooks when the user can't manage widgets anyway. if ( ! current_user_can( 'edit_theme_options' ) ) { return; } add_action( 'wp_loaded', array( $this, 'override_sidebars_widgets_for_theme_switch' ) ); add_action( 'customize_controls_init', array( $this, 'customize_controls_init' ) ); add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_scripts' ) ); add_action( 'customize_controls_print_styles', array( $this, 'print_styles' ) ); add_action( 'customize_controls_print_scripts', array( $this, 'print_scripts' ) ); add_action( 'customize_controls_print_footer_scripts', array( $this, 'print_footer_scripts' ) ); add_action( 'customize_controls_print_footer_scripts', array( $this, 'output_widget_control_templates' ) ); add_action( 'customize_preview_init', array( $this, 'customize_preview_init' ) ); add_filter( 'customize_refresh_nonces', array( $this, 'refresh_nonces' ) ); add_filter( 'should_load_block_editor_scripts_and_styles', array( $this, 'should_load_block_editor_scripts_and_styles' ) ); add_action( 'dynamic_sidebar', array( $this, 'tally_rendered_widgets' ) ); add_filter( 'is_active_sidebar', array( $this, 'tally_sidebars_via_is_active_sidebar_calls' ), 10, 2 ); add_filter( 'dynamic_sidebar_has_widgets', array( $this, 'tally_sidebars_via_dynamic_sidebar_calls' ), 10, 2 ); // Selective Refresh. add_filter( 'customize_dynamic_partial_args', array( $this, 'customize_dynamic_partial_args' ), 10, 2 ); add_action( 'customize_preview_init', array( $this, 'selective_refresh_init' ) ); } /** * List whether each registered widget can be use selective refresh. * * If the theme does not support the customize-selective-refresh-widgets feature, * then this will always return an empty array. * * @since 4.5.0 * * @global WP_Widget_Factory $wp_widget_factory * * @return array Mapping of id_base to support. If theme doesn't support * selective refresh, an empty array is returned. */ public function get_selective_refreshable_widgets() { global $wp_widget_factory; if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return array(); } if ( ! isset( $this->selective_refreshable_widgets ) ) { $this->selective_refreshable_widgets = array(); foreach ( $wp_widget_factory->widgets as $wp_widget ) { $this->selective_refreshable_widgets[ $wp_widget->id_base ] = ! empty( $wp_widget->widget_options['customize_selective_refresh'] ); } } return $this->selective_refreshable_widgets; } /** * Determines if a widget supports selective refresh. * * @since 4.5.0 * * @param string $id_base Widget ID Base. * @return bool Whether the widget can be selective refreshed. */ public function is_widget_selective_refreshable( $id_base ) { $selective_refreshable_widgets = $this->get_selective_refreshable_widgets(); return ! empty( $selective_refreshable_widgets[ $id_base ] ); } /** * Retrieves the widget setting type given a setting ID. * * @since 4.2.0 * * @param string $setting_id Setting ID. * @return string|void Setting type. */ protected function get_setting_type( $setting_id ) { static $cache = array(); if ( isset( $cache[ $setting_id ] ) ) { return $cache[ $setting_id ]; } foreach ( $this->setting_id_patterns as $type => $pattern ) { if ( preg_match( $pattern, $setting_id ) ) { $cache[ $setting_id ] = $type; return $type; } } } /** * Inspects the incoming customized data for any widget settings, and dynamically adds * them up-front so widgets will be initialized properly. * * @since 4.2.0 */ public function register_settings() { $widget_setting_ids = array(); $incoming_setting_ids = array_keys( $this->manager->unsanitized_post_values() ); foreach ( $incoming_setting_ids as $setting_id ) { if ( ! is_null( $this->get_setting_type( $setting_id ) ) ) { $widget_setting_ids[] = $setting_id; } } if ( $this->manager->doing_ajax( 'update-widget' ) && isset( $_REQUEST['widget-id'] ) ) { $widget_setting_ids[] = $this->get_setting_id( wp_unslash( $_REQUEST['widget-id'] ) ); } $settings = $this->manager->add_dynamic_settings( array_unique( $widget_setting_ids ) ); if ( $this->manager->settings_previewed() ) { foreach ( $settings as $setting ) { $setting->preview(); } } } /** * Determines the arguments for a dynamically-created setting. * * @since 4.2.0 * * @param false|array $args The arguments to the WP_Customize_Setting constructor. * @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`. * @return array|false Setting arguments, false otherwise. */ public function filter_customize_dynamic_setting_args( $args, $setting_id ) { if ( $this->get_setting_type( $setting_id ) ) { $args = $this->get_setting_args( $setting_id ); } return $args; } /** * Retrieves an unslashed post value or return a default. * * @since 3.9.0 * * @param string $name Post value. * @param mixed $default_value Default post value. * @return mixed Unslashed post value or default value. */ protected function get_post_value( $name, $default_value = null ) { if ( ! isset( $_POST[ $name ] ) ) { return $default_value; } return wp_unslash( $_POST[ $name ] ); } /** * Override sidebars_widgets for theme switch. * * When switching a theme via the Customizer, supply any previously-configured * sidebars_widgets from the target theme as the initial sidebars_widgets * setting. Also store the old theme's existing settings so that they can * be passed along for storing in the sidebars_widgets theme_mod when the * theme gets switched. * * @since 3.9.0 * * @global array $sidebars_widgets * @global array $_wp_sidebars_widgets */ public function override_sidebars_widgets_for_theme_switch() { global $sidebars_widgets; if ( $this->manager->doing_ajax() || $this->manager->is_theme_active() ) { return; } $this->old_sidebars_widgets = wp_get_sidebars_widgets(); add_filter( 'customize_value_old_sidebars_widgets_data', array( $this, 'filter_customize_value_old_sidebars_widgets_data' ) ); $this->manager->set_post_value( 'old_sidebars_widgets_data', $this->old_sidebars_widgets ); // Override any value cached in changeset. // retrieve_widgets() looks at the global $sidebars_widgets. $sidebars_widgets = $this->old_sidebars_widgets; $sidebars_widgets = retrieve_widgets( 'customize' ); add_filter( 'option_sidebars_widgets', array( $this, 'filter_option_sidebars_widgets_for_theme_switch' ), 1 ); // Reset global cache var used by wp_get_sidebars_widgets(). unset( $GLOBALS['_wp_sidebars_widgets'] ); } /** * Filters old_sidebars_widgets_data Customizer setting. * * When switching themes, filter the Customizer setting old_sidebars_widgets_data * to supply initial $sidebars_widgets before they were overridden by retrieve_widgets(). * The value for old_sidebars_widgets_data gets set in the old theme's sidebars_widgets * theme_mod. * * @since 3.9.0 * * @see WP_Customize_Widgets::handle_theme_switch() * * @param array $old_sidebars_widgets * @return array */ public function filter_customize_value_old_sidebars_widgets_data( $old_sidebars_widgets ) { return $this->old_sidebars_widgets; } /** * Filters sidebars_widgets option for theme switch. * * When switching themes, the retrieve_widgets() function is run when the Customizer initializes, * and then the new sidebars_widgets here get supplied as the default value for the sidebars_widgets * option. * * @since 3.9.0 * * @see WP_Customize_Widgets::handle_theme_switch() * @global array $sidebars_widgets * * @param array $sidebars_widgets * @return array */ public function filter_option_sidebars_widgets_for_theme_switch( $sidebars_widgets ) { $sidebars_widgets = $GLOBALS['sidebars_widgets']; $sidebars_widgets['array_version'] = 3; return $sidebars_widgets; } /** * Ensures all widgets get loaded into the Customizer. * * Note: these actions are also fired in wp_ajax_update_widget(). * * @since 3.9.0 */ public function customize_controls_init() { /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/widgets.php */ do_action( 'sidebar_admin_setup' ); } /** * Ensures widgets are available for all types of previews. * * When in preview, hook to {@see 'customize_register'} for settings after WordPress is loaded * so that all filters have been initialized (e.g. Widget Visibility). * * @since 3.9.0 */ public function schedule_customize_register() { if ( is_admin() ) { $this->customize_register(); } else { add_action( 'wp', array( $this, 'customize_register' ) ); } } /** * Registers Customizer settings and controls for all sidebars and widgets. * * @since 3.9.0 * * @global array $wp_registered_widgets * @global array $wp_registered_widget_controls * @global array $wp_registered_sidebars */ public function customize_register() { global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_sidebars; $use_widgets_block_editor = wp_use_widgets_block_editor(); add_filter( 'sidebars_widgets', array( $this, 'preview_sidebars_widgets' ), 1 ); $sidebars_widgets = array_merge( array( 'wp_inactive_widgets' => array() ), array_fill_keys( array_keys( $wp_registered_sidebars ), array() ), wp_get_sidebars_widgets() ); $new_setting_ids = array(); /* * Register a setting for all widgets, including those which are active, * inactive, and orphaned since a widget may get suppressed from a sidebar * via a plugin (like Widget Visibility). */ foreach ( array_keys( $wp_registered_widgets ) as $widget_id ) { $setting_id = $this->get_setting_id( $widget_id ); $setting_args = $this->get_setting_args( $setting_id ); if ( ! $this->manager->get_setting( $setting_id ) ) { $this->manager->add_setting( $setting_id, $setting_args ); } $new_setting_ids[] = $setting_id; } /* * Add a setting which will be supplied for the theme's sidebars_widgets * theme_mod when the theme is switched. */ if ( ! $this->manager->is_theme_active() ) { $setting_id = 'old_sidebars_widgets_data'; $setting_args = $this->get_setting_args( $setting_id, array( 'type' => 'global_variable', 'dirty' => true, ) ); $this->manager->add_setting( $setting_id, $setting_args ); } $this->manager->add_panel( 'widgets', array( 'type' => 'widgets', 'title' => __( 'Widgets' ), 'description' => __( 'Widgets are independent sections of content that can be placed into widgetized areas provided by your theme (commonly called sidebars).' ), 'priority' => 110, 'active_callback' => array( $this, 'is_panel_active' ), 'auto_expand_sole_section' => true, 'theme_supports' => 'widgets', ) ); foreach ( $sidebars_widgets as $sidebar_id => $sidebar_widget_ids ) { if ( empty( $sidebar_widget_ids ) ) { $sidebar_widget_ids = array(); } $is_registered_sidebar = is_registered_sidebar( $sidebar_id ); $is_inactive_widgets = ( 'wp_inactive_widgets' === $sidebar_id ); $is_active_sidebar = ( $is_registered_sidebar && ! $is_inactive_widgets ); // Add setting for managing the sidebar's widgets. if ( $is_registered_sidebar || $is_inactive_widgets ) { $setting_id = sprintf( 'sidebars_widgets[%s]', $sidebar_id ); $setting_args = $this->get_setting_args( $setting_id ); if ( ! $this->manager->get_setting( $setting_id ) ) { if ( ! $this->manager->is_theme_active() ) { $setting_args['dirty'] = true; } $this->manager->add_setting( $setting_id, $setting_args ); } $new_setting_ids[] = $setting_id; // Add section to contain controls. $section_id = sprintf( 'sidebar-widgets-%s', $sidebar_id ); if ( $is_active_sidebar ) { $section_args = array( 'title' => $wp_registered_sidebars[ $sidebar_id ]['name'], 'priority' => array_search( $sidebar_id, array_keys( $wp_registered_sidebars ), true ), 'panel' => 'widgets', 'sidebar_id' => $sidebar_id, ); if ( $use_widgets_block_editor ) { $section_args['description'] = ''; } else { $section_args['description'] = $wp_registered_sidebars[ $sidebar_id ]['description']; } /** * Filters Customizer widget section arguments for a given sidebar. * * @since 3.9.0 * * @param array $section_args Array of Customizer widget section arguments. * @param string $section_id Customizer section ID. * @param int|string $sidebar_id Sidebar ID. */ $section_args = apply_filters( 'customizer_widgets_section_args', $section_args, $section_id, $sidebar_id ); $section = new WP_Customize_Sidebar_Section( $this->manager, $section_id, $section_args ); $this->manager->add_section( $section ); if ( $use_widgets_block_editor ) { $control = new WP_Sidebar_Block_Editor_Control( $this->manager, $setting_id, array( 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'label' => $section_args['title'], 'description' => $section_args['description'], ) ); } else { $control = new WP_Widget_Area_Customize_Control( $this->manager, $setting_id, array( 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'priority' => count( $sidebar_widget_ids ), // place 'Add Widget' and 'Reorder' buttons at end. ) ); } $this->manager->add_control( $control ); $new_setting_ids[] = $setting_id; } } if ( ! $use_widgets_block_editor ) { // Add a control for each active widget (located in a sidebar). foreach ( $sidebar_widget_ids as $i => $widget_id ) { // Skip widgets that may have gone away due to a plugin being deactivated. if ( ! $is_active_sidebar || ! isset( $wp_registered_widgets[ $widget_id ] ) ) { continue; } $registered_widget = $wp_registered_widgets[ $widget_id ]; $setting_id = $this->get_setting_id( $widget_id ); $id_base = $wp_registered_widget_controls[ $widget_id ]['id_base']; $control = new WP_Widget_Form_Customize_Control( $this->manager, $setting_id, array( 'label' => $registered_widget['name'], 'section' => $section_id, 'sidebar_id' => $sidebar_id, 'widget_id' => $widget_id, 'widget_id_base' => $id_base, 'priority' => $i, 'width' => $wp_registered_widget_controls[ $widget_id ]['width'], 'height' => $wp_registered_widget_controls[ $widget_id ]['height'], 'is_wide' => $this->is_wide_widget( $widget_id ), ) ); $this->manager->add_control( $control ); } } } if ( $this->manager->settings_previewed() ) { foreach ( $new_setting_ids as $new_setting_id ) { $this->manager->get_setting( $new_setting_id )->preview(); } } } /** * Determines whether the widgets panel is active, based on whether there are sidebars registered. * * @since 4.4.0 * * @see WP_Customize_Panel::$active_callback * * @global array $wp_registered_sidebars * * @return bool Active. */ public function is_panel_active() { global $wp_registered_sidebars; return ! empty( $wp_registered_sidebars ); } /** * Converts a widget_id into its corresponding Customizer setting ID (option name). * * @since 3.9.0 * * @param string $widget_id Widget ID. * @return string Maybe-parsed widget ID. */ public function get_setting_id( $widget_id ) { $parsed_widget_id = $this->parse_widget_id( $widget_id ); $setting_id = sprintf( 'widget_%s', $parsed_widget_id['id_base'] ); if ( ! is_null( $parsed_widget_id['number'] ) ) { $setting_id .= sprintf( '[%d]', $parsed_widget_id['number'] ); } return $setting_id; } /** * Determines whether the widget is considered "wide". * * Core widgets which may have controls wider than 250, but can still be shown * in the narrow Customizer panel. The RSS and Text widgets in Core, for example, * have widths of 400 and yet they still render fine in the Customizer panel. * * This method will return all Core widgets as being not wide, but this can be * overridden with the {@see 'is_wide_widget_in_customizer'} filter. * * @since 3.9.0 * * @global array $wp_registered_widget_controls * * @param string $widget_id Widget ID. * @return bool Whether or not the widget is a "wide" widget. */ public function is_wide_widget( $widget_id ) { global $wp_registered_widget_controls; $parsed_widget_id = $this->parse_widget_id( $widget_id ); $width = $wp_registered_widget_controls[ $widget_id ]['width']; $is_core = in_array( $parsed_widget_id['id_base'], $this->core_widget_id_bases, true ); $is_wide = ( $width > 250 && ! $is_core ); /** * Filters whether the given widget is considered "wide". * * @since 3.9.0 * * @param bool $is_wide Whether the widget is wide, Default false. * @param string $widget_id Widget ID. */ return apply_filters( 'is_wide_widget_in_customizer', $is_wide, $widget_id ); } /** * Converts a widget ID into its id_base and number components. * * @since 3.9.0 * * @param string $widget_id Widget ID. * @return array Array containing a widget's id_base and number components. */ public function parse_widget_id( $widget_id ) { $parsed = array( 'number' => null, 'id_base' => null, ); if ( preg_match( '/^(.+)-(\d+)$/', $widget_id, $matches ) ) { $parsed['id_base'] = $matches[1]; $parsed['number'] = (int) $matches[2]; } else { // Likely an old single widget. $parsed['id_base'] = $widget_id; } return $parsed; } /** * Converts a widget setting ID (option path) to its id_base and number components. * * @since 3.9.0 * * @param string $setting_id Widget setting ID. * @return array|WP_Error Array containing a widget's id_base and number components, * or a WP_Error object. */ public function parse_widget_setting_id( $setting_id ) { if ( ! preg_match( '/^(widget_(.+?))(?:\[(\d+)\])?$/', $setting_id, $matches ) ) { return new WP_Error( 'widget_setting_invalid_id' ); } $id_base = $matches[2]; $number = isset( $matches[3] ) ? (int) $matches[3] : null; return compact( 'id_base', 'number' ); } /** * Calls admin_print_styles-widgets.php and admin_print_styles hooks to * allow custom styles from plugins. * * @since 3.9.0 */ public function print_styles() { /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_styles-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_styles' ); } /** * Calls admin_print_scripts-widgets.php and admin_print_scripts hooks to * allow custom scripts from plugins. * * @since 3.9.0 */ public function print_scripts() { /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_print_scripts' ); } /** * Enqueues scripts and styles for Customizer panel and export data to JavaScript. * * @since 3.9.0 * * @global WP_Scripts $wp_scripts * @global array $wp_registered_sidebars * @global array $wp_registered_widgets */ public function enqueue_scripts() { global $wp_scripts, $wp_registered_sidebars, $wp_registered_widgets; wp_enqueue_style( 'customize-widgets' ); wp_enqueue_script( 'customize-widgets' ); /** This action is documented in wp-admin/admin-header.php */ do_action( 'admin_enqueue_scripts', 'widgets.php' ); /* * Export available widgets with control_tpl removed from model * since plugins need templates to be in the DOM. */ $available_widgets = array(); foreach ( $this->get_available_widgets() as $available_widget ) { unset( $available_widget['control_tpl'] ); $available_widgets[] = $available_widget; } $widget_reorder_nav_tpl = sprintf( '<div class="widget-reorder-nav"><span class="move-widget" tabindex="0">%1$s</span><span class="move-widget-down" tabindex="0">%2$s</span><span class="move-widget-up" tabindex="0">%3$s</span></div>', __( 'Move to another area…' ), __( 'Move down' ), __( 'Move up' ) ); $move_widget_area_tpl = str_replace( array( '{description}', '{btn}' ), array( __( 'Select an area to move this widget into:' ), _x( 'Move', 'Move widget' ), ), '<div class="move-widget-area"> <p class="description">{description}</p> <ul class="widget-area-select"> <% _.each( sidebars, function ( sidebar ){ %> <li class="" data-id="<%- sidebar.id %>" tabindex="0"> <div><strong><%- sidebar.name %></strong></div> <div><%- sidebar.description %></div> </li> <% }); %> </ul> <div class="move-widget-actions"> <button class="move-widget-btn button" type="button">{btn}</button> </div> </div>' ); /* * Gather all strings in PHP that may be needed by JS on the client. * Once JS i18n is implemented (in #20491), this can be removed. */ $some_non_rendered_areas_messages = array(); $some_non_rendered_areas_messages[1] = html_entity_decode( __( 'Your theme has 1 other widget area, but this particular page does not display it.' ), ENT_QUOTES, get_bloginfo( 'charset' ) ); $registered_sidebar_count = count( $wp_registered_sidebars ); for ( $non_rendered_count = 2; $non_rendered_count < $registered_sidebar_count; $non_rendered_count++ ) { $some_non_rendered_areas_messages[ $non_rendered_count ] = html_entity_decode( sprintf( /* translators: %s: The number of other widget areas registered but not rendered. */ _n( 'Your theme has %s other widget area, but this particular page does not display it.', 'Your theme has %s other widget areas, but this particular page does not display them.', $non_rendered_count ), number_format_i18n( $non_rendered_count ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } if ( 1 === $registered_sidebar_count ) { $no_areas_shown_message = html_entity_decode( sprintf( __( 'Your theme has 1 widget area, but this particular page does not display it.' ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } else { $no_areas_shown_message = html_entity_decode( sprintf( /* translators: %s: The total number of widget areas registered. */ _n( 'Your theme has %s widget area, but this particular page does not display it.', 'Your theme has %s widget areas, but this particular page does not display them.', $registered_sidebar_count ), number_format_i18n( $registered_sidebar_count ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); } $settings = array( 'registeredSidebars' => array_values( $wp_registered_sidebars ), 'registeredWidgets' => $wp_registered_widgets, 'availableWidgets' => $available_widgets, // @todo Merge this with registered_widgets. 'l10n' => array( 'saveBtnLabel' => __( 'Apply' ), 'saveBtnTooltip' => __( 'Save and preview changes before publishing them.' ), 'removeBtnLabel' => __( 'Remove' ), 'removeBtnTooltip' => __( 'Keep widget settings and move it to the inactive widgets' ), 'error' => __( 'An error has occurred. Please reload the page and try again.' ), 'widgetMovedUp' => __( 'Widget moved up' ), 'widgetMovedDown' => __( 'Widget moved down' ), 'navigatePreview' => __( 'You can navigate to other pages on your site while using the Customizer to view and edit the widgets displayed on those pages.' ), 'someAreasShown' => $some_non_rendered_areas_messages, 'noAreasShown' => $no_areas_shown_message, 'reorderModeOn' => __( 'Reorder mode enabled' ), 'reorderModeOff' => __( 'Reorder mode closed' ), 'reorderLabelOn' => esc_attr__( 'Reorder widgets' ), /* translators: %d: The number of widgets found. */ 'widgetsFound' => __( 'Number of widgets found: %d' ), 'noWidgetsFound' => __( 'No widgets found.' ), ), 'tpl' => array( 'widgetReorderNav' => $widget_reorder_nav_tpl, 'moveWidgetArea' => $move_widget_area_tpl, ), 'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(), ); foreach ( $settings['registeredWidgets'] as &$registered_widget ) { unset( $registered_widget['callback'] ); // May not be JSON-serializable. } $wp_scripts->add_data( 'customize-widgets', 'data', sprintf( 'var _wpCustomizeWidgetsSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); /* * TODO: Update 'wp-customize-widgets' to not rely so much on things in * 'customize-widgets'. This will let us skip most of the above and not * enqueue 'customize-widgets' which saves bytes. */ if ( wp_use_widgets_block_editor() ) { $block_editor_context = new WP_Block_Editor_Context( array( 'name' => 'core/customize-widgets', ) ); $editor_settings = get_block_editor_settings( get_legacy_widget_block_editor_settings(), $block_editor_context ); wp_add_inline_script( 'wp-customize-widgets', sprintf( 'wp.domReady( function() { wp.customizeWidgets.initialize( "widgets-customizer", %s ); } );', wp_json_encode( $editor_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); // Preload server-registered block schemas. wp_add_inline_script( 'wp-blocks', 'wp.blocks.unstable__bootstrapServerSideBlockDefinitions(' . wp_json_encode( get_block_editor_server_block_settings(), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ');' ); // Preload server-registered block bindings sources. $registered_sources = get_all_registered_block_bindings_sources(); if ( ! empty( $registered_sources ) ) { $filtered_sources = array(); foreach ( $registered_sources as $source ) { $filtered_sources[] = array( 'name' => $source->name, 'label' => $source->label, 'usesContext' => $source->uses_context, ); } $script = sprintf( 'for ( const source of %s ) { wp.blocks.registerBlockBindingsSource( source ); }', wp_json_encode( $filtered_sources, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); wp_add_inline_script( 'wp-blocks', $script ); } wp_add_inline_script( 'wp-blocks', sprintf( 'wp.blocks.setCategories( %s );', wp_json_encode( get_block_categories( $block_editor_context ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); wp_enqueue_script( 'wp-customize-widgets' ); wp_enqueue_style( 'wp-customize-widgets' ); /** This action is documented in edit-form-blocks.php */ do_action( 'enqueue_block_editor_assets' ); } } /** * Renders the widget form control templates into the DOM. * * @since 3.9.0 */ public function output_widget_control_templates() { ?> <div id="widgets-left"><!-- compatibility with JS which looks for widget templates here --> <div id="available-widgets"> <div class="customize-section-title"> <button class="customize-section-back" tabindex="-1"> <span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Back' ); ?> </span> </button> <h3> <span class="customize-action"> <?php $panel = $this->manager->get_panel( 'widgets' ); $panel_title = isset( $panel->title ) ? $panel->title : __( 'Widgets' ); /* translators: ▸ is the unicode right-pointing triangle. %s: Section title in the Customizer. */ printf( __( 'Customizing ▸ %s' ), esc_html( $panel_title ) ); ?> </span> <?php _e( 'Add a Widget' ); ?> </h3> </div> <div id="available-widgets-filter"> <label for="widgets-search"> <?php /* translators: Hidden accessibility text. */ _e( 'Search Widgets' ); ?> </label> <input type="text" id="widgets-search" aria-describedby="widgets-search-desc" /> <div class="search-icon" aria-hidden="true"></div> <button type="button" class="clear-results"><span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Clear Results' ); ?> </span></button> <p class="screen-reader-text" id="widgets-search-desc"> <?php /* translators: Hidden accessibility text. */ _e( 'The search results will be updated as you type.' ); ?> </p> </div> <div id="available-widgets-list"> <?php foreach ( $this->get_available_widgets() as $available_widget ) : ?> <div id="widget-tpl-<?php echo esc_attr( $available_widget['id'] ); ?>" data-widget-id="<?php echo esc_attr( $available_widget['id'] ); ?>" class="widget-tpl <?php echo esc_attr( $available_widget['id'] ); ?>" tabindex="0"> <?php echo $available_widget['control_tpl']; ?> </div> <?php endforeach; ?> <p class="no-widgets-found-message"><?php _e( 'No widgets found.' ); ?></p> </div><!-- #available-widgets-list --> </div><!-- #available-widgets --> </div><!-- #widgets-left --> <?php } /** * Calls admin_print_footer_scripts and admin_print_scripts hooks to * allow custom scripts from plugins. * * @since 3.9.0 */ public function print_footer_scripts() { /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_print_footer_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_print_footer_scripts' ); /** This action is documented in wp-admin/admin-footer.php */ do_action( 'admin_footer-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores } /** * Retrieves common arguments to supply when constructing a Customizer setting. * * @since 3.9.0 * * @param string $id Widget setting ID. * @param array $overrides Array of setting overrides. * @return array Possibly modified setting arguments. */ public function get_setting_args( $id, $overrides = array() ) { $args = array( 'type' => 'option', 'capability' => 'edit_theme_options', 'default' => array(), ); if ( preg_match( $this->setting_id_patterns['sidebar_widgets'], $id, $matches ) ) { $args['sanitize_callback'] = array( $this, 'sanitize_sidebar_widgets' ); $args['sanitize_js_callback'] = array( $this, 'sanitize_sidebar_widgets_js_instance' ); $args['transport'] = current_theme_supports( 'customize-selective-refresh-widgets' ) ? 'postMessage' : 'refresh'; } elseif ( preg_match( $this->setting_id_patterns['widget_instance'], $id, $matches ) ) { $id_base = $matches['id_base']; $args['sanitize_callback'] = function ( $value ) use ( $id_base ) { return $this->sanitize_widget_instance( $value, $id_base ); }; $args['sanitize_js_callback'] = function ( $value ) use ( $id_base ) { return $this->sanitize_widget_js_instance( $value, $id_base ); }; $args['transport'] = $this->is_widget_selective_refreshable( $matches['id_base'] ) ? 'postMessage' : 'refresh'; } $args = array_merge( $args, $overrides ); /** * Filters the common arguments supplied when constructing a Customizer setting. * * @since 3.9.0 * * @see WP_Customize_Setting * * @param array $args Array of Customizer setting arguments. * @param string $id Widget setting ID. */ return apply_filters( 'widget_customizer_setting_args', $args, $id ); } /** * Ensures sidebar widget arrays only ever contain widget IDS. * * Used as the 'sanitize_callback' for each $sidebars_widgets setting. * * @since 3.9.0 * * @param string[] $widget_ids Array of widget IDs. * @return string[] Array of sanitized widget IDs. */ public function sanitize_sidebar_widgets( $widget_ids ) { $widget_ids = array_map( 'strval', (array) $widget_ids ); $sanitized_widget_ids = array(); foreach ( $widget_ids as $widget_id ) { $sanitized_widget_ids[] = preg_replace( '/[^a-z0-9_\-]/', '', $widget_id ); } return $sanitized_widget_ids; } /** * Builds up an index of all available widgets for use in Backbone models. * * @since 3.9.0 * * @global array $wp_registered_widgets * @global array $wp_registered_widget_controls * * @see wp_list_widgets() * * @return array List of available widgets. */ public function get_available_widgets() { static $available_widgets = array(); if ( ! empty( $available_widgets ) ) { return $available_widgets; } global $wp_registered_widgets, $wp_registered_widget_controls; require_once ABSPATH . 'wp-admin/includes/widgets.php'; // For next_widget_id_number(). $sort = $wp_registered_widgets; usort( $sort, array( $this, '_sort_name_callback' ) ); $done = array(); foreach ( $sort as $widget ) { if ( in_array( $widget['callback'], $done, true ) ) { // We already showed this multi-widget. continue; } $sidebar = is_active_widget( $widget['callback'], $widget['id'], false, false ); $done[] = $widget['callback']; if ( ! isset( $widget['params'][0] ) ) { $widget['params'][0] = array(); } $available_widget = $widget; unset( $available_widget['callback'] ); // Not serializable to JSON. $args = array( 'widget_id' => $widget['id'], 'widget_name' => $widget['name'], '_display' => 'template', ); $is_disabled = false; $is_multi_widget = ( isset( $wp_registered_widget_controls[ $widget['id'] ]['id_base'] ) && isset( $widget['params'][0]['number'] ) ); if ( $is_multi_widget ) { $id_base = $wp_registered_widget_controls[ $widget['id'] ]['id_base']; $args['_temp_id'] = "$id_base-__i__"; $args['_multi_num'] = next_widget_id_number( $id_base ); $args['_add'] = 'multi'; } else { $args['_add'] = 'single'; if ( $sidebar && 'wp_inactive_widgets' !== $sidebar ) { $is_disabled = true; } $id_base = $widget['id']; } $list_widget_controls_args = wp_list_widget_controls_dynamic_sidebar( array( 0 => $args, 1 => $widget['params'][0], ) ); $control_tpl = $this->get_widget_control( $list_widget_controls_args ); // The properties here are mapped to the Backbone Widget model. $available_widget = array_merge( $available_widget, array( 'temp_id' => isset( $args['_temp_id'] ) ? $args['_temp_id'] : null, 'is_multi' => $is_multi_widget, 'control_tpl' => $control_tpl, 'multi_number' => ( 'multi' === $args['_add'] ) ? $args['_multi_num'] : false, 'is_disabled' => $is_disabled, 'id_base' => $id_base, 'transport' => $this->is_widget_selective_refreshable( $id_base ) ? 'postMessage' : 'refresh', 'width' => $wp_registered_widget_controls[ $widget['id'] ]['width'], 'height' => $wp_registered_widget_controls[ $widget['id'] ]['height'], 'is_wide' => $this->is_wide_widget( $widget['id'] ), ) ); $available_widgets[] = $available_widget; } return $available_widgets; } /** * Naturally orders available widgets by name. * * @since 3.9.0 * * @param array $widget_a The first widget to compare. * @param array $widget_b The second widget to compare. * @return int Reorder position for the current widget comparison. */ protected function _sort_name_callback( $widget_a, $widget_b ) { return strnatcasecmp( $widget_a['name'], $widget_b['name'] ); } /** * Retrieves the widget control markup. * * @since 3.9.0 * * @param array $args Widget control arguments. * @return string Widget control form HTML markup. */ public function get_widget_control( $args ) { $args[0]['before_form'] = '<div class="form">'; $args[0]['after_form'] = '</div><!-- .form -->'; $args[0]['before_widget_content'] = '<div class="widget-content">'; $args[0]['after_widget_content'] = '</div><!-- .widget-content -->'; ob_start(); wp_widget_control( ...$args ); $control_tpl = ob_get_clean(); return $control_tpl; } /** * Retrieves the widget control markup parts. * * @since 4.4.0 * * @param array $args Widget control arguments. * @return array { * @type string $control Markup for widget control wrapping form. * @type string $content The contents of the widget form itself. * } */ public function get_widget_control_parts( $args ) { $args[0]['before_widget_content'] = '<div class="widget-content">'; $args[0]['after_widget_content'] = '</div><!-- .widget-content -->'; $control_markup = $this->get_widget_control( $args ); $content_start_pos = strpos( $control_markup, $args[0]['before_widget_content'] ); $content_end_pos = strrpos( $control_markup, $args[0]['after_widget_content'] ); $control = substr( $control_markup, 0, $content_start_pos + strlen( $args[0]['before_widget_content'] ) ); $control .= substr( $control_markup, $content_end_pos ); $content = trim( substr( $control_markup, $content_start_pos + strlen( $args[0]['before_widget_content'] ), $content_end_pos - $content_start_pos - strlen( $args[0]['before_widget_content'] ) ) ); return compact( 'control', 'content' ); } /** * Adds hooks for the Customizer preview. * * @since 3.9.0 */ public function customize_preview_init() { add_action( 'wp_enqueue_scripts', array( $this, 'customize_preview_enqueue' ) ); add_action( 'wp_print_styles', array( $this, 'print_preview_css' ), 1 ); add_action( 'wp_footer', array( $this, 'export_preview_data' ), 20 ); } /** * Refreshes the nonce for widget updates. * * @since 4.2.0 * * @param array $nonces Array of nonces. * @return array Array of nonces. */ public function refresh_nonces( $nonces ) { $nonces['update-widget'] = wp_create_nonce( 'update-widget' ); return $nonces; } /** * Tells the script loader to load the scripts and styles of custom blocks * if the widgets block editor is enabled. * * @since 5.8.0 * * @param bool $is_block_editor_screen Current decision about loading block assets. * @return bool Filtered decision about loading block assets. */ public function should_load_block_editor_scripts_and_styles( $is_block_editor_screen ) { if ( wp_use_widgets_block_editor() ) { return true; } return $is_block_editor_screen; } /** * When previewing, ensures the proper previewing widgets are used. * * Because wp_get_sidebars_widgets() gets called early at {@see 'init' } (via * wp_convert_widget_settings()) and can set global variable `$_wp_sidebars_widgets` * to the value of `get_option( 'sidebars_widgets' )` before the Customizer preview * filter is added, it has to be reset after the filter has been added. * * @since 3.9.0 * * @param array $sidebars_widgets List of widgets for the current sidebar. * @return array */ public function preview_sidebars_widgets( $sidebars_widgets ) { $sidebars_widgets = get_option( 'sidebars_widgets', array() ); unset( $sidebars_widgets['array_version'] ); return $sidebars_widgets; } /** * Enqueues scripts for the Customizer preview. * * @since 3.9.0 */ public function customize_preview_enqueue() { wp_enqueue_script( 'customize-preview-widgets' ); } /** * Inserts default style for highlighted widget at early point so theme * stylesheet can override. * * @since 3.9.0 */ public function print_preview_css() { ?> <style> .widget-customizer-highlighted-widget { outline: none; -webkit-box-shadow: 0 0 2px rgba(30, 140, 190, 0.8); box-shadow: 0 0 2px rgba(30, 140, 190, 0.8); position: relative; z-index: 1; } </style> <?php } /** * Communicates the sidebars that appeared on the page at the very end of the page, * and at the very end of the wp_footer, * * @since 3.9.0 * * @global array $wp_registered_sidebars * @global array $wp_registered_widgets */ public function export_preview_data() { global $wp_registered_sidebars, $wp_registered_widgets; $switched_locale = switch_to_user_locale( get_current_user_id() ); $l10n = array( 'widgetTooltip' => __( 'Shift-click to edit this widget.' ), ); if ( $switched_locale ) { restore_previous_locale(); } $rendered_sidebars = array_filter( $this->rendered_sidebars ); $rendered_widgets = array_filter( $this->rendered_widgets ); // Prepare Customizer settings to pass to JavaScript. $settings = array( 'renderedSidebars' => array_fill_keys( array_keys( $rendered_sidebars ), true ), 'renderedWidgets' => array_fill_keys( array_keys( $rendered_widgets ), true ), 'registeredSidebars' => array_values( $wp_registered_sidebars ), 'registeredWidgets' => $wp_registered_widgets, 'l10n' => $l10n, 'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(), ); foreach ( $settings['registeredWidgets'] as &$registered_widget ) { unset( $registered_widget['callback'] ); // May not be JSON-serializable. } wp_print_inline_script_tag( sprintf( 'var _wpWidgetCustomizerPreviewSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) . "\n//# sourceURL=" . rawurlencode( __METHOD__ ) ); } /** * Tracks the widgets that were rendered. * * @since 3.9.0 * * @param array $widget Rendered widget to tally. */ public function tally_rendered_widgets( $widget ) { $this->rendered_widgets[ $widget['id'] ] = true; } /** * Determine if a widget is rendered on the page. * * @since 4.0.0 * * @param string $widget_id Widget ID to check. * @return bool Whether the widget is rendered. */ public function is_widget_rendered( $widget_id ) { return ! empty( $this->rendered_widgets[ $widget_id ] ); } /** * Determines if a sidebar is rendered on the page. * * @since 4.0.0 * * @param string $sidebar_id Sidebar ID to check. * @return bool Whether the sidebar is rendered. */ public function is_sidebar_rendered( $sidebar_id ) { return ! empty( $this->rendered_sidebars[ $sidebar_id ] ); } /** * Tallies the sidebars rendered via is_active_sidebar(). * * Keep track of the times that is_active_sidebar() is called in the template, * and assume that this means that the sidebar would be rendered on the template * if there were widgets populating it. * * @since 3.9.0 * * @param bool $is_active Whether the sidebar is active. * @param string $sidebar_id Sidebar ID. * @return bool Whether the sidebar is active. */ public function tally_sidebars_via_is_active_sidebar_calls( $is_active, $sidebar_id ) { if ( is_registered_sidebar( $sidebar_id ) ) { $this->rendered_sidebars[ $sidebar_id ] = true; } /* * We may need to force this to true, and also force-true the value * for 'dynamic_sidebar_has_widgets' if we want to ensure that there * is an area to drop widgets into, if the sidebar is empty. */ return $is_active; } /** * Tallies the sidebars rendered via dynamic_sidebar(). * * Keep track of the times that dynamic_sidebar() is called in the template, * and assume this means the sidebar would be rendered on the template if * there were widgets populating it. * * @since 3.9.0 * * @param bool $has_widgets Whether the current sidebar has widgets. * @param string $sidebar_id Sidebar ID. * @return bool Whether the current sidebar has widgets. */ public function tally_sidebars_via_dynamic_sidebar_calls( $has_widgets, $sidebar_id ) { if ( is_registered_sidebar( $sidebar_id ) ) { $this->rendered_sidebars[ $sidebar_id ] = true; } /* * We may need to force this to true, and also force-true the value * for 'is_active_sidebar' if we want to ensure there is an area to * drop widgets into, if the sidebar is empty. */ return $has_widgets; } /** * Retrieves MAC for a serialized widget instance string. * * Allows values posted back from JS to be rejected if any tampering of the * data has occurred. * * @since 3.9.0 * * @param string $serialized_instance Widget instance. * @return string MAC for serialized widget instance. */ protected function get_instance_hash_key( $serialized_instance ) { return wp_hash( $serialized_instance ); } /** * Sanitizes a widget instance. * * Unserialize the JS-instance for storing in the options. It's important that this filter * only get applied to an instance *once*. * * @since 3.9.0 * @since 5.8.0 Added the `$id_base` parameter. * * @global WP_Widget_Factory $wp_widget_factory * * @param array $value Widget instance to sanitize. * @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null. * @return array|void Sanitized widget instance. */ public function sanitize_widget_instance( $value, $id_base = null ) { global $wp_widget_factory; if ( array() === $value ) { return $value; } if ( isset( $value['raw_instance'] ) && $id_base && wp_use_widgets_block_editor() ) { $widget_object = $wp_widget_factory->get_widget_object( $id_base ); if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) { if ( 'block' === $id_base && ! current_user_can( 'unfiltered_html' ) ) { /* * The content of the 'block' widget is not filtered on the fly while editing. * Filter the content here to prevent vulnerabilities. */ $value['raw_instance']['content'] = wp_kses_post( $value['raw_instance']['content'] ); } return $value['raw_instance']; } } if ( empty( $value['is_widget_customizer_js_value'] ) || empty( $value['instance_hash_key'] ) || empty( $value['encoded_serialized_instance'] ) ) { return; } $decoded = base64_decode( $value['encoded_serialized_instance'], true ); if ( false === $decoded ) { return; } if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) { return; } $instance = unserialize( $decoded ); if ( false === $instance ) { return; } return $instance; } /** * Converts a widget instance into JSON-representable format. * * @since 3.9.0 * @since 5.8.0 Added the `$id_base` parameter. * * @global WP_Widget_Factory $wp_widget_factory * * @param array $value Widget instance to convert to JSON. * @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null. * @return array JSON-converted widget instance. */ public function sanitize_widget_js_instance( $value, $id_base = null ) { global $wp_widget_factory; if ( empty( $value['is_widget_customizer_js_value'] ) ) { $serialized = serialize( $value ); $js_value = array( 'encoded_serialized_instance' => base64_encode( $serialized ), 'title' => empty( $value['title'] ) ? '' : $value['title'], 'is_widget_customizer_js_value' => true, 'instance_hash_key' => $this->get_instance_hash_key( $serialized ), ); if ( $id_base && wp_use_widgets_block_editor() ) { $widget_object = $wp_widget_factory->get_widget_object( $id_base ); if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) { $js_value['raw_instance'] = (object) $value; } } return $js_value; } return $value; } /** * Strips out widget IDs for widgets which are no longer registered. * * One example where this might happen is when a plugin orphans a widget * in a sidebar upon deactivation. * * @since 3.9.0 * * @global array $wp_registered_widgets * * @param array $widget_ids List of widget IDs. * @return array Parsed list of widget IDs. */ public function sanitize_sidebar_widgets_js_instance( $widget_ids ) { global $wp_registered_widgets; $widget_ids = array_values( array_intersect( $widget_ids, array_keys( $wp_registered_widgets ) ) ); return $widget_ids; } /** * Finds and invokes the widget update and control callbacks. * * Requires that `$_POST` be populated with the instance data. * * @since 3.9.0 * * @global array $wp_registered_widget_updates * @global array $wp_registered_widget_controls * * @param string $widget_id Widget ID. * @return array|WP_Error Array containing the updated widget information. * A WP_Error object, otherwise. */ public function call_widget_update( $widget_id ) { global $wp_registered_widget_updates, $wp_registered_widget_controls; $setting_id = $this->get_setting_id( $widget_id ); /* * Make sure that other setting changes have previewed since this widget * may depend on them (e.g. Menus being present for Navigation Menu widget). */ if ( ! did_action( 'customize_preview_init' ) ) { foreach ( $this->manager->settings() as $setting ) { if ( $setting->id !== $setting_id ) { $setting->preview(); } } } $this->start_capturing_option_updates(); $parsed_id = $this->parse_widget_id( $widget_id ); $option_name = 'widget_' . $parsed_id['id_base']; /* * If a previously-sanitized instance is provided, populate the input vars * with its values so that the widget update callback will read this instance */ $added_input_vars = array(); if ( ! empty( $_POST['sanitized_widget_setting'] ) ) { $sanitized_widget_setting = json_decode( $this->get_post_value( 'sanitized_widget_setting' ), true ); if ( false === $sanitized_widget_setting ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_malformed' ); } $instance = $this->sanitize_widget_instance( $sanitized_widget_setting, $parsed_id['id_base'] ); if ( is_null( $instance ) ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_unsanitized' ); } if ( ! is_null( $parsed_id['number'] ) ) { $value = array(); $value[ $parsed_id['number'] ] = $instance; $key = 'widget-' . $parsed_id['id_base']; $_REQUEST[ $key ] = wp_slash( $value ); $_POST[ $key ] = $_REQUEST[ $key ]; $added_input_vars[] = $key; } else { foreach ( $instance as $key => $value ) { $_REQUEST[ $key ] = wp_slash( $value ); $_POST[ $key ] = $_REQUEST[ $key ]; $added_input_vars[] = $key; } } } // Invoke the widget update callback. foreach ( (array) $wp_registered_widget_updates as $name => $control ) { if ( $name === $parsed_id['id_base'] && is_callable( $control['callback'] ) ) { ob_start(); call_user_func_array( $control['callback'], $control['params'] ); ob_end_clean(); break; } } // Clean up any input vars that were manually added. foreach ( $added_input_vars as $key ) { unset( $_POST[ $key ] ); unset( $_REQUEST[ $key ] ); } // Make sure the expected option was updated. if ( 0 !== $this->count_captured_options() ) { if ( $this->count_captured_options() > 1 ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_too_many_options' ); } $updated_option_name = key( $this->get_captured_options() ); if ( $updated_option_name !== $option_name ) { $this->stop_capturing_option_updates(); return new WP_Error( 'widget_setting_unexpected_option' ); } } // Obtain the widget instance. $option = $this->get_captured_option( $option_name ); if ( null !== $parsed_id['number'] ) { $instance = $option[ $parsed_id['number'] ]; } else { $instance = $option; } /* * Override the incoming $_POST['customized'] for a newly-created widget's * setting with the new $instance so that the preview filter currently * in place from WP_Customize_Setting::preview() will use this value * instead of the default widget instance value (an empty array). */ $this->manager->set_post_value( $setting_id, $this->sanitize_widget_js_instance( $instance, $parsed_id['id_base'] ) ); // Obtain the widget control with the updated instance in place. ob_start(); $form = $wp_registered_widget_controls[ $widget_id ]; if ( $form ) { call_user_func_array( $form['callback'], $form['params'] ); } $form = ob_get_clean(); $this->stop_capturing_option_updates(); return compact( 'instance', 'form' ); } /** * Updates widget settings asynchronously. * * Allows the Customizer to update a widget using its form, but return the new * instance info via Ajax instead of saving it to the options table. * * Most code here copied from wp_ajax_save_widget(). * * @since 3.9.0 * * @see wp_ajax_save_widget() */ public function wp_ajax_update_widget() { if ( ! is_user_logged_in() ) { wp_die( 0 ); } check_ajax_referer( 'update-widget', 'nonce' ); if ( ! current_user_can( 'edit_theme_options' ) ) { wp_die( -1 ); } if ( empty( $_POST['widget-id'] ) ) { wp_send_json_error( 'missing_widget-id' ); } /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/widgets.php */ do_action( 'sidebar_admin_setup' ); $widget_id = $this->get_post_value( 'widget-id' ); $parsed_id = $this->parse_widget_id( $widget_id ); $id_base = $parsed_id['id_base']; $is_updating_widget_template = ( isset( $_POST[ 'widget-' . $id_base ] ) && is_array( $_POST[ 'widget-' . $id_base ] ) && preg_match( '/__i__|%i%/', key( $_POST[ 'widget-' . $id_base ] ) ) ); if ( $is_updating_widget_template ) { wp_send_json_error( 'template_widget_not_updatable' ); } $updated_widget = $this->call_widget_update( $widget_id ); // => {instance,form} if ( is_wp_error( $updated_widget ) ) { wp_send_json_error( $updated_widget->get_error_code() ); } $form = $updated_widget['form']; $instance = $this->sanitize_widget_js_instance( $updated_widget['instance'], $id_base ); wp_send_json_success( compact( 'form', 'instance' ) ); } /* * Selective Refresh Methods */ /** * Filters arguments for dynamic widget partials. * * @since 4.5.0 * * @param array|false $partial_args Partial arguments. * @param string $partial_id Partial ID. * @return array (Maybe) modified partial arguments. */ public function customize_dynamic_partial_args( $partial_args, $partial_id ) { if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return $partial_args; } if ( preg_match( '/^widget\[(?P<widget_id>.+)\]$/', $partial_id, $matches ) ) { if ( false === $partial_args ) { $partial_args = array(); } $partial_args = array_merge( $partial_args, array( 'type' => 'widget', 'render_callback' => array( $this, 'render_widget_partial' ), 'container_inclusive' => true, 'settings' => array( $this->get_setting_id( $matches['widget_id'] ) ), 'capability' => 'edit_theme_options', ) ); } return $partial_args; } /** * Adds hooks for selective refresh. * * @since 4.5.0 */ public function selective_refresh_init() { if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) { return; } add_filter( 'dynamic_sidebar_params', array( $this, 'filter_dynamic_sidebar_params' ) ); add_filter( 'wp_kses_allowed_html', array( $this, 'filter_wp_kses_allowed_data_attributes' ) ); add_action( 'dynamic_sidebar_before', array( $this, 'start_dynamic_sidebar' ) ); add_action( 'dynamic_sidebar_after', array( $this, 'end_dynamic_sidebar' ) ); } /** * Inject selective refresh data attributes into widget container elements. * * @since 4.5.0 * * @see WP_Customize_Nav_Menus::filter_wp_nav_menu_args() * * @param array $params { * Dynamic sidebar params. * * @type array $args Sidebar args. * @type array $widget_args Widget args. * } * @return array Params. */ public function filter_dynamic_sidebar_params( $params ) { $sidebar_args = array_merge( array( 'before_widget' => '', 'after_widget' => '', ), $params[0] ); // Skip widgets not in a registered sidebar or ones which lack a proper wrapper element to attach the data-* attributes to. $matches = array(); $is_valid = ( isset( $sidebar_args['id'] ) && is_registered_sidebar( $sidebar_args['id'] ) && ( isset( $this->current_dynamic_sidebar_id_stack[0] ) && $this->current_dynamic_sidebar_id_stack[0] === $sidebar_args['id'] ) && preg_match( '#^<(?P<tag_name>\w+)#', $sidebar_args['before_widget'], $matches ) ); if ( ! $is_valid ) { return $params; } $this->before_widget_tags_seen[ $matches['tag_name'] ] = true; $context = array( 'sidebar_id' => $sidebar_args['id'], ); if ( isset( $this->context_sidebar_instance_number ) ) { $context['sidebar_instance_number'] = $this->context_sidebar_instance_number; } elseif ( isset( $sidebar_args['id'] ) && isset( $this->sidebar_instance_count[ $sidebar_args['id'] ] ) ) { $context['sidebar_instance_number'] = $this->sidebar_instance_count[ $sidebar_args['id'] ]; } $attributes = sprintf( ' data-customize-partial-id="%s"', esc_attr( 'widget[' . $sidebar_args['widget_id'] . ']' ) ); $attributes .= ' data-customize-partial-type="widget"'; $attributes .= sprintf( ' data-customize-partial-placement-context="%s"', esc_attr( wp_json_encode( $context ) ) ); $attributes .= sprintf( ' data-customize-widget-id="%s"', esc_attr( $sidebar_args['widget_id'] ) ); $sidebar_args['before_widget'] = preg_replace( '#^(<\w+)#', '$1 ' . $attributes, $sidebar_args['before_widget'] ); $params[0] = $sidebar_args; return $params; } /** * List of the tag names seen for before_widget strings. * * This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the * data-* attributes can be allowed. * * @since 4.5.0 * @var array */ protected $before_widget_tags_seen = array(); /** * Ensures the HTML data-* attributes for selective refresh are allowed by kses. * * This is needed in case the `$before_widget` is run through wp_kses() when printed. * * @since 4.5.0 * * @param array $allowed_html Allowed HTML. * @return array (Maybe) modified allowed HTML. */ public function filter_wp_kses_allowed_data_attributes( $allowed_html ) { foreach ( array_keys( $this->before_widget_tags_seen ) as $tag_name ) { if ( ! isset( $allowed_html[ $tag_name ] ) ) { $allowed_html[ $tag_name ] = array(); } $allowed_html[ $tag_name ] = array_merge( $allowed_html[ $tag_name ], array_fill_keys( array( 'data-customize-partial-id', 'data-customize-partial-type', 'data-customize-partial-placement-context', 'data-customize-partial-widget-id', 'data-customize-partial-options', ), true ) ); } return $allowed_html; } /** * Keep track of the number of times that dynamic_sidebar() was called for a given sidebar index. * * This helps facilitate the uncommon scenario where a single sidebar is rendered multiple times on a template. * * @since 4.5.0 * @var array */ protected $sidebar_instance_count = array(); /** * The current request's sidebar_instance_number context. * * @since 4.5.0 * @var int|null */ protected $context_sidebar_instance_number; /** * Current sidebar ID being rendered. * * @since 4.5.0 * @var array */ protected $current_dynamic_sidebar_id_stack = array(); /** * Begins keeping track of the current sidebar being rendered. * * Insert marker before widgets are rendered in a dynamic sidebar. * * @since 4.5.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. */ public function start_dynamic_sidebar( $index ) { array_unshift( $this->current_dynamic_sidebar_id_stack, $index ); if ( ! isset( $this->sidebar_instance_count[ $index ] ) ) { $this->sidebar_instance_count[ $index ] = 0; } $this->sidebar_instance_count[ $index ] += 1; if ( ! $this->manager->selective_refresh->is_render_partials_request() ) { printf( "\n<!--dynamic_sidebar_before:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] ); } } /** * Finishes keeping track of the current sidebar being rendered. * * Inserts a marker after widgets are rendered in a dynamic sidebar. * * @since 4.5.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. */ public function end_dynamic_sidebar( $index ) { array_shift( $this->current_dynamic_sidebar_id_stack ); if ( ! $this->manager->selective_refresh->is_render_partials_request() ) { printf( "\n<!--dynamic_sidebar_after:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] ); } } /** * Current sidebar being rendered. * * @since 4.5.0 * @var string|null */ protected $rendering_widget_id; /** * Current widget being rendered. * * @since 4.5.0 * @var string|null */ protected $rendering_sidebar_id; /** * Filters sidebars_widgets to ensure the currently-rendered widget is the only widget in the current sidebar. * * @since 4.5.0 * * @param array $sidebars_widgets Sidebars widgets. * @return array Filtered sidebars widgets. */ public function filter_sidebars_widgets_for_rendering_widget( $sidebars_widgets ) { $sidebars_widgets[ $this->rendering_sidebar_id ] = array( $this->rendering_widget_id ); return $sidebars_widgets; } /** * Renders a specific widget using the supplied sidebar arguments. * * @since 4.5.0 * * @see dynamic_sidebar() * * @param WP_Customize_Partial $partial Partial. * @param array $context { * Sidebar args supplied as container context. * * @type string $sidebar_id ID for sidebar for widget to render into. * @type int $sidebar_instance_number Disambiguating instance number. * } * @return string|false */ public function render_widget_partial( $partial, $context ) { $id_data = $partial->id_data(); $widget_id = array_shift( $id_data['keys'] ); if ( ! is_array( $context ) || empty( $context['sidebar_id'] ) || ! is_registered_sidebar( $context['sidebar_id'] ) ) { return false; } $this->rendering_sidebar_id = $context['sidebar_id']; if ( isset( $context['sidebar_instance_number'] ) ) { $this->context_sidebar_instance_number = (int) $context['sidebar_instance_number']; } // Filter sidebars_widgets so that only the queried widget is in the sidebar. $this->rendering_widget_id = $widget_id; $filter_callback = array( $this, 'filter_sidebars_widgets_for_rendering_widget' ); add_filter( 'sidebars_widgets', $filter_callback, 1000 ); // Render the widget. ob_start(); $this->rendering_sidebar_id = $context['sidebar_id']; dynamic_sidebar( $this->rendering_sidebar_id ); $container = ob_get_clean(); // Reset variables for next partial render. remove_filter( 'sidebars_widgets', $filter_callback, 1000 ); $this->context_sidebar_instance_number = null; $this->rendering_sidebar_id = null; $this->rendering_widget_id = null; return $container; } // // Option Update Capturing. // /** * List of captured widget option updates. * * @since 3.9.0 * @var array $_captured_options Values updated while option capture is happening. */ protected $_captured_options = array(); /** * Whether option capture is currently happening. * * @since 3.9.0 * @var bool $_is_current Whether option capture is currently happening or not. */ protected $_is_capturing_option_updates = false; /** * Determines whether the captured option update should be ignored. * * @since 3.9.0 * * @param string $option_name Option name. * @return bool Whether the option capture is ignored. */ protected function is_option_capture_ignored( $option_name ) { return ( str_starts_with( $option_name, '_transient_' ) ); } /** * Retrieves captured widget option updates. * * @since 3.9.0 * * @return array Array of captured options. */ protected function get_captured_options() { return $this->_captured_options; } /** * Retrieves the option that was captured from being saved. * * @since 4.2.0 * * @param string $option_name Option name. * @param mixed $default_value Optional. Default value to return if the option does not exist. Default false. * @return mixed Value set for the option. */ protected function get_captured_option( $option_name, $default_value = false ) { if ( array_key_exists( $option_name, $this->_captured_options ) ) { $value = $this->_captured_options[ $option_name ]; } else { $value = $default_value; } return $value; } /** * Retrieves the number of captured widget option updates. * * @since 3.9.0 * * @return int Number of updated options. */ protected function count_captured_options() { return count( $this->_captured_options ); } /** * Begins keeping track of changes to widget options, caching new values. * * @since 3.9.0 */ protected function start_capturing_option_updates() { if ( $this->_is_capturing_option_updates ) { return; } $this->_is_capturing_option_updates = true; add_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10, 3 ); } /** * Pre-filters captured option values before updating. * * @since 3.9.0 * * @param mixed $new_value The new option value. * @param string $option_name Name of the option. * @param mixed $old_value The old option value. * @return mixed Filtered option value. */ public function capture_filter_pre_update_option( $new_value, $option_name, $old_value ) { if ( $this->is_option_capture_ignored( $option_name ) ) { return $new_value; } if ( ! isset( $this->_captured_options[ $option_name ] ) ) { add_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) ); } $this->_captured_options[ $option_name ] = $new_value; return $old_value; } /** * Pre-filters captured option values before retrieving. * * @since 3.9.0 * * @param mixed $value Value to return instead of the option value. * @return mixed Filtered option value. */ public function capture_filter_pre_get_option( $value ) { $option_name = preg_replace( '/^pre_option_/', '', current_filter() ); if ( isset( $this->_captured_options[ $option_name ] ) ) { $value = $this->_captured_options[ $option_name ]; /** This filter is documented in wp-includes/option.php */ $value = apply_filters( 'option_' . $option_name, $value, $option_name ); } return $value; } /** * Undoes any changes to the options since options capture began. * * @since 3.9.0 */ protected function stop_capturing_option_updates() { if ( ! $this->_is_capturing_option_updates ) { return; } remove_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10 ); foreach ( array_keys( $this->_captured_options ) as $option_name ) { remove_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) ); } $this->_captured_options = array(); $this->_is_capturing_option_updates = false; } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function setup_widget_addition_previews() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function prepreview_added_sidebars_widgets() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function prepreview_added_widget_instance() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } /** * {@internal Missing Summary} * * See the {@see 'customize_dynamic_setting_args'} filter. * * @since 3.9.0 * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter. */ public function remove_prepreview_filters() { _deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' ); } } HTTP/https-detection-20260605174155.php 0000666 00000013341 15226703613 0012556 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606081222-20260609031312.php 0000666 00000013341 15226703613 0014127 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Psr18Client-20260605071446.php 0000666 00000010537 15226703613 0011517 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use Psr\Http\Client\ClientExceptionInterface; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use Psr\Http\Message\UriFactoryInterface; use Throwable; /** * HTTP Client based on PSR-18 and PSR-17 implementations * * @internal */ final class Psr18Client implements Client { /** * @var ClientInterface */ private $httpClient; /** * @var RequestFactoryInterface */ private $requestFactory; /** * @var UriFactoryInterface */ private $uriFactory; /** * @var int */ private $allowedRedirects = 5; public function __construct(ClientInterface $httpClient, RequestFactoryInterface $requestFactory, UriFactoryInterface $uriFactory) { $this->httpClient = $httpClient; $this->requestFactory = $requestFactory; $this->uriFactory = $uriFactory; } public function getHttpClient(): ClientInterface { return $this->httpClient; } public function getRequestFactory(): RequestFactoryInterface { return $this->requestFactory; } public function getUriFactory(): UriFactoryInterface { return $this->uriFactory; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param string $url * @param array<string,string|string[]> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } if (preg_match('/^http(s)?:\/\//i', $url)) { return $this->requestUrl($method, $url, $headers); } return $this->requestLocalFile($url); } /** * @param array<string,string|string[]> $headers */ private function requestUrl(string $method, string $url, array $headers): Response { $permanentUrl = $url; $requestedUrl = $url; $remainingRedirects = $this->allowedRedirects; $request = $this->requestFactory->createRequest( $method, $this->uriFactory->createUri($requestedUrl) ); foreach ($headers as $name => $value) { $request = $request->withHeader($name, $value); } do { $followRedirect = false; try { $response = $this->httpClient->sendRequest($request); } catch (ClientExceptionInterface $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } $statusCode = $response->getStatusCode(); // If we have a redirect if (in_array($statusCode, [300, 301, 302, 303, 307]) && $response->hasHeader('Location')) { // Prevent infinity redirect loops if ($remainingRedirects <= 0) { break; } $remainingRedirects--; $followRedirect = true; $requestedUrl = $response->getHeaderLine('Location'); if ($statusCode === 301) { $permanentUrl = $requestedUrl; } $request = $request->withUri($this->uriFactory->createUri($requestedUrl)); } } while ($followRedirect); return new Psr7Response($response, $permanentUrl, $requestedUrl); } private function requestLocalFile(string $path): Response { if (!is_readable($path)) { throw new ClientException(sprintf('file "%s" is not readable', $path)); } try { $raw = file_get_contents($path); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($raw === false) { throw new ClientException('file_get_contents() could not read the file', 1); } return new RawTextResponse($raw, $path); } } HTTP/https-migration-20260605183217.php 0000666 00000011205 15226703613 0012565 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606015631-20260606091629.php 0000666 00000011205 15226703613 0014156 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605172018-20260607122758.php 0000666 00000011205 15226703613 0014157 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606002503-20260607042955.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605114058.php 0000666 00000013341 15226703613 0012552 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260607154209-20260609165700.php 0000666 00000013341 15226703613 0014147 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605101013-20260606182240.php 0000666 00000011205 15226703613 0014131 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-encoding-20260605063336.php 0000666 00000015041 15226703613 0013727 0 ustar 00 <?php /** * HTTP API: WP_Http_Encoding class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement deflate and gzip transfer encoding support for HTTP requests. * * Includes RFC 1950, RFC 1951, and RFC 1952. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Http_Encoding { /** * Compress raw string using the deflate format. * * Supports the RFC 1951 standard. * * @since 2.8.0 * * @param string $raw String to compress. * @param int $level Optional. Compression level, 9 is highest. Default 9. * @param string $supports Optional, not used. When implemented it will choose * the right compression based on what the server supports. * @return string|false Compressed string on success, false on failure. */ public static function compress( $raw, $level = 9, $supports = null ) { return gzdeflate( $raw, $level ); } /** * Decompression of deflated string. * * Will attempt to decompress using the RFC 1950 standard, and if that fails * then the RFC 1951 standard deflate will be attempted. Finally, the RFC * 1952 standard gzip decode will be attempted. If all fail, then the * original compressed string will be returned. * * @since 2.8.0 * * @param string $compressed String to decompress. * @param int $length The optional length of the compressed data. * @return string|false Decompressed string on success, false on failure. */ public static function decompress( $compressed, $length = null ) { if ( empty( $compressed ) ) { return $compressed; } $decompressed = @gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = self::compatible_gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = @gzuncompress( $compressed ); if ( false !== $decompressed ) { return $decompressed; } if ( function_exists( 'gzdecode' ) ) { $decompressed = @gzdecode( $compressed ); if ( false !== $decompressed ) { return $decompressed; } } return $compressed; } /** * Decompression of deflated string while staying compatible with the majority of servers. * * Certain Servers will return deflated data with headers which PHP's gzinflate() * function cannot handle out of the box. The following function has been created from * various snippets on the gzinflate() PHP documentation. * * Warning: Magic numbers within. Due to the potential different formats that the compressed * data may be returned in, some "magic offsets" are needed to ensure proper decompression * takes place. For a simple pragmatic way to determine the magic offset in use, see: * https://core.trac.wordpress.org/ticket/18273 * * @since 2.8.1 * * @link https://core.trac.wordpress.org/ticket/18273 * @link https://www.php.net/manual/en/function.gzinflate.php#70875 * @link https://www.php.net/manual/en/function.gzinflate.php#77336 * * @param string $gz_data String to decompress. * @return string|false Decompressed string on success, false on failure. */ public static function compatible_gzinflate( $gz_data ) { // Compressed data might contain a full header, if so strip it for gzinflate(). if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) { $i = 10; $flg = ord( substr( $gz_data, 3, 1 ) ); if ( $flg > 0 ) { if ( $flg & 4 ) { list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) ); $i = $i + 2 + $xlen; } if ( $flg & 8 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 16 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 2 ) { $i = $i + 2; } } $decompressed = @gzinflate( substr( $gz_data, $i, -8 ) ); if ( false !== $decompressed ) { return $decompressed; } } // Compressed data from java.util.zip.Deflater amongst others. $decompressed = @gzinflate( substr( $gz_data, 2 ) ); if ( false !== $decompressed ) { return $decompressed; } return false; } /** * What encoding types to accept and their priority values. * * @since 2.8.0 * * @param string $url * @param array $args * @return string Types of encoding to accept. */ public static function accept_encoding( $url, $args ) { $type = array(); $compression_enabled = self::is_available(); if ( ! $args['decompress'] ) { // Decompression specifically disabled. $compression_enabled = false; } elseif ( $args['stream'] ) { // Disable when streaming to file. $compression_enabled = false; } elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it. $compression_enabled = false; } if ( $compression_enabled ) { if ( function_exists( 'gzinflate' ) ) { $type[] = 'deflate;q=1.0'; } if ( function_exists( 'gzuncompress' ) ) { $type[] = 'compress;q=0.5'; } if ( function_exists( 'gzdecode' ) ) { $type[] = 'gzip;q=0.5'; } } /** * Filters the allowed encoding types. * * @since 3.6.0 * * @param string[] $type Array of what encoding types to accept and their priority values. * @param string $url URL of the HTTP request. * @param array $args HTTP request arguments. */ $type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args ); return implode( ', ', $type ); } /** * What encoding the content used when it was compressed to send in the headers. * * @since 2.8.0 * * @return string Content-Encoding string to send in the header. */ public static function content_encoding() { return 'deflate'; } /** * Whether the content be decoded based on the headers. * * @since 2.8.0 * * @param array|string $headers All of the available headers. * @return bool */ public static function should_decode( $headers ) { if ( is_array( $headers ) ) { if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) { return true; } } elseif ( is_string( $headers ) ) { return ( stripos( $headers, 'content-encoding:' ) !== false ); } return false; } /** * Whether decompression and compression are supported by the PHP version. * * Each function is tested instead of checking for the zlib extension, to * ensure that the functions all exist in the PHP version and aren't * disabled. * * @since 2.8.0 * * @return bool */ public static function is_available() { return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) ); } } HTTP/https-migration-20260607022644-20260608161548.php 0000666 00000011205 15226703613 0014161 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605183333.php 0000666 00000011205 15226703613 0012564 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605135401-20260608195603.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605213309-20260607230503.php 0000666 00000011205 15226703613 0014142 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605113855-20260610082645.php 0000666 00000013341 15226703613 0014145 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605220934.php 0000666 00000011205 15226703613 0012563 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606042005-20260615075156.php 0000666 00000011205 15226703613 0014146 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606030233-20260608131625.php 0000666 00000011205 15226703613 0014142 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/ClientException.php 0000666 00000000515 15226703613 0011143 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use SimplePie\Exception as SimplePieException; /** * Client exception class * * @internal */ final class ClientException extends SimplePieException { } HTTP/https-detection-20260605165643-20260606204827.php 0000666 00000013341 15226703613 0014152 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-http-20260605041107.php 0000666 00000121142 15226703613 0012133 0 ustar 00 <?php /** * HTTP API: WP_Http class * * @package WordPress * @subpackage HTTP * @since 2.7.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) { require ABSPATH . WPINC . '/Requests/src/Autoload.php'; WpOrg\Requests\Autoload::register(); WpOrg\Requests\Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' ); } /** * Core class used for managing HTTP transports and making HTTP requests. * * This class is used to consistently make outgoing HTTP requests easy for developers * while still being compatible with the many PHP configurations under which * WordPress runs. * * Debugging includes several actions, which pass different variables for debugging the HTTP API. * * @since 2.7.0 */ #[AllowDynamicProperties] class WP_Http { // Aliases for HTTP response codes. const HTTP_CONTINUE = 100; const SWITCHING_PROTOCOLS = 101; const PROCESSING = 102; const EARLY_HINTS = 103; const OK = 200; const CREATED = 201; const ACCEPTED = 202; const NON_AUTHORITATIVE_INFORMATION = 203; const NO_CONTENT = 204; const RESET_CONTENT = 205; const PARTIAL_CONTENT = 206; const MULTI_STATUS = 207; const IM_USED = 226; const MULTIPLE_CHOICES = 300; const MOVED_PERMANENTLY = 301; const FOUND = 302; const SEE_OTHER = 303; const NOT_MODIFIED = 304; const USE_PROXY = 305; const RESERVED = 306; const TEMPORARY_REDIRECT = 307; const PERMANENT_REDIRECT = 308; const BAD_REQUEST = 400; const UNAUTHORIZED = 401; const PAYMENT_REQUIRED = 402; const FORBIDDEN = 403; const NOT_FOUND = 404; const METHOD_NOT_ALLOWED = 405; const NOT_ACCEPTABLE = 406; const PROXY_AUTHENTICATION_REQUIRED = 407; const REQUEST_TIMEOUT = 408; const CONFLICT = 409; const GONE = 410; const LENGTH_REQUIRED = 411; const PRECONDITION_FAILED = 412; const REQUEST_ENTITY_TOO_LARGE = 413; const REQUEST_URI_TOO_LONG = 414; const UNSUPPORTED_MEDIA_TYPE = 415; const REQUESTED_RANGE_NOT_SATISFIABLE = 416; const EXPECTATION_FAILED = 417; const IM_A_TEAPOT = 418; const MISDIRECTED_REQUEST = 421; const UNPROCESSABLE_ENTITY = 422; const LOCKED = 423; const FAILED_DEPENDENCY = 424; const TOO_EARLY = 425; const UPGRADE_REQUIRED = 426; const PRECONDITION_REQUIRED = 428; const TOO_MANY_REQUESTS = 429; const REQUEST_HEADER_FIELDS_TOO_LARGE = 431; const UNAVAILABLE_FOR_LEGAL_REASONS = 451; const INTERNAL_SERVER_ERROR = 500; const NOT_IMPLEMENTED = 501; const BAD_GATEWAY = 502; const SERVICE_UNAVAILABLE = 503; const GATEWAY_TIMEOUT = 504; const HTTP_VERSION_NOT_SUPPORTED = 505; const VARIANT_ALSO_NEGOTIATES = 506; const INSUFFICIENT_STORAGE = 507; const NOT_EXTENDED = 510; const NETWORK_AUTHENTICATION_REQUIRED = 511; /** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', 'PUT', 'DELETE', * 'TRACE', 'OPTIONS', or 'PATCH'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type float $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports. * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through wp_http_validate_url(). * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string $sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be dropped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error { * Array of response data, or a WP_Error instance upon error. * * @type \WpOrg\Requests\Utility\CaseInsensitiveDictionary $headers Response headers keyed by name. * @type string $body Response body. * @type array $response { * Array of HTTP response data. * * @type int|false $code HTTP response status code. * @type string|false $message HTTP response message. * } * @type WP_HTTP_Cookie[] $cookies Array of cookies set by the server. * @type string|null $filename Optional. Filename of the response. * @type WP_HTTP_Requests_Response|null $http_response Response object. * } */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', /** * Filters the timeout value for an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param float $timeout_value Time in seconds until a request times out. Default 5. * @param string $url The request URL. */ 'timeout' => apply_filters( 'http_request_timeout', 5, $url ), /** * Filters the number of redirects allowed during an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param int $redirect_count Number of redirects allowed. Default 5. * @param string $url The request URL. */ 'redirection' => apply_filters( 'http_request_redirection_count', 5, $url ), /** * Filters the version of the HTTP protocol used in a request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $version Version of HTTP used. Accepts '1.0' and '1.1'. Default '1.0'. * @param string $url The request URL. */ 'httpversion' => apply_filters( 'http_request_version', '1.0', $url ), /** * Filters the user agent value sent with an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $user_agent WordPress user agent string. * @param string $url The request URL. */ 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $url ), /** * Filters whether to pass URLs through wp_http_validate_url() in an HTTP request. * * @since 3.6.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $pass_url Whether to pass URLs through wp_http_validate_url(). Default false. * @param string $url The request URL. */ 'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false, $url ), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null, ); // Pre-parse for the HEAD checks. $args = wp_parse_args( $args ); // By default, HEAD requests do not cause redirections. if ( isset( $args['method'] ) && 'HEAD' === $args['method'] ) { $defaults['redirection'] = 0; } $parsed_args = wp_parse_args( $args, $defaults ); /** * Filters the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $parsed_args An array of HTTP request arguments. * @param string $url The request URL. */ $parsed_args = apply_filters( 'http_request_args', $parsed_args, $url ); // The transports decrement this, store a copy of the original value for loop purposes. if ( ! isset( $parsed_args['_redirection'] ) ) { $parsed_args['_redirection'] = $parsed_args['redirection']; } /** * Filters the preemptive return value of an HTTP request. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return one of: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - Boolean false to avoid short-circuiting the response * * Returning any other value may result in unexpected behavior. * * @since 2.9.0 * * @param false|array|WP_Error $response A preemptive return value of an HTTP request. Default false. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters( 'pre_http_request', false, $parsed_args, $url ); if ( false !== $pre ) { return $pre; } if ( function_exists( 'wp_kses_bad_protocol' ) ) { if ( $parsed_args['reject_unsafe_urls'] ) { $url = wp_http_validate_url( $url ); } if ( $url ) { $url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) ); } } $parsed_url = parse_url( $url ); if ( empty( $url ) || empty( $parsed_url['scheme'] ) ) { $response = new WP_Error( 'http_request_failed', __( 'A valid URL was not provided.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } if ( $this->block_request( $url ) ) { $response = new WP_Error( 'http_request_not_executed', __( 'User has blocked requests through HTTP.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } // If we are streaming to a file but no filename was given drop it in the WP temp dir // and pick its name using the basename of the $url. if ( $parsed_args['stream'] ) { if ( empty( $parsed_args['filename'] ) ) { $parsed_args['filename'] = get_temp_dir() . basename( $url ); } // Force some settings if we are streaming to a file and check for existence // and perms of destination directory. $parsed_args['blocking'] = true; if ( ! wp_is_writable( dirname( $parsed_args['filename'] ) ) ) { $response = new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } } if ( is_null( $parsed_args['headers'] ) ) { $parsed_args['headers'] = array(); } // WP allows passing in headers as a string, weirdly. if ( ! is_array( $parsed_args['headers'] ) ) { $processed_headers = self::processHeaders( $parsed_args['headers'] ); $parsed_args['headers'] = $processed_headers['headers']; } // Setup arguments. $headers = $parsed_args['headers']; $data = $parsed_args['body']; $type = $parsed_args['method']; $options = array( 'timeout' => $parsed_args['timeout'], 'useragent' => $parsed_args['user-agent'], 'blocking' => $parsed_args['blocking'], 'hooks' => new WP_HTTP_Requests_Hooks( $url, $parsed_args ), ); // Ensure redirects follow browser behavior. $options['hooks']->register( 'requests.before_redirect', array( static::class, 'browser_redirect_compatibility' ) ); // Validate redirected URLs. if ( function_exists( 'wp_kses_bad_protocol' ) && $parsed_args['reject_unsafe_urls'] ) { $options['hooks']->register( 'requests.before_redirect', array( static::class, 'validate_redirects' ) ); } if ( $parsed_args['stream'] ) { $options['filename'] = $parsed_args['filename']; } if ( empty( $parsed_args['redirection'] ) ) { $options['follow_redirects'] = false; } else { $options['redirects'] = $parsed_args['redirection']; } // Use byte limit, if we can. if ( isset( $parsed_args['limit_response_size'] ) ) { $options['max_bytes'] = $parsed_args['limit_response_size']; } // If we've got cookies, use and convert them to WpOrg\Requests\Cookie. if ( ! empty( $parsed_args['cookies'] ) ) { $options['cookies'] = self::normalize_cookies( $parsed_args['cookies'] ); } // SSL certificate handling. if ( ! $parsed_args['sslverify'] ) { $options['verify'] = false; $options['verifyname'] = false; } else { $options['verify'] = $parsed_args['sslcertificates']; } // All non-GET/HEAD requests should put the arguments in the form body. if ( 'HEAD' !== $type && 'GET' !== $type ) { $options['data_format'] = 'body'; } /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection * or path to an SSL certificate. * @param string $url The request URL. */ $options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'], $url ); // Check for proxies. $proxy = new WP_HTTP_Proxy(); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $options['proxy'] = new WpOrg\Requests\Proxy\Http( $proxy->host() . ':' . $proxy->port() ); if ( $proxy->use_authentication() ) { $options['proxy']->use_authentication = true; $options['proxy']->user = $proxy->username(); $options['proxy']->pass = $proxy->password(); } } // Avoid issues where mbstring.func_overload is enabled. mbstring_binary_safe_encoding(); try { $requests_response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options ); // Convert the response into an array. $http_response = new WP_HTTP_Requests_Response( $requests_response, $parsed_args['filename'] ); $response = $http_response->to_array(); // Add the original object to the array. $response['http_response'] = $http_response; } catch ( WpOrg\Requests\Exception $e ) { $response = new WP_Error( 'http_request_failed', $e->getMessage() ); } reset_mbstring_encoding(); /** * Fires after an HTTP API response is received and before the response is returned. * * @since 2.8.0 * * @param array|WP_Error $response HTTP response or WP_Error object. * @param string $context Context under which the hook is fired. * @param string $class HTTP transport used. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); if ( is_wp_error( $response ) ) { return $response; } if ( ! $parsed_args['blocking'] ) { return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), 'http_response' => null, ); } /** * Filters a successful HTTP API response immediately before the response is returned. * * @since 2.9.0 * * @param array $response HTTP response. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ return apply_filters( 'http_response', $response, $parsed_args, $url ); } /** * Normalizes cookies for using in Requests. * * @since 4.6.0 * * @param array $cookies Array of cookies to send with the request. * @return WpOrg\Requests\Cookie\Jar Cookie holder object. */ public static function normalize_cookies( $cookies ) { $cookie_jar = new WpOrg\Requests\Cookie\Jar(); foreach ( $cookies as $name => $value ) { if ( $value instanceof WP_Http_Cookie ) { $attributes = array_filter( $value->get_attributes(), static function ( $attr ) { return null !== $attr; } ); $cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) ); } elseif ( is_scalar( $value ) ) { $cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value ); } } return $cookie_jar; } /** * Match redirect behavior to browser handling. * * Changes 302 redirects from POST to GET to match browser handling. Per * RFC 7231, user agents can deviate from the strict reading of the * specification for compatibility purposes. * * @since 4.6.0 * * @param string $location URL to redirect to. * @param array $headers Headers for the redirect. * @param string|array $data Body to send with the request. * @param array $options Redirect request options. * @param WpOrg\Requests\Response $original Response object. */ public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) { // Browser compatibility. if ( 302 === $original->status_code ) { $options['type'] = WpOrg\Requests\Requests::GET; } } /** * Validate redirected URLs. * * @since 4.7.5 * * @throws WpOrg\Requests\Exception On unsuccessful URL validation. * @param string $location URL to redirect to. */ public static function validate_redirects( $location ) { if ( ! wp_http_validate_url( $location ) ) { throw new WpOrg\Requests\Exception( __( 'A valid URL was not provided.' ), 'wp_http.redirect_failed_validation' ); } } /** * Tests which transports are capable of supporting the request. * * @since 3.2.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * @see WpOrg\Requests\Requests::get_transport_class() * * @param array $args Request arguments. * @param string $url URL to request. * @return string|false Class name for the first transport that claims to support the request. * False if no transport claims to support the request. */ public function _get_first_available_transport( $args, $url = null ) { $transports = array( 'curl', 'streams' ); /** * Filters which HTTP transports are available and in what order. * * @since 3.7.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * * @param string[] $transports Array of HTTP transports to check. Default array contains * 'curl' and 'streams', in that order. * @param array $args HTTP request arguments. * @param string $url The URL to request. */ $request_order = apply_filters_deprecated( 'http_api_transports', array( $transports, $args, $url ), '6.4.0' ); // Loop over each transport on each HTTP request looking for one which will serve this request's needs. foreach ( $request_order as $transport ) { if ( in_array( $transport, $transports, true ) ) { $transport = ucfirst( $transport ); } $class = 'WP_Http_' . $transport; // Check to see if this transport is a possibility, calls the transport statically. if ( ! call_user_func( array( $class, 'test' ), $args, $url ) ) { continue; } return $class; } return false; } /** * Dispatches a HTTP request to a supporting transport. * * Tests each transport in order to find a transport which matches the request arguments. * Also caches the transport instance to be used later. * * The order for requests is cURL, and then PHP Streams. * * @since 3.2.0 * @deprecated 5.1.0 Use WP_Http::request() * @see WP_Http::request() * * @param string $url URL to request. * @param array $args Request arguments. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ private function _dispatch_request( $url, $args ) { static $transports = array(); $class = $this->_get_first_available_transport( $args, $url ); if ( ! $class ) { return new WP_Error( 'http_failure', __( 'There are no HTTP transports available which can complete the requested request.' ) ); } // Transport claims to support request, instantiate it and give it a whirl. if ( empty( $transports[ $class ] ) ) { $transports[ $class ] = new $class(); } $response = $transports[ $class ]->request( $url, $args ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', $class, $args, $url ); if ( is_wp_error( $response ) ) { return $response; } /** This filter is documented in wp-includes/class-wp-http.php */ return apply_filters( 'http_response', $response, $args, $url ); } /** * Uses the POST HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function post( $url, $args = array() ) { $defaults = array( 'method' => 'POST' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the GET HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function get( $url, $args = array() ) { $defaults = array( 'method' => 'GET' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the HEAD HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function head( $url, $args = array() ) { $defaults = array( 'method' => 'HEAD' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Parses the responses and splits the parts into headers and body. * * @since 2.7.0 * * @param string $response The full response string. * @return array { * Array with response headers and body. * * @type string $headers HTTP response headers. * @type string $body HTTP response body. * } */ public static function processResponse( $response ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid $response = explode( "\r\n\r\n", $response, 2 ); return array( 'headers' => $response[0], 'body' => isset( $response[1] ) ? $response[1] : '', ); } /** * Transforms header string into an array. * * @since 2.7.0 * * @param string|array $headers The original headers. If a string is passed, it will be converted * to an array. If an array is passed, then it is assumed to be * raw header data with numeric keys with the headers as the values. * No headers must be passed that were already processed. * @param string $url Optional. The URL that was requested. Default empty. * @return array { * Processed string headers. If duplicate headers are encountered, * then a numbered array is returned as the value of that header-key. * * @type array $response { * @type int $code The response status code. Default 0. * @type string $message The response message. Default empty. * } * @type array $newheaders The processed header data as a multidimensional array. * @type WP_Http_Cookie[] $cookies If the original headers contain the 'Set-Cookie' key, * an array containing `WP_Http_Cookie` objects is returned. * } */ public static function processHeaders( $headers, $url = '' ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // Split headers, one per array element. if ( is_string( $headers ) ) { // Tolerate line terminator: CRLF = LF (RFC 2616 19.3). $headers = str_replace( "\r\n", "\n", $headers ); /* * Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>, * <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2). */ $headers = preg_replace( '/\n[ \t]/', ' ', $headers ); // Create the headers array. $headers = explode( "\n", $headers ); } $response = array( 'code' => 0, 'message' => '', ); /* * If a redirection has taken place, The headers for each page request may have been passed. * In this case, determine the final HTTP header and parse from there. */ for ( $i = count( $headers ) - 1; $i >= 0; $i-- ) { if ( ! empty( $headers[ $i ] ) && ! str_contains( $headers[ $i ], ':' ) ) { $headers = array_splice( $headers, $i ); break; } } $cookies = array(); $newheaders = array(); foreach ( (array) $headers as $tempheader ) { if ( empty( $tempheader ) ) { continue; } if ( ! str_contains( $tempheader, ':' ) ) { $stack = explode( ' ', $tempheader, 3 ); $stack[] = ''; list( , $response['code'], $response['message']) = $stack; continue; } list($key, $value) = explode( ':', $tempheader, 2 ); $key = strtolower( $key ); $value = trim( $value ); if ( isset( $newheaders[ $key ] ) ) { if ( ! is_array( $newheaders[ $key ] ) ) { $newheaders[ $key ] = array( $newheaders[ $key ] ); } $newheaders[ $key ][] = $value; } else { $newheaders[ $key ] = $value; } if ( 'set-cookie' === $key ) { $cookies[] = new WP_Http_Cookie( $value, $url ); } } // Cast the Response Code to an int. $response['code'] = (int) $response['code']; return array( 'response' => $response, 'headers' => $newheaders, 'cookies' => $cookies, ); } /** * Takes the arguments for a ::request() and checks for the cookie array. * * If it's found, then it upgrades any basic name => value pairs to WP_Http_Cookie instances, * which are each parsed into strings and added to the Cookie: header (within the arguments array). * Edits the array by reference. * * @since 2.8.0 * * @param array $r Full array of args passed into ::request() */ public static function buildCookieHeader( &$r ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! empty( $r['cookies'] ) ) { // Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances. foreach ( $r['cookies'] as $name => $value ) { if ( ! is_object( $value ) ) { $r['cookies'][ $name ] = new WP_Http_Cookie( array( 'name' => $name, 'value' => $value, ) ); } } $cookies_header = ''; foreach ( (array) $r['cookies'] as $cookie ) { $cookies_header .= $cookie->getHeaderValue() . '; '; } $cookies_header = substr( $cookies_header, 0, -2 ); $r['headers']['cookie'] = $cookies_header; } } /** * Decodes chunk transfer-encoding, based off the HTTP 1.1 specification. * * Based off the HTTP http_encoding_dechunk function. * * @link https://tools.ietf.org/html/rfc2616#section-19.4.6 Process for chunked decoding. * * @since 2.7.0 * * @param string $body Body content. * @return string Chunked decoded body on success or raw body on failure. */ public static function chunkTransferDecode( $body ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // The body is not chunked encoded or is malformed. if ( ! preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', trim( $body ) ) ) { return $body; } $parsed_body = ''; // We'll be altering $body, so need a backup in case of error. $body_original = $body; while ( true ) { $has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match ); if ( ! $has_chunk || empty( $match[1] ) ) { return $body_original; } $length = hexdec( $match[1] ); $chunk_length = strlen( $match[0] ); // Parse out the chunk of data. $parsed_body .= substr( $body, $chunk_length, $length ); // Remove the chunk from the raw data. $body = substr( $body, $length + $chunk_length ); // End of the document. if ( '0' === trim( $body ) ) { return $parsed_body; } } } /** * Determines whether an HTTP API request to the given URL should be blocked. * * Those who are behind a proxy and want to prevent access to certain hosts may do so. This will * prevent plugins from working and core functionality, if you don't include `api.wordpress.org`. * * You block external URL requests by defining `WP_HTTP_BLOCK_EXTERNAL` as true in your `wp-config.php` * file and this will only allow localhost and your site to make requests. The constant * `WP_ACCESSIBLE_HOSTS` will allow additional hosts to go through for requests. The format of the * `WP_ACCESSIBLE_HOSTS` constant is a comma separated list of hostnames to allow, wildcard domains * are supported, eg `*.wordpress.org` will allow for all subdomains of `wordpress.org` to be contacted. * * @since 2.8.0 * * @link https://core.trac.wordpress.org/ticket/8927 Allow preventing external requests. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_ACCESSIBLE_HOSTS * * @param string $uri URI of url. * @return bool True to block, false to allow. */ public function block_request( $uri ) { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) { return false; } $check = parse_url( $uri ); if ( ! $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * * A local request is one to `localhost` or to the same host as the site itself. * * @since 2.8.0 * * @param bool $block Whether to block local requests. Default false. */ return apply_filters( 'block_local_requests', false ); } if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) { return true; } static $accessible_hosts = null; static $wildcard_regex = array(); if ( null === $accessible_hosts ) { $accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS ); if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $accessible_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it. } } /** * Used as a wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7. * * @deprecated 4.4.0 Use wp_parse_url() * @see wp_parse_url() * * @param string $url The URL to parse. * @return bool|array False on failure; Array of URL components on success; * See parse_url()'s return values. */ protected static function parse_url( $url ) { _deprecated_function( __METHOD__, '4.4.0', 'wp_parse_url()' ); return wp_parse_url( $url ); } /** * Converts a relative URL to an absolute URL relative to a given URL. * * If an Absolute URL is provided, no processing of that URL is done. * * @since 3.4.0 * * @param string $maybe_relative_path The URL which might be relative. * @param string $url The URL which $maybe_relative_path is relative to. * @return string An Absolute URL, in a failure condition where the URL cannot be parsed, the relative URL will be returned. */ public static function make_absolute_url( $maybe_relative_path, $url ) { if ( empty( $url ) ) { return $maybe_relative_path; } $url_parts = wp_parse_url( $url ); if ( ! $url_parts ) { return $maybe_relative_path; } $relative_url_parts = wp_parse_url( $maybe_relative_path ); if ( ! $relative_url_parts ) { return $maybe_relative_path; } // Check for a scheme on the 'relative' URL. if ( ! empty( $relative_url_parts['scheme'] ) ) { return $maybe_relative_path; } $absolute_path = $url_parts['scheme'] . '://'; // Schemeless URLs will make it this far, so we check for a host in the relative URL // and convert it to a protocol-URL. if ( isset( $relative_url_parts['host'] ) ) { $absolute_path .= $relative_url_parts['host']; if ( isset( $relative_url_parts['port'] ) ) { $absolute_path .= ':' . $relative_url_parts['port']; } } else { $absolute_path .= $url_parts['host']; if ( isset( $url_parts['port'] ) ) { $absolute_path .= ':' . $url_parts['port']; } } // Start off with the absolute URL path. $path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/'; // If it's a root-relative path, then great. if ( ! empty( $relative_url_parts['path'] ) && '/' === $relative_url_parts['path'][0] ) { $path = $relative_url_parts['path']; // Else it's a relative path. } elseif ( ! empty( $relative_url_parts['path'] ) ) { // Strip off any file components from the absolute path. $path = substr( $path, 0, strrpos( $path, '/' ) + 1 ); // Build the new path. $path .= $relative_url_parts['path']; // Strip all /path/../ out of the path. while ( strpos( $path, '../' ) > 1 ) { $path = preg_replace( '![^/]+/\.\./!', '', $path ); } // Strip any final leading ../ from the path. $path = preg_replace( '!^/(\.\./)+!', '', $path ); } // Add the query string. if ( ! empty( $relative_url_parts['query'] ) ) { $path .= '?' . $relative_url_parts['query']; } // Add the fragment. if ( ! empty( $relative_url_parts['fragment'] ) ) { $path .= '#' . $relative_url_parts['fragment']; } return $absolute_path . '/' . ltrim( $path, '/' ); } /** * Handles an HTTP redirect and follows it if appropriate. * * @since 3.7.0 * * @param string $url The URL which was requested. * @param array $args The arguments which were used to make the request. * @param array $response The response of the HTTP request. * @return array|false|WP_Error An HTTP API response array if the redirect is successfully followed, * false if no redirect is present, or a WP_Error object if there's an error. */ public static function handle_redirects( $url, $args, $response ) { // If no redirects are present, or, redirects were not requested, perform no action. if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) { return false; } // Only perform redirections on redirection http codes. if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) { return false; } // Don't redirect if we've run out of redirects. if ( $args['redirection']-- <= 0 ) { return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) ); } $redirect_location = $response['headers']['location']; // If there were multiple Location headers, use the last header specified. if ( is_array( $redirect_location ) ) { $redirect_location = array_pop( $redirect_location ); } $redirect_location = self::make_absolute_url( $redirect_location, $url ); // POST requests should not POST to a redirected location. if ( 'POST' === $args['method'] ) { if ( in_array( $response['response']['code'], array( 302, 303 ), true ) ) { $args['method'] = 'GET'; } } // Include valid cookies in the redirect process. if ( ! empty( $response['cookies'] ) ) { foreach ( $response['cookies'] as $cookie ) { if ( $cookie->test( $redirect_location ) ) { $args['cookies'][] = $cookie; } } } return wp_remote_request( $redirect_location, $args ); } /** * Determines if a specified string represents an IP address or not. * * This function also detects the type of the IP address, returning either * '4' or '6' to represent an IPv4 and IPv6 address respectively. * This does not verify if the IP is a valid IP, only that it appears to be * an IP address. * * @link http://home.deds.nl/~aeron/regex/ for IPv6 regex. * * @since 3.7.0 * * @param string $maybe_ip A suspected IP address. * @return int|false Upon success, '4' or '6' to represent an IPv4 or IPv6 address, false upon failure. */ public static function is_ip_address( $maybe_ip ) { if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $maybe_ip ) ) { return 4; } if ( str_contains( $maybe_ip, ':' ) && preg_match( '/^(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})$/i', trim( $maybe_ip, ' []' ) ) ) { return 6; } return false; } } HTTP/Exception-20260605053430.php 0000666 00000000543 15226703613 0011366 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; use Exception as NativeException; /** * General SimplePie exception class */ class Exception extends NativeException { } class_alias('SimplePie\Exception', 'SimplePie_Exception'); HTTP/https-detection-20260606083005-20260615141035.php 0000666 00000013341 15226703613 0014131 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Gzdecode.php 0000666 00000020500 15226703613 0007566 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; /** * Decode 'gzip' encoded HTTP data * * @link http://www.gzip.org/format.txt * @link https://www.php.net/manual/en/function.gzdecode.php * @deprecated since SimplePie 1.9.0, use `gzdecode` function instead. */ class Gzdecode { /** * Compressed data * * @access private * @var string * @see gzdecode::$data */ public $compressed_data; /** * Size of compressed data * * @access private * @var int */ public $compressed_size; /** * Minimum size of a valid gzip string * * @access private * @var int */ public $min_compressed_size = 18; /** * Current position of pointer * * @access private * @var int */ public $position = 0; /** * Flags (FLG) * * @access private * @var int */ public $flags; /** * Uncompressed data * * @access public * @see gzdecode::$compressed_data * @var string */ public $data; /** * Modified time * * @access public * @var int */ public $MTIME; /** * Extra Flags * * @access public * @var int */ public $XFL; /** * Operating System * * @access public * @var int */ public $OS; /** * Subfield ID 1 * * @access public * @see gzdecode::$extra_field * @see gzdecode::$SI2 * @var string */ public $SI1; /** * Subfield ID 2 * * @access public * @see gzdecode::$extra_field * @see gzdecode::$SI1 * @var string */ public $SI2; /** * Extra field content * * @access public * @see gzdecode::$SI1 * @see gzdecode::$SI2 * @var string */ public $extra_field; /** * Original filename * * @access public * @var string */ public $filename; /** * Human readable comment * * @access public * @var string */ public $comment; /** * Don't allow anything to be set * * @param string $name * @param mixed $value */ public function __set(string $name, $value) { throw new Exception("Cannot write property $name"); } /** * Set the compressed string and related properties * * @param string $data */ public function __construct(string $data) { $this->compressed_data = $data; $this->compressed_size = strlen($data); } /** * Decode the GZIP stream * * @return bool Successfulness */ public function parse() { if ($this->compressed_size >= $this->min_compressed_size) { $len = 0; // Check ID1, ID2, and CM if (substr($this->compressed_data, 0, 3) !== "\x1F\x8B\x08") { return false; } // Get the FLG (FLaGs) $this->flags = ord($this->compressed_data[3]); // FLG bits above (1 << 4) are reserved if ($this->flags > 0x1F) { return false; } // Advance the pointer after the above $this->position += 4; // MTIME $mtime = substr($this->compressed_data, $this->position, 4); // Reverse the string if we're on a big-endian arch because l is the only signed long and is machine endianness if (current((array) unpack('S', "\x00\x01")) === 1) { $mtime = strrev($mtime); } $this->MTIME = current((array) unpack('l', $mtime)); $this->position += 4; // Get the XFL (eXtra FLags) $this->XFL = ord($this->compressed_data[$this->position++]); // Get the OS (Operating System) $this->OS = ord($this->compressed_data[$this->position++]); // Parse the FEXTRA if ($this->flags & 4) { // Read subfield IDs $this->SI1 = $this->compressed_data[$this->position++]; $this->SI2 = $this->compressed_data[$this->position++]; // SI2 set to zero is reserved for future use if ($this->SI2 === "\x00") { return false; } // Get the length of the extra field $len = current((array) unpack('v', substr($this->compressed_data, $this->position, 2))); $this->position += 2; // Check the length of the string is still valid $this->min_compressed_size += $len + 4; if ($this->compressed_size >= $this->min_compressed_size) { // Set the extra field to the given data $this->extra_field = substr($this->compressed_data, $this->position, $len); $this->position += $len; } else { return false; } } // Parse the FNAME if ($this->flags & 8) { // Get the length of the filename $len = strcspn($this->compressed_data, "\x00", $this->position); // Check the length of the string is still valid $this->min_compressed_size += $len + 1; if ($this->compressed_size >= $this->min_compressed_size) { // Set the original filename to the given string $this->filename = substr($this->compressed_data, $this->position, $len); $this->position += $len + 1; } else { return false; } } // Parse the FCOMMENT if ($this->flags & 16) { // Get the length of the comment $len = strcspn($this->compressed_data, "\x00", $this->position); // Check the length of the string is still valid $this->min_compressed_size += $len + 1; if ($this->compressed_size >= $this->min_compressed_size) { // Set the original comment to the given string $this->comment = substr($this->compressed_data, $this->position, $len); $this->position += $len + 1; } else { return false; } } // Parse the FHCRC if ($this->flags & 2) { // Check the length of the string is still valid $this->min_compressed_size += $len + 2; if ($this->compressed_size >= $this->min_compressed_size) { // Read the CRC $crc = current((array) unpack('v', substr($this->compressed_data, $this->position, 2))); // Check the CRC matches if ((crc32(substr($this->compressed_data, 0, $this->position)) & 0xFFFF) === $crc) { $this->position += 2; } else { return false; } } else { return false; } } // Decompress the actual data if (($data = gzinflate(substr($this->compressed_data, $this->position, -8))) === false) { return false; } $this->data = $data; $this->position = $this->compressed_size - 8; // Check CRC of data $crc = current((array) unpack('V', substr($this->compressed_data, $this->position, 4))); $this->position += 4; /*if (extension_loaded('hash') && sprintf('%u', current(unpack('V', hash('crc32b', $this->data)))) !== sprintf('%u', $crc)) { return false; }*/ // Check ISIZE of data $isize = current((array) unpack('V', substr($this->compressed_data, $this->position, 4))); $this->position += 4; if (sprintf('%u', strlen($this->data) & 0xFFFFFFFF) !== sprintf('%u', $isize)) { return false; } // Wow, against all odds, we've actually got a valid gzip string return true; } return false; } } class_alias('SimplePie\Gzdecode', 'SimplePie_gzdecode'); HTTP/https-detection-20260605221155-20260608142733.php 0000666 00000013341 15226703613 0014140 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605171915.php 0000666 00000013341 15226703613 0012557 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606083005.php 0000666 00000013341 15226703613 0012550 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605140327-20260609173732.php 0000666 00000011205 15226703613 0014155 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-20260605061707.php 0000666 00000121142 15226703613 0012143 0 ustar 00 <?php /** * HTTP API: WP_Http class * * @package WordPress * @subpackage HTTP * @since 2.7.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) { require ABSPATH . WPINC . '/Requests/src/Autoload.php'; WpOrg\Requests\Autoload::register(); WpOrg\Requests\Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' ); } /** * Core class used for managing HTTP transports and making HTTP requests. * * This class is used to consistently make outgoing HTTP requests easy for developers * while still being compatible with the many PHP configurations under which * WordPress runs. * * Debugging includes several actions, which pass different variables for debugging the HTTP API. * * @since 2.7.0 */ #[AllowDynamicProperties] class WP_Http { // Aliases for HTTP response codes. const HTTP_CONTINUE = 100; const SWITCHING_PROTOCOLS = 101; const PROCESSING = 102; const EARLY_HINTS = 103; const OK = 200; const CREATED = 201; const ACCEPTED = 202; const NON_AUTHORITATIVE_INFORMATION = 203; const NO_CONTENT = 204; const RESET_CONTENT = 205; const PARTIAL_CONTENT = 206; const MULTI_STATUS = 207; const IM_USED = 226; const MULTIPLE_CHOICES = 300; const MOVED_PERMANENTLY = 301; const FOUND = 302; const SEE_OTHER = 303; const NOT_MODIFIED = 304; const USE_PROXY = 305; const RESERVED = 306; const TEMPORARY_REDIRECT = 307; const PERMANENT_REDIRECT = 308; const BAD_REQUEST = 400; const UNAUTHORIZED = 401; const PAYMENT_REQUIRED = 402; const FORBIDDEN = 403; const NOT_FOUND = 404; const METHOD_NOT_ALLOWED = 405; const NOT_ACCEPTABLE = 406; const PROXY_AUTHENTICATION_REQUIRED = 407; const REQUEST_TIMEOUT = 408; const CONFLICT = 409; const GONE = 410; const LENGTH_REQUIRED = 411; const PRECONDITION_FAILED = 412; const REQUEST_ENTITY_TOO_LARGE = 413; const REQUEST_URI_TOO_LONG = 414; const UNSUPPORTED_MEDIA_TYPE = 415; const REQUESTED_RANGE_NOT_SATISFIABLE = 416; const EXPECTATION_FAILED = 417; const IM_A_TEAPOT = 418; const MISDIRECTED_REQUEST = 421; const UNPROCESSABLE_ENTITY = 422; const LOCKED = 423; const FAILED_DEPENDENCY = 424; const TOO_EARLY = 425; const UPGRADE_REQUIRED = 426; const PRECONDITION_REQUIRED = 428; const TOO_MANY_REQUESTS = 429; const REQUEST_HEADER_FIELDS_TOO_LARGE = 431; const UNAVAILABLE_FOR_LEGAL_REASONS = 451; const INTERNAL_SERVER_ERROR = 500; const NOT_IMPLEMENTED = 501; const BAD_GATEWAY = 502; const SERVICE_UNAVAILABLE = 503; const GATEWAY_TIMEOUT = 504; const HTTP_VERSION_NOT_SUPPORTED = 505; const VARIANT_ALSO_NEGOTIATES = 506; const INSUFFICIENT_STORAGE = 507; const NOT_EXTENDED = 510; const NETWORK_AUTHENTICATION_REQUIRED = 511; /** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', 'PUT', 'DELETE', * 'TRACE', 'OPTIONS', or 'PATCH'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type float $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports. * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through wp_http_validate_url(). * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string $sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be dropped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error { * Array of response data, or a WP_Error instance upon error. * * @type \WpOrg\Requests\Utility\CaseInsensitiveDictionary $headers Response headers keyed by name. * @type string $body Response body. * @type array $response { * Array of HTTP response data. * * @type int|false $code HTTP response status code. * @type string|false $message HTTP response message. * } * @type WP_HTTP_Cookie[] $cookies Array of cookies set by the server. * @type string|null $filename Optional. Filename of the response. * @type WP_HTTP_Requests_Response|null $http_response Response object. * } */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', /** * Filters the timeout value for an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param float $timeout_value Time in seconds until a request times out. Default 5. * @param string $url The request URL. */ 'timeout' => apply_filters( 'http_request_timeout', 5, $url ), /** * Filters the number of redirects allowed during an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param int $redirect_count Number of redirects allowed. Default 5. * @param string $url The request URL. */ 'redirection' => apply_filters( 'http_request_redirection_count', 5, $url ), /** * Filters the version of the HTTP protocol used in a request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $version Version of HTTP used. Accepts '1.0' and '1.1'. Default '1.0'. * @param string $url The request URL. */ 'httpversion' => apply_filters( 'http_request_version', '1.0', $url ), /** * Filters the user agent value sent with an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $user_agent WordPress user agent string. * @param string $url The request URL. */ 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $url ), /** * Filters whether to pass URLs through wp_http_validate_url() in an HTTP request. * * @since 3.6.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $pass_url Whether to pass URLs through wp_http_validate_url(). Default false. * @param string $url The request URL. */ 'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false, $url ), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null, ); // Pre-parse for the HEAD checks. $args = wp_parse_args( $args ); // By default, HEAD requests do not cause redirections. if ( isset( $args['method'] ) && 'HEAD' === $args['method'] ) { $defaults['redirection'] = 0; } $parsed_args = wp_parse_args( $args, $defaults ); /** * Filters the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $parsed_args An array of HTTP request arguments. * @param string $url The request URL. */ $parsed_args = apply_filters( 'http_request_args', $parsed_args, $url ); // The transports decrement this, store a copy of the original value for loop purposes. if ( ! isset( $parsed_args['_redirection'] ) ) { $parsed_args['_redirection'] = $parsed_args['redirection']; } /** * Filters the preemptive return value of an HTTP request. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return one of: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - Boolean false to avoid short-circuiting the response * * Returning any other value may result in unexpected behavior. * * @since 2.9.0 * * @param false|array|WP_Error $response A preemptive return value of an HTTP request. Default false. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters( 'pre_http_request', false, $parsed_args, $url ); if ( false !== $pre ) { return $pre; } if ( function_exists( 'wp_kses_bad_protocol' ) ) { if ( $parsed_args['reject_unsafe_urls'] ) { $url = wp_http_validate_url( $url ); } if ( $url ) { $url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) ); } } $parsed_url = parse_url( $url ); if ( empty( $url ) || empty( $parsed_url['scheme'] ) ) { $response = new WP_Error( 'http_request_failed', __( 'A valid URL was not provided.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } if ( $this->block_request( $url ) ) { $response = new WP_Error( 'http_request_not_executed', __( 'User has blocked requests through HTTP.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } // If we are streaming to a file but no filename was given drop it in the WP temp dir // and pick its name using the basename of the $url. if ( $parsed_args['stream'] ) { if ( empty( $parsed_args['filename'] ) ) { $parsed_args['filename'] = get_temp_dir() . basename( $url ); } // Force some settings if we are streaming to a file and check for existence // and perms of destination directory. $parsed_args['blocking'] = true; if ( ! wp_is_writable( dirname( $parsed_args['filename'] ) ) ) { $response = new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } } if ( is_null( $parsed_args['headers'] ) ) { $parsed_args['headers'] = array(); } // WP allows passing in headers as a string, weirdly. if ( ! is_array( $parsed_args['headers'] ) ) { $processed_headers = self::processHeaders( $parsed_args['headers'] ); $parsed_args['headers'] = $processed_headers['headers']; } // Setup arguments. $headers = $parsed_args['headers']; $data = $parsed_args['body']; $type = $parsed_args['method']; $options = array( 'timeout' => $parsed_args['timeout'], 'useragent' => $parsed_args['user-agent'], 'blocking' => $parsed_args['blocking'], 'hooks' => new WP_HTTP_Requests_Hooks( $url, $parsed_args ), ); // Ensure redirects follow browser behavior. $options['hooks']->register( 'requests.before_redirect', array( static::class, 'browser_redirect_compatibility' ) ); // Validate redirected URLs. if ( function_exists( 'wp_kses_bad_protocol' ) && $parsed_args['reject_unsafe_urls'] ) { $options['hooks']->register( 'requests.before_redirect', array( static::class, 'validate_redirects' ) ); } if ( $parsed_args['stream'] ) { $options['filename'] = $parsed_args['filename']; } if ( empty( $parsed_args['redirection'] ) ) { $options['follow_redirects'] = false; } else { $options['redirects'] = $parsed_args['redirection']; } // Use byte limit, if we can. if ( isset( $parsed_args['limit_response_size'] ) ) { $options['max_bytes'] = $parsed_args['limit_response_size']; } // If we've got cookies, use and convert them to WpOrg\Requests\Cookie. if ( ! empty( $parsed_args['cookies'] ) ) { $options['cookies'] = self::normalize_cookies( $parsed_args['cookies'] ); } // SSL certificate handling. if ( ! $parsed_args['sslverify'] ) { $options['verify'] = false; $options['verifyname'] = false; } else { $options['verify'] = $parsed_args['sslcertificates']; } // All non-GET/HEAD requests should put the arguments in the form body. if ( 'HEAD' !== $type && 'GET' !== $type ) { $options['data_format'] = 'body'; } /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection * or path to an SSL certificate. * @param string $url The request URL. */ $options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'], $url ); // Check for proxies. $proxy = new WP_HTTP_Proxy(); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $options['proxy'] = new WpOrg\Requests\Proxy\Http( $proxy->host() . ':' . $proxy->port() ); if ( $proxy->use_authentication() ) { $options['proxy']->use_authentication = true; $options['proxy']->user = $proxy->username(); $options['proxy']->pass = $proxy->password(); } } // Avoid issues where mbstring.func_overload is enabled. mbstring_binary_safe_encoding(); try { $requests_response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options ); // Convert the response into an array. $http_response = new WP_HTTP_Requests_Response( $requests_response, $parsed_args['filename'] ); $response = $http_response->to_array(); // Add the original object to the array. $response['http_response'] = $http_response; } catch ( WpOrg\Requests\Exception $e ) { $response = new WP_Error( 'http_request_failed', $e->getMessage() ); } reset_mbstring_encoding(); /** * Fires after an HTTP API response is received and before the response is returned. * * @since 2.8.0 * * @param array|WP_Error $response HTTP response or WP_Error object. * @param string $context Context under which the hook is fired. * @param string $class HTTP transport used. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); if ( is_wp_error( $response ) ) { return $response; } if ( ! $parsed_args['blocking'] ) { return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), 'http_response' => null, ); } /** * Filters a successful HTTP API response immediately before the response is returned. * * @since 2.9.0 * * @param array $response HTTP response. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ return apply_filters( 'http_response', $response, $parsed_args, $url ); } /** * Normalizes cookies for using in Requests. * * @since 4.6.0 * * @param array $cookies Array of cookies to send with the request. * @return WpOrg\Requests\Cookie\Jar Cookie holder object. */ public static function normalize_cookies( $cookies ) { $cookie_jar = new WpOrg\Requests\Cookie\Jar(); foreach ( $cookies as $name => $value ) { if ( $value instanceof WP_Http_Cookie ) { $attributes = array_filter( $value->get_attributes(), static function ( $attr ) { return null !== $attr; } ); $cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) ); } elseif ( is_scalar( $value ) ) { $cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value ); } } return $cookie_jar; } /** * Match redirect behavior to browser handling. * * Changes 302 redirects from POST to GET to match browser handling. Per * RFC 7231, user agents can deviate from the strict reading of the * specification for compatibility purposes. * * @since 4.6.0 * * @param string $location URL to redirect to. * @param array $headers Headers for the redirect. * @param string|array $data Body to send with the request. * @param array $options Redirect request options. * @param WpOrg\Requests\Response $original Response object. */ public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) { // Browser compatibility. if ( 302 === $original->status_code ) { $options['type'] = WpOrg\Requests\Requests::GET; } } /** * Validate redirected URLs. * * @since 4.7.5 * * @throws WpOrg\Requests\Exception On unsuccessful URL validation. * @param string $location URL to redirect to. */ public static function validate_redirects( $location ) { if ( ! wp_http_validate_url( $location ) ) { throw new WpOrg\Requests\Exception( __( 'A valid URL was not provided.' ), 'wp_http.redirect_failed_validation' ); } } /** * Tests which transports are capable of supporting the request. * * @since 3.2.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * @see WpOrg\Requests\Requests::get_transport_class() * * @param array $args Request arguments. * @param string $url URL to request. * @return string|false Class name for the first transport that claims to support the request. * False if no transport claims to support the request. */ public function _get_first_available_transport( $args, $url = null ) { $transports = array( 'curl', 'streams' ); /** * Filters which HTTP transports are available and in what order. * * @since 3.7.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * * @param string[] $transports Array of HTTP transports to check. Default array contains * 'curl' and 'streams', in that order. * @param array $args HTTP request arguments. * @param string $url The URL to request. */ $request_order = apply_filters_deprecated( 'http_api_transports', array( $transports, $args, $url ), '6.4.0' ); // Loop over each transport on each HTTP request looking for one which will serve this request's needs. foreach ( $request_order as $transport ) { if ( in_array( $transport, $transports, true ) ) { $transport = ucfirst( $transport ); } $class = 'WP_Http_' . $transport; // Check to see if this transport is a possibility, calls the transport statically. if ( ! call_user_func( array( $class, 'test' ), $args, $url ) ) { continue; } return $class; } return false; } /** * Dispatches a HTTP request to a supporting transport. * * Tests each transport in order to find a transport which matches the request arguments. * Also caches the transport instance to be used later. * * The order for requests is cURL, and then PHP Streams. * * @since 3.2.0 * @deprecated 5.1.0 Use WP_Http::request() * @see WP_Http::request() * * @param string $url URL to request. * @param array $args Request arguments. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ private function _dispatch_request( $url, $args ) { static $transports = array(); $class = $this->_get_first_available_transport( $args, $url ); if ( ! $class ) { return new WP_Error( 'http_failure', __( 'There are no HTTP transports available which can complete the requested request.' ) ); } // Transport claims to support request, instantiate it and give it a whirl. if ( empty( $transports[ $class ] ) ) { $transports[ $class ] = new $class(); } $response = $transports[ $class ]->request( $url, $args ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', $class, $args, $url ); if ( is_wp_error( $response ) ) { return $response; } /** This filter is documented in wp-includes/class-wp-http.php */ return apply_filters( 'http_response', $response, $args, $url ); } /** * Uses the POST HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function post( $url, $args = array() ) { $defaults = array( 'method' => 'POST' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the GET HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function get( $url, $args = array() ) { $defaults = array( 'method' => 'GET' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the HEAD HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function head( $url, $args = array() ) { $defaults = array( 'method' => 'HEAD' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Parses the responses and splits the parts into headers and body. * * @since 2.7.0 * * @param string $response The full response string. * @return array { * Array with response headers and body. * * @type string $headers HTTP response headers. * @type string $body HTTP response body. * } */ public static function processResponse( $response ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid $response = explode( "\r\n\r\n", $response, 2 ); return array( 'headers' => $response[0], 'body' => isset( $response[1] ) ? $response[1] : '', ); } /** * Transforms header string into an array. * * @since 2.7.0 * * @param string|array $headers The original headers. If a string is passed, it will be converted * to an array. If an array is passed, then it is assumed to be * raw header data with numeric keys with the headers as the values. * No headers must be passed that were already processed. * @param string $url Optional. The URL that was requested. Default empty. * @return array { * Processed string headers. If duplicate headers are encountered, * then a numbered array is returned as the value of that header-key. * * @type array $response { * @type int $code The response status code. Default 0. * @type string $message The response message. Default empty. * } * @type array $newheaders The processed header data as a multidimensional array. * @type WP_Http_Cookie[] $cookies If the original headers contain the 'Set-Cookie' key, * an array containing `WP_Http_Cookie` objects is returned. * } */ public static function processHeaders( $headers, $url = '' ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // Split headers, one per array element. if ( is_string( $headers ) ) { // Tolerate line terminator: CRLF = LF (RFC 2616 19.3). $headers = str_replace( "\r\n", "\n", $headers ); /* * Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>, * <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2). */ $headers = preg_replace( '/\n[ \t]/', ' ', $headers ); // Create the headers array. $headers = explode( "\n", $headers ); } $response = array( 'code' => 0, 'message' => '', ); /* * If a redirection has taken place, The headers for each page request may have been passed. * In this case, determine the final HTTP header and parse from there. */ for ( $i = count( $headers ) - 1; $i >= 0; $i-- ) { if ( ! empty( $headers[ $i ] ) && ! str_contains( $headers[ $i ], ':' ) ) { $headers = array_splice( $headers, $i ); break; } } $cookies = array(); $newheaders = array(); foreach ( (array) $headers as $tempheader ) { if ( empty( $tempheader ) ) { continue; } if ( ! str_contains( $tempheader, ':' ) ) { $stack = explode( ' ', $tempheader, 3 ); $stack[] = ''; list( , $response['code'], $response['message']) = $stack; continue; } list($key, $value) = explode( ':', $tempheader, 2 ); $key = strtolower( $key ); $value = trim( $value ); if ( isset( $newheaders[ $key ] ) ) { if ( ! is_array( $newheaders[ $key ] ) ) { $newheaders[ $key ] = array( $newheaders[ $key ] ); } $newheaders[ $key ][] = $value; } else { $newheaders[ $key ] = $value; } if ( 'set-cookie' === $key ) { $cookies[] = new WP_Http_Cookie( $value, $url ); } } // Cast the Response Code to an int. $response['code'] = (int) $response['code']; return array( 'response' => $response, 'headers' => $newheaders, 'cookies' => $cookies, ); } /** * Takes the arguments for a ::request() and checks for the cookie array. * * If it's found, then it upgrades any basic name => value pairs to WP_Http_Cookie instances, * which are each parsed into strings and added to the Cookie: header (within the arguments array). * Edits the array by reference. * * @since 2.8.0 * * @param array $r Full array of args passed into ::request() */ public static function buildCookieHeader( &$r ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! empty( $r['cookies'] ) ) { // Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances. foreach ( $r['cookies'] as $name => $value ) { if ( ! is_object( $value ) ) { $r['cookies'][ $name ] = new WP_Http_Cookie( array( 'name' => $name, 'value' => $value, ) ); } } $cookies_header = ''; foreach ( (array) $r['cookies'] as $cookie ) { $cookies_header .= $cookie->getHeaderValue() . '; '; } $cookies_header = substr( $cookies_header, 0, -2 ); $r['headers']['cookie'] = $cookies_header; } } /** * Decodes chunk transfer-encoding, based off the HTTP 1.1 specification. * * Based off the HTTP http_encoding_dechunk function. * * @link https://tools.ietf.org/html/rfc2616#section-19.4.6 Process for chunked decoding. * * @since 2.7.0 * * @param string $body Body content. * @return string Chunked decoded body on success or raw body on failure. */ public static function chunkTransferDecode( $body ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // The body is not chunked encoded or is malformed. if ( ! preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', trim( $body ) ) ) { return $body; } $parsed_body = ''; // We'll be altering $body, so need a backup in case of error. $body_original = $body; while ( true ) { $has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match ); if ( ! $has_chunk || empty( $match[1] ) ) { return $body_original; } $length = hexdec( $match[1] ); $chunk_length = strlen( $match[0] ); // Parse out the chunk of data. $parsed_body .= substr( $body, $chunk_length, $length ); // Remove the chunk from the raw data. $body = substr( $body, $length + $chunk_length ); // End of the document. if ( '0' === trim( $body ) ) { return $parsed_body; } } } /** * Determines whether an HTTP API request to the given URL should be blocked. * * Those who are behind a proxy and want to prevent access to certain hosts may do so. This will * prevent plugins from working and core functionality, if you don't include `api.wordpress.org`. * * You block external URL requests by defining `WP_HTTP_BLOCK_EXTERNAL` as true in your `wp-config.php` * file and this will only allow localhost and your site to make requests. The constant * `WP_ACCESSIBLE_HOSTS` will allow additional hosts to go through for requests. The format of the * `WP_ACCESSIBLE_HOSTS` constant is a comma separated list of hostnames to allow, wildcard domains * are supported, eg `*.wordpress.org` will allow for all subdomains of `wordpress.org` to be contacted. * * @since 2.8.0 * * @link https://core.trac.wordpress.org/ticket/8927 Allow preventing external requests. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_ACCESSIBLE_HOSTS * * @param string $uri URI of url. * @return bool True to block, false to allow. */ public function block_request( $uri ) { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) { return false; } $check = parse_url( $uri ); if ( ! $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * * A local request is one to `localhost` or to the same host as the site itself. * * @since 2.8.0 * * @param bool $block Whether to block local requests. Default false. */ return apply_filters( 'block_local_requests', false ); } if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) { return true; } static $accessible_hosts = null; static $wildcard_regex = array(); if ( null === $accessible_hosts ) { $accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS ); if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $accessible_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it. } } /** * Used as a wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7. * * @deprecated 4.4.0 Use wp_parse_url() * @see wp_parse_url() * * @param string $url The URL to parse. * @return bool|array False on failure; Array of URL components on success; * See parse_url()'s return values. */ protected static function parse_url( $url ) { _deprecated_function( __METHOD__, '4.4.0', 'wp_parse_url()' ); return wp_parse_url( $url ); } /** * Converts a relative URL to an absolute URL relative to a given URL. * * If an Absolute URL is provided, no processing of that URL is done. * * @since 3.4.0 * * @param string $maybe_relative_path The URL which might be relative. * @param string $url The URL which $maybe_relative_path is relative to. * @return string An Absolute URL, in a failure condition where the URL cannot be parsed, the relative URL will be returned. */ public static function make_absolute_url( $maybe_relative_path, $url ) { if ( empty( $url ) ) { return $maybe_relative_path; } $url_parts = wp_parse_url( $url ); if ( ! $url_parts ) { return $maybe_relative_path; } $relative_url_parts = wp_parse_url( $maybe_relative_path ); if ( ! $relative_url_parts ) { return $maybe_relative_path; } // Check for a scheme on the 'relative' URL. if ( ! empty( $relative_url_parts['scheme'] ) ) { return $maybe_relative_path; } $absolute_path = $url_parts['scheme'] . '://'; // Schemeless URLs will make it this far, so we check for a host in the relative URL // and convert it to a protocol-URL. if ( isset( $relative_url_parts['host'] ) ) { $absolute_path .= $relative_url_parts['host']; if ( isset( $relative_url_parts['port'] ) ) { $absolute_path .= ':' . $relative_url_parts['port']; } } else { $absolute_path .= $url_parts['host']; if ( isset( $url_parts['port'] ) ) { $absolute_path .= ':' . $url_parts['port']; } } // Start off with the absolute URL path. $path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/'; // If it's a root-relative path, then great. if ( ! empty( $relative_url_parts['path'] ) && '/' === $relative_url_parts['path'][0] ) { $path = $relative_url_parts['path']; // Else it's a relative path. } elseif ( ! empty( $relative_url_parts['path'] ) ) { // Strip off any file components from the absolute path. $path = substr( $path, 0, strrpos( $path, '/' ) + 1 ); // Build the new path. $path .= $relative_url_parts['path']; // Strip all /path/../ out of the path. while ( strpos( $path, '../' ) > 1 ) { $path = preg_replace( '![^/]+/\.\./!', '', $path ); } // Strip any final leading ../ from the path. $path = preg_replace( '!^/(\.\./)+!', '', $path ); } // Add the query string. if ( ! empty( $relative_url_parts['query'] ) ) { $path .= '?' . $relative_url_parts['query']; } // Add the fragment. if ( ! empty( $relative_url_parts['fragment'] ) ) { $path .= '#' . $relative_url_parts['fragment']; } return $absolute_path . '/' . ltrim( $path, '/' ); } /** * Handles an HTTP redirect and follows it if appropriate. * * @since 3.7.0 * * @param string $url The URL which was requested. * @param array $args The arguments which were used to make the request. * @param array $response The response of the HTTP request. * @return array|false|WP_Error An HTTP API response array if the redirect is successfully followed, * false if no redirect is present, or a WP_Error object if there's an error. */ public static function handle_redirects( $url, $args, $response ) { // If no redirects are present, or, redirects were not requested, perform no action. if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) { return false; } // Only perform redirections on redirection http codes. if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) { return false; } // Don't redirect if we've run out of redirects. if ( $args['redirection']-- <= 0 ) { return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) ); } $redirect_location = $response['headers']['location']; // If there were multiple Location headers, use the last header specified. if ( is_array( $redirect_location ) ) { $redirect_location = array_pop( $redirect_location ); } $redirect_location = self::make_absolute_url( $redirect_location, $url ); // POST requests should not POST to a redirected location. if ( 'POST' === $args['method'] ) { if ( in_array( $response['response']['code'], array( 302, 303 ), true ) ) { $args['method'] = 'GET'; } } // Include valid cookies in the redirect process. if ( ! empty( $response['cookies'] ) ) { foreach ( $response['cookies'] as $cookie ) { if ( $cookie->test( $redirect_location ) ) { $args['cookies'][] = $cookie; } } } return wp_remote_request( $redirect_location, $args ); } /** * Determines if a specified string represents an IP address or not. * * This function also detects the type of the IP address, returning either * '4' or '6' to represent an IPv4 and IPv6 address respectively. * This does not verify if the IP is a valid IP, only that it appears to be * an IP address. * * @link http://home.deds.nl/~aeron/regex/ for IPv6 regex. * * @since 3.7.0 * * @param string $maybe_ip A suspected IP address. * @return int|false Upon success, '4' or '6' to represent an IPv4 or IPv6 address, false upon failure. */ public static function is_ip_address( $maybe_ip ) { if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $maybe_ip ) ) { return 4; } if ( str_contains( $maybe_ip, ':' ) && preg_match( '/^(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})$/i', trim( $maybe_ip, ' []' ) ) ) { return 6; } return false; } } HTTP/https-migration-20260608190617-20260610104140.php 0000666 00000011205 15226703613 0014142 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/block-editor-20260605082653.php 0000666 00000071142 15226703613 0012022 0 ustar 00 <?php /** * Block Editor API. * * @package WordPress * @subpackage Editor * @since 5.8.0 */ /** * Returns the list of default categories for block types. * * @since 5.8.0 * @since 6.3.0 Reusable Blocks renamed to Patterns. * * @return array[] Array of categories for block types. */ function get_default_block_categories() { return array( array( 'slug' => 'text', 'title' => _x( 'Text', 'block category' ), 'icon' => null, ), array( 'slug' => 'media', 'title' => _x( 'Media', 'block category' ), 'icon' => null, ), array( 'slug' => 'design', 'title' => _x( 'Design', 'block category' ), 'icon' => null, ), array( 'slug' => 'widgets', 'title' => _x( 'Widgets', 'block category' ), 'icon' => null, ), array( 'slug' => 'theme', 'title' => _x( 'Theme', 'block category' ), 'icon' => null, ), array( 'slug' => 'embed', 'title' => _x( 'Embeds', 'block category' ), 'icon' => null, ), array( 'slug' => 'reusable', 'title' => _x( 'Patterns', 'block category' ), 'icon' => null, ), ); } /** * Returns all the categories for block types that will be shown in the block editor. * * @since 5.0.0 * @since 5.8.0 It is possible to pass the block editor context as param. * * @param WP_Post|WP_Block_Editor_Context $post_or_block_editor_context The current post object or * the block editor context. * * @return array[] Array of categories for block types. */ function get_block_categories( $post_or_block_editor_context ) { $block_categories = get_default_block_categories(); $block_editor_context = $post_or_block_editor_context instanceof WP_Post ? new WP_Block_Editor_Context( array( 'post' => $post_or_block_editor_context, ) ) : $post_or_block_editor_context; /** * Filters the default array of categories for block types. * * @since 5.8.0 * * @param array[] $block_categories Array of categories for block types. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $block_categories = apply_filters( 'block_categories_all', $block_categories, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the default array of categories for block types. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_categories_all'} filter instead. * * @param array[] $block_categories Array of categories for block types. * @param WP_Post $post Post being loaded. */ $block_categories = apply_filters_deprecated( 'block_categories', array( $block_categories, $post ), '5.8.0', 'block_categories_all' ); } return $block_categories; } /** * Gets the list of allowed block types to use in the block editor. * * @since 5.8.0 * * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return bool|string[] Array of block type slugs, or boolean to enable/disable all. */ function get_allowed_block_types( $block_editor_context ) { $allowed_block_types = true; /** * Filters the allowed block types for all editor types. * * @since 5.8.0 * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported). * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $allowed_block_types = apply_filters( 'allowed_block_types_all', $allowed_block_types, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the allowed block types for the editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'allowed_block_types_all'} filter instead. * * @param bool|string[] $allowed_block_types Array of block type slugs, or boolean to enable/disable all. * Default true (all registered block types supported) * @param WP_Post $post The post resource data. */ $allowed_block_types = apply_filters_deprecated( 'allowed_block_types', array( $allowed_block_types, $post ), '5.8.0', 'allowed_block_types_all' ); } return $allowed_block_types; } /** * Returns the default block editor settings. * * @since 5.8.0 * * @return array The default block editor settings. */ function get_default_block_editor_settings() { // Media settings. // wp_max_upload_size() can be expensive, so only call it when relevant for the current user. $max_upload_size = 0; if ( current_user_can( 'upload_files' ) ) { $max_upload_size = wp_max_upload_size(); if ( ! $max_upload_size ) { $max_upload_size = 0; } } /** This filter is documented in wp-admin/includes/media.php */ $image_size_names = apply_filters( 'image_size_names_choose', array( 'thumbnail' => __( 'Thumbnail' ), 'medium' => __( 'Medium' ), 'large' => __( 'Large' ), 'full' => __( 'Full Size' ), ) ); $available_image_sizes = array(); foreach ( $image_size_names as $image_size_slug => $image_size_name ) { $available_image_sizes[] = array( 'slug' => $image_size_slug, 'name' => $image_size_name, ); } $default_size = get_option( 'image_default_size', 'large' ); $image_default_size = in_array( $default_size, array_keys( $image_size_names ), true ) ? $default_size : 'large'; $image_dimensions = array(); $all_sizes = wp_get_registered_image_subsizes(); foreach ( $available_image_sizes as $size ) { $key = $size['slug']; if ( isset( $all_sizes[ $key ] ) ) { $image_dimensions[ $key ] = $all_sizes[ $key ]; } } // These styles are used if the "no theme styles" options is triggered or on // themes without their own editor styles. $default_editor_styles_file = ABSPATH . WPINC . '/css/dist/block-editor/default-editor-styles.css'; static $default_editor_styles_file_contents = false; if ( ! $default_editor_styles_file_contents && file_exists( $default_editor_styles_file ) ) { $default_editor_styles_file_contents = file_get_contents( $default_editor_styles_file ); } $default_editor_styles = array(); if ( $default_editor_styles_file_contents ) { $default_editor_styles = array( array( 'css' => $default_editor_styles_file_contents ), ); } $editor_settings = array( 'alignWide' => get_theme_support( 'align-wide' ), 'allowedBlockTypes' => true, 'allowedMimeTypes' => get_allowed_mime_types(), 'defaultEditorStyles' => $default_editor_styles, 'blockCategories' => get_default_block_categories(), 'isRTL' => is_rtl(), 'imageDefaultSize' => $image_default_size, 'imageDimensions' => $image_dimensions, 'imageEditing' => true, 'imageSizes' => $available_image_sizes, 'maxUploadFileSize' => $max_upload_size, '__experimentalDashboardLink' => admin_url( '/' ), // The following flag is required to enable the new Gallery block format on the mobile apps in 5.9. '__unstableGalleryWithImageBlocks' => true, ); $theme_settings = get_classic_theme_supports_block_editor_settings(); foreach ( $theme_settings as $key => $value ) { $editor_settings[ $key ] = $value; } return $editor_settings; } /** * Returns the block editor settings needed to use the Legacy Widget block which * is not registered by default. * * @since 5.8.0 * * @return array Settings to be used with get_block_editor_settings(). */ function get_legacy_widget_block_editor_settings() { $editor_settings = array(); /** * Filters the list of widget-type IDs that should **not** be offered by the * Legacy Widget block. * * Returning an empty array will make all widgets available. * * @since 5.8.0 * * @param string[] $widgets An array of excluded widget-type IDs. */ $editor_settings['widgetTypesToHideFromLegacyWidgetBlock'] = apply_filters( 'widget_types_to_hide_from_legacy_widget_block', array( 'pages', 'calendar', 'archives', 'media_audio', 'media_image', 'media_gallery', 'media_video', 'search', 'text', 'categories', 'recent-posts', 'recent-comments', 'rss', 'tag_cloud', 'custom_html', 'block', ) ); return $editor_settings; } /** * Collect the block editor assets that need to be loaded into the editor's iframe. * * @since 6.0.0 * @access private * * @global WP_Styles $wp_styles The WP_Styles current instance. * @global WP_Scripts $wp_scripts The WP_Scripts current instance. * * @return array { * The block editor assets. * * @type string|false $styles String containing the HTML for styles. * @type string|false $scripts String containing the HTML for scripts. * } */ function _wp_get_iframed_editor_assets() { global $wp_styles, $wp_scripts; // Keep track of the styles and scripts instance to restore later. $current_wp_styles = $wp_styles; $current_wp_scripts = $wp_scripts; // Create new instances to collect the assets. $wp_styles = new WP_Styles(); $wp_scripts = new WP_Scripts(); /* * Register all currently registered styles and scripts. The actions that * follow enqueue assets, but don't necessarily register them. */ $wp_styles->registered = $current_wp_styles->registered; $wp_scripts->registered = $current_wp_scripts->registered; /* * We generally do not need reset styles for the iframed editor. * However, if it's a classic theme, margins will be added to every block, * which is reset specifically for list items, so classic themes rely on * these reset styles. */ $wp_styles->done = wp_theme_has_theme_json() ? array( 'wp-reset-editor-styles' ) : array(); wp_enqueue_script( 'wp-polyfill' ); // Enqueue the `editorStyle` handles for all core block, and dependencies. wp_enqueue_style( 'wp-edit-blocks' ); if ( current_theme_supports( 'wp-block-styles' ) ) { wp_enqueue_style( 'wp-block-library-theme' ); } /* * We don't want to load EDITOR scripts in the iframe, only enqueue * front-end assets for the content. */ add_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); do_action( 'enqueue_block_assets' ); remove_filter( 'should_load_block_editor_scripts_and_styles', '__return_false' ); $block_registry = WP_Block_Type_Registry::get_instance(); /* * Additionally, do enqueue `editorStyle` assets for all blocks, which * contains editor-only styling for blocks (editor content). */ foreach ( $block_registry->get_all_registered() as $block_type ) { if ( isset( $block_type->editor_style_handles ) && is_array( $block_type->editor_style_handles ) ) { foreach ( $block_type->editor_style_handles as $style_handle ) { wp_enqueue_style( $style_handle ); } } } /** * Remove the deprecated `print_emoji_styles` handler. * It avoids breaking style generation with a deprecation message. */ $has_emoji_styles = has_action( 'wp_print_styles', 'print_emoji_styles' ); if ( $has_emoji_styles ) { remove_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_styles(); wp_print_font_faces(); wp_print_font_faces_from_style_variations(); $styles = ob_get_clean(); if ( $has_emoji_styles ) { add_action( 'wp_print_styles', 'print_emoji_styles' ); } ob_start(); wp_print_head_scripts(); wp_print_footer_scripts(); $scripts = ob_get_clean(); // Restore the original instances. $wp_styles = $current_wp_styles; $wp_scripts = $current_wp_scripts; return array( 'styles' => $styles, 'scripts' => $scripts, ); } /** * Finds the first occurrence of a specific block in an array of blocks. * * @since 6.3.0 * * @param array $blocks Array of blocks. * @param string $block_name Name of the block to find. * @return array Found block, or empty array if none found. */ function wp_get_first_block( $blocks, $block_name ) { foreach ( $blocks as $block ) { if ( $block_name === $block['blockName'] ) { return $block; } if ( ! empty( $block['innerBlocks'] ) ) { $found_block = wp_get_first_block( $block['innerBlocks'], $block_name ); if ( ! empty( $found_block ) ) { return $found_block; } } } return array(); } /** * Retrieves Post Content block attributes from the current post template. * * @since 6.3.0 * @since 6.4.0 Return null if there is no post content block. * @access private * * @global int $post_ID * * @return array|null Post Content block attributes array or null if Post Content block doesn't exist. */ function wp_get_post_content_block_attributes() { global $post_ID; $is_block_theme = wp_is_block_theme(); if ( ! $is_block_theme || ! $post_ID ) { return null; } $template_slug = get_page_template_slug( $post_ID ); if ( ! $template_slug ) { $post_slug = 'singular'; $page_slug = 'singular'; $template_types = get_block_templates(); foreach ( $template_types as $template_type ) { if ( 'page' === $template_type->slug ) { $page_slug = 'page'; } if ( 'single' === $template_type->slug ) { $post_slug = 'single'; } } $what_post_type = get_post_type( $post_ID ); switch ( $what_post_type ) { case 'page': $template_slug = $page_slug; break; default: $template_slug = $post_slug; break; } } $current_template = get_block_templates( array( 'slug__in' => array( $template_slug ) ) ); if ( ! empty( $current_template ) ) { $template_blocks = parse_blocks( $current_template[0]->content ); $post_content_block = wp_get_first_block( $template_blocks, 'core/post-content' ); if ( isset( $post_content_block['attrs'] ) ) { return $post_content_block['attrs']; } } return null; } /** * Returns the contextualized block editor settings for a selected editor context. * * @since 5.8.0 * * @param array $custom_settings Custom settings to use with the given editor type. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. * * @return array The contextualized block editor settings. */ function get_block_editor_settings( array $custom_settings, $block_editor_context ) { $editor_settings = array_merge( get_default_block_editor_settings(), array( 'allowedBlockTypes' => get_allowed_block_types( $block_editor_context ), 'blockCategories' => get_block_categories( $block_editor_context ), ), $custom_settings ); $editor_settings['__experimentalBlockBindingsSupportedAttributes'] = array(); foreach ( array_keys( WP_Block_Type_Registry::get_instance()->get_all_registered() ) as $block_type ) { $supported_block_attributes = get_block_bindings_supported_attributes( $block_type ); if ( ! empty( $supported_block_attributes ) ) { $editor_settings['__experimentalBlockBindingsSupportedAttributes'][ $block_type ] = $supported_block_attributes; } } $global_styles = array(); $presets = array( array( 'css' => 'variables', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), array( 'css' => 'presets', '__unstableType' => 'presets', 'isGlobalStyles' => true, ), ); foreach ( $presets as $preset_style ) { $actual_css = wp_get_global_stylesheet( array( $preset_style['css'] ) ); if ( '' !== $actual_css ) { $preset_style['css'] = $actual_css; $global_styles[] = $preset_style; } } if ( wp_theme_has_theme_json() ) { $block_classes = array( 'css' => 'styles', '__unstableType' => 'theme', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } /* * Add the custom CSS as a separate stylesheet so any invalid CSS * entered by users does not break other global styles. */ $global_styles[] = array( 'css' => wp_get_global_stylesheet( array( 'custom-css' ) ), '__unstableType' => 'user', 'isGlobalStyles' => true, ); } else { // If there is no `theme.json` file, ensure base layout styles are still available. $block_classes = array( 'css' => 'base-layout-styles', '__unstableType' => 'base-layout', 'isGlobalStyles' => true, ); $actual_css = wp_get_global_stylesheet( array( $block_classes['css'] ) ); if ( '' !== $actual_css ) { $block_classes['css'] = $actual_css; $global_styles[] = $block_classes; } } $editor_settings['styles'] = array_merge( $global_styles, get_block_editor_theme_styles() ); $editor_settings['__experimentalFeatures'] = wp_get_global_settings(); // These settings may need to be updated based on data coming from theme.json sources. if ( isset( $editor_settings['__experimentalFeatures']['color']['palette'] ) ) { $colors_by_origin = $editor_settings['__experimentalFeatures']['color']['palette']; $editor_settings['colors'] = isset( $colors_by_origin['custom'] ) ? $colors_by_origin['custom'] : ( isset( $colors_by_origin['theme'] ) ? $colors_by_origin['theme'] : $colors_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['gradients'] ) ) { $gradients_by_origin = $editor_settings['__experimentalFeatures']['color']['gradients']; $editor_settings['gradients'] = isset( $gradients_by_origin['custom'] ) ? $gradients_by_origin['custom'] : ( isset( $gradients_by_origin['theme'] ) ? $gradients_by_origin['theme'] : $gradients_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['fontSizes'] ) ) { $font_sizes_by_origin = $editor_settings['__experimentalFeatures']['typography']['fontSizes']; $editor_settings['fontSizes'] = isset( $font_sizes_by_origin['custom'] ) ? $font_sizes_by_origin['custom'] : ( isset( $font_sizes_by_origin['theme'] ) ? $font_sizes_by_origin['theme'] : $font_sizes_by_origin['default'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['custom'] ) ) { $editor_settings['disableCustomColors'] = ! $editor_settings['__experimentalFeatures']['color']['custom']; unset( $editor_settings['__experimentalFeatures']['color']['custom'] ); } if ( isset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ) ) { $editor_settings['disableCustomGradients'] = ! $editor_settings['__experimentalFeatures']['color']['customGradient']; unset( $editor_settings['__experimentalFeatures']['color']['customGradient'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ) ) { $editor_settings['disableCustomFontSizes'] = ! $editor_settings['__experimentalFeatures']['typography']['customFontSize']; unset( $editor_settings['__experimentalFeatures']['typography']['customFontSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ) ) { $editor_settings['enableCustomLineHeight'] = $editor_settings['__experimentalFeatures']['typography']['lineHeight']; unset( $editor_settings['__experimentalFeatures']['typography']['lineHeight'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['units'] ) ) { $editor_settings['enableCustomUnits'] = $editor_settings['__experimentalFeatures']['spacing']['units']; unset( $editor_settings['__experimentalFeatures']['spacing']['units'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ) ) { $editor_settings['enableCustomSpacing'] = $editor_settings['__experimentalFeatures']['spacing']['padding']; unset( $editor_settings['__experimentalFeatures']['spacing']['padding'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ) ) { $editor_settings['disableCustomSpacingSizes'] = ! $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize']; unset( $editor_settings['__experimentalFeatures']['spacing']['customSpacingSize'] ); } if ( isset( $editor_settings['__experimentalFeatures']['spacing']['spacingSizes'] ) ) { $spacing_sizes_by_origin = $editor_settings['__experimentalFeatures']['spacing']['spacingSizes']; $editor_settings['spacingSizes'] = isset( $spacing_sizes_by_origin['custom'] ) ? $spacing_sizes_by_origin['custom'] : ( isset( $spacing_sizes_by_origin['theme'] ) ? $spacing_sizes_by_origin['theme'] : $spacing_sizes_by_origin['default'] ); } $editor_settings['__unstableResolvedAssets'] = _wp_get_iframed_editor_assets(); $editor_settings['__unstableIsBlockBasedTheme'] = wp_is_block_theme(); $editor_settings['localAutosaveInterval'] = 15; $editor_settings['disableLayoutStyles'] = current_theme_supports( 'disable-layout-styles' ); $editor_settings['__experimentalDiscussionSettings'] = array( 'commentOrder' => get_option( 'comment_order' ), 'commentsPerPage' => get_option( 'comments_per_page' ), 'defaultCommentsPage' => get_option( 'default_comments_page' ), 'pageComments' => get_option( 'page_comments' ), 'threadComments' => get_option( 'thread_comments' ), 'threadCommentsDepth' => get_option( 'thread_comments_depth' ), 'defaultCommentStatus' => get_option( 'default_comment_status' ), 'avatarURL' => get_avatar_url( '', array( 'size' => 96, 'force_default' => true, 'default' => get_option( 'avatar_default' ), ) ), ); $post_content_block_attributes = wp_get_post_content_block_attributes(); if ( isset( $post_content_block_attributes ) ) { $editor_settings['postContentAttributes'] = $post_content_block_attributes; } $editor_settings['canUpdateBlockBindings'] = current_user_can( 'edit_block_binding', $block_editor_context ); /** * Filters the settings to pass to the block editor for all editor type. * * @since 5.8.0 * * @param array $editor_settings Default editor settings. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $editor_settings = apply_filters( 'block_editor_settings_all', $editor_settings, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $post = $block_editor_context->post; /** * Filters the settings to pass to the block editor. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_settings_all'} filter instead. * * @param array $editor_settings Default editor settings. * @param WP_Post $post Post being edited. */ $editor_settings = apply_filters_deprecated( 'block_editor_settings', array( $editor_settings, $post ), '5.8.0', 'block_editor_settings_all' ); } return $editor_settings; } /** * Preloads common data used with the block editor by specifying an array of * REST API paths that will be preloaded for a given block editor context. * * @since 5.8.0 * * @global WP_Post $post Global post object. * @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts. * @global WP_Styles $wp_styles The WP_Styles object for printing styles. * * @param (string|string[])[] $preload_paths List of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ function block_editor_rest_api_preload( array $preload_paths, $block_editor_context ) { global $post, $wp_scripts, $wp_styles; /** * Filters the array of REST API paths that will be used to preloaded common data for the block editor. * * @since 5.8.0 * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Block_Editor_Context $block_editor_context The current block editor context. */ $preload_paths = apply_filters( 'block_editor_rest_api_preload_paths', $preload_paths, $block_editor_context ); if ( ! empty( $block_editor_context->post ) ) { $selected_post = $block_editor_context->post; /** * Filters the array of paths that will be preloaded. * * Preload common data by specifying an array of REST API paths that will be preloaded. * * @since 5.0.0 * @deprecated 5.8.0 Use the {@see 'block_editor_rest_api_preload_paths'} filter instead. * * @param (string|string[])[] $preload_paths Array of paths to preload. * @param WP_Post $selected_post Post being edited. */ $preload_paths = apply_filters_deprecated( 'block_editor_preload_paths', array( $preload_paths, $selected_post ), '5.8.0', 'block_editor_rest_api_preload_paths' ); } if ( empty( $preload_paths ) ) { return; } /* * Ensure the global $post, $wp_scripts, and $wp_styles remain the same after * API data is preloaded. * Because API preloading can call the_content and other filters, plugins * can unexpectedly modify the global $post or enqueue assets which are not * intended for the block editor. */ $backup_global_post = ! empty( $post ) ? clone $post : $post; $backup_wp_scripts = ! empty( $wp_scripts ) ? clone $wp_scripts : $wp_scripts; $backup_wp_styles = ! empty( $wp_styles ) ? clone $wp_styles : $wp_styles; foreach ( $preload_paths as &$path ) { if ( is_string( $path ) && ! str_starts_with( $path, '/' ) ) { $path = '/' . $path; continue; } if ( is_array( $path ) && is_string( $path[0] ) && ! str_starts_with( $path[0], '/' ) ) { $path[0] = '/' . $path[0]; } } unset( $path ); $preload_data = array_reduce( $preload_paths, 'rest_preload_api_request', array() ); // Restore the global $post, $wp_scripts, and $wp_styles as they were before API preloading. $post = $backup_global_post; $wp_scripts = $backup_wp_scripts; $wp_styles = $backup_wp_styles; wp_add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createPreloadingMiddleware( %s ) );', wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Creates an array of theme styles to load into the block editor. * * @since 5.8.0 * * @global array $editor_styles * * @return array An array of theme styles for the block editor. */ function get_block_editor_theme_styles() { global $editor_styles; $styles = array(); if ( $editor_styles && current_theme_supports( 'editor-styles' ) ) { foreach ( $editor_styles as $style ) { if ( preg_match( '~^(https?:)?//~', $style ) ) { $response = wp_remote_get( $style ); if ( ! is_wp_error( $response ) ) { $styles[] = array( 'css' => wp_remote_retrieve_body( $response ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } else { $file = get_theme_file_path( $style ); if ( is_file( $file ) ) { $styles[] = array( 'css' => file_get_contents( $file ), 'baseURL' => get_theme_file_uri( $style ), '__unstableType' => 'theme', 'isGlobalStyles' => false, ); } } } } return $styles; } /** * Returns the classic theme supports settings for block editor. * * @since 6.2.0 * @since 6.6.0 Add support for 'editor-spacing-sizes' theme support. * * @return array The classic theme supports settings. */ function get_classic_theme_supports_block_editor_settings() { $theme_settings = array( 'disableCustomColors' => get_theme_support( 'disable-custom-colors' ), 'disableCustomFontSizes' => get_theme_support( 'disable-custom-font-sizes' ), 'disableCustomGradients' => get_theme_support( 'disable-custom-gradients' ), 'disableLayoutStyles' => get_theme_support( 'disable-layout-styles' ), 'enableCustomLineHeight' => get_theme_support( 'custom-line-height' ), 'enableCustomSpacing' => get_theme_support( 'custom-spacing' ), 'enableCustomUnits' => get_theme_support( 'custom-units' ), ); // Theme settings. $color_palette = current( (array) get_theme_support( 'editor-color-palette' ) ); if ( false !== $color_palette ) { $theme_settings['colors'] = $color_palette; } $font_sizes = current( (array) get_theme_support( 'editor-font-sizes' ) ); if ( false !== $font_sizes ) { $theme_settings['fontSizes'] = $font_sizes; } $gradient_presets = current( (array) get_theme_support( 'editor-gradient-presets' ) ); if ( false !== $gradient_presets ) { $theme_settings['gradients'] = $gradient_presets; } $spacing_sizes = current( (array) get_theme_support( 'editor-spacing-sizes' ) ); if ( false !== $spacing_sizes ) { $theme_settings['spacingSizes'] = $spacing_sizes; } return $theme_settings; } /** * Initialize site preview. * * This function sets IFRAME_REQUEST to true if the site preview parameter is set. * * @since 6.8.0 */ function wp_initialize_site_preview_hooks() { if ( ! defined( 'IFRAME_REQUEST' ) && isset( $_GET['wp_site_preview'] ) && 1 === (int) $_GET['wp_site_preview'] && current_user_can( 'edit_theme_options' ) ) { define( 'IFRAME_REQUEST', true ); } } HTTP/https-detection-20260605172218-20260609120427.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/plugin-20260605082339.php 0000666 00000107225 15226703613 0010745 0 ustar 00 <?php /** * The plugin API is located in this file, which allows for creating actions * and filters and hooking functions, and methods. The functions or methods will * then be run when the action or filter is called. * * The API callback examples reference functions, but can be methods of classes. * To hook methods, you'll need to pass an array one of two ways. * * Any of the syntaxes explained in the PHP documentation for the * {@link https://www.php.net/manual/en/language.pseudo-types.php#language.types.callback 'callback'} * type are valid. * * Also see the {@link https://developer.wordpress.org/plugins/ Plugin API} for * more information and examples on how to use a lot of these functions. * * This file should have no external dependencies. * * @package WordPress * @subpackage Plugin * @since 1.5.0 */ // Initialize the filter globals. require __DIR__ . '/class-wp-hook.php'; /** @var WP_Hook[] $wp_filter */ global $wp_filter; /** @var int[] $wp_actions */ global $wp_actions; /** @var int[] $wp_filters */ global $wp_filters; /** @var string[] $wp_current_filter */ global $wp_current_filter; if ( $wp_filter ) { $wp_filter = WP_Hook::build_preinitialized_hooks( $wp_filter ); } else { $wp_filter = array(); } if ( ! isset( $wp_actions ) ) { $wp_actions = array(); } if ( ! isset( $wp_filters ) ) { $wp_filters = array(); } if ( ! isset( $wp_current_filter ) ) { $wp_current_filter = array(); } /** * Adds a callback function to a filter hook. * * WordPress offers filter hooks to allow plugins to modify * various types of internal data at runtime. * * A plugin can modify data by binding a callback to a filter hook. When the filter * is later applied, each bound callback is run in order of priority, and given * the opportunity to modify a value by returning a new value. * * The following example shows how a callback function is bound to a filter hook. * * Note that `$example` is passed to the callback, (maybe) modified, then returned: * * function example_callback( $example ) { * // Maybe modify $example in some way. * return $example; * } * add_filter( 'example_filter', 'example_callback' ); * * Bound callbacks can accept from none to the total number of arguments passed as parameters * in the corresponding apply_filters() call. * * In other words, if an apply_filters() call passes four total arguments, callbacks bound to * it can accept none (the same as 1) of the arguments or up to four. The important part is that * the `$accepted_args` value must reflect the number of arguments the bound callback *actually* * opted to accept. If no arguments were accepted by the callback that is considered to be the * same as accepting 1 argument. For example: * * // Filter call. * $value = apply_filters( 'hook', $value, $arg2, $arg3 ); * * // Accepting zero/one arguments. * function example_callback() { * ... * return 'some value'; * } * add_filter( 'hook', 'example_callback' ); // Where $priority is default 10, $accepted_args is default 1. * * // Accepting two arguments (three possible). * function example_callback( $value, $arg2 ) { * ... * return $maybe_modified_value; * } * add_filter( 'hook', 'example_callback', 10, 2 ); // Where $priority is 10, $accepted_args is 2. * * *Note:* The function will return true whether or not the callback is valid. * It is up to you to take care. This is done for optimization purposes, so * everything is as quick as possible. * * @since 0.71 * * @global WP_Hook[] $wp_filter A multidimensional array of all hooks and the callbacks hooked to them. * * @param string $hook_name The name of the filter to add the callback to. * @param callable $callback The callback to be run when the filter is applied. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular filter are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the filter. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_filter( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ] = new WP_Hook(); } $wp_filter[ $hook_name ]->add_filter( $hook_name, $callback, $priority, $accepted_args ); return true; } /** * Calls the callback functions that have been added to a filter hook. * * This function invokes all functions attached to filter hook `$hook_name`. * It is possible to create new filter hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * The function also allows for multiple additional arguments to be passed to hooks. * * Example usage: * * // The filter callback function. * function example_callback( $string, $arg1, $arg2 ) { * // (maybe) modify $string. * return $string; * } * add_filter( 'example_filter', 'example_callback', 10, 3 ); * * /* * * Apply the filters by calling the 'example_callback()' function * * that's hooked onto `example_filter` above. * * * * - 'example_filter' is the filter hook. * * - 'filter me' is the value being filtered. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * $value = apply_filters( 'example_filter', 'filter me', $arg1, $arg2 ); * * @since 0.71 * @since 6.0.0 Formalized the existing and already documented `...$args` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param mixed $value The value to filter. * @param mixed ...$args Optional. Additional parameters to pass to the callback functions. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters( $hook_name, $value, ...$args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $value; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } // Pass the value to WP_Hook. array_unshift( $args, $value ); $filtered = $wp_filter[ $hook_name ]->apply_filters( $value, $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Calls the callback functions that have been added to a filter hook, specifying arguments in an array. * * @since 3.0.0 * * @see apply_filters() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_ref_array( $hook_name, $args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $args[0]; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $filtered = $wp_filter[ $hook_name ]->apply_filters( $args[0], $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Checks if any filter has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The name of the filter hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_filter( $hook_name, $callback = false, $priority = false ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { return false; } return $wp_filter[ $hook_name ]->has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from a filter hook. * * This can be used to remove default functions attached to a specific filter * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter hook to which the function to be removed is hooked. * @param callable|string|array $callback The callback to be removed from running when the filter is applied. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * filter callback. Default 10. * @return bool Whether the function existed before it was removed. */ function remove_filter( $hook_name, $callback, $priority = 10 ) { global $wp_filter; $r = false; if ( isset( $wp_filter[ $hook_name ] ) ) { $r = $wp_filter[ $hook_name ]->remove_filter( $hook_name, $callback, $priority ); if ( ! $wp_filter[ $hook_name ]->callbacks ) { unset( $wp_filter[ $hook_name ] ); } } return $r; } /** * Removes all of the callback functions from a filter hook. * * @since 2.7.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_filters( $hook_name, $priority = false ) { global $wp_filter; if ( isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ]->remove_all_filters( $priority ); if ( ! $wp_filter[ $hook_name ]->has_filters() ) { unset( $wp_filter[ $hook_name ] ); } } return true; } /** * Retrieves the name of the current filter hook. * * @since 2.5.0 * * @global string[] $wp_current_filter Stores the list of current filters with the current one last * * @return string|false Hook name of the current filter, false if no filter is running. */ function current_filter() { global $wp_current_filter; return end( $wp_current_filter ); } /** * Returns whether or not a filter hook is currently being processed. * * The function current_filter() only returns the most recent filter being executed. * did_filter() returns the number of times a filter has been applied during * the current request. * * This function allows detection for any filter currently being executed * (regardless of whether it's the most recent filter to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_filter() * @see did_filter() * @global string[] $wp_current_filter Current filter. * * @param string|null $hook_name Optional. Filter hook to check. Defaults to null, * which checks if any filter is currently being run. * @return bool Whether the filter is currently in the stack. */ function doing_filter( $hook_name = null ) { global $wp_current_filter; if ( null === $hook_name ) { return ! empty( $wp_current_filter ); } return in_array( $hook_name, $wp_current_filter, true ); } /** * Retrieves the number of times a filter has been applied during the current request. * * @since 6.1.0 * * @global int[] $wp_filters Stores the number of times each filter was triggered. * * @param string $hook_name The name of the filter hook. * @return int The number of times the filter hook has been applied. */ function did_filter( $hook_name ) { global $wp_filters; if ( ! isset( $wp_filters[ $hook_name ] ) ) { return 0; } return $wp_filters[ $hook_name ]; } /** * Adds a callback function to an action hook. * * Actions are the hooks that the WordPress core launches at specific points * during execution, or when specific events occur. Plugins can specify that * one or more of its PHP functions are executed at these points, using the * Action API. * * @since 1.2.0 * * @param string $hook_name The name of the action to add the callback to. * @param callable $callback The callback to be run when the action is called. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular action are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the action. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_action( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { return add_filter( $hook_name, $callback, $priority, $accepted_args ); } /** * Calls the callback functions that have been added to an action hook. * * This function invokes all functions attached to action hook `$hook_name`. * It is possible to create new action hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * You can pass extra arguments to the hooks, much like you can with `apply_filters()`. * * Example usage: * * // The action callback function. * function example_callback( $arg1, $arg2 ) { * // (maybe) do something with the args. * } * add_action( 'example_action', 'example_callback', 10, 2 ); * * /* * * Trigger the actions by calling the 'example_callback()' function * * that's hooked onto `example_action` above. * * * * - 'example_action' is the action hook. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * do_action( 'example_action', $arg1, $arg2 ); * * @since 1.2.0 * @since 5.3.0 Formalized the existing and already documented `...$arg` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param mixed ...$arg Optional. Additional arguments which are passed on to the * functions hooked to the action. Default empty. */ function do_action( $hook_name, ...$arg ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } if ( empty( $arg ) ) { $arg[] = ''; } elseif ( is_array( $arg[0] ) && 1 === count( $arg[0] ) && isset( $arg[0][0] ) && is_object( $arg[0][0] ) ) { // Backward compatibility for PHP4-style passing of `array( &$this )` as action `$arg`. $arg[0] = $arg[0][0]; } $wp_filter[ $hook_name ]->do_action( $arg ); array_pop( $wp_current_filter ); } /** * Calls the callback functions that have been added to an action hook, specifying arguments in an array. * * @since 2.1.0 * * @see do_action() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. */ function do_action_ref_array( $hook_name, $args ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $wp_filter[ $hook_name ]->do_action( $args ); array_pop( $wp_current_filter ); } /** * Checks if any action has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @see has_filter() This function is an alias of has_filter(). * * @param string $hook_name The name of the action hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_action( $hook_name, $callback = false, $priority = false ) { return has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from an action hook. * * This can be used to remove default functions attached to a specific action * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @param string $hook_name The action hook to which the function to be removed is hooked. * @param callable|string|array $callback The name of the function which should be removed. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * action callback. Default 10. * @return bool Whether the function is removed. */ function remove_action( $hook_name, $callback, $priority = 10 ) { return remove_filter( $hook_name, $callback, $priority ); } /** * Removes all of the callback functions from an action hook. * * @since 2.7.0 * * @param string $hook_name The action to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_actions( $hook_name, $priority = false ) { return remove_all_filters( $hook_name, $priority ); } /** * Retrieves the name of the current action hook. * * @since 3.9.0 * * @return string|false Hook name of the current action, false if no action is running. */ function current_action() { return current_filter(); } /** * Returns whether or not an action hook is currently being processed. * * The function current_action() only returns the most recent action being executed. * did_action() returns the number of times an action has been fired during * the current request. * * This function allows detection for any action currently being executed * (regardless of whether it's the most recent action to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_action() * @see did_action() * * @param string|null $hook_name Optional. Action hook to check. Defaults to null, * which checks if any action is currently being run. * @return bool Whether the action is currently in the stack. */ function doing_action( $hook_name = null ) { return doing_filter( $hook_name ); } /** * Retrieves the number of times an action has been fired during the current request. * * @since 2.1.0 * * @global int[] $wp_actions Stores the number of times each action was triggered. * * @param string $hook_name The name of the action hook. * @return int The number of times the action hook has been fired. */ function did_action( $hook_name ) { global $wp_actions; if ( ! isset( $wp_actions[ $hook_name ] ) ) { return 0; } return $wp_actions[ $hook_name ]; } /** * Fires functions attached to a deprecated filter hook. * * When a filter hook is deprecated, the apply_filters() call is replaced with * apply_filters_deprecated(), which triggers a deprecation notice and then fires * the original filter hook. * * Note: the value and extra arguments passed to the original apply_filters() call * must be passed here to `$args` as an array. For example: * * // Old filter. * return apply_filters( 'wpdocs_filter', $value, $extra_arg ); * * // Deprecated. * return apply_filters_deprecated( 'wpdocs_filter', array( $value, $extra_arg ), '4.9.0', 'wpdocs_new_filter' ); * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the filter hook. * @param array $args Array of additional function arguments to be passed to apply_filters(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_filter( $hook_name ) ) { return $args[0]; } _deprecated_hook( $hook_name, $version, $replacement, $message ); return apply_filters_ref_array( $hook_name, $args ); } /** * Fires functions attached to a deprecated action hook. * * When an action hook is deprecated, the do_action() call is replaced with * do_action_deprecated(), which triggers a deprecation notice and then fires * the original hook. * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the action hook. * @param array $args Array of additional function arguments to be passed to do_action(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. */ function do_action_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_action( $hook_name ) ) { return; } _deprecated_hook( $hook_name, $version, $replacement, $message ); do_action_ref_array( $hook_name, $args ); } // // Functions for handling plugins. // /** * Gets the basename of a plugin. * * This method extracts the name of a plugin from its filename. * * @since 1.5.0 * * @global array $wp_plugin_paths * * @param string $file The filename of plugin. * @return string The name of a plugin. */ function plugin_basename( $file ) { global $wp_plugin_paths; // $wp_plugin_paths contains normalized paths. $file = wp_normalize_path( $file ); arsort( $wp_plugin_paths ); foreach ( $wp_plugin_paths as $dir => $realdir ) { if ( str_starts_with( $file, $realdir ) ) { $file = $dir . substr( $file, strlen( $realdir ) ); } } $plugin_dir = wp_normalize_path( WP_PLUGIN_DIR ); $mu_plugin_dir = wp_normalize_path( WPMU_PLUGIN_DIR ); // Get relative path from plugins directory. $file = preg_replace( '#^' . preg_quote( $plugin_dir, '#' ) . '/|^' . preg_quote( $mu_plugin_dir, '#' ) . '/#', '', $file ); $file = trim( $file, '/' ); return $file; } /** * Register a plugin's real path. * * This is used in plugin_basename() to resolve symlinked paths. * * @since 3.9.0 * * @see wp_normalize_path() * * @global array $wp_plugin_paths * * @param string $file Known path to the file. * @return bool Whether the path was able to be registered. */ function wp_register_plugin_realpath( $file ) { global $wp_plugin_paths; // Normalize, but store as static to avoid recalculation of a constant value. static $wp_plugin_path = null, $wpmu_plugin_path = null; if ( ! isset( $wp_plugin_path ) ) { $wp_plugin_path = wp_normalize_path( WP_PLUGIN_DIR ); $wpmu_plugin_path = wp_normalize_path( WPMU_PLUGIN_DIR ); } $plugin_path = wp_normalize_path( dirname( $file ) ); $plugin_realpath = wp_normalize_path( dirname( realpath( $file ) ) ); if ( $plugin_path === $wp_plugin_path || $plugin_path === $wpmu_plugin_path ) { return false; } if ( $plugin_path !== $plugin_realpath ) { $wp_plugin_paths[ $plugin_path ] = $plugin_realpath; } return true; } /** * Get the filesystem directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the filesystem path of the directory that contains the plugin. */ function plugin_dir_path( $file ) { return trailingslashit( dirname( $file ) ); } /** * Get the URL directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the URL path of the directory that contains the plugin. */ function plugin_dir_url( $file ) { return trailingslashit( plugins_url( '', $file ) ); } /** * Set the activation hook for a plugin. * * When a plugin is activated, the action 'activate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'activate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'activate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'activate_PLUGIN' action. */ function register_activation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'activate_' . $file, $callback ); } /** * Sets the deactivation hook for a plugin. * * When a plugin is deactivated, the action 'deactivate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'deactivate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'deactivate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'deactivate_PLUGIN' action. */ function register_deactivation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'deactivate_' . $file, $callback ); } /** * Sets the uninstallation hook for a plugin. * * Registers the uninstall hook that will be called when the user clicks on the * uninstall link that calls for the plugin to uninstall itself. The link won't * be active unless the plugin hooks into the action. * * The plugin should not run arbitrary code outside of functions, when * registering the uninstall hook. In order to run using the hook, the plugin * will have to be included, which means that any code laying outside of a * function will be run during the uninstallation process. The plugin should not * hinder the uninstallation process. * * If the plugin can not be written without running code within the plugin, then * the plugin should create a file named 'uninstall.php' in the base plugin * folder. This file will be called, if it exists, during the uninstallation process * bypassing the uninstall hook. The plugin, when using the 'uninstall.php' * should always check for the 'WP_UNINSTALL_PLUGIN' constant, before * executing. * * @since 2.7.0 * * @param string $file Plugin file. * @param callable $callback The callback to run when the hook is called. Must be * a static method or function. */ function register_uninstall_hook( $file, $callback ) { if ( is_array( $callback ) && is_object( $callback[0] ) ) { _doing_it_wrong( __FUNCTION__, __( 'Only a static class method or function can be used in an uninstall hook.' ), '3.1.0' ); return; } /* * The option should not be autoloaded, because it is not needed in most * cases. Emphasis should be put on using the 'uninstall.php' way of * uninstalling the plugin. */ $uninstallable_plugins = (array) get_option( 'uninstall_plugins' ); $plugin_basename = plugin_basename( $file ); if ( ! isset( $uninstallable_plugins[ $plugin_basename ] ) || $uninstallable_plugins[ $plugin_basename ] !== $callback ) { $uninstallable_plugins[ $plugin_basename ] = $callback; update_option( 'uninstall_plugins', $uninstallable_plugins ); } } /** * Calls the 'all' hook, which will process the functions hooked into it. * * The 'all' hook passes all of the arguments or parameters that were used for * the hook, which this function was called for. * * This function is used internally for apply_filters(), do_action(), and * do_action_ref_array() and is not meant to be used from outside those * functions. This function does not check for the existence of the all hook, so * it will fail unless the all hook exists prior to this function call. * * @since 2.5.0 * @access private * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param array $args The collected parameters from the hook that was called. */ function _wp_call_all_hook( $args ) { global $wp_filter; $wp_filter['all']->do_all_hook( $args ); } /** * Builds a unique string ID for a hook callback function. * * Functions and static method callbacks are just returned as strings and * shouldn't have any speed penalty. * * @link https://core.trac.wordpress.org/ticket/3875 * * @since 2.2.3 * @since 5.3.0 Removed workarounds for spl_object_hash(). * `$hook_name` and `$priority` are no longer used, * and the function always returns a string. * * @access private * * @param string $hook_name Unused. The name of the filter to build ID for. * @param callable|string|array $callback The callback to generate ID for. The callback may * or may not exist. * @param int $priority Unused. The order in which the functions * associated with a particular action are executed. * @return string|null Unique function ID for usage as array key. * Null if a valid `$callback` is not passed. */ function _wp_filter_build_unique_id( $hook_name, $callback, $priority ) { if ( is_string( $callback ) ) { return $callback; } if ( is_object( $callback ) ) { // Closures are currently implemented as objects. $callback = array( $callback, '' ); } else { $callback = (array) $callback; } if ( is_object( $callback[0] ) ) { // Object class calling. return spl_object_hash( $callback[0] ) . $callback[1]; } elseif ( is_string( $callback[0] ) ) { // Static calling. return $callback[0] . '::' . $callback[1]; } return null; } HTTP/https-detection-20260605221155.php 0000666 00000013341 15226703613 0012547 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605222822-20260608163556.php 0000666 00000011205 15226703613 0014160 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260606062352.php 0000666 00000013341 15226703613 0012552 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605125228-20260608113725.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605151244.php 0000666 00000013341 15226703613 0012550 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-theme-json-20260605064104.php 0000666 00000500773 15226703613 0013242 0 ustar 00 <?php /** * WP_Theme_JSON class * * @package WordPress * @subpackage Theme * @since 5.8.0 */ /** * Class that encapsulates the processing of structures that adhere to the theme.json spec. * * This class is for internal core usage and is not supposed to be used by extenders (plugins and/or themes). * This is a low-level API that may need to do breaking changes. Please, * use get_global_settings, get_global_styles, and get_global_stylesheet instead. * * @access private */ #[AllowDynamicProperties] class WP_Theme_JSON { /** * Container of data in theme.json format. * * @since 5.8.0 * @var array */ protected $theme_json = null; /** * Holds block metadata extracted from block.json * to be shared among all instances so we don't * process it twice. * * @since 5.8.0 * @since 6.1.0 Initialize as an empty array. * @var array */ protected static $blocks_metadata = array(); /** * The CSS selector for the top-level preset settings. * * @since 6.6.0 * @var string */ const ROOT_CSS_PROPERTIES_SELECTOR = ':root'; /** * The CSS selector for the top-level styles. * * @since 5.8.0 * @var string */ const ROOT_BLOCK_SELECTOR = 'body'; /** * The sources of data this object can represent. * * @since 5.8.0 * @since 6.1.0 Added 'blocks'. * @var string[] */ const VALID_ORIGINS = array( 'default', 'blocks', 'theme', 'custom', ); /** * Presets are a set of values that serve * to bootstrap some styles: colors, font sizes, etc. * * They are a unkeyed array of values such as: * * array( * array( * 'slug' => 'unique-name-within-the-set', * 'name' => 'Name for the UI', * <value_key> => 'value' * ), * ) * * This contains the necessary metadata to process them: * * - path => Where to find the preset within the settings section. * - prevent_override => Disables override of default presets by theme presets. * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults by setting this false. * - use_default_names => whether to use the default names * - value_key => the key that represents the value * - value_func => optionally, instead of value_key, a function to generate * the value that takes a preset as an argument * (either value_key or value_func should be present) * - css_vars => template string to use in generating the CSS Custom Property. * Example output: "--wp--preset--duotone--blue: <value>" will generate as many CSS Custom Properties as presets defined * substituting the $slug for the slug's value for each preset value. * - classes => array containing a structure with the classes to * generate for the presets, where for each array item * the key is the class name and the value the property name. * The "$slug" substring will be replaced by the slug of each preset. * For example: * 'classes' => array( * '.has-$slug-color' => 'color', * '.has-$slug-background-color' => 'background-color', * '.has-$slug-border-color' => 'border-color', * ) * - properties => array of CSS properties to be used by kses to * validate the content of each preset * by means of the remove_insecure_properties method. * * @since 5.8.0 * @since 5.9.0 Added the `color.duotone` and `typography.fontFamilies` presets, * `use_default_names` preset key, and simplified the metadata structure. * @since 6.0.0 Replaced `override` with `prevent_override` and updated the * `prevent_override` value for `color.duotone` to use `color.defaultDuotone`. * @since 6.2.0 Added 'shadow' presets. * @since 6.3.0 Replaced value_func for duotone with `null`. Custom properties are handled by class-wp-duotone.php. * @since 6.6.0 Added the `dimensions.aspectRatios` and `dimensions.defaultAspectRatios` presets. * Updated the 'prevent_override' value for font size presets to use 'typography.defaultFontSizes' * and spacing size presets to use `spacing.defaultSpacingSizes`. * @since 6.9.0 Added `border.radiusSizes`. * @var array */ const PRESETS_METADATA = array( array( 'path' => array( 'dimensions', 'aspectRatios' ), 'prevent_override' => array( 'dimensions', 'defaultAspectRatios' ), 'use_default_names' => false, 'value_key' => 'ratio', 'css_vars' => '--wp--preset--aspect-ratio--$slug', 'classes' => array(), 'properties' => array( 'aspect-ratio' ), ), array( 'path' => array( 'color', 'palette' ), 'prevent_override' => array( 'color', 'defaultPalette' ), 'use_default_names' => false, 'value_key' => 'color', 'css_vars' => '--wp--preset--color--$slug', 'classes' => array( '.has-$slug-color' => 'color', '.has-$slug-background-color' => 'background-color', '.has-$slug-border-color' => 'border-color', ), 'properties' => array( 'color', 'background-color', 'border-color' ), ), array( 'path' => array( 'color', 'gradients' ), 'prevent_override' => array( 'color', 'defaultGradients' ), 'use_default_names' => false, 'value_key' => 'gradient', 'css_vars' => '--wp--preset--gradient--$slug', 'classes' => array( '.has-$slug-gradient-background' => 'background' ), 'properties' => array( 'background' ), ), array( 'path' => array( 'color', 'duotone' ), 'prevent_override' => array( 'color', 'defaultDuotone' ), 'use_default_names' => false, 'value_func' => null, // CSS Custom Properties for duotone are handled by block supports in class-wp-duotone.php. 'css_vars' => null, 'classes' => array(), 'properties' => array( 'filter' ), ), array( 'path' => array( 'typography', 'fontSizes' ), 'prevent_override' => array( 'typography', 'defaultFontSizes' ), 'use_default_names' => true, 'value_func' => 'wp_get_typography_font_size_value', 'css_vars' => '--wp--preset--font-size--$slug', 'classes' => array( '.has-$slug-font-size' => 'font-size' ), 'properties' => array( 'font-size' ), ), array( 'path' => array( 'typography', 'fontFamilies' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'fontFamily', 'css_vars' => '--wp--preset--font-family--$slug', 'classes' => array( '.has-$slug-font-family' => 'font-family' ), 'properties' => array( 'font-family' ), ), array( 'path' => array( 'spacing', 'spacingSizes' ), 'prevent_override' => array( 'spacing', 'defaultSpacingSizes' ), 'use_default_names' => true, 'value_key' => 'size', 'css_vars' => '--wp--preset--spacing--$slug', 'classes' => array(), 'properties' => array( 'padding', 'margin' ), ), array( 'path' => array( 'shadow', 'presets' ), 'prevent_override' => array( 'shadow', 'defaultPresets' ), 'use_default_names' => false, 'value_key' => 'shadow', 'css_vars' => '--wp--preset--shadow--$slug', 'classes' => array(), 'properties' => array( 'box-shadow' ), ), array( 'path' => array( 'border', 'radiusSizes' ), 'prevent_override' => false, 'use_default_names' => false, 'value_key' => 'size', 'css_vars' => '--wp--preset--border-radius--$slug', 'classes' => array(), 'properties' => array( 'border-radius' ), ), ); /** * Metadata for style properties. * * Each element is a direct mapping from the CSS property name to the * path to the value in theme.json & block attributes. * * @since 5.8.0 * @since 5.9.0 Added the `border-*`, `font-family`, `font-style`, `font-weight`, * `letter-spacing`, `margin-*`, `padding-*`, `--wp--style--block-gap`, * `text-decoration`, `text-transform`, and `filter` properties, * simplified the metadata structure. * @since 6.1.0 Added the `border-*-color`, `border-*-width`, `border-*-style`, * `--wp--style--root--padding-*`, and `box-shadow` properties, * removed the `--wp--style--block-gap` property. * @since 6.2.0 Added `outline-*`, and `min-height` properties. * @since 6.3.0 Added `column-count` property. * @since 6.4.0 Added `writing-mode` property. * @since 6.5.0 Added `aspect-ratio` property. * @since 6.6.0 Added `background-[image|position|repeat|size]` properties. * @since 6.7.0 Added `background-attachment` property. * @var array */ const PROPERTIES_METADATA = array( 'aspect-ratio' => array( 'dimensions', 'aspectRatio' ), 'background' => array( 'color', 'gradient' ), 'background-color' => array( 'color', 'background' ), 'background-image' => array( 'background', 'backgroundImage' ), 'background-position' => array( 'background', 'backgroundPosition' ), 'background-repeat' => array( 'background', 'backgroundRepeat' ), 'background-size' => array( 'background', 'backgroundSize' ), 'background-attachment' => array( 'background', 'backgroundAttachment' ), 'border-radius' => array( 'border', 'radius' ), 'border-top-left-radius' => array( 'border', 'radius', 'topLeft' ), 'border-top-right-radius' => array( 'border', 'radius', 'topRight' ), 'border-bottom-left-radius' => array( 'border', 'radius', 'bottomLeft' ), 'border-bottom-right-radius' => array( 'border', 'radius', 'bottomRight' ), 'border-color' => array( 'border', 'color' ), 'border-width' => array( 'border', 'width' ), 'border-style' => array( 'border', 'style' ), 'border-top-color' => array( 'border', 'top', 'color' ), 'border-top-width' => array( 'border', 'top', 'width' ), 'border-top-style' => array( 'border', 'top', 'style' ), 'border-right-color' => array( 'border', 'right', 'color' ), 'border-right-width' => array( 'border', 'right', 'width' ), 'border-right-style' => array( 'border', 'right', 'style' ), 'border-bottom-color' => array( 'border', 'bottom', 'color' ), 'border-bottom-width' => array( 'border', 'bottom', 'width' ), 'border-bottom-style' => array( 'border', 'bottom', 'style' ), 'border-left-color' => array( 'border', 'left', 'color' ), 'border-left-width' => array( 'border', 'left', 'width' ), 'border-left-style' => array( 'border', 'left', 'style' ), 'color' => array( 'color', 'text' ), 'text-align' => array( 'typography', 'textAlign' ), 'column-count' => array( 'typography', 'textColumns' ), 'font-family' => array( 'typography', 'fontFamily' ), 'font-size' => array( 'typography', 'fontSize' ), 'font-style' => array( 'typography', 'fontStyle' ), 'font-weight' => array( 'typography', 'fontWeight' ), 'letter-spacing' => array( 'typography', 'letterSpacing' ), 'line-height' => array( 'typography', 'lineHeight' ), 'margin' => array( 'spacing', 'margin' ), 'margin-top' => array( 'spacing', 'margin', 'top' ), 'margin-right' => array( 'spacing', 'margin', 'right' ), 'margin-bottom' => array( 'spacing', 'margin', 'bottom' ), 'margin-left' => array( 'spacing', 'margin', 'left' ), 'min-height' => array( 'dimensions', 'minHeight' ), 'outline-color' => array( 'outline', 'color' ), 'outline-offset' => array( 'outline', 'offset' ), 'outline-style' => array( 'outline', 'style' ), 'outline-width' => array( 'outline', 'width' ), 'padding' => array( 'spacing', 'padding' ), 'padding-top' => array( 'spacing', 'padding', 'top' ), 'padding-right' => array( 'spacing', 'padding', 'right' ), 'padding-bottom' => array( 'spacing', 'padding', 'bottom' ), 'padding-left' => array( 'spacing', 'padding', 'left' ), '--wp--style--root--padding' => array( 'spacing', 'padding' ), '--wp--style--root--padding-top' => array( 'spacing', 'padding', 'top' ), '--wp--style--root--padding-right' => array( 'spacing', 'padding', 'right' ), '--wp--style--root--padding-bottom' => array( 'spacing', 'padding', 'bottom' ), '--wp--style--root--padding-left' => array( 'spacing', 'padding', 'left' ), 'text-decoration' => array( 'typography', 'textDecoration' ), 'text-transform' => array( 'typography', 'textTransform' ), 'filter' => array( 'filter', 'duotone' ), 'box-shadow' => array( 'shadow' ), 'writing-mode' => array( 'typography', 'writingMode' ), ); /** * Indirect metadata for style properties that are not directly output. * * Each element maps from a CSS property name to an array of * paths to the value in theme.json & block attributes. * * Indirect properties are not output directly by `compute_style_properties`, * but are used elsewhere in the processing of global styles. The indirect * property is used to validate whether a style value is allowed. * * @since 6.2.0 * @since 6.6.0 Added background-image properties. * @var array */ const INDIRECT_PROPERTIES_METADATA = array( 'gap' => array( array( 'spacing', 'blockGap' ), ), 'column-gap' => array( array( 'spacing', 'blockGap', 'left' ), ), 'row-gap' => array( array( 'spacing', 'blockGap', 'top' ), ), 'max-width' => array( array( 'layout', 'contentSize' ), array( 'layout', 'wideSize' ), ), 'background-image' => array( array( 'background', 'backgroundImage', 'url' ), ), ); /** * Protected style properties. * * These style properties are only rendered if a setting enables it * via a value other than `null`. * * Each element maps the style property to the corresponding theme.json * setting key. * * @since 5.9.0 * @var array */ const PROTECTED_PROPERTIES = array( 'spacing.blockGap' => array( 'spacing', 'blockGap' ), ); /** * The top-level keys a theme.json can have. * * @since 5.8.0 As `ALLOWED_TOP_LEVEL_KEYS`. * @since 5.9.0 Renamed from `ALLOWED_TOP_LEVEL_KEYS` to `VALID_TOP_LEVEL_KEYS`, * added the `customTemplates` and `templateParts` values. * @since 6.3.0 Added the `description` value. * @since 6.6.0 Added `blockTypes` to support block style variation theme.json partials. * @var string[] */ const VALID_TOP_LEVEL_KEYS = array( 'blockTypes', 'customTemplates', 'description', 'patterns', 'settings', 'slug', 'styles', 'templateParts', 'title', 'version', ); /** * The valid properties under the settings key. * * @since 5.8.0 As `ALLOWED_SETTINGS`. * @since 5.9.0 Renamed from `ALLOWED_SETTINGS` to `VALID_SETTINGS`, * added new properties for `border`, `color`, `spacing`, * and `typography`, and renamed others according to the new schema. * @since 6.0.0 Added `color.defaultDuotone`. * @since 6.1.0 Added `layout.definitions` and `useRootPaddingAwareAlignments`. * @since 6.2.0 Added `dimensions.minHeight`, 'shadow.presets', 'shadow.defaultPresets', * `position.fixed` and `position.sticky`. * @since 6.3.0 Added support for `typography.textColumns`, removed `layout.definitions`. * @since 6.4.0 Added support for `layout.allowEditing`, `background.backgroundImage`, * `typography.writingMode`, `lightbox.enabled` and `lightbox.allowEditing`. * @since 6.5.0 Added support for `layout.allowCustomContentAndWideSize`, * `background.backgroundSize` and `dimensions.aspectRatio`. * @since 6.6.0 Added support for 'dimensions.aspectRatios', 'dimensions.defaultAspectRatios', * 'typography.defaultFontSizes', and 'spacing.defaultSpacingSizes'. * @since 6.9.0 Added support for `border.radiusSizes`. * @var array */ const VALID_SETTINGS = array( 'appearanceTools' => null, 'useRootPaddingAwareAlignments' => null, 'background' => array( 'backgroundImage' => null, 'backgroundSize' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'radiusSizes' => null, 'style' => null, 'width' => null, ), 'color' => array( 'background' => null, 'custom' => null, 'customDuotone' => null, 'customGradient' => null, 'defaultDuotone' => null, 'defaultGradients' => null, 'defaultPalette' => null, 'duotone' => null, 'gradients' => null, 'link' => null, 'heading' => null, 'button' => null, 'caption' => null, 'palette' => null, 'text' => null, ), 'custom' => null, 'dimensions' => array( 'aspectRatio' => null, 'aspectRatios' => null, 'defaultAspectRatios' => null, 'minHeight' => null, ), 'layout' => array( 'contentSize' => null, 'wideSize' => null, 'allowEditing' => null, 'allowCustomContentAndWideSize' => null, ), 'lightbox' => array( 'enabled' => null, 'allowEditing' => null, ), 'position' => array( 'fixed' => null, 'sticky' => null, ), 'spacing' => array( 'customSpacingSize' => null, 'defaultSpacingSizes' => null, 'spacingSizes' => null, 'spacingScale' => null, 'blockGap' => null, 'margin' => null, 'padding' => null, 'units' => null, ), 'shadow' => array( 'presets' => null, 'defaultPresets' => null, ), 'typography' => array( 'fluid' => null, 'customFontSize' => null, 'defaultFontSizes' => null, 'dropCap' => null, 'fontFamilies' => null, 'fontSizes' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), ); /** * The valid properties for fontFamilies under settings key. * * @since 6.5.0 * @var array */ const FONT_FAMILY_SCHEMA = array( array( 'fontFamily' => null, 'name' => null, 'slug' => null, 'fontFace' => array( array( 'ascentOverride' => null, 'descentOverride' => null, 'fontDisplay' => null, 'fontFamily' => null, 'fontFeatureSettings' => null, 'fontStyle' => null, 'fontStretch' => null, 'fontVariationSettings' => null, 'fontWeight' => null, 'lineGapOverride' => null, 'sizeAdjust' => null, 'src' => null, 'unicodeRange' => null, ), ), ), ); /** * The valid properties under the styles key. * * @since 5.8.0 As `ALLOWED_STYLES`. * @since 5.9.0 Renamed from `ALLOWED_STYLES` to `VALID_STYLES`, * added new properties for `border`, `filter`, `spacing`, * and `typography`. * @since 6.1.0 Added new side properties for `border`, * added new property `shadow`, * updated `blockGap` to be allowed at any level. * @since 6.2.0 Added `outline`, and `minHeight` properties. * @since 6.3.0 Added support for `typography.textColumns`. * @since 6.5.0 Added support for `dimensions.aspectRatio`. * @since 6.6.0 Added `background` sub properties to top-level only. * @var array */ const VALID_STYLES = array( 'background' => array( 'backgroundImage' => null, 'backgroundPosition' => null, 'backgroundRepeat' => null, 'backgroundSize' => null, 'backgroundAttachment' => null, ), 'border' => array( 'color' => null, 'radius' => null, 'style' => null, 'width' => null, 'top' => null, 'right' => null, 'bottom' => null, 'left' => null, ), 'color' => array( 'background' => null, 'gradient' => null, 'text' => null, ), 'dimensions' => array( 'aspectRatio' => null, 'minHeight' => null, ), 'filter' => array( 'duotone' => null, ), 'outline' => array( 'color' => null, 'offset' => null, 'style' => null, 'width' => null, ), 'shadow' => null, 'spacing' => array( 'margin' => null, 'padding' => null, 'blockGap' => null, ), 'typography' => array( 'fontFamily' => null, 'fontSize' => null, 'fontStyle' => null, 'fontWeight' => null, 'letterSpacing' => null, 'lineHeight' => null, 'textAlign' => null, 'textColumns' => null, 'textDecoration' => null, 'textTransform' => null, 'writingMode' => null, ), 'css' => null, ); /** * Defines which pseudo selectors are enabled for which elements. * * The order of the selectors should be: link, any-link, visited, hover, focus, focus-visible, active. * This is to ensure the user action (hover, focus and active) styles have a higher * specificity than the visited styles, which in turn have a higher specificity than * the unvisited styles. * * See https://core.trac.wordpress.org/ticket/56928. * Note: this will affect both top-level and block-level elements. * * @since 6.1.0 * @since 6.2.0 Added support for ':link' and ':any-link'. * @since 6.8.0 Added support for ':focus-visible'. * @since 6.9.0 Added `textInput` and `select` elements. * @var array */ const VALID_ELEMENT_PSEUDO_SELECTORS = array( 'link' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), 'button' => array( ':link', ':any-link', ':visited', ':hover', ':focus', ':focus-visible', ':active' ), ); /** * The valid elements that can be found under styles. * * @since 5.8.0 * @since 6.1.0 Added `heading`, `button`, and `caption` elements. * @var string[] */ const ELEMENTS = array( 'link' => 'a:where(:not(.wp-element-button))', // The `where` is needed to lower the specificity. 'heading' => 'h1, h2, h3, h4, h5, h6', 'h1' => 'h1', 'h2' => 'h2', 'h3' => 'h3', 'h4' => 'h4', 'h5' => 'h5', 'h6' => 'h6', // We have the .wp-block-button__link class so that this will target older buttons that have been serialized. 'button' => '.wp-element-button, .wp-block-button__link', // The block classes are necessary to target older content that won't use the new class names. 'caption' => '.wp-element-caption, .wp-block-audio figcaption, .wp-block-embed figcaption, .wp-block-gallery figcaption, .wp-block-image figcaption, .wp-block-table figcaption, .wp-block-video figcaption', 'cite' => 'cite', 'textInput' => 'textarea, input:where([type=email],[type=number],[type=password],[type=search],[type=text],[type=tel],[type=url])', 'select' => 'select', ); const __EXPERIMENTAL_ELEMENT_CLASS_NAMES = array( 'button' => 'wp-element-button', 'caption' => 'wp-element-caption', ); /** * List of block support features that can have their related styles * generated under their own feature level selector rather than the block's. * * @since 6.1.0 * @var string[] */ const BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS = array( '__experimentalBorder' => 'border', 'color' => 'color', 'spacing' => 'spacing', 'typography' => 'typography', ); /** * Return the input schema at the root and per origin. * * @since 6.5.0 * * @param array $schema The base schema. * @return array The schema at the root and per origin. * * Example: * schema_in_root_and_per_origin( * array( * 'fontFamily' => null, * 'slug' => null, * ) * ) * * Returns: * array( * 'fontFamily' => null, * 'slug' => null, * 'default' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'blocks' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'theme' => array( * 'fontFamily' => null, * 'slug' => null, * ), * 'custom' => array( * 'fontFamily' => null, * 'slug' => null, * ), * ) */ protected static function schema_in_root_and_per_origin( $schema ) { $schema_in_root_and_per_origin = $schema; foreach ( static::VALID_ORIGINS as $origin ) { $schema_in_root_and_per_origin[ $origin ] = $schema; } return $schema_in_root_and_per_origin; } /** * Returns a class name by an element name. * * @since 6.1.0 * * @param string $element The name of the element. * @return string The name of the class. */ public static function get_element_class_name( $element ) { $class_name = ''; if ( isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ] ) ) { $class_name = static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $element ]; } return $class_name; } /** * Options that settings.appearanceTools enables. * * @since 6.0.0 * @since 6.2.0 Added `dimensions.minHeight` and `position.sticky`. * @since 6.4.0 Added `background.backgroundImage`. * @since 6.5.0 Added `background.backgroundSize` and `dimensions.aspectRatio`. * @var array */ const APPEARANCE_TOOLS_OPT_INS = array( array( 'background', 'backgroundImage' ), array( 'background', 'backgroundSize' ), array( 'border', 'color' ), array( 'border', 'radius' ), array( 'border', 'style' ), array( 'border', 'width' ), array( 'color', 'link' ), array( 'color', 'heading' ), array( 'color', 'button' ), array( 'color', 'caption' ), array( 'dimensions', 'aspectRatio' ), array( 'dimensions', 'minHeight' ), array( 'position', 'sticky' ), array( 'spacing', 'blockGap' ), array( 'spacing', 'margin' ), array( 'spacing', 'padding' ), array( 'typography', 'lineHeight' ), ); /** * The latest version of the schema in use. * * @since 5.8.0 * @since 5.9.0 Changed value from 1 to 2. * @since 6.6.0 Changed value from 2 to 3. * @var int */ const LATEST_SCHEMA = 3; /** * Constructor. * * @since 5.8.0 * @since 6.6.0 Key spacingScale by origin, and Pre-generate the spacingSizes from spacingScale. * Added unwrapping of shared block style variations into block type variations if registered. * * @param array $theme_json A structure that follows the theme.json schema. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. */ public function __construct( $theme_json = array( 'version' => self::LATEST_SCHEMA ), $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $this->theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $this->theme_json = static::unwrap_shared_block_style_variations( $this->theme_json, $valid_variations ); $this->theme_json = static::sanitize( $this->theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $this->theme_json = static::maybe_opt_in_into_settings( $this->theme_json ); // Internally, presets are keyed by origin. $nodes = static::get_setting_nodes( $this->theme_json ); foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $subpath ) { $path[] = $subpath; } $preset = _wp_array_get( $this->theme_json, $path, null ); if ( null !== $preset ) { // If the preset is not already keyed by origin. if ( isset( $preset[0] ) || empty( $preset ) ) { _wp_array_set( $this->theme_json, $path, array( $origin => $preset ) ); } } } } // In addition to presets, spacingScale (which generates presets) is also keyed by origin. $scale_path = array( 'settings', 'spacing', 'spacingScale' ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( null !== $spacing_scale ) { // If the spacingScale is not already keyed by origin. if ( empty( array_intersect( array_keys( $spacing_scale ), static::VALID_ORIGINS ) ) ) { _wp_array_set( $this->theme_json, $scale_path, array( $origin => $spacing_scale ) ); } } // Pre-generate the spacingSizes from spacingScale. $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); $spacing_scale = _wp_array_get( $this->theme_json, $scale_path, null ); if ( isset( $spacing_scale ) ) { $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $this->theme_json, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $this->theme_json, $sizes_path, $merged_spacing_sizes ); } } /** * Unwraps shared block style variations. * * It takes the shared variations (styles.variations.variationName) and * applies them to all the blocks that have the given variation registered * (styles.blocks.blockType.variations.variationName). * * For example, given the `core/paragraph` and `core/group` blocks have * registered the `section-a` style variation, and given the following input: * * { * "styles": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * * It returns the following output: * * { * "styles": { * "blocks": { * "core/paragraph": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * }, * }, * "core/group": { * "variations": { * "section-a": { "color": { "background": "backgroundColor" } } * } * } * } * } * } * * @since 6.6.0 * * @param array $theme_json A structure that follows the theme.json schema. * @param array $valid_variations Valid block style variations. * @return array Theme json data with shared variation definitions unwrapped under appropriate block types. */ private static function unwrap_shared_block_style_variations( $theme_json, $valid_variations ) { if ( empty( $theme_json['styles']['variations'] ) || empty( $valid_variations ) ) { return $theme_json; } $new_theme_json = $theme_json; $variations = $new_theme_json['styles']['variations']; foreach ( $valid_variations as $block_type => $registered_variations ) { foreach ( $registered_variations as $variation_name ) { $block_level_data = $new_theme_json['styles']['blocks'][ $block_type ]['variations'][ $variation_name ] ?? array(); $top_level_data = $variations[ $variation_name ] ?? array(); $merged_data = array_replace_recursive( $top_level_data, $block_level_data ); if ( ! empty( $merged_data ) ) { _wp_array_set( $new_theme_json, array( 'styles', 'blocks', $block_type, 'variations', $variation_name ), $merged_data ); } } } unset( $new_theme_json['styles']['variations'] ); return $new_theme_json; } /** * Enables some opt-in settings if theme declared support. * * @since 5.9.0 * * @param array $theme_json A theme.json structure to modify. * @return array The modified theme.json structure. */ protected static function maybe_opt_in_into_settings( $theme_json ) { $new_theme_json = $theme_json; if ( isset( $new_theme_json['settings']['appearanceTools'] ) && true === $new_theme_json['settings']['appearanceTools'] ) { static::do_opt_in_into_settings( $new_theme_json['settings'] ); } if ( isset( $new_theme_json['settings']['blocks'] ) && is_array( $new_theme_json['settings']['blocks'] ) ) { foreach ( $new_theme_json['settings']['blocks'] as &$block ) { if ( isset( $block['appearanceTools'] ) && ( true === $block['appearanceTools'] ) ) { static::do_opt_in_into_settings( $block ); } } } return $new_theme_json; } /** * Enables some settings. * * @since 5.9.0 * * @param array $context The context to which the settings belong. */ protected static function do_opt_in_into_settings( &$context ) { foreach ( static::APPEARANCE_TOOLS_OPT_INS as $path ) { /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ if ( 'unset prop' === _wp_array_get( $context, $path, 'unset prop' ) ) { _wp_array_set( $context, $path, true ); } } unset( $context['appearanceTools'] ); } /** * Sanitizes the input according to the schemas. * * @since 5.8.0 * @since 5.9.0 Added the `$valid_block_names` and `$valid_element_name` parameters. * @since 6.3.0 Added the `$valid_variations` parameter. * @since 6.6.0 Updated schema to allow extended block style variations. * * @param array $input Structure to sanitize. * @param array $valid_block_names List of valid block names. * @param array $valid_element_names List of valid element names. * @param array $valid_variations List of valid variations per block. * @return array The sanitized output. */ protected static function sanitize( $input, $valid_block_names, $valid_element_names, $valid_variations ) { $output = array(); if ( ! is_array( $input ) ) { return $output; } // Preserve only the top most level keys. $output = array_intersect_key( $input, array_flip( static::VALID_TOP_LEVEL_KEYS ) ); /* * Remove any rules that are annotated as "top" in VALID_STYLES constant. * Some styles are only meant to be available at the top-level (e.g.: blockGap), * hence, the schema for blocks & elements should not have them. */ $styles_non_top_level = static::VALID_STYLES; foreach ( array_keys( $styles_non_top_level ) as $section ) { // array_key_exists() needs to be used instead of isset() because the value can be null. if ( array_key_exists( $section, $styles_non_top_level ) && is_array( $styles_non_top_level[ $section ] ) ) { foreach ( array_keys( $styles_non_top_level[ $section ] ) as $prop ) { if ( 'top' === $styles_non_top_level[ $section ][ $prop ] ) { unset( $styles_non_top_level[ $section ][ $prop ] ); } } } } // Build the schema based on valid block & element names. $schema = array(); $schema_styles_elements = array(); /* * Set allowed element pseudo selectors based on per element allow list. * Target data structure in schema: * e.g. * - top level elements: `$schema['styles']['elements']['link'][':hover']`. * - block level elements: `$schema['styles']['blocks']['core/button']['elements']['link'][':hover']`. */ foreach ( $valid_element_names as $element ) { $schema_styles_elements[ $element ] = $styles_non_top_level; if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { $schema_styles_elements[ $element ][ $pseudo_selector ] = $styles_non_top_level; } } } $schema_styles_blocks = array(); $schema_settings_blocks = array(); /* * Generate a schema for blocks. * - Block styles can contain `elements` & `variations` definitions. * - Variations definitions cannot be nested. * - Variations can contain styles for inner `blocks`. * - Variation inner `blocks` styles can contain `elements`. * * As each variation needs a `blocks` schema but further nested * inner `blocks`, the overall schema will be generated in multiple passes. */ foreach ( $valid_block_names as $block ) { $schema_settings_blocks[ $block ] = static::VALID_SETTINGS; $schema_styles_blocks[ $block ] = $styles_non_top_level; $schema_styles_blocks[ $block ]['elements'] = $schema_styles_elements; } $block_style_variation_styles = static::VALID_STYLES; $block_style_variation_styles['blocks'] = $schema_styles_blocks; $block_style_variation_styles['elements'] = $schema_styles_elements; foreach ( $valid_block_names as $block ) { // Build the schema for each block style variation. $style_variation_names = array(); if ( ! empty( $input['styles']['blocks'][ $block ]['variations'] ) && is_array( $input['styles']['blocks'][ $block ]['variations'] ) && isset( $valid_variations[ $block ] ) ) { $style_variation_names = array_intersect( array_keys( $input['styles']['blocks'][ $block ]['variations'] ), $valid_variations[ $block ] ); } $schema_styles_variations = array(); if ( ! empty( $style_variation_names ) ) { $schema_styles_variations = array_fill_keys( $style_variation_names, $block_style_variation_styles ); } $schema_styles_blocks[ $block ]['variations'] = $schema_styles_variations; } $schema['styles'] = static::VALID_STYLES; $schema['styles']['blocks'] = $schema_styles_blocks; $schema['styles']['elements'] = $schema_styles_elements; $schema['settings'] = static::VALID_SETTINGS; $schema['settings']['blocks'] = $schema_settings_blocks; $schema['settings']['typography']['fontFamilies'] = static::schema_in_root_and_per_origin( static::FONT_FAMILY_SCHEMA ); // Remove anything that's not present in the schema. foreach ( array( 'styles', 'settings' ) as $subtree ) { if ( ! isset( $input[ $subtree ] ) ) { continue; } if ( ! is_array( $input[ $subtree ] ) ) { unset( $output[ $subtree ] ); continue; } $result = static::remove_keys_not_in_schema( $input[ $subtree ], $schema[ $subtree ] ); if ( empty( $result ) ) { unset( $output[ $subtree ] ); } else { $output[ $subtree ] = static::resolve_custom_css_format( $result ); } } return $output; } /** * Appends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_append selector ".some-class" the result will be * "h1.some-class, h2.some-class, h3.some-class". * * @since 5.8.0 * @since 6.1.0 Added append position. * @since 6.3.0 Removed append position parameter. * * @param string $selector Original selector. * @param string $to_append Selector to append. * @return string The new selector. */ protected static function append_to_selector( $selector, $to_append ) { if ( ! str_contains( $selector, ',' ) ) { return $selector . $to_append; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $sel . $to_append; } return implode( ',', $new_selectors ); } /** * Prepends a sub-selector to an existing one. * * Given the compounded $selector "h1, h2, h3" * and the $to_prepend selector ".some-class " the result will be * ".some-class h1, .some-class h2, .some-class h3". * * @since 6.3.0 * * @param string $selector Original selector. * @param string $to_prepend Selector to prepend. * @return string The new selector. */ protected static function prepend_to_selector( $selector, $to_prepend ) { if ( ! str_contains( $selector, ',' ) ) { return $to_prepend . $selector; } $new_selectors = array(); $selectors = explode( ',', $selector ); foreach ( $selectors as $sel ) { $new_selectors[] = $to_prepend . $sel; } return implode( ',', $new_selectors ); } /** * Returns the metadata for each block. * * Example: * * { * 'core/paragraph': { * 'selector': 'p', * 'elements': { * 'link' => 'link selector', * 'etc' => 'element selector' * } * }, * 'core/heading': { * 'selector': 'h1', * 'elements': {} * }, * 'core/image': { * 'selector': '.wp-block-image', * 'duotone': 'img', * 'elements': {} * } * } * * @since 5.8.0 * @since 5.9.0 Added `duotone` key with CSS selector. * @since 6.1.0 Added `features` key with block support feature level selectors. * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Updated to include block style variations from the block styles registry. * * @return array Block metadata. */ protected static function get_blocks_metadata() { $registry = WP_Block_Type_Registry::get_instance(); $blocks = $registry->get_all_registered(); $style_registry = WP_Block_Styles_Registry::get_instance(); // Is there metadata for all currently registered blocks? $blocks = array_diff_key( $blocks, static::$blocks_metadata ); if ( empty( $blocks ) ) { /* * New block styles may have been registered within WP_Block_Styles_Registry. * Update block metadata for any new block style variations. */ $registered_styles = $style_registry->get_all_registered(); foreach ( static::$blocks_metadata as $block_name => $block_metadata ) { if ( ! empty( $registered_styles[ $block_name ] ) ) { $style_selectors = $block_metadata['styleVariations'] ?? array(); foreach ( $registered_styles[ $block_name ] as $block_style ) { if ( ! isset( $style_selectors[ $block_style['name'] ] ) ) { $style_selectors[ $block_style['name'] ] = static::get_block_style_variation_selector( $block_style['name'], $block_metadata['selector'] ); } } static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } foreach ( $blocks as $block_name => $block_type ) { $root_selector = wp_get_block_css_selector( $block_type ); static::$blocks_metadata[ $block_name ]['selector'] = $root_selector; static::$blocks_metadata[ $block_name ]['selectors'] = static::get_block_selectors( $block_type, $root_selector ); $elements = static::get_block_element_selectors( $root_selector ); if ( ! empty( $elements ) ) { static::$blocks_metadata[ $block_name ]['elements'] = $elements; } // The block may or may not have a duotone selector. $duotone_selector = wp_get_block_css_selector( $block_type, 'filter.duotone' ); // Keep backwards compatibility for support.color.__experimentalDuotone. if ( null === $duotone_selector ) { $duotone_support = isset( $block_type->supports['color']['__experimentalDuotone'] ) ? $block_type->supports['color']['__experimentalDuotone'] : null; if ( $duotone_support ) { $root_selector = wp_get_block_css_selector( $block_type ); $duotone_selector = static::scope_selector( $root_selector, $duotone_support ); } } if ( null !== $duotone_selector ) { static::$blocks_metadata[ $block_name ]['duotone'] = $duotone_selector; } // If the block has style variations, append their selectors to the block metadata. $style_selectors = array(); if ( ! empty( $block_type->styles ) ) { foreach ( $block_type->styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } } // Block style variations can be registered through the WP_Block_Styles_Registry as well as block.json. $registered_styles = $style_registry->get_registered_styles_for_block( $block_name ); foreach ( $registered_styles as $style ) { $style_selectors[ $style['name'] ] = static::get_block_style_variation_selector( $style['name'], static::$blocks_metadata[ $block_name ]['selector'] ); } if ( ! empty( $style_selectors ) ) { static::$blocks_metadata[ $block_name ]['styleVariations'] = $style_selectors; } } return static::$blocks_metadata; } /** * Given a tree, removes the keys that are not present in the schema. * * It is recursive and modifies the input in-place. * * @since 5.8.0 * * @param array $tree Input to process. * @param array $schema Schema to adhere to. * @return array The modified $tree. */ protected static function remove_keys_not_in_schema( $tree, $schema ) { if ( ! is_array( $tree ) ) { return $tree; } foreach ( $tree as $key => $value ) { // Remove keys not in the schema or with null/empty values. if ( ! array_key_exists( $key, $schema ) ) { unset( $tree[ $key ] ); continue; } if ( is_array( $schema[ $key ] ) ) { if ( ! is_array( $value ) ) { unset( $tree[ $key ] ); } elseif ( wp_is_numeric_array( $value ) ) { // If indexed, process each item in the array. foreach ( $value as $item_key => $item_value ) { if ( isset( $schema[ $key ][0] ) && is_array( $schema[ $key ][0] ) ) { $tree[ $key ][ $item_key ] = self::remove_keys_not_in_schema( $item_value, $schema[ $key ][0] ); } else { // If the schema does not define a further structure, keep the value as is. $tree[ $key ][ $item_key ] = $item_value; } } } else { // If associative, process as a single object. $tree[ $key ] = self::remove_keys_not_in_schema( $value, $schema[ $key ] ); if ( empty( $tree[ $key ] ) ) { unset( $tree[ $key ] ); } } } } return $tree; } /** * Returns the existing settings for each block. * * Example: * * { * 'root': { * 'color': { * 'custom': true * } * }, * 'core/paragraph': { * 'spacing': { * 'customPadding': true * } * } * } * * @since 5.8.0 * * @return array Settings per block. */ public function get_settings() { if ( ! isset( $this->theme_json['settings'] ) ) { return array(); } else { return $this->theme_json['settings']; } } /** * Returns the stylesheet that results of processing * the theme.json structure this object represents. * * @since 5.8.0 * @since 5.9.0 Removed the `$type` parameter, added the `$types` and `$origins` parameters. * @since 6.3.0 Add fallback layout styles for Post Template when block gap support isn't available. * @since 6.6.0 Added boolean `skip_root_layout_styles` and `include_block_style_variations` options * to control styles output as desired. * * @param string[] $types Types of styles to load. Will load all by default. It accepts: * - `variables`: only the CSS Custom Properties for presets & custom ones. * - `styles`: only the styles section in theme.json. * - `presets`: only the classes for the presets. * - `base-layout-styles`: only the base layout styles. * - `custom-css`: only the custom CSS. * @param string[] $origins A list of origins to include. By default it includes VALID_ORIGINS. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type string $scope Makes sure all style are scoped to a given selector * @type string $root_selector Overwrites and forces a given selector to be used on the root node * @type bool $skip_root_layout_styles Omits root layout styles from the generated stylesheet. Default false. * @type bool $include_block_style_variations Includes styles for block style variations in the generated stylesheet. Default false. * } * @return string The resulting stylesheet. */ public function get_stylesheet( $types = array( 'variables', 'styles', 'presets' ), $origins = null, $options = array() ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } if ( is_string( $types ) ) { // Dispatch error and map old arguments to new ones. _deprecated_argument( __FUNCTION__, '5.9.0' ); if ( 'block_styles' === $types ) { $types = array( 'styles', 'presets' ); } elseif ( 'css_variables' === $types ) { $types = array( 'variables' ); } else { $types = array( 'variables', 'styles', 'presets' ); } } $blocks_metadata = static::get_blocks_metadata(); $style_nodes = static::get_style_nodes( $this->theme_json, $blocks_metadata, $options ); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $root_style_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $style_nodes, 'selector' ), true ); $root_settings_key = array_search( static::ROOT_BLOCK_SELECTOR, array_column( $setting_nodes, 'selector' ), true ); if ( ! empty( $options['scope'] ) ) { foreach ( $setting_nodes as &$node ) { $node['selector'] = static::scope_selector( $options['scope'], $node['selector'] ); } foreach ( $style_nodes as &$node ) { $node = static::scope_style_node_selectors( $options['scope'], $node ); } unset( $node ); } if ( ! empty( $options['root_selector'] ) ) { if ( false !== $root_settings_key ) { $setting_nodes[ $root_settings_key ]['selector'] = $options['root_selector']; } if ( false !== $root_style_key ) { $style_nodes[ $root_style_key ]['selector'] = $options['root_selector']; } } $stylesheet = ''; if ( in_array( 'variables', $types, true ) ) { $stylesheet .= $this->get_css_variables( $setting_nodes, $origins ); } if ( in_array( 'styles', $types, true ) ) { if ( false !== $root_style_key && empty( $options['skip_root_layout_styles'] ) ) { $stylesheet .= $this->get_root_layout_rules( $style_nodes[ $root_style_key ]['selector'], $style_nodes[ $root_style_key ] ); } $stylesheet .= $this->get_block_classes( $style_nodes ); } elseif ( in_array( 'base-layout-styles', $types, true ) ) { $root_selector = static::ROOT_BLOCK_SELECTOR; $columns_selector = '.wp-block-columns'; $post_template_selector = '.wp-block-post-template'; if ( ! empty( $options['scope'] ) ) { $root_selector = static::scope_selector( $options['scope'], $root_selector ); $columns_selector = static::scope_selector( $options['scope'], $columns_selector ); $post_template_selector = static::scope_selector( $options['scope'], $post_template_selector ); } if ( ! empty( $options['root_selector'] ) ) { $root_selector = $options['root_selector']; } /* * Base layout styles are provided as part of `styles`, so only output separately if explicitly requested. * For backwards compatibility, the Columns block is explicitly included, to support a different default gap value. */ $base_styles_nodes = array( array( 'path' => array( 'styles' ), 'selector' => $root_selector, ), array( 'path' => array( 'styles', 'blocks', 'core/columns' ), 'selector' => $columns_selector, 'name' => 'core/columns', ), array( 'path' => array( 'styles', 'blocks', 'core/post-template' ), 'selector' => $post_template_selector, 'name' => 'core/post-template', ), ); foreach ( $base_styles_nodes as $base_style_node ) { $stylesheet .= $this->get_layout_styles( $base_style_node, $types ); } } if ( in_array( 'presets', $types, true ) ) { $stylesheet .= $this->get_preset_classes( $setting_nodes, $origins ); } // Load the custom CSS last so it has the highest specificity. if ( in_array( 'custom-css', $types, true ) ) { // Add the global styles root CSS. $stylesheet .= _wp_array_get( $this->theme_json, array( 'styles', 'css' ) ); } return $stylesheet; } /** * Processes the CSS, to apply nesting. * * @since 6.2.0 * @since 6.6.0 Enforced 0-1-0 specificity for block custom CSS selectors. * * @param string $css The CSS to process. * @param string $selector The selector to nest. * @return string The processed CSS. */ protected function process_blocks_custom_css( $css, $selector ) { $processed_css = ''; if ( empty( $css ) ) { return $processed_css; } // Split CSS nested rules. $parts = explode( '&', $css ); foreach ( $parts as $part ) { if ( empty( $part ) ) { continue; } $is_root_css = ( ! str_contains( $part, '{' ) ); if ( $is_root_css ) { // If the part doesn't contain braces, it applies to the root level. $processed_css .= ':root :where(' . trim( $selector ) . '){' . trim( $part ) . '}'; } else { // If the part contains braces, it's a nested CSS rule. $part = explode( '{', str_replace( '}', '', $part ) ); if ( count( $part ) !== 2 ) { continue; } $nested_selector = $part[0]; $css_value = $part[1]; /* * Handle pseudo elements such as ::before, ::after etc. Regex will also * capture any leading combinator such as >, +, or ~, as well as spaces. * This allows pseudo elements as descendants e.g. `.parent ::before`. */ $matches = array(); $has_pseudo_element = preg_match( '/([>+~\s]*::[a-zA-Z-]+)/', $nested_selector, $matches ); $pseudo_part = $has_pseudo_element ? $matches[1] : ''; $nested_selector = $has_pseudo_element ? str_replace( $pseudo_part, '', $nested_selector ) : $nested_selector; // Finalize selector and re-append pseudo element if required. $part_selector = str_starts_with( $nested_selector, ' ' ) ? static::scope_selector( $selector, $nested_selector ) : static::append_to_selector( $selector, $nested_selector ); $final_selector = ":root :where($part_selector)$pseudo_part"; $processed_css .= $final_selector . '{' . trim( $css_value ) . '}'; } } return $processed_css; } /** * Returns the global styles custom CSS. * * @since 6.2.0 * @deprecated 6.7.0 Use {@see 'get_stylesheet'} instead. * * @return string The global styles custom CSS. */ public function get_custom_css() { _deprecated_function( __METHOD__, '6.7.0', 'get_stylesheet' ); // Add the global styles root CSS. $stylesheet = isset( $this->theme_json['styles']['css'] ) ? $this->theme_json['styles']['css'] : ''; // Add the global styles block CSS. if ( isset( $this->theme_json['styles']['blocks'] ) ) { foreach ( $this->theme_json['styles']['blocks'] as $name => $node ) { $custom_block_css = isset( $this->theme_json['styles']['blocks'][ $name ]['css'] ) ? $this->theme_json['styles']['blocks'][ $name ]['css'] : null; if ( $custom_block_css ) { $selector = static::$blocks_metadata[ $name ]['selector']; $stylesheet .= $this->process_blocks_custom_css( $custom_block_css, $selector ); } } } return $stylesheet; } /** * Returns the page templates of the active theme. * * @since 5.9.0 * * @return array */ public function get_custom_templates() { $custom_templates = array(); if ( ! isset( $this->theme_json['customTemplates'] ) || ! is_array( $this->theme_json['customTemplates'] ) ) { return $custom_templates; } foreach ( $this->theme_json['customTemplates'] as $item ) { if ( isset( $item['name'] ) ) { $custom_templates[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'postTypes' => isset( $item['postTypes'] ) ? $item['postTypes'] : array( 'page' ), ); } } return $custom_templates; } /** * Returns the template part data of active theme. * * @since 5.9.0 * * @return array */ public function get_template_parts() { $template_parts = array(); if ( ! isset( $this->theme_json['templateParts'] ) || ! is_array( $this->theme_json['templateParts'] ) ) { return $template_parts; } foreach ( $this->theme_json['templateParts'] as $item ) { if ( isset( $item['name'] ) ) { $template_parts[ $item['name'] ] = array( 'title' => isset( $item['title'] ) ? $item['title'] : '', 'area' => isset( $item['area'] ) ? $item['area'] : '', ); } } return $template_parts; } /** * Converts each style section into a list of rulesets * containing the block styles to be appended to the stylesheet. * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * style-property-one: value; * } * * @since 5.8.0 As `get_block_styles()`. * @since 5.9.0 Renamed from `get_block_styles()` to `get_block_classes()` * and no longer returns preset classes. * Removed the `$setting_nodes` parameter. * @since 6.1.0 Moved most internal logic to `get_styles_for_block()`. * * @param array $style_nodes Nodes with styles. * @return string The new stylesheet. */ protected function get_block_classes( $style_nodes ) { $block_rules = ''; foreach ( $style_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $block_rules .= static::get_styles_for_block( $metadata ); } return $block_rules; } /** * Gets the CSS layout rules for a particular block from theme.json layout definitions. * * @since 6.1.0 * @since 6.3.0 Reduced specificity for layout margin rules. * @since 6.5.1 Only output rules referencing content and wide sizes when values exist. * @since 6.5.3 Add types parameter to check if only base layout styles are needed. * @since 6.6.0 Updated layout style specificity to be compatible with overall 0-1-0 specificity in global styles. * * @param array $block_metadata Metadata about the block to get styles for. * @param array $types Optional. Types of styles to output. If empty, all styles will be output. * @return string Layout styles for the block. */ protected function get_layout_styles( $block_metadata, $types = array() ) { $block_rules = ''; $block_type = null; // Skip outputting layout styles if explicitly disabled. if ( current_theme_supports( 'disable-layout-styles' ) ) { return $block_rules; } if ( isset( $block_metadata['name'] ) ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block_metadata['name'] ); if ( ! block_has_support( $block_type, 'layout', false ) && ! block_has_support( $block_type, '__experimentalLayout', false ) ) { return $block_rules; } } $selector = isset( $block_metadata['selector'] ) ? $block_metadata['selector'] : ''; $has_block_gap_support = isset( $this->theme_json['settings']['spacing']['blockGap'] ); $has_fallback_gap_support = ! $has_block_gap_support; // This setting isn't useful yet: it exists as a placeholder for a future explicit fallback gap styles support. $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $layout_definitions = wp_get_layout_definitions(); $layout_selector_pattern = '/^[a-zA-Z0-9\-\.\,\ *+>:\(\)]*$/'; // Allow alphanumeric classnames, spaces, wildcard, sibling, child combinator and pseudo class selectors. /* * Gap styles will only be output if the theme has block gap support, or supports a fallback gap. * Default layout gap styles will be skipped for themes that do not explicitly opt-in to blockGap with a `true` or `false` value. */ if ( $has_block_gap_support || $has_fallback_gap_support ) { $block_gap_value = null; // Use a fallback gap value if block gap support is not available. if ( ! $has_block_gap_support ) { $block_gap_value = static::ROOT_BLOCK_SELECTOR === $selector ? '0.5em' : null; if ( ! empty( $block_type ) ) { $block_gap_value = isset( $block_type->supports['spacing']['blockGap']['__experimentalDefault'] ) ? $block_type->supports['spacing']['blockGap']['__experimentalDefault'] : null; } } else { $block_gap_value = static::get_property_value( $node, array( 'spacing', 'blockGap' ) ); } // Support split row / column values and concatenate to a shorthand value. if ( is_array( $block_gap_value ) ) { if ( isset( $block_gap_value['top'] ) && isset( $block_gap_value['left'] ) ) { $gap_row = static::get_property_value( $node, array( 'spacing', 'blockGap', 'top' ) ); $gap_column = static::get_property_value( $node, array( 'spacing', 'blockGap', 'left' ) ); $block_gap_value = $gap_row === $gap_column ? $gap_row : $gap_row . ' ' . $gap_column; } else { // Skip outputting gap value if not all sides are provided. $block_gap_value = null; } } // If the block should have custom gap, add the gap styles. if ( null !== $block_gap_value && false !== $block_gap_value && '' !== $block_gap_value ) { foreach ( $layout_definitions as $layout_definition_key => $layout_definition ) { // Allow outputting fallback gap styles for flex and grid layout types when block gap support isn't available. if ( ! $has_block_gap_support && 'flex' !== $layout_definition_key && 'grid' !== $layout_definition_key ) { continue; } $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $spacing_rules = isset( $layout_definition['spacingStyles'] ) ? $layout_definition['spacingStyles'] : array(); if ( ! empty( $class_name ) && ! empty( $spacing_rules ) ) { foreach ( $spacing_rules as $spacing_rule ) { $declarations = array(); if ( isset( $spacing_rule['selector'] ) && preg_match( $layout_selector_pattern, $spacing_rule['selector'] ) && ! empty( $spacing_rule['rules'] ) ) { // Iterate over each of the styling rules and substitute non-string values such as `null` with the real `blockGap` value. foreach ( $spacing_rule['rules'] as $css_property => $css_value ) { $current_css_value = is_string( $css_value ) ? $css_value : $block_gap_value; if ( static::is_safe_css_declaration( $css_property, $current_css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $current_css_value, ); } } if ( ! $has_block_gap_support ) { // For fallback gap styles, use lower specificity, to ensure styles do not unintentionally override theme styles. $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':where(.%2$s%3$s)' : ':where(%1$s.%2$s%3$s)'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } else { $format = static::ROOT_BLOCK_SELECTOR === $selector ? ':root :where(.%2$s)%3$s' : ':root :where(%1$s-%2$s)%3$s'; $layout_selector = sprintf( $format, $selector, $class_name, $spacing_rule['selector'] ); } $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } } // Output base styles. if ( static::ROOT_BLOCK_SELECTOR === $selector ) { $valid_display_modes = array( 'block', 'flex', 'grid' ); foreach ( $layout_definitions as $layout_definition ) { $class_name = isset( $layout_definition['className'] ) ? $layout_definition['className'] : false; $base_style_rules = isset( $layout_definition['baseStyles'] ) ? $layout_definition['baseStyles'] : array(); if ( ! empty( $class_name ) && is_array( $base_style_rules ) ) { // Output display mode. This requires special handling as `display` is not exposed in `safe_style_css_filter`. if ( ! empty( $layout_definition['displayMode'] ) && is_string( $layout_definition['displayMode'] ) && in_array( $layout_definition['displayMode'], $valid_display_modes, true ) ) { $layout_selector = sprintf( '%s .%s', $selector, $class_name ); $block_rules .= static::to_ruleset( $layout_selector, array( array( 'name' => 'display', 'value' => $layout_definition['displayMode'], ), ) ); } foreach ( $base_style_rules as $base_style_rule ) { $declarations = array(); // Skip outputting base styles for flow and constrained layout types if theme doesn't support theme.json. The 'base-layout-styles' type flags this. if ( in_array( 'base-layout-styles', $types, true ) && ( 'default' === $layout_definition['name'] || 'constrained' === $layout_definition['name'] ) ) { continue; } if ( isset( $base_style_rule['selector'] ) && preg_match( $layout_selector_pattern, $base_style_rule['selector'] ) && ! empty( $base_style_rule['rules'] ) ) { foreach ( $base_style_rule['rules'] as $css_property => $css_value ) { // Skip rules that reference content size or wide size if they are not defined in the theme.json. if ( is_string( $css_value ) && ( str_contains( $css_value, '--global--content-size' ) || str_contains( $css_value, '--global--wide-size' ) ) && ! isset( $this->theme_json['settings']['layout']['contentSize'] ) && ! isset( $this->theme_json['settings']['layout']['wideSize'] ) ) { continue; } if ( static::is_safe_css_declaration( $css_property, $css_value ) ) { $declarations[] = array( 'name' => $css_property, 'value' => $css_value, ); } } $layout_selector = sprintf( '.%s%s', $class_name, $base_style_rule['selector'] ); $block_rules .= static::to_ruleset( $layout_selector, $declarations ); } } } } } return $block_rules; } /** * Creates new rulesets as classes for each preset value such as: * * .has-value-color { * color: value; * } * * .has-value-background-color { * background-color: value; * } * * .has-value-font-size { * font-size: value; * } * * .has-value-gradient-background { * background: value; * } * * p.has-value-gradient-background { * background: value; * } * * @since 5.9.0 * * @param array $setting_nodes Nodes with settings. * @param string[] $origins List of origins to process presets from. * @return string The new stylesheet. */ protected function get_preset_classes( $setting_nodes, $origins ) { $preset_rules = ''; foreach ( $setting_nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $preset_rules .= static::compute_preset_classes( $node, $selector, $origins ); } return $preset_rules; } /** * Converts each styles section into a list of rulesets * to be appended to the stylesheet. * These rulesets contain all the css variables (custom variables and preset variables). * * See glossary at https://developer.mozilla.org/en-US/docs/Web/CSS/Syntax * * For each section this creates a new ruleset such as: * * block-selector { * --wp--preset--category--slug: value; * --wp--custom--variable: value; * } * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $nodes Nodes with settings. * @param string[] $origins List of origins to process. * @return string The new stylesheet. */ protected function get_css_variables( $nodes, $origins ) { $stylesheet = ''; foreach ( $nodes as $metadata ) { if ( null === $metadata['selector'] ) { continue; } $selector = $metadata['selector']; $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); $declarations = static::compute_preset_vars( $node, $origins ); $theme_vars_declarations = static::compute_theme_vars( $node ); foreach ( $theme_vars_declarations as $theme_vars_declaration ) { $declarations[] = $theme_vars_declaration; } $stylesheet .= static::to_ruleset( $selector, $declarations ); } return $stylesheet; } /** * Given a selector and a declaration list, * creates the corresponding ruleset. * * @since 5.8.0 * * @param string $selector CSS selector. * @param array $declarations List of declarations. * @return string The resulting CSS ruleset. */ protected static function to_ruleset( $selector, $declarations ) { if ( empty( $declarations ) ) { return ''; } $declaration_block = array_reduce( $declarations, static function ( $carry, $element ) { return $carry .= $element['name'] . ': ' . $element['value'] . ';'; }, '' ); return $selector . '{' . $declaration_block . '}'; } /** * Given a settings array, returns the generated rulesets * for the preset classes. * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * @since 6.6.0 Added check for root CSS properties selector. * * @param array $settings Settings to process. * @param string $selector Selector wrapping the classes. * @param string[] $origins List of origins to process. * @return string The result of processing the presets. */ protected static function compute_preset_classes( $settings, $selector, $origins ) { if ( static::ROOT_BLOCK_SELECTOR === $selector || static::ROOT_CSS_PROPERTIES_SELECTOR === $selector ) { /* * Classes at the global level do not need any CSS prefixed, * and we don't want to increase its specificity. */ $selector = ''; } $stylesheet = ''; foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['classes'] ) ) { continue; } $slugs = static::get_settings_slugs( $settings, $preset_metadata, $origins ); foreach ( $preset_metadata['classes'] as $class => $property ) { foreach ( $slugs as $slug ) { $css_var = static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ); $class_name = static::replace_slug_in_string( $class, $slug ); // $selector is often empty, so we can save ourselves the `append_to_selector()` call then. $new_selector = '' === $selector ? $class_name : static::append_to_selector( $selector, $class_name ); $stylesheet .= static::to_ruleset( $new_selector, array( array( 'name' => $property, 'value' => 'var(' . $css_var . ') !important', ), ) ); } } } return $stylesheet; } /** * Function that scopes a selector with another one. This works a bit like * SCSS nesting except the `&` operator isn't supported. * * <code> * $scope = '.a, .b .c'; * $selector = '> .x, .y'; * $merged = scope_selector( $scope, $selector ); * // $merged is '.a > .x, .a .y, .b .c > .x, .b .c .y' * </code> * * @since 5.9.0 * @since 6.6.0 Added early return if missing scope or selector. * * @param string $scope Selector to scope to. * @param string $selector Original selector. * @return string Scoped selector. */ public static function scope_selector( $scope, $selector ) { if ( ! $scope || ! $selector ) { return $selector; } $scopes = explode( ',', $scope ); $selectors = explode( ',', $selector ); $selectors_scoped = array(); foreach ( $scopes as $outer ) { foreach ( $selectors as $inner ) { $outer = trim( $outer ); $inner = trim( $inner ); if ( ! empty( $outer ) && ! empty( $inner ) ) { $selectors_scoped[] = $outer . ' ' . $inner; } elseif ( empty( $outer ) ) { $selectors_scoped[] = $inner; } elseif ( empty( $inner ) ) { $selectors_scoped[] = $outer; } } } $result = implode( ', ', $selectors_scoped ); return $result; } /** * Scopes the selectors for a given style node. * * This includes the primary selector, i.e. `$node['selector']`, as well as any custom * selectors for features and subfeatures, e.g. `$node['selectors']['border']` etc. * * @since 6.6.0 * * @param string $scope Selector to scope to. * @param array $node Style node with selectors to scope. * @return array Node with updated selectors. */ protected static function scope_style_node_selectors( $scope, $node ) { $node['selector'] = static::scope_selector( $scope, $node['selector'] ); if ( empty( $node['selectors'] ) ) { return $node; } foreach ( $node['selectors'] as $feature => $selector ) { if ( is_string( $selector ) ) { $node['selectors'][ $feature ] = static::scope_selector( $scope, $selector ); } if ( is_array( $selector ) ) { foreach ( $selector as $subfeature => $subfeature_selector ) { $node['selectors'][ $feature ][ $subfeature ] = static::scope_selector( $scope, $subfeature_selector ); } } } return $node; } /** * Gets preset values keyed by slugs based on settings and metadata. * * <code> * $settings = array( * 'typography' => array( * 'fontFamilies' => array( * array( * 'slug' => 'sansSerif', * 'fontFamily' => '"Helvetica Neue", sans-serif', * ), * array( * 'slug' => 'serif', * 'colors' => 'Georgia, serif', * ) * ), * ), * ); * $meta = array( * 'path' => array( 'typography', 'fontFamilies' ), * 'value_key' => 'fontFamily', * ); * $values_by_slug = get_settings_values_by_slug(); * // $values_by_slug === array( * // 'sans-serif' => '"Helvetica Neue", sans-serif', * // 'serif' => 'Georgia, serif', * // ); * </code> * * @since 5.9.0 * @since 6.6.0 Passing $settings to the callbacks defined in static::PRESETS_METADATA. * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where each key is a slug and each value is the preset value. */ protected static function get_settings_values_by_slug( $settings, $preset_metadata, $origins ) { $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); $value = ''; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value_key = $preset_metadata['value_key']; $value = $preset[ $value_key ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value_func = $preset_metadata['value_func']; $value = call_user_func( $value_func, $preset, $settings ); } else { // If we don't have a value, then don't add it to the result. continue; } $result[ $slug ] = $value; } } return $result; } /** * Similar to get_settings_values_by_slug, but doesn't compute the value. * * @since 5.9.0 * * @param array $settings Settings to process. * @param array $preset_metadata One of the PRESETS_METADATA values. * @param string[] $origins List of origins to process. * @return array Array of presets where the key and value are both the slug. */ protected static function get_settings_slugs( $settings, $preset_metadata, $origins = null ) { if ( null === $origins ) { $origins = static::VALID_ORIGINS; } $preset_per_origin = _wp_array_get( $settings, $preset_metadata['path'], array() ); $result = array(); foreach ( $origins as $origin ) { if ( ! isset( $preset_per_origin[ $origin ] ) ) { continue; } foreach ( $preset_per_origin[ $origin ] as $preset ) { $slug = _wp_to_kebab_case( $preset['slug'] ); // Use the array as a set so we don't get duplicates. $result[ $slug ] = $slug; } } return $result; } /** * Transforms a slug into a CSS Custom Property. * * @since 5.9.0 * * @param string $input String to replace. * @param string $slug The slug value to use to generate the custom property. * @return string The CSS Custom Property. Something along the lines of `--wp--preset--color--black`. */ protected static function replace_slug_in_string( $input, $slug ) { return strtr( $input, array( '$slug' => $slug ) ); } /** * Given the block settings, extracts the CSS Custom Properties * for the presets and adds them to the $declarations array * following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * @since 5.9.0 Added the `$origins` parameter. * * @param array $settings Settings to process. * @param string[] $origins List of origins to process. * @return array The modified $declarations. */ protected static function compute_preset_vars( $settings, $origins ) { $declarations = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { if ( empty( $preset_metadata['css_vars'] ) ) { continue; } $values_by_slug = static::get_settings_values_by_slug( $settings, $preset_metadata, $origins ); foreach ( $values_by_slug as $slug => $value ) { $declarations[] = array( 'name' => static::replace_slug_in_string( $preset_metadata['css_vars'], $slug ), 'value' => $value, ); } } return $declarations; } /** * Given an array of settings, extracts the CSS Custom Properties * for the custom values and adds them to the $declarations * array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value, * ) * * @since 5.8.0 * * @param array $settings Settings to process. * @return array The modified $declarations. */ protected static function compute_theme_vars( $settings ) { $declarations = array(); $custom_values = isset( $settings['custom'] ) ? $settings['custom'] : array(); $css_vars = static::flatten_tree( $custom_values ); foreach ( $css_vars as $key => $value ) { $declarations[] = array( 'name' => '--wp--custom--' . $key, 'value' => $value, ); } return $declarations; } /** * Given a tree, it creates a flattened one * by merging the keys and binding the leaf values * to the new keys. * * It also transforms camelCase names into kebab-case * and substitutes '/' by '-'. * * This is thought to be useful to generate * CSS Custom Properties from a tree, * although there's nothing in the implementation * of this function that requires that format. * * For example, assuming the given prefix is '--wp' * and the token is '--', for this input tree: * * { * 'some/property': 'value', * 'nestedProperty': { * 'sub-property': 'value' * } * } * * it'll return this output: * * { * '--wp--some-property': 'value', * '--wp--nested-property--sub-property': 'value' * } * * @since 5.8.0 * * @param array $tree Input tree to process. * @param string $prefix Optional. Prefix to prepend to each variable. Default empty string. * @param string $token Optional. Token to use between levels. Default '--'. * @return array The flattened tree. */ protected static function flatten_tree( $tree, $prefix = '', $token = '--' ) { $result = array(); foreach ( $tree as $property => $value ) { $new_key = $prefix . str_replace( '/', '-', strtolower( _wp_to_kebab_case( $property ) ) ); if ( is_array( $value ) ) { $new_prefix = $new_key . $token; $flattened_subtree = static::flatten_tree( $value, $new_prefix, $token ); foreach ( $flattened_subtree as $subtree_key => $subtree_value ) { $result[ $subtree_key ] = $subtree_value; } } else { $result[ $new_key ] = $value; } } return $result; } /** * Given a styles array, it extracts the style properties * and adds them to the $declarations array following the format: * * array( * 'name' => 'property_name', * 'value' => 'property_value', * ) * * @since 5.8.0 * @since 5.9.0 Added the `$settings` and `$properties` parameters. * @since 6.1.0 Added `$theme_json`, `$selector`, and `$use_root_padding` parameters. * @since 6.5.0 Output a `min-height: unset` rule when `aspect-ratio` is set. * @since 6.6.0 Pass current theme JSON settings to wp_get_typography_font_size_value(), and process background properties. * @since 6.7.0 `ref` resolution of background properties, and assigning custom default values. * * @param array $styles Styles to process. * @param array $settings Theme settings. * @param array $properties Properties metadata. * @param array $theme_json Theme JSON array. * @param string $selector The style block selector. * @param boolean $use_root_padding Whether to add custom properties at root level. * @return array Returns the modified $declarations. */ protected static function compute_style_properties( $styles, $settings = array(), $properties = null, $theme_json = null, $selector = null, $use_root_padding = null ) { if ( empty( $styles ) ) { return array(); } if ( null === $properties ) { $properties = static::PROPERTIES_METADATA; } $declarations = array(); $root_variable_duplicates = array(); $root_style_length = strlen( '--wp--style--root--' ); foreach ( $properties as $css_property => $value_path ) { if ( ! is_array( $value_path ) ) { continue; } $is_root_style = str_starts_with( $css_property, '--wp--style--root--' ); if ( $is_root_style && ( static::ROOT_BLOCK_SELECTOR !== $selector || ! $use_root_padding ) ) { continue; } $value = static::get_property_value( $styles, $value_path, $theme_json ); /* * Root-level padding styles don't currently support strings with CSS shorthand values. * This may change: https://github.com/WordPress/gutenberg/issues/40132. */ if ( '--wp--style--root--padding' === $css_property && is_string( $value ) ) { continue; } if ( $is_root_style && $use_root_padding ) { $root_variable_duplicates[] = substr( $css_property, $root_style_length ); } /* * Processes background image styles. * If the value is a URL, it will be converted to a CSS `url()` value. * For uploaded image (images with a database ID), apply size and position defaults, * equal to those applied in block supports in lib/background.php. */ if ( 'background-image' === $css_property && ! empty( $value ) ) { $background_styles = wp_style_engine_get_styles( array( 'background' => array( 'backgroundImage' => $value ) ) ); $value = $background_styles['declarations'][ $css_property ]; } if ( empty( $value ) && static::ROOT_BLOCK_SELECTOR !== $selector && ! empty( $styles['background']['backgroundImage']['id'] ) ) { if ( 'background-size' === $css_property ) { $value = 'cover'; } // If the background size is set to `contain` and no position is set, set the position to `center`. if ( 'background-position' === $css_property ) { $background_size = $styles['background']['backgroundSize'] ?? null; $value = 'contain' === $background_size ? '50% 50%' : null; } } // Skip if empty and not "0" or value represents array of longhand values. $has_missing_value = empty( $value ) && ! is_numeric( $value ); if ( $has_missing_value || is_array( $value ) ) { continue; } /* * Look up protected properties, keyed by value path. * Skip protected properties that are explicitly set to `null`. */ $path_string = implode( '.', $value_path ); if ( isset( static::PROTECTED_PROPERTIES[ $path_string ] ) && _wp_array_get( $settings, static::PROTECTED_PROPERTIES[ $path_string ], null ) === null ) { continue; } // Calculates fluid typography rules where available. if ( 'font-size' === $css_property ) { /* * wp_get_typography_font_size_value() will check * if fluid typography has been activated and also * whether the incoming value can be converted to a fluid value. * Values that already have a clamp() function will not pass the test, * and therefore the original $value will be returned. * Pass the current theme_json settings to override any global settings. */ $value = wp_get_typography_font_size_value( array( 'size' => $value ), $settings ); } if ( 'aspect-ratio' === $css_property ) { // For aspect ratio to work, other dimensions rules must be unset. // This ensures that a fixed height does not override the aspect ratio. $declarations[] = array( 'name' => 'min-height', 'value' => 'unset', ); } $declarations[] = array( 'name' => $css_property, 'value' => $value, ); } // If a variable value is added to the root, the corresponding property should be removed. foreach ( $root_variable_duplicates as $duplicate ) { $discard = array_search( $duplicate, array_column( $declarations, 'name' ), true ); if ( is_numeric( $discard ) ) { array_splice( $declarations, $discard, 1 ); } } return $declarations; } /** * Returns the style property for the given path. * * It also converts references to a path to the value * stored at that location, e.g. * { "ref": "style.color.background" } => "#fff". * * @since 5.8.0 * @since 5.9.0 Added support for values of array type, which are returned as is. * @since 6.1.0 Added the `$theme_json` parameter. * @since 6.3.0 It no longer converts the internal format "var:preset|color|secondary" * to the standard form "--wp--preset--color--secondary". * This is already done by the sanitize method, * so every property will be in the standard form. * @since 6.7.0 Added support for background image refs. * * @param array $styles Styles subtree. * @param array $path Which property to process. * @param array $theme_json Theme JSON array. * @return string|array Style property value. */ protected static function get_property_value( $styles, $path, $theme_json = null ) { $value = _wp_array_get( $styles, $path, '' ); if ( '' === $value || null === $value ) { // No need to process the value further. return ''; } /* * This converts references to a path to the value at that path * where the value is an array with a "ref" key, pointing to a path. * For example: { "ref": "style.color.background" } => "#fff". * In the case of backgroundImage, if both a ref and a URL are present in the value, * the URL takes precedence and the ref is ignored. */ if ( is_array( $value ) && isset( $value['ref'] ) ) { $value_path = explode( '.', $value['ref'] ); $ref_value = _wp_array_get( $theme_json, $value_path ); // Background Image refs can refer to a string or an array containing a URL string. $ref_value_url = $ref_value['url'] ?? null; // Only use the ref value if we find anything. if ( ! empty( $ref_value ) && ( is_string( $ref_value ) || is_string( $ref_value_url ) ) ) { $value = $ref_value; } if ( is_array( $ref_value ) && isset( $ref_value['ref'] ) ) { $path_string = json_encode( $path ); $ref_value_string = json_encode( $ref_value ); _doing_it_wrong( 'get_property_value', sprintf( /* translators: 1: theme.json, 2: Value name, 3: Value path, 4: Another value name. */ __( 'Your %1$s file uses a dynamic value (%2$s) for the path at %3$s. However, the value at %3$s is also a dynamic value (pointing to %4$s) and pointing to another dynamic value is not supported. Please update %3$s to point directly to %4$s.' ), 'theme.json', $ref_value_string, $path_string, $ref_value['ref'] ), '6.1.0' ); } } if ( is_array( $value ) ) { return $value; } return $value; } /** * Builds metadata for the setting nodes, which returns in the form of: * * [ * [ * 'path' => ['path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node' * ], * [ * 'path' => [ 'path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node' * ], * ] * * @since 5.8.0 * * @param array $theme_json The tree to extract setting nodes from. * @param array $selectors List of selectors per block. * @return array An array of setting nodes metadata. */ protected static function get_setting_nodes( $theme_json, $selectors = array() ) { $nodes = array(); if ( ! isset( $theme_json['settings'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'settings' ), 'selector' => static::ROOT_CSS_PROPERTIES_SELECTOR, ); // Calculate paths for blocks. if ( ! isset( $theme_json['settings']['blocks'] ) ) { return $nodes; } foreach ( $theme_json['settings']['blocks'] as $name => $node ) { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $nodes[] = array( 'path' => array( 'settings', 'blocks', $name ), 'selector' => $selector, ); } return $nodes; } /** * Builds metadata for the style nodes, which returns in the form of: * * [ * [ * 'path' => [ 'path', 'to', 'some', 'node' ], * 'selector' => 'CSS selector for some node', * 'duotone' => 'CSS selector for duotone for some node' * ], * [ * 'path' => ['path', 'to', 'other', 'node' ], * 'selector' => 'CSS selector for other node', * 'duotone' => null * ], * ] * * @since 5.8.0 * @since 6.6.0 Added options array for modifying generated nodes. * * @param array $theme_json The tree to extract style nodes from. * @param array $selectors List of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Includes style nodes for block style variations. Default false. * } * @return array An array of style nodes metadata. */ protected static function get_style_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles'] ) ) { return $nodes; } // Top-level. $nodes[] = array( 'path' => array( 'styles' ), 'selector' => static::ROOT_BLOCK_SELECTOR, ); if ( isset( $theme_json['styles']['elements'] ) ) { foreach ( self::ELEMENTS as $element => $selector ) { if ( ! isset( $theme_json['styles']['elements'][ $element ] ) ) { continue; } $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::ELEMENTS[ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['elements'][ $element ][ $pseudo_selector ] ) ) { $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::append_to_selector( static::ELEMENTS[ $element ], $pseudo_selector ), ); } } } } } // Blocks. if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $block_nodes = static::get_block_nodes( $theme_json, $selectors, $options ); foreach ( $block_nodes as $block_node ) { $nodes[] = $block_node; } /** * Filters the list of style nodes with metadata. * * This allows for things like loading block CSS independently. * * @since 6.1.0 * * @param array $nodes Style nodes with metadata. */ return apply_filters( 'wp_theme_json_get_style_nodes', $nodes ); } /** * A public helper to get the block nodes from a theme.json file. * * @since 6.1.0 * * @return array The block nodes in theme.json. */ public function get_styles_block_nodes() { return static::get_block_nodes( $this->theme_json ); } /** * Returns a filtered declarations array if there is a separator block with only a background * style defined in theme.json by adding a color attribute to reflect the changes in the front. * * @since 6.1.1 * * @param array $declarations List of declarations. * @return array $declarations List of declarations filtered. */ private static function update_separator_declarations( $declarations ) { $background_color = ''; $border_color_matches = false; $text_color_matches = false; foreach ( $declarations as $declaration ) { if ( 'background-color' === $declaration['name'] && ! $background_color && isset( $declaration['value'] ) ) { $background_color = $declaration['value']; } elseif ( 'border-color' === $declaration['name'] ) { $border_color_matches = true; } elseif ( 'color' === $declaration['name'] ) { $text_color_matches = true; } if ( $background_color && $border_color_matches && $text_color_matches ) { break; } } if ( $background_color && ! $border_color_matches && ! $text_color_matches ) { $declarations[] = array( 'name' => 'color', 'value' => $background_color, ); } return $declarations; } /** * An internal method to get the block nodes from a theme.json file. * * @since 6.1.0 * @since 6.3.0 Refactored and stabilized selectors API. * @since 6.6.0 Added optional selectors and options for generating block nodes. * @since 6.7.0 Added $include_node_paths_only option. * * @param array $theme_json The theme.json converted to an array. * @param array $selectors Optional list of selectors per block. * @param array $options { * Optional. An array of options for now used for internal purposes only (may change without notice). * * @type bool $include_block_style_variations Include nodes for block style variations. Default false. * @type bool $include_node_paths_only Return only block nodes node paths. Default false. * } * @return array The block nodes in theme.json. */ private static function get_block_nodes( $theme_json, $selectors = array(), $options = array() ) { $nodes = array(); if ( ! isset( $theme_json['styles']['blocks'] ) ) { return $nodes; } $include_variations = $options['include_block_style_variations'] ?? false; $include_node_paths_only = $options['include_node_paths_only'] ?? false; // If only node paths are to be returned, skip selector assignment. if ( ! $include_node_paths_only ) { $selectors = empty( $selectors ) ? static::get_blocks_metadata() : $selectors; } foreach ( $theme_json['styles']['blocks'] as $name => $node ) { $node_path = array( 'styles', 'blocks', $name ); if ( $include_node_paths_only ) { $variation_paths = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $variation_node ) { $variation_paths[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), ); } } $node = array( 'path' => $node_path, ); if ( ! empty( $variation_paths ) ) { $node['variations'] = $variation_paths; } $nodes[] = $node; } else { $selector = null; if ( isset( $selectors[ $name ]['selector'] ) ) { $selector = $selectors[ $name ]['selector']; } $duotone_selector = null; if ( isset( $selectors[ $name ]['duotone'] ) ) { $duotone_selector = $selectors[ $name ]['duotone']; } $feature_selectors = null; if ( isset( $selectors[ $name ]['selectors'] ) ) { $feature_selectors = $selectors[ $name ]['selectors']; } $variation_selectors = array(); if ( $include_variations && isset( $node['variations'] ) ) { foreach ( $node['variations'] as $variation => $node ) { $variation_selectors[] = array( 'path' => array( 'styles', 'blocks', $name, 'variations', $variation ), 'selector' => $selectors[ $name ]['styleVariations'][ $variation ], ); } } $nodes[] = array( 'name' => $name, 'path' => $node_path, 'selector' => $selector, 'selectors' => $feature_selectors, 'duotone' => $duotone_selector, 'features' => $feature_selectors, 'variations' => $variation_selectors, 'css' => $selector, ); } if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'] ) ) { foreach ( $theme_json['styles']['blocks'][ $name ]['elements'] as $element => $node ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); if ( $include_node_paths_only ) { $nodes[] = array( 'path' => $node_path, ); continue; } $nodes[] = array( 'path' => $node_path, 'selector' => $selectors[ $name ]['elements'][ $element ], ); // Handle any pseudo selectors for the element. if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element ] as $pseudo_selector ) { if ( isset( $theme_json['styles']['blocks'][ $name ]['elements'][ $element ][ $pseudo_selector ] ) ) { $node_path = array( 'styles', 'blocks', $name, 'elements', $element ); $nodes[] = array( 'path' => $node_path, 'selector' => static::append_to_selector( $selectors[ $name ]['elements'][ $element ], $pseudo_selector ), ); } } } } } } return $nodes; } /** * Gets the CSS rules for a particular block from theme.json. * * @since 6.1.0 * @since 6.6.0 Setting a min-height of HTML when root styles have a background gradient or image. * Updated general global styles specificity to 0-1-0. * Fixed custom CSS output in block style variations. * * @param array $block_metadata Metadata about the block to get styles for. * @return string Styles for the block. */ public function get_styles_for_block( $block_metadata ) { $node = _wp_array_get( $this->theme_json, $block_metadata['path'], array() ); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; $selector = $block_metadata['selector']; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $feature_declarations = static::get_feature_declarations_for_node( $block_metadata, $node ); $is_root_selector = static::ROOT_BLOCK_SELECTOR === $selector; // If there are style variations, generate the declarations for them, including any feature selectors the block may have. $style_variation_declarations = array(); $style_variation_custom_css = array(); if ( ! empty( $block_metadata['variations'] ) ) { foreach ( $block_metadata['variations'] as $style_variation ) { $style_variation_node = _wp_array_get( $this->theme_json, $style_variation['path'], array() ); $clean_style_variation_selector = trim( $style_variation['selector'] ); // Generate any feature/subfeature style declarations for the current style variation. $variation_declarations = static::get_feature_declarations_for_node( $block_metadata, $style_variation_node ); // Combine selectors with style variation's selector and add to overall style variation declarations. foreach ( $variation_declarations as $current_selector => $new_declarations ) { /* * Clean up any whitespace between comma separated selectors. * This prevents these spaces breaking compound selectors such as: * - `.wp-block-list:not(.wp-block-list .wp-block-list)` * - `.wp-block-image img, .wp-block-image.my-class img` */ $clean_current_selector = preg_replace( '/,\s+/', ',', $current_selector ); $shortened_selector = str_replace( $block_metadata['selector'], '', $clean_current_selector ); // Prepend the variation selector to the current selector. $split_selectors = explode( ',', $shortened_selector ); $updated_selectors = array_map( static function ( $split_selector ) use ( $clean_style_variation_selector ) { return $clean_style_variation_selector . $split_selector; }, $split_selectors ); $combined_selectors = implode( ',', $updated_selectors ); // Add the new declarations to the overall results under the modified selector. $style_variation_declarations[ $combined_selectors ] = $new_declarations; } // Compute declarations for remaining styles not covered by feature level selectors. $style_variation_declarations[ $style_variation['selector'] ] = static::compute_style_properties( $style_variation_node, $settings, null, $this->theme_json ); // Store custom CSS for the style variation. if ( isset( $style_variation_node['css'] ) ) { $style_variation_custom_css[ $style_variation['selector'] ] = $this->process_blocks_custom_css( $style_variation_node['css'], $style_variation['selector'] ); } } } /* * Get a reference to element name from path. * $block_metadata['path'] = array( 'styles','elements','link' ); * Make sure that $block_metadata['path'] describes an element node, like [ 'styles', 'element', 'link' ]. * Skip non-element paths like just ['styles']. */ $is_processing_element = in_array( 'elements', $block_metadata['path'], true ); $current_element = $is_processing_element ? $block_metadata['path'][ count( $block_metadata['path'] ) - 1 ] : null; $element_pseudo_allowed = array(); if ( isset( $current_element, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { $element_pseudo_allowed = static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ]; } /* * Check for allowed pseudo classes (e.g. ":hover") from the $selector ("a:hover"). * This also resets the array keys. */ $pseudo_matches = array_values( array_filter( $element_pseudo_allowed, static function ( $pseudo_selector ) use ( $selector ) { /* * Check if the pseudo selector is in the current selector, * ensuring it is not followed by a dash (e.g., :focus should not match :focus-visible). */ return preg_match( '/' . preg_quote( $pseudo_selector, '/' ) . '(?!-)/', $selector ) === 1; } ) ); $pseudo_selector = isset( $pseudo_matches[0] ) ? $pseudo_matches[0] : null; /* * If the current selector is a pseudo selector that's defined in the allow list for the current * element then compute the style properties for it. * Otherwise just compute the styles for the default selector as normal. */ if ( $pseudo_selector && isset( $node[ $pseudo_selector ] ) && isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) && in_array( $pseudo_selector, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ], true ) ) { $declarations = static::compute_style_properties( $node[ $pseudo_selector ], $settings, null, $this->theme_json, $selector, $use_root_padding ); } else { $declarations = static::compute_style_properties( $node, $settings, null, $this->theme_json, $selector, $use_root_padding ); } $block_rules = ''; /* * 1. Bespoke declaration modifiers: * - 'filter': Separate the declarations that use the general selector * from the ones using the duotone selector. * - 'background|background-image': set the html min-height to 100% * to ensure the background covers the entire viewport. */ $declarations_duotone = array(); $should_set_root_min_height = false; foreach ( $declarations as $index => $declaration ) { if ( 'filter' === $declaration['name'] ) { /* * 'unset' filters happen when a filter is unset * in the site-editor UI. Because the 'unset' value * in the user origin overrides the value in the * theme origin, we can skip rendering anything * here as no filter needs to be applied anymore. * So only add declarations to with values other * than 'unset'. */ if ( 'unset' !== $declaration['value'] ) { $declarations_duotone[] = $declaration; } unset( $declarations[ $index ] ); } if ( $is_root_selector && ( 'background-image' === $declaration['name'] || 'background' === $declaration['name'] ) ) { $should_set_root_min_height = true; } } /* * If root styles has a background-image or a background (gradient) set, * set the min-height to '100%'. Minus `--wp-admin--admin-bar--height` for logged-in view. * Setting the CSS rule on the HTML tag ensures background gradients and images behave similarly, * and matches the behavior of the site editor. */ if ( $should_set_root_min_height ) { $block_rules .= static::to_ruleset( 'html', array( array( 'name' => 'min-height', 'value' => 'calc(100% - var(--wp-admin--admin-bar--height, 0px))', ), ) ); } // Update declarations if there are separators with only background color defined. if ( '.wp-block-separator' === $selector ) { $declarations = static::update_separator_declarations( $declarations ); } /* * Root selector (body) styles should not be wrapped in `:root where()` to keep * specificity at (0,0,1) and maintain backwards compatibility. * * Top-level element styles using element-only specificity selectors should * not get wrapped in `:root :where()` to maintain backwards compatibility. * * Pseudo classes, e.g. :hover, :focus etc., are a class-level selector so * still need to be wrapped in `:root :where` to cap specificity for nested * variations etc. Pseudo selectors won't match the ELEMENTS selector exactly. */ $element_only_selector = $is_root_selector || ( $current_element && isset( static::ELEMENTS[ $current_element ] ) && // buttons, captions etc. still need `:root :where()` as they are class based selectors. ! isset( static::__EXPERIMENTAL_ELEMENT_CLASS_NAMES[ $current_element ] ) && static::ELEMENTS[ $current_element ] === $selector ); // 2. Generate and append the rules that use the general selector. $general_selector = $element_only_selector ? $selector : ":root :where($selector)"; $block_rules .= static::to_ruleset( $general_selector, $declarations ); // 3. Generate and append the rules that use the duotone selector. if ( isset( $block_metadata['duotone'] ) && ! empty( $declarations_duotone ) ) { $block_rules .= static::to_ruleset( $block_metadata['duotone'], $declarations_duotone ); } // 4. Generate Layout block gap styles. if ( ! $is_root_selector && ! empty( $block_metadata['name'] ) ) { $block_rules .= $this->get_layout_styles( $block_metadata ); } // 5. Generate and append the feature level rulesets. foreach ( $feature_declarations as $feature_selector => $individual_feature_declarations ) { $block_rules .= static::to_ruleset( ":root :where($feature_selector)", $individual_feature_declarations ); } // 6. Generate and append the style variation rulesets. foreach ( $style_variation_declarations as $style_variation_selector => $individual_style_variation_declarations ) { $block_rules .= static::to_ruleset( ":root :where($style_variation_selector)", $individual_style_variation_declarations ); if ( isset( $style_variation_custom_css[ $style_variation_selector ] ) ) { $block_rules .= $style_variation_custom_css[ $style_variation_selector ]; } } // 7. Generate and append any custom CSS rules. if ( isset( $node['css'] ) && ! $is_root_selector ) { $block_rules .= $this->process_blocks_custom_css( $node['css'], $selector ); } return $block_rules; } /** * Outputs the CSS for layout rules on the root. * * @since 6.1.0 * @since 6.6.0 Use `ROOT_CSS_PROPERTIES_SELECTOR` for CSS custom properties and improved consistency of root padding rules. * Updated specificity of body margin reset and first/last child selectors. * * @param string $selector The root node selector. * @param array $block_metadata The metadata for the root block. * @return string The additional root rules CSS. */ public function get_root_layout_rules( $selector, $block_metadata ) { $css = ''; $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); $use_root_padding = isset( $this->theme_json['settings']['useRootPaddingAwareAlignments'] ) && true === $this->theme_json['settings']['useRootPaddingAwareAlignments']; /* * If there are content and wide widths in theme.json, output them * as custom properties on the body element so all blocks can use them. */ if ( isset( $settings['layout']['contentSize'] ) || isset( $settings['layout']['wideSize'] ) ) { $content_size = isset( $settings['layout']['contentSize'] ) ? $settings['layout']['contentSize'] : $settings['layout']['wideSize']; $content_size = static::is_safe_css_declaration( 'max-width', $content_size ) ? $content_size : 'initial'; $wide_size = isset( $settings['layout']['wideSize'] ) ? $settings['layout']['wideSize'] : $settings['layout']['contentSize']; $wide_size = static::is_safe_css_declaration( 'max-width', $wide_size ) ? $wide_size : 'initial'; $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . ' { --wp--style--global--content-size: ' . $content_size . ';'; $css .= '--wp--style--global--wide-size: ' . $wide_size . '; }'; } /* * Reset default browser margin on the body element. * This is set on the body selector **before** generating the ruleset * from the `theme.json`. This is to ensure that if the `theme.json` declares * `margin` in its `spacing` declaration for the `body` element then these * user-generated values take precedence in the CSS cascade. * @link https://github.com/WordPress/gutenberg/issues/36147. */ $css .= ':where(body) { margin: 0; }'; if ( $use_root_padding ) { // Top and bottom padding are applied to the outer block container. $css .= '.wp-site-blocks { padding-top: var(--wp--style--root--padding-top); padding-bottom: var(--wp--style--root--padding-bottom); }'; // Right and left padding are applied to the first container with `.has-global-padding` class. $css .= '.has-global-padding { padding-right: var(--wp--style--root--padding-right); padding-left: var(--wp--style--root--padding-left); }'; // Alignfull children of the container with left and right padding have negative margins so they can still be full width. $css .= '.has-global-padding > .alignfull { margin-right: calc(var(--wp--style--root--padding-right) * -1); margin-left: calc(var(--wp--style--root--padding-left) * -1); }'; // Nested children of the container with left and right padding that are not full aligned do not get padding, unless they are direct children of an alignfull flow container. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) { padding-right: 0; padding-left: 0; }'; // Alignfull direct children of the containers that are targeted by the rule above do not need negative margins. $css .= '.has-global-padding :where(:not(.alignfull.is-layout-flow) > .has-global-padding:not(.wp-block-block, .alignfull)) > .alignfull { margin-left: 0; margin-right: 0; }'; } $css .= '.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }'; $css .= '.wp-site-blocks > .alignright { float: right; margin-left: 2em; }'; $css .= '.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }'; // Block gap styles will be output unless explicitly set to `null`. See static::PROTECTED_PROPERTIES. if ( isset( $this->theme_json['settings']['spacing']['blockGap'] ) ) { $block_gap_value = static::get_property_value( $this->theme_json, array( 'styles', 'spacing', 'blockGap' ) ); $css .= ":where(.wp-site-blocks) > * { margin-block-start: $block_gap_value; margin-block-end: 0; }"; $css .= ':where(.wp-site-blocks) > :first-child { margin-block-start: 0; }'; $css .= ':where(.wp-site-blocks) > :last-child { margin-block-end: 0; }'; // For backwards compatibility, ensure the legacy block gap CSS variable is still available. $css .= static::ROOT_CSS_PROPERTIES_SELECTOR . " { --wp--style--block-gap: $block_gap_value; }"; } $css .= $this->get_layout_styles( $block_metadata ); return $css; } /** * For metadata values that can either be booleans or paths to booleans, gets the value. * * $data = array( * 'color' => array( * 'defaultPalette' => true * ) * ); * * static::get_metadata_boolean( $data, false ); * // => false * * static::get_metadata_boolean( $data, array( 'color', 'defaultPalette' ) ); * // => true * * @since 6.0.0 * * @param array $data The data to inspect. * @param bool|array $path Boolean or path to a boolean. * @param bool $default_value Default value if the referenced path is missing. * Default false. * @return bool Value of boolean metadata. */ protected static function get_metadata_boolean( $data, $path, $default_value = false ) { if ( is_bool( $path ) ) { return $path; } if ( is_array( $path ) ) { $value = _wp_array_get( $data, $path ); if ( null !== $value ) { return $value; } } return $default_value; } /** * Merges new incoming data. * * @since 5.8.0 * @since 5.9.0 Duotone preset also has origins. * @since 6.7.0 Replace background image objects during merge. * * @param WP_Theme_JSON $incoming Data to merge. */ public function merge( $incoming ) { $incoming_data = $incoming->get_raw_data(); $this->theme_json = array_replace_recursive( $this->theme_json, $incoming_data ); /* * Recompute all the spacing sizes based on the new hierarchy of data. In the constructor * spacingScale and spacingSizes are both keyed by origin and VALID_ORIGINS is ordered, so * we can allow partial spacingScale data to inherit missing data from earlier layers when * computing the spacing sizes. * * This happens before the presets are merged to ensure that default spacing sizes can be * removed from the theme origin if $prevent_override is true. */ $flattened_spacing_scale = array(); foreach ( static::VALID_ORIGINS as $origin ) { $scale_path = array( 'settings', 'spacing', 'spacingScale', $origin ); // Apply the base spacing scale to the current layer. $base_spacing_scale = _wp_array_get( $this->theme_json, $scale_path, array() ); $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $base_spacing_scale ); $spacing_scale = _wp_array_get( $incoming_data, $scale_path, null ); if ( ! isset( $spacing_scale ) ) { continue; } // Allow partial scale settings by merging with lower layers. $flattened_spacing_scale = array_replace( $flattened_spacing_scale, $spacing_scale ); // Generate and merge the scales for this layer. $sizes_path = array( 'settings', 'spacing', 'spacingSizes', $origin ); $spacing_sizes = _wp_array_get( $incoming_data, $sizes_path, array() ); $spacing_scale_sizes = static::compute_spacing_sizes( $flattened_spacing_scale ); $merged_spacing_sizes = static::merge_spacing_sizes( $spacing_scale_sizes, $spacing_sizes ); _wp_array_set( $incoming_data, $sizes_path, $merged_spacing_sizes ); } /* * The array_replace_recursive algorithm merges at the leaf level, * but we don't want leaf arrays to be merged, so we overwrite it. * * For leaf values that are sequential arrays it will use the numeric indexes for replacement. * We rather replace the existing with the incoming value, if it exists. * This is the case of spacing.units. * * For leaf values that are associative arrays it will merge them as expected. * This is also not the behavior we want for the current associative arrays (presets). * We rather replace the existing with the incoming value, if it exists. * This happens, for example, when we merge data from theme.json upon existing * theme supports or when we merge anything coming from the same source twice. * This is the case of color.palette, color.gradients, color.duotone, * typography.fontSizes, or typography.fontFamilies. * * Additionally, for some preset types, we also want to make sure the * values they introduce don't conflict with default values. We do so * by checking the incoming slugs for theme presets and compare them * with the equivalent default presets: if a slug is present as a default * we remove it from the theme presets. */ $nodes = static::get_setting_nodes( $incoming_data ); $slugs_global = static::get_default_slugs( $this->theme_json, array( 'settings' ) ); foreach ( $nodes as $node ) { // Replace the spacing.units. $path = $node['path']; $path[] = 'spacing'; $path[] = 'units'; $content = _wp_array_get( $incoming_data, $path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $path, $content ); } // Replace the presets. foreach ( static::PRESETS_METADATA as $preset_metadata ) { $prevent_override = $preset_metadata['prevent_override']; if ( is_array( $prevent_override ) ) { $global_path = array_merge( array( 'settings' ), $prevent_override ); $global_value = _wp_array_get( $this->theme_json, $global_path, null ); $node_level_path = array_merge( $node['path'], $prevent_override ); $prevent_override = _wp_array_get( $this->theme_json, $node_level_path, $global_value ); } foreach ( static::VALID_ORIGINS as $origin ) { $base_path = $node['path']; foreach ( $preset_metadata['path'] as $leaf ) { $base_path[] = $leaf; } $path = $base_path; $path[] = $origin; $content = _wp_array_get( $incoming_data, $path, null ); if ( ! isset( $content ) ) { continue; } // Set names for theme presets based on the slug if they are not set and can use default names. if ( 'theme' === $origin && $preset_metadata['use_default_names'] ) { foreach ( $content as $key => $item ) { if ( ! isset( $item['name'] ) ) { $name = static::get_name_from_defaults( $item['slug'], $base_path ); if ( null !== $name ) { $content[ $key ]['name'] = $name; } } } } // Filter out default slugs from theme presets when defaults should not be overridden. if ( 'theme' === $origin && $prevent_override ) { $slugs_node = static::get_default_slugs( $this->theme_json, $node['path'] ); $preset_global = _wp_array_get( $slugs_global, $preset_metadata['path'], array() ); $preset_node = _wp_array_get( $slugs_node, $preset_metadata['path'], array() ); $preset_slugs = array_merge_recursive( $preset_global, $preset_node ); $content = static::filter_slugs( $content, $preset_slugs ); } _wp_array_set( $this->theme_json, $path, $content ); } } } /* * Style values are merged at the leaf level, however * some values provide exceptions, namely style values that are * objects and represent unique definitions for the style. */ $style_nodes = static::get_block_nodes( $this->theme_json, array(), array( 'include_node_paths_only' => true ) ); // Add top-level styles. $style_nodes[] = array( 'path' => array( 'styles' ) ); foreach ( $style_nodes as $style_node ) { $path = $style_node['path']; /* * Background image styles should be replaced, not merged, * as they themselves are specific object definitions for the style. */ $background_image_path = array_merge( $path, static::PROPERTIES_METADATA['background-image'] ); $content = _wp_array_get( $incoming_data, $background_image_path, null ); if ( isset( $content ) ) { _wp_array_set( $this->theme_json, $background_image_path, $content ); } } } /** * Converts all filter (duotone) presets into SVGs. * * @since 5.9.1 * * @param array $origins List of origins to process. * @return string SVG filters. */ public function get_svg_filters( $origins ) { $blocks_metadata = static::get_blocks_metadata(); $setting_nodes = static::get_setting_nodes( $this->theme_json, $blocks_metadata ); $filters = ''; foreach ( $setting_nodes as $metadata ) { $node = _wp_array_get( $this->theme_json, $metadata['path'], array() ); if ( empty( $node['color']['duotone'] ) ) { continue; } $duotone_presets = $node['color']['duotone']; foreach ( $origins as $origin ) { if ( ! isset( $duotone_presets[ $origin ] ) ) { continue; } foreach ( $duotone_presets[ $origin ] as $duotone_preset ) { $filters .= WP_Duotone::get_filter_svg_from_preset( $duotone_preset ); } } } return $filters; } /** * Determines whether a presets should be overridden or not. * * @since 5.9.0 * @deprecated 6.0.0 Use {@see 'get_metadata_boolean'} instead. * * @param array $theme_json The theme.json like structure to inspect. * @param array $path Path to inspect. * @param bool|array $override Data to compute whether to override the preset. * @return bool */ protected static function should_override_preset( $theme_json, $path, $override ) { _deprecated_function( __METHOD__, '6.0.0', 'get_metadata_boolean' ); if ( is_bool( $override ) ) { return $override; } /* * The relationship between whether to override the defaults * and whether the defaults are enabled is inverse: * * - If defaults are enabled => theme presets should not be overridden * - If defaults are disabled => theme presets should be overridden * * For example, a theme sets defaultPalette to false, * making the default palette hidden from the user. * In that case, we want all the theme presets to be present, * so they should override the defaults. */ if ( is_array( $override ) ) { $value = _wp_array_get( $theme_json, array_merge( $path, $override ) ); if ( isset( $value ) ) { return ! $value; } // Search the top-level key if none was found for this node. $value = _wp_array_get( $theme_json, array_merge( array( 'settings' ), $override ) ); if ( isset( $value ) ) { return ! $value; } return true; } } /** * Returns the default slugs for all the presets in an associative array * whose keys are the preset paths and the leaves is the list of slugs. * * For example: * * array( * 'color' => array( * 'palette' => array( 'slug-1', 'slug-2' ), * 'gradients' => array( 'slug-3', 'slug-4' ), * ), * ) * * @since 5.9.0 * * @param array $data A theme.json like structure. * @param array $node_path The path to inspect. It's 'settings' by default. * @return array */ protected static function get_default_slugs( $data, $node_path ) { $slugs = array(); foreach ( static::PRESETS_METADATA as $metadata ) { $path = $node_path; foreach ( $metadata['path'] as $leaf ) { $path[] = $leaf; } $path[] = 'default'; $preset = _wp_array_get( $data, $path, null ); if ( ! isset( $preset ) ) { continue; } $slugs_for_preset = array(); foreach ( $preset as $item ) { if ( isset( $item['slug'] ) ) { $slugs_for_preset[] = $item['slug']; } } _wp_array_set( $slugs, $metadata['path'], $slugs_for_preset ); } return $slugs; } /** * Gets a `default`'s preset name by a provided slug. * * @since 5.9.0 * * @param string $slug The slug we want to find a match from default presets. * @param array $base_path The path to inspect. It's 'settings' by default. * @return string|null */ protected function get_name_from_defaults( $slug, $base_path ) { $path = $base_path; $path[] = 'default'; $default_content = _wp_array_get( $this->theme_json, $path, null ); if ( ! $default_content ) { return null; } foreach ( $default_content as $item ) { if ( $slug === $item['slug'] ) { return $item['name']; } } return null; } /** * Removes the preset values whose slug is equal to any of given slugs. * * @since 5.9.0 * * @param array $node The node with the presets to validate. * @param array $slugs The slugs that should not be overridden. * @return array The new node. */ protected static function filter_slugs( $node, $slugs ) { if ( empty( $slugs ) ) { return $node; } $new_node = array(); foreach ( $node as $value ) { if ( isset( $value['slug'] ) && ! in_array( $value['slug'], $slugs, true ) ) { $new_node[] = $value; } } return $new_node; } /** * Removes insecure data from theme.json. * * @since 5.9.0 * @since 6.3.2 Preserves global styles block variations when securing styles. * @since 6.6.0 Updated to allow variation element styles and $origin parameter. * * @param array $theme_json Structure to sanitize. * @param string $origin Optional. What source of data this object represents. * One of 'blocks', 'default', 'theme', or 'custom'. Default 'theme'. * @return array Sanitized structure. */ public static function remove_insecure_properties( $theme_json, $origin = 'theme' ) { if ( ! in_array( $origin, static::VALID_ORIGINS, true ) ) { $origin = 'theme'; } $sanitized = array(); $theme_json = WP_Theme_JSON_Schema::migrate( $theme_json, $origin ); $blocks_metadata = static::get_blocks_metadata(); $valid_block_names = array_keys( $blocks_metadata ); $valid_element_names = array_keys( static::ELEMENTS ); $valid_variations = static::get_valid_block_style_variations( $blocks_metadata ); $theme_json = static::sanitize( $theme_json, $valid_block_names, $valid_element_names, $valid_variations ); $blocks_metadata = static::get_blocks_metadata(); $style_options = array( 'include_block_style_variations' => true ); // Allow variations data. $style_nodes = static::get_style_nodes( $theme_json, $blocks_metadata, $style_options ); foreach ( $style_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } // The global styles custom CSS is not sanitized, but can only be edited by users with 'edit_css' capability. if ( isset( $input['css'] ) && current_user_can( 'edit_css' ) ) { $output = $input; } else { $output = static::remove_insecure_styles( $input ); } /* * Get a reference to element name from path. * $metadata['path'] = array( 'styles', 'elements', 'link' ); */ $current_element = $metadata['path'][ count( $metadata['path'] ) - 1 ]; /* * $output is stripped of pseudo selectors. Re-add and process them * or insecure styles here. */ if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] as $pseudo_selector ) { if ( isset( $input[ $pseudo_selector ] ) ) { $output[ $pseudo_selector ] = static::remove_insecure_styles( $input[ $pseudo_selector ] ); } } } if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } if ( isset( $metadata['variations'] ) ) { foreach ( $metadata['variations'] as $variation ) { $variation_input = _wp_array_get( $theme_json, $variation['path'], array() ); if ( empty( $variation_input ) ) { continue; } $variation_output = static::remove_insecure_styles( $variation_input ); if ( isset( $variation_input['blocks'] ) ) { $variation_output['blocks'] = static::remove_insecure_inner_block_styles( $variation_input['blocks'] ); } if ( isset( $variation_input['elements'] ) ) { $variation_output['elements'] = static::remove_insecure_element_styles( $variation_input['elements'] ); } if ( ! empty( $variation_output ) ) { _wp_array_set( $sanitized, $variation['path'], $variation_output ); } } } } $setting_nodes = static::get_setting_nodes( $theme_json ); foreach ( $setting_nodes as $metadata ) { $input = _wp_array_get( $theme_json, $metadata['path'], array() ); if ( empty( $input ) ) { continue; } $output = static::remove_insecure_settings( $input ); if ( ! empty( $output ) ) { _wp_array_set( $sanitized, $metadata['path'], $output ); } } if ( empty( $sanitized['styles'] ) ) { unset( $theme_json['styles'] ); } else { $theme_json['styles'] = $sanitized['styles']; } if ( empty( $sanitized['settings'] ) ) { unset( $theme_json['settings'] ); } else { $theme_json['settings'] = $sanitized['settings']; } return $theme_json; } /** * Remove insecure element styles within a variation or block. * * @since 6.8.0 * * @param array $elements The elements to process. * @return array The sanitized elements styles. */ protected static function remove_insecure_element_styles( $elements ) { $sanitized = array(); $valid_element_names = array_keys( static::ELEMENTS ); foreach ( $valid_element_names as $element_name ) { $element_input = $elements[ $element_name ] ?? null; if ( $element_input ) { $element_output = static::remove_insecure_styles( $element_input ); if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] ) ) { foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $element_name ] as $pseudo_selector ) { if ( isset( $element_input[ $pseudo_selector ] ) ) { $element_output[ $pseudo_selector ] = static::remove_insecure_styles( $element_input[ $pseudo_selector ] ); } } } $sanitized[ $element_name ] = $element_output; } } return $sanitized; } /** * Remove insecure styles from inner blocks and their elements. * * @since 6.8.0 * * @param array $blocks The block styles to process. * @return array Sanitized block type styles. */ protected static function remove_insecure_inner_block_styles( $blocks ) { $sanitized = array(); foreach ( $blocks as $block_type => $block_input ) { $block_output = static::remove_insecure_styles( $block_input ); if ( isset( $block_input['elements'] ) ) { $block_output['elements'] = static::remove_insecure_element_styles( $block_input['elements'] ); } $sanitized[ $block_type ] = $block_output; } return $sanitized; } /** * Processes a setting node and returns the same node * without the insecure settings. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_settings( $input ) { $output = array(); foreach ( static::PRESETS_METADATA as $preset_metadata ) { foreach ( static::VALID_ORIGINS as $origin ) { $path_with_origin = $preset_metadata['path']; $path_with_origin[] = $origin; $presets = _wp_array_get( $input, $path_with_origin, null ); if ( null === $presets ) { continue; } $escaped_preset = array(); foreach ( $presets as $preset ) { if ( esc_attr( esc_html( $preset['name'] ) ) === $preset['name'] && sanitize_html_class( $preset['slug'] ) === $preset['slug'] ) { $value = null; if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) { $value = $preset[ $preset_metadata['value_key'] ]; } elseif ( isset( $preset_metadata['value_func'] ) && is_callable( $preset_metadata['value_func'] ) ) { $value = call_user_func( $preset_metadata['value_func'], $preset ); } $preset_is_valid = true; foreach ( $preset_metadata['properties'] as $property ) { if ( ! static::is_safe_css_declaration( $property, $value ) ) { $preset_is_valid = false; break; } } if ( $preset_is_valid ) { $escaped_preset[] = $preset; } } } if ( ! empty( $escaped_preset ) ) { _wp_array_set( $output, $path_with_origin, $escaped_preset ); } } } // Ensure indirect properties not included in any `PRESETS_METADATA` value are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Processes a style node and returns the same node * without the insecure styles. * * @since 5.9.0 * * @param array $input Node to process. * @return array */ protected static function remove_insecure_styles( $input ) { $output = array(); $declarations = static::compute_style_properties( $input ); foreach ( $declarations as $declaration ) { if ( static::is_safe_css_declaration( $declaration['name'], $declaration['value'] ) ) { $path = static::PROPERTIES_METADATA[ $declaration['name'] ]; /* * Check the value isn't an array before adding so as to not * double up shorthand and longhand styles. */ $value = _wp_array_get( $input, $path, array() ); if ( ! is_array( $value ) ) { _wp_array_set( $output, $path, $value ); } } } // Ensure indirect properties not handled by `compute_style_properties` are allowed. static::remove_indirect_properties( $input, $output ); return $output; } /** * Checks that a declaration provided by the user is safe. * * @since 5.9.0 * * @param string $property_name Property name in a CSS declaration, i.e. the `color` in `color: red`. * @param string $property_value Value in a CSS declaration, i.e. the `red` in `color: red`. * @return bool */ protected static function is_safe_css_declaration( $property_name, $property_value ) { $style_to_validate = $property_name . ': ' . $property_value; $filtered = esc_html( safecss_filter_attr( $style_to_validate ) ); return ! empty( trim( $filtered ) ); } /** * Removes indirect properties from the given input node and * sets in the given output node. * * @since 6.2.0 * * @param array $input Node to process. * @param array $output The processed node. Passed by reference. */ private static function remove_indirect_properties( $input, &$output ) { foreach ( static::INDIRECT_PROPERTIES_METADATA as $property => $paths ) { foreach ( $paths as $path ) { $value = _wp_array_get( $input, $path ); if ( is_string( $value ) && static::is_safe_css_declaration( $property, $value ) ) { _wp_array_set( $output, $path, $value ); } } } } /** * Returns the raw data. * * @since 5.8.0 * * @return array Raw data. */ public function get_raw_data() { return $this->theme_json; } /** * Transforms the given editor settings according the * add_theme_support format to the theme.json format. * * @since 5.8.0 * * @param array $settings Existing editor settings. * @return array Config that adheres to the theme.json schema. */ public static function get_from_editor_settings( $settings ) { $theme_settings = array( 'version' => static::LATEST_SCHEMA, 'settings' => array(), ); // Deprecated theme supports. if ( isset( $settings['disableCustomColors'] ) ) { $theme_settings['settings']['color']['custom'] = ! $settings['disableCustomColors']; } if ( isset( $settings['disableCustomGradients'] ) ) { $theme_settings['settings']['color']['customGradient'] = ! $settings['disableCustomGradients']; } if ( isset( $settings['disableCustomFontSizes'] ) ) { $theme_settings['settings']['typography']['customFontSize'] = ! $settings['disableCustomFontSizes']; } if ( isset( $settings['enableCustomLineHeight'] ) ) { $theme_settings['settings']['typography']['lineHeight'] = $settings['enableCustomLineHeight']; } if ( isset( $settings['enableCustomUnits'] ) ) { $theme_settings['settings']['spacing']['units'] = ( true === $settings['enableCustomUnits'] ) ? array( 'px', 'em', 'rem', 'vh', 'vw', '%' ) : $settings['enableCustomUnits']; } if ( isset( $settings['colors'] ) ) { $theme_settings['settings']['color']['palette'] = $settings['colors']; } if ( isset( $settings['gradients'] ) ) { $theme_settings['settings']['color']['gradients'] = $settings['gradients']; } if ( isset( $settings['fontSizes'] ) ) { $font_sizes = $settings['fontSizes']; // Back-compatibility for presets without units. foreach ( $font_sizes as $key => $font_size ) { if ( is_numeric( $font_size['size'] ) ) { $font_sizes[ $key ]['size'] = $font_size['size'] . 'px'; } } $theme_settings['settings']['typography']['fontSizes'] = $font_sizes; } if ( isset( $settings['enableCustomSpacing'] ) ) { $theme_settings['settings']['spacing']['padding'] = $settings['enableCustomSpacing']; } if ( isset( $settings['spacingSizes'] ) ) { $theme_settings['settings']['spacing']['spacingSizes'] = $settings['spacingSizes']; } return $theme_settings; } /** * Returns the current theme's wanted patterns(slugs) to be * registered from Pattern Directory. * * @since 6.0.0 * * @return string[] */ public function get_patterns() { if ( isset( $this->theme_json['patterns'] ) && is_array( $this->theme_json['patterns'] ) ) { return $this->theme_json['patterns']; } return array(); } /** * Returns a valid theme.json as provided by a theme. * * Unlike get_raw_data() this returns the presets flattened, as provided by a theme. * This also uses appearanceTools instead of their opt-ins if all of them are true. * * @since 6.0.0 * * @return array */ public function get_data() { $output = $this->theme_json; $nodes = static::get_setting_nodes( $output ); /** * Flatten the theme & custom origins into a single one. * * For example, the following: * * { * "settings": { * "color": { * "palette": { * "theme": [ {} ], * "custom": [ {} ] * } * } * } * } * * will be converted to: * * { * "settings": { * "color": { * "palette": [ {} ] * } * } * } */ foreach ( $nodes as $node ) { foreach ( static::PRESETS_METADATA as $preset_metadata ) { $path = $node['path']; foreach ( $preset_metadata['path'] as $preset_metadata_path ) { $path[] = $preset_metadata_path; } $preset = _wp_array_get( $output, $path, null ); if ( null === $preset ) { continue; } $items = array(); if ( isset( $preset['theme'] ) ) { foreach ( $preset['theme'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } if ( isset( $preset['custom'] ) ) { foreach ( $preset['custom'] as $item ) { $slug = $item['slug']; unset( $item['slug'] ); $items[ $slug ] = $item; } } $flattened_preset = array(); foreach ( $items as $slug => $value ) { $flattened_preset[] = array_merge( array( 'slug' => (string) $slug ), $value ); } _wp_array_set( $output, $path, $flattened_preset ); } } /* * If all of the static::APPEARANCE_TOOLS_OPT_INS are true, * this code unsets them and sets 'appearanceTools' instead. */ foreach ( $nodes as $node ) { $all_opt_ins_are_set = true; foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( 'unset prop' === $opt_in_value ) { $all_opt_ins_are_set = false; break; } } if ( $all_opt_ins_are_set ) { $node_path_with_appearance_tools = $node['path']; $node_path_with_appearance_tools[] = 'appearanceTools'; _wp_array_set( $output, $node_path_with_appearance_tools, true ); foreach ( static::APPEARANCE_TOOLS_OPT_INS as $opt_in_path ) { $full_path = $node['path']; foreach ( $opt_in_path as $opt_in_path_item ) { $full_path[] = $opt_in_path_item; } /* * Use "unset prop" as a marker instead of "null" because * "null" can be a valid value for some props (e.g. blockGap). */ $opt_in_value = _wp_array_get( $output, $full_path, 'unset prop' ); if ( true !== $opt_in_value ) { continue; } /* * The following could be improved to be path independent. * At the moment it relies on a couple of assumptions: * * - all opt-ins having a path of size 2. * - there's two sources of settings: the top-level and the block-level. */ if ( ( 1 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) ) { // Top-level settings. unset( $output['settings'][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings'][ $opt_in_path[0] ] ) ) { unset( $output['settings'][ $opt_in_path[0] ] ); } } elseif ( ( 3 === count( $node['path'] ) ) && ( 'settings' === $node['path'][0] ) && ( 'blocks' === $node['path'][1] ) ) { // Block-level settings. $block_name = $node['path'][2]; unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ][ $opt_in_path[1] ] ); if ( empty( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ) ) { unset( $output['settings']['blocks'][ $block_name ][ $opt_in_path[0] ] ); } } } } } wp_recursive_ksort( $output ); return $output; } /** * Sets the spacingSizes array based on the spacingScale values from theme.json. * * @since 6.1.0 * @deprecated 6.6.0 No longer used as the spacingSizes are automatically * generated in the constructor and merge methods instead * of manually after instantiation. * * @return null|void */ public function set_spacing_sizes() { _deprecated_function( __METHOD__, '6.6.0' ); $spacing_scale = isset( $this->theme_json['settings']['spacing']['spacingScale'] ) ? $this->theme_json['settings']['spacing']['spacingScale'] : array(); if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || ! isset( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) ) { if ( ! empty( $spacing_scale ) ) { wp_trigger_error( __METHOD__, sprintf( /* translators: 1: theme.json, 2: settings.spacing.spacingScale */ __( 'Some of the %1$s %2$s values are invalid' ), 'theme.json', 'settings.spacing.spacingScale' ), E_USER_NOTICE ); } return null; } // If theme authors want to prevent the generation of the core spacing scale they can set their theme.json spacingScale.steps to 0. if ( 0 === $spacing_scale['steps'] ) { return null; } $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); // If there are 7 or fewer steps in the scale revert to numbers for labels instead of t-shirt sizes. if ( $spacing_scale['steps'] <= 7 ) { for ( $spacing_sizes_count = 0; $spacing_sizes_count < count( $spacing_sizes ); $spacing_sizes_count++ ) { $spacing_sizes[ $spacing_sizes_count ]['name'] = (string) ( $spacing_sizes_count + 1 ); } } _wp_array_set( $this->theme_json, array( 'settings', 'spacing', 'spacingSizes', 'default' ), $spacing_sizes ); } /** * Merges two sets of spacing size presets. * * @since 6.6.0 * * @param array $base The base set of spacing sizes. * @param array $incoming The set of spacing sizes to merge with the base. Duplicate slugs will override the base values. * @return array The merged set of spacing sizes. */ private static function merge_spacing_sizes( $base, $incoming ) { // Preserve the order if there are no base (spacingScale) values. if ( empty( $base ) ) { return $incoming; } $merged = array(); foreach ( $base as $item ) { $merged[ $item['slug'] ] = $item; } foreach ( $incoming as $item ) { $merged[ $item['slug'] ] = $item; } ksort( $merged, SORT_NUMERIC ); return array_values( $merged ); } /** * Generates a set of spacing sizes by starting with a medium size and * applying an operator with an increment value to generate the rest of the * sizes outward from the medium size. The medium slug is '50' with the rest * of the slugs being 10 apart. The generated names use t-shirt sizing. * * Example: * * $spacing_scale = array( * 'steps' => 4, * 'mediumStep' => 16, * 'unit' => 'px', * 'operator' => '+', * 'increment' => 2, * ); * $spacing_sizes = static::compute_spacing_sizes( $spacing_scale ); * // -> array( * // array( 'name' => 'Small', 'slug' => '40', 'size' => '14px' ), * // array( 'name' => 'Medium', 'slug' => '50', 'size' => '16px' ), * // array( 'name' => 'Large', 'slug' => '60', 'size' => '18px' ), * // array( 'name' => 'X-Large', 'slug' => '70', 'size' => '20px' ), * // ) * * @since 6.6.0 * * @param array $spacing_scale { * The spacing scale values. All are required. * * @type int $steps The number of steps in the scale. (up to 10 steps are supported.) * @type float $mediumStep The middle value that gets the slug '50'. (For even number of steps, this becomes the first middle value.) * @type string $unit The CSS unit to use for the sizes. * @type string $operator The mathematical operator to apply to generate the other sizes. Either '+' or '*'. * @type float $increment The value used with the operator to generate the other sizes. * } * @return array The spacing sizes presets or an empty array if some spacing scale values are missing or invalid. */ private static function compute_spacing_sizes( $spacing_scale ) { /* * This condition is intentionally missing some checks on ranges for the values in order to * keep backwards compatibility with the previous implementation. */ if ( ! isset( $spacing_scale['steps'] ) || ! is_numeric( $spacing_scale['steps'] ) || 0 === $spacing_scale['steps'] || ! isset( $spacing_scale['mediumStep'] ) || ! is_numeric( $spacing_scale['mediumStep'] ) || ! isset( $spacing_scale['unit'] ) || ! isset( $spacing_scale['operator'] ) || ( '+' !== $spacing_scale['operator'] && '*' !== $spacing_scale['operator'] ) || ! isset( $spacing_scale['increment'] ) || ! is_numeric( $spacing_scale['increment'] ) ) { return array(); } $unit = '%' === $spacing_scale['unit'] ? '%' : sanitize_title( $spacing_scale['unit'] ); $current_step = $spacing_scale['mediumStep']; $steps_mid_point = round( $spacing_scale['steps'] / 2, 0 ); $x_small_count = null; $below_sizes = array(); $slug = 40; $remainder = 0; for ( $below_midpoint_count = $steps_mid_point - 1; $spacing_scale['steps'] > 1 && $slug > 0 && $below_midpoint_count > 0; $below_midpoint_count-- ) { if ( '+' === $spacing_scale['operator'] ) { $current_step -= $spacing_scale['increment']; } elseif ( $spacing_scale['increment'] > 1 ) { $current_step /= $spacing_scale['increment']; } else { $current_step *= $spacing_scale['increment']; } if ( $current_step <= 0 ) { $remainder = $below_midpoint_count; break; } $below_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Small. */ 'name' => $below_midpoint_count === $steps_mid_point - 1 ? __( 'Small' ) : sprintf( __( '%sX-Small' ), (string) $x_small_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( $below_midpoint_count === $steps_mid_point - 2 ) { $x_small_count = 2; } if ( $below_midpoint_count < $steps_mid_point - 2 ) { ++$x_small_count; } $slug -= 10; } $below_sizes = array_reverse( $below_sizes ); $below_sizes[] = array( 'name' => __( 'Medium' ), 'slug' => '50', 'size' => $spacing_scale['mediumStep'] . $unit, ); $current_step = $spacing_scale['mediumStep']; $x_large_count = null; $above_sizes = array(); $slug = 60; $steps_above = ( $spacing_scale['steps'] - $steps_mid_point ) + $remainder; for ( $above_midpoint_count = 0; $above_midpoint_count < $steps_above; $above_midpoint_count++ ) { $current_step = '+' === $spacing_scale['operator'] ? $current_step + $spacing_scale['increment'] : ( $spacing_scale['increment'] >= 1 ? $current_step * $spacing_scale['increment'] : $current_step / $spacing_scale['increment'] ); $above_sizes[] = array( /* translators: %s: Digit to indicate multiple of sizing, eg. 2X-Large. */ 'name' => 0 === $above_midpoint_count ? __( 'Large' ) : sprintf( __( '%sX-Large' ), (string) $x_large_count ), 'slug' => (string) $slug, 'size' => round( $current_step, 2 ) . $unit, ); if ( 1 === $above_midpoint_count ) { $x_large_count = 2; } if ( $above_midpoint_count > 1 ) { ++$x_large_count; } $slug += 10; } $spacing_sizes = $below_sizes; foreach ( $above_sizes as $above_sizes_item ) { $spacing_sizes[] = $above_sizes_item; } return $spacing_sizes; } /** * This is used to convert the internal representation of variables to the CSS representation. * For example, `var:preset|color|vivid-green-cyan` becomes `var(--wp--preset--color--vivid-green-cyan)`. * * @since 6.3.0 * * @param string $value The variable such as var:preset|color|vivid-green-cyan to convert. * @return string The converted variable. */ private static function convert_custom_properties( $value ) { $prefix = 'var:'; $prefix_len = strlen( $prefix ); $token_in = '|'; $token_out = '--'; if ( str_starts_with( $value, $prefix ) ) { $unwrapped_name = str_replace( $token_in, $token_out, substr( $value, $prefix_len ) ); $value = "var(--wp--$unwrapped_name)"; } return $value; } /** * Given a tree, converts the internal representation of variables to the CSS representation. * It is recursive and modifies the input in-place. * * @since 6.3.0 * * @param array $tree Input to process. * @return array The modified $tree. */ private static function resolve_custom_css_format( $tree ) { $prefix = 'var:'; foreach ( $tree as $key => $data ) { if ( is_string( $data ) && str_starts_with( $data, $prefix ) ) { $tree[ $key ] = self::convert_custom_properties( $data ); } elseif ( is_array( $data ) ) { $tree[ $key ] = self::resolve_custom_css_format( $data ); } } return $tree; } /** * Returns the selectors metadata for a block. * * @since 6.3.0 * * @param object $block_type The block type. * @param string $root_selector The block's root selector. * @return array The custom selectors set by the block. */ protected static function get_block_selectors( $block_type, $root_selector ) { if ( ! empty( $block_type->selectors ) ) { return $block_type->selectors; } $selectors = array( 'root' => $root_selector ); foreach ( static::BLOCK_SUPPORT_FEATURE_LEVEL_SELECTORS as $key => $feature ) { $feature_selector = wp_get_block_css_selector( $block_type, $key ); if ( null !== $feature_selector ) { $selectors[ $feature ] = array( 'root' => $feature_selector ); } } return $selectors; } /** * Generates all the element selectors for a block. * * @since 6.3.0 * * @param string $root_selector The block's root CSS selector. * @return array The block's element selectors. */ protected static function get_block_element_selectors( $root_selector ) { /* * Assign defaults, then override those that the block sets by itself. * If the block selector is compounded, will append the element to each * individual block selector. */ $block_selectors = explode( ',', $root_selector ); $element_selectors = array(); foreach ( static::ELEMENTS as $el_name => $el_selector ) { $element_selector = array(); foreach ( $block_selectors as $selector ) { if ( $selector === $el_selector ) { $element_selector = array( $el_selector ); break; } $element_selector[] = static::prepend_to_selector( $el_selector, $selector . ' ' ); } $element_selectors[ $el_name ] = implode( ',', $element_selector ); } return $element_selectors; } /** * Generates style declarations for a node's features e.g., color, border, * typography etc. that have custom selectors in their related block's * metadata. * * @since 6.3.0 * * @param object $metadata The related block metadata containing selectors. * @param object $node A merged theme.json node for block or variation. * @return array The style declarations for the node's features with custom * selectors. */ protected function get_feature_declarations_for_node( $metadata, &$node ) { $declarations = array(); if ( ! isset( $metadata['selectors'] ) ) { return $declarations; } $settings = isset( $this->theme_json['settings'] ) ? $this->theme_json['settings'] : array(); foreach ( $metadata['selectors'] as $feature => $feature_selectors ) { /* * Skip if this is the block's root selector or the block doesn't * have any styles for the feature. */ if ( 'root' === $feature || empty( $node[ $feature ] ) ) { continue; } if ( is_array( $feature_selectors ) ) { foreach ( $feature_selectors as $subfeature => $subfeature_selector ) { if ( 'root' === $subfeature || empty( $node[ $feature ][ $subfeature ] ) ) { continue; } /* * Create temporary node containing only the subfeature data * to leverage existing `compute_style_properties` function. */ $subfeature_node = array( $feature => array( $subfeature => $node[ $feature ][ $subfeature ], ), ); // Generate style declarations. $new_declarations = static::compute_style_properties( $subfeature_node, $settings, null, $this->theme_json ); // Merge subfeature declarations into feature declarations. if ( isset( $declarations[ $subfeature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $subfeature_selector ][] = $new_declaration; } } else { $declarations[ $subfeature_selector ] = $new_declarations; } /* * Remove the subfeature from the block's node now its * styles will be included under its own selector not the * block's. */ unset( $node[ $feature ][ $subfeature ] ); } } /* * Now subfeatures have been processed and removed we can process * feature root selector or simple string selector. */ if ( is_string( $feature_selectors ) || ( isset( $feature_selectors['root'] ) && $feature_selectors['root'] ) ) { $feature_selector = is_string( $feature_selectors ) ? $feature_selectors : $feature_selectors['root']; /* * Create temporary node containing only the feature data * to leverage existing `compute_style_properties` function. */ $feature_node = array( $feature => $node[ $feature ] ); // Generate the style declarations. $new_declarations = static::compute_style_properties( $feature_node, $settings, null, $this->theme_json ); /* * Merge new declarations with any that already exist for * the feature selector. This may occur when multiple block * support features use the same custom selector. */ if ( isset( $declarations[ $feature_selector ] ) ) { foreach ( $new_declarations as $new_declaration ) { $declarations[ $feature_selector ][] = $new_declaration; } } else { $declarations[ $feature_selector ] = $new_declarations; } /* * Remove the feature from the block's node now its styles * will be included under its own selector not the block's. */ unset( $node[ $feature ] ); } } return $declarations; } /** * Replaces CSS variables with their values in place. * * @since 6.3.0 * @since 6.5.0 Check for empty style before processing its value. * * @param array $styles CSS declarations to convert. * @param array $values key => value pairs to use for replacement. * @return array */ private static function convert_variables_to_value( $styles, $values ) { foreach ( $styles as $key => $style ) { if ( empty( $style ) ) { continue; } if ( is_array( $style ) ) { $styles[ $key ] = self::convert_variables_to_value( $style, $values ); continue; } if ( 0 <= strpos( $style, 'var(' ) ) { // find all the variables in the string in the form of var(--variable-name, fallback), with fallback in the second capture group. $has_matches = preg_match_all( '/var\(([^),]+)?,?\s?(\S+)?\)/', $style, $var_parts ); if ( $has_matches ) { $resolved_style = $styles[ $key ]; foreach ( $var_parts[1] as $index => $var_part ) { $key_in_values = 'var(' . $var_part . ')'; $rule_to_replace = $var_parts[0][ $index ]; // the css rule to replace e.g. var(--wp--preset--color--vivid-green-cyan). $fallback = $var_parts[2][ $index ]; // the fallback value. $resolved_style = str_replace( array( $rule_to_replace, $fallback, ), array( isset( $values[ $key_in_values ] ) ? $values[ $key_in_values ] : $rule_to_replace, isset( $values[ $fallback ] ) ? $values[ $fallback ] : $fallback, ), $resolved_style ); } $styles[ $key ] = $resolved_style; } } } return $styles; } /** * Resolves the values of CSS variables in the given styles. * * @since 6.3.0 * * @param WP_Theme_JSON $theme_json The theme json resolver. * @return WP_Theme_JSON The $theme_json with resolved variables. */ public static function resolve_variables( $theme_json ) { $settings = $theme_json->get_settings(); $styles = $theme_json->get_raw_data()['styles']; $preset_vars = static::compute_preset_vars( $settings, static::VALID_ORIGINS ); $theme_vars = static::compute_theme_vars( $settings ); $vars = array_reduce( array_merge( $preset_vars, $theme_vars ), function ( $carry, $item ) { $name = $item['name']; $carry[ "var({$name})" ] = $item['value']; return $carry; }, array() ); $theme_json->theme_json['styles'] = self::convert_variables_to_value( $styles, $vars ); return $theme_json; } /** * Generates a selector for a block style variation. * * @since 6.5.0 * * @param string $variation_name Name of the block style variation. * @param string $block_selector CSS selector for the block. * @return string Block selector with block style variation selector added to it. */ protected static function get_block_style_variation_selector( $variation_name, $block_selector ) { $variation_class = ".is-style-$variation_name"; if ( ! $block_selector ) { return $variation_class; } $limit = 1; $selector_parts = explode( ',', $block_selector ); $result = array(); foreach ( $selector_parts as $part ) { $result[] = preg_replace_callback( '/((?::\([^)]+\))?\s*)([^\s:]+)/', function ( $matches ) use ( $variation_class ) { return $matches[1] . $matches[2] . $variation_class; }, $part, $limit ); } return implode( ',', $result ); } /** * Collects valid block style variations keyed by block type. * * @since 6.6.0 * @since 6.8.0 Added the `$blocks_metadata` parameter. * * @param array $blocks_metadata Optional. List of metadata per block. Default is the metadata for all blocks. * @return array Valid block style variations by block type. */ protected static function get_valid_block_style_variations( $blocks_metadata = array() ) { $valid_variations = array(); $blocks_metadata = empty( $blocks_metadata ) ? static::get_blocks_metadata() : $blocks_metadata; foreach ( $blocks_metadata as $block_name => $block_meta ) { if ( ! isset( $block_meta['styleVariations'] ) ) { continue; } $valid_variations[ $block_name ] = array_keys( $block_meta['styleVariations'] ); } return $valid_variations; } } HTTP/Parser-20260605053343.php 0000666 00000035551 15226703613 0010676 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Response Parser * @template Psr7Compatible of bool */ class Parser { /** * HTTP Version * * @var float */ public $http_version = 0.0; /** * Status code * * @var int */ public $status_code = 0; /** * Reason phrase * * @var string */ public $reason = ''; /** * @var Psr7Compatible whether headers are compatible with PSR-7 format. */ private $psr7Compatible; /** * Key/value pairs of the headers * * @var (Psr7Compatible is true ? array<string, non-empty-array<string>> : array<string, string>) */ public $headers = []; /** * Body of the response * * @var string */ public $body = ''; private const STATE_HTTP_VERSION = 'http_version'; private const STATE_STATUS = 'status'; private const STATE_REASON = 'reason'; private const STATE_NEW_LINE = 'new_line'; private const STATE_BODY = 'body'; private const STATE_NAME = 'name'; private const STATE_VALUE = 'value'; private const STATE_VALUE_CHAR = 'value_char'; private const STATE_QUOTE = 'quote'; private const STATE_QUOTE_ESCAPED = 'quote_escaped'; private const STATE_QUOTE_CHAR = 'quote_char'; private const STATE_CHUNKED = 'chunked'; private const STATE_EMIT = 'emit'; private const STATE_ERROR = false; /** * Current state of the state machine * * @var self::STATE_* */ protected $state = self::STATE_HTTP_VERSION; /** * Input data * * @var string */ protected $data = ''; /** * Input data length (to avoid calling strlen() everytime this is needed) * * @var int */ protected $data_length = 0; /** * Current position of the pointer * * @var int */ protected $position = 0; /** * Name of the header currently being parsed * * @var string */ protected $name = ''; /** * Value of the header currently being parsed * * @var string */ protected $value = ''; /** * Create an instance of the class with the input data * * @param string $data Input data * @param Psr7Compatible $psr7Compatible Whether the data types are in format compatible with PSR-7. */ public function __construct(string $data, bool $psr7Compatible = false) { $this->data = $data; $this->data_length = strlen($this->data); $this->psr7Compatible = $psr7Compatible; } /** * Parse the input data * * @return bool true on success, false on failure */ public function parse() { while ($this->state && $this->state !== self::STATE_EMIT && $this->has_data()) { $state = $this->state; $this->$state(); } $this->data = ''; if ($this->state === self::STATE_EMIT || $this->state === self::STATE_BODY) { return true; } // Reset the parser state. $this->http_version = 0.0; $this->status_code = 0; $this->reason = ''; $this->headers = []; $this->body = ''; return false; } /** * Check whether there is data beyond the pointer * * @return bool true if there is further data, false if not */ protected function has_data() { return (bool) ($this->position < $this->data_length); } /** * See if the next character is LWS * * @return bool true if the next character is LWS, false if not */ protected function is_linear_whitespace() { return (bool) ($this->data[$this->position] === "\x09" || $this->data[$this->position] === "\x20" || ($this->data[$this->position] === "\x0A" && isset($this->data[$this->position + 1]) && ($this->data[$this->position + 1] === "\x09" || $this->data[$this->position + 1] === "\x20"))); } /** * Parse the HTTP version * @return void */ protected function http_version() { if (strpos($this->data, "\x0A") !== false && strtoupper(substr($this->data, 0, 5)) === 'HTTP/') { $len = strspn($this->data, '0123456789.', 5); $http_version = substr($this->data, 5, $len); $this->position += 5 + $len; if (substr_count($http_version, '.') <= 1) { $this->http_version = (float) $http_version; $this->position += strspn($this->data, "\x09\x20", $this->position); $this->state = self::STATE_STATUS; } else { $this->state = self::STATE_ERROR; } } else { $this->state = self::STATE_ERROR; } } /** * Parse the status code * @return void */ protected function status() { if ($len = strspn($this->data, '0123456789', $this->position)) { $this->status_code = (int) substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_REASON; } else { $this->state = self::STATE_ERROR; } } /** * Parse the reason phrase * @return void */ protected function reason() { $len = strcspn($this->data, "\x0A", $this->position); $this->reason = trim(substr($this->data, $this->position, $len), "\x09\x0D\x20"); $this->position += $len + 1; $this->state = self::STATE_NEW_LINE; } private function add_header(string $name, string $value): void { if ($this->psr7Compatible) { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, non-empty-array<string>> */ $headers = &$this->headers; $headers[$name][] = $value; } else { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, string>) */ $headers = &$this->headers; $headers[$name] .= ', ' . $value; } } private function replace_header(string $name, string $value): void { if ($this->psr7Compatible) { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, non-empty-array<string>> */ $headers = &$this->headers; $headers[$name] = [$value]; } else { // For PHPStan: should be enforced by template parameter but PHPStan is not smart enough. /** @var array<string, string>) */ $headers = &$this->headers; $headers[$name] = $value; } } /** * Deal with a new line, shifting data around as needed * @return void */ protected function new_line() { $this->value = trim($this->value, "\x0D\x20"); if ($this->name !== '' && $this->value !== '') { $this->name = strtolower($this->name); // We should only use the last Content-Type header. c.f. issue #1 if (isset($this->headers[$this->name]) && $this->name !== 'content-type') { $this->add_header($this->name, $this->value); } else { $this->replace_header($this->name, $this->value); } } $this->name = ''; $this->value = ''; if (substr($this->data[$this->position], 0, 2) === "\x0D\x0A") { $this->position += 2; $this->state = self::STATE_BODY; } elseif ($this->data[$this->position] === "\x0A") { $this->position++; $this->state = self::STATE_BODY; } else { $this->state = self::STATE_NAME; } } /** * Parse a header name * @return void */ protected function name() { $len = strcspn($this->data, "\x0A:", $this->position); if (isset($this->data[$this->position + $len])) { if ($this->data[$this->position + $len] === "\x0A") { $this->position += $len; $this->state = self::STATE_NEW_LINE; } else { $this->name = substr($this->data, $this->position, $len); $this->position += $len + 1; $this->state = self::STATE_VALUE; } } else { $this->state = self::STATE_ERROR; } } /** * Parse LWS, replacing consecutive LWS characters with a single space * @return void */ protected function linear_whitespace() { do { if (substr($this->data, $this->position, 2) === "\x0D\x0A") { $this->position += 2; } elseif ($this->data[$this->position] === "\x0A") { $this->position++; } $this->position += strspn($this->data, "\x09\x20", $this->position); } while ($this->has_data() && $this->is_linear_whitespace()); $this->value .= "\x20"; } /** * See what state to move to while within non-quoted header values * @return void */ protected function value() { if ($this->is_linear_whitespace()) { $this->linear_whitespace(); } else { switch ($this->data[$this->position]) { case '"': // Workaround for ETags: we have to include the quotes as // part of the tag. if (strtolower($this->name) === 'etag') { $this->value .= '"'; $this->position++; $this->state = self::STATE_VALUE_CHAR; break; } $this->position++; $this->state = self::STATE_QUOTE; break; case "\x0A": $this->position++; $this->state = self::STATE_NEW_LINE; break; default: $this->state = self::STATE_VALUE_CHAR; break; } } } /** * Parse a header value while outside quotes * @return void */ protected function value_char() { $len = strcspn($this->data, "\x09\x20\x0A\"", $this->position); $this->value .= substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_VALUE; } /** * See what state to move to while within quoted header values * @return void */ protected function quote() { if ($this->is_linear_whitespace()) { $this->linear_whitespace(); } else { switch ($this->data[$this->position]) { case '"': $this->position++; $this->state = self::STATE_VALUE; break; case "\x0A": $this->position++; $this->state = self::STATE_NEW_LINE; break; case '\\': $this->position++; $this->state = self::STATE_QUOTE_ESCAPED; break; default: $this->state = self::STATE_QUOTE_CHAR; break; } } } /** * Parse a header value while within quotes * @return void */ protected function quote_char() { $len = strcspn($this->data, "\x09\x20\x0A\"\\", $this->position); $this->value .= substr($this->data, $this->position, $len); $this->position += $len; $this->state = self::STATE_VALUE; } /** * Parse an escaped character within quotes * @return void */ protected function quote_escaped() { $this->value .= $this->data[$this->position]; $this->position++; $this->state = self::STATE_QUOTE; } /** * Parse the body * @return void */ protected function body() { $this->body = substr($this->data, $this->position); if (!empty($this->headers['transfer-encoding'])) { unset($this->headers['transfer-encoding']); $this->state = self::STATE_CHUNKED; } else { $this->state = self::STATE_EMIT; } } /** * Parsed a "Transfer-Encoding: chunked" body * @return void */ protected function chunked() { if (!preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', trim($this->body))) { $this->state = self::STATE_EMIT; return; } $decoded = ''; $encoded = $this->body; while (true) { $is_chunked = (bool) preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', $encoded, $matches); if (!$is_chunked) { // Looks like it's not chunked after all $this->state = self::STATE_EMIT; return; } $length = hexdec(trim($matches[1])); // For PHPStan: this will only be float when larger than PHP_INT_MAX. // But even on 32-bit systems, it would mean 2GiB chunk, which sounds unlikely. \assert(\is_int($length), "Length needs to be shorter than PHP_INT_MAX"); if ($length === 0) { // Ignore trailer headers $this->state = self::STATE_EMIT; $this->body = $decoded; return; } $chunk_length = strlen($matches[0]); $decoded .= substr($encoded, $chunk_length, $length); $encoded = substr($encoded, $chunk_length + $length + 2); // BC for PHP < 8.0: substr() can return bool instead of string $encoded = ($encoded === false) ? '' : $encoded; if (trim($encoded) === '0' || empty($encoded)) { $this->state = self::STATE_EMIT; $this->body = $decoded; return; } } } /** * Prepare headers (take care of proxies headers) * * @param string $headers Raw headers * @param non-negative-int $count Redirection count. Default to 1. * * @return string */ public static function prepareHeaders(string $headers, int $count = 1) { $data = explode("\r\n\r\n", $headers, $count); $data = array_pop($data); if (false !== stripos($data, "HTTP/1.0 200 Connection established\r\n")) { $exploded = explode("\r\n\r\n", $data, 2); $data = end($exploded); } if (false !== stripos($data, "HTTP/1.1 200 Connection established\r\n")) { $exploded = explode("\r\n\r\n", $data, 2); $data = end($exploded); } return $data; } } class_alias('SimplePie\HTTP\Parser', 'SimplePie_HTTP_Parser'); HTTP/https-migration-20260606032426.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605225728.php 0000666 00000011205 15226703613 0012571 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606072415-20260608022156.php 0000666 00000011205 15226703613 0014150 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606074155-20260608125006.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605070331-20260607092001.php 0000666 00000011205 15226703613 0014135 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605174541.php 0000666 00000013341 15226703613 0012555 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605090852-20260608022904.php 0000666 00000011205 15226703613 0014155 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605124943.php 0000666 00000011205 15226703613 0012566 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Exception-20260605063633.php 0000666 00000000543 15226703613 0011374 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; use Exception as NativeException; /** * General SimplePie exception class */ class Exception extends NativeException { } class_alias('SimplePie\Exception', 'SimplePie_Exception'); HTTP/https-migration-20260608120112-20260610075539.php 0000666 00000011205 15226703613 0014144 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605133534-20260606164316.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-dependency.php 0000666 00000005111 15226703613 0011710 0 ustar 00 <?php /** * Dependencies API: _WP_Dependency class * * @since 4.7.0 * * @package WordPress * @subpackage Dependencies */ /** * Class _WP_Dependency * * Helper class to register a handle and associated data. * * @access private * @since 2.6.0 */ #[AllowDynamicProperties] class _WP_Dependency { /** * The handle name. * * @since 2.6.0 * @var string */ public $handle; /** * The handle source. * * If source is set to false, the item is an alias of other items it depends on. * * @since 2.6.0 * @var string|false */ public $src; /** * An array of handle dependencies. * * @since 2.6.0 * @var string[] */ public $deps = array(); /** * The handle version. * * Used for cache-busting. * * @since 2.6.0 * @var string|false|null */ public $ver = false; /** * Additional arguments for the handle. * * @since 2.6.0 * @var mixed */ public $args = null; // Custom property, such as $in_footer or $media. /** * Extra data to supply to the handle. * * @since 2.6.0 * @var array */ public $extra = array(); /** * Translation textdomain set for this dependency. * * @since 5.0.0 * @var string */ public $textdomain; /** * Translation path set for this dependency. * * @since 5.0.0 * @var string */ public $translations_path; /** * Setup dependencies. * * @since 2.6.0 * @since 5.3.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @param mixed ...$args Dependency information. */ public function __construct( ...$args ) { list( $this->handle, $this->src, $this->deps, $this->ver, $this->args ) = $args; if ( ! is_array( $this->deps ) ) { $this->deps = array(); } } /** * Add handle data. * * @since 2.6.0 * * @param string $name The data key to add. * @param mixed $data The data value to add. * @return bool False if not scalar, true otherwise. */ public function add_data( $name, $data ) { if ( ! is_scalar( $name ) ) { return false; } $this->extra[ $name ] = $data; return true; } /** * Sets the translation domain for this dependency. * * @since 5.0.0 * * @param string $domain The translation textdomain. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool False if $domain is not a string, true otherwise. */ public function set_translations( $domain, $path = '' ) { if ( ! is_string( $domain ) ) { return false; } $this->textdomain = $domain; $this->translations_path = $path; return true; } } HTTP/class-wp-http-encoding-20260605093802.php 0000666 00000015041 15226703613 0013730 0 ustar 00 <?php /** * HTTP API: WP_Http_Encoding class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement deflate and gzip transfer encoding support for HTTP requests. * * Includes RFC 1950, RFC 1951, and RFC 1952. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Http_Encoding { /** * Compress raw string using the deflate format. * * Supports the RFC 1951 standard. * * @since 2.8.0 * * @param string $raw String to compress. * @param int $level Optional. Compression level, 9 is highest. Default 9. * @param string $supports Optional, not used. When implemented it will choose * the right compression based on what the server supports. * @return string|false Compressed string on success, false on failure. */ public static function compress( $raw, $level = 9, $supports = null ) { return gzdeflate( $raw, $level ); } /** * Decompression of deflated string. * * Will attempt to decompress using the RFC 1950 standard, and if that fails * then the RFC 1951 standard deflate will be attempted. Finally, the RFC * 1952 standard gzip decode will be attempted. If all fail, then the * original compressed string will be returned. * * @since 2.8.0 * * @param string $compressed String to decompress. * @param int $length The optional length of the compressed data. * @return string|false Decompressed string on success, false on failure. */ public static function decompress( $compressed, $length = null ) { if ( empty( $compressed ) ) { return $compressed; } $decompressed = @gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = self::compatible_gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = @gzuncompress( $compressed ); if ( false !== $decompressed ) { return $decompressed; } if ( function_exists( 'gzdecode' ) ) { $decompressed = @gzdecode( $compressed ); if ( false !== $decompressed ) { return $decompressed; } } return $compressed; } /** * Decompression of deflated string while staying compatible with the majority of servers. * * Certain Servers will return deflated data with headers which PHP's gzinflate() * function cannot handle out of the box. The following function has been created from * various snippets on the gzinflate() PHP documentation. * * Warning: Magic numbers within. Due to the potential different formats that the compressed * data may be returned in, some "magic offsets" are needed to ensure proper decompression * takes place. For a simple pragmatic way to determine the magic offset in use, see: * https://core.trac.wordpress.org/ticket/18273 * * @since 2.8.1 * * @link https://core.trac.wordpress.org/ticket/18273 * @link https://www.php.net/manual/en/function.gzinflate.php#70875 * @link https://www.php.net/manual/en/function.gzinflate.php#77336 * * @param string $gz_data String to decompress. * @return string|false Decompressed string on success, false on failure. */ public static function compatible_gzinflate( $gz_data ) { // Compressed data might contain a full header, if so strip it for gzinflate(). if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) { $i = 10; $flg = ord( substr( $gz_data, 3, 1 ) ); if ( $flg > 0 ) { if ( $flg & 4 ) { list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) ); $i = $i + 2 + $xlen; } if ( $flg & 8 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 16 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 2 ) { $i = $i + 2; } } $decompressed = @gzinflate( substr( $gz_data, $i, -8 ) ); if ( false !== $decompressed ) { return $decompressed; } } // Compressed data from java.util.zip.Deflater amongst others. $decompressed = @gzinflate( substr( $gz_data, 2 ) ); if ( false !== $decompressed ) { return $decompressed; } return false; } /** * What encoding types to accept and their priority values. * * @since 2.8.0 * * @param string $url * @param array $args * @return string Types of encoding to accept. */ public static function accept_encoding( $url, $args ) { $type = array(); $compression_enabled = self::is_available(); if ( ! $args['decompress'] ) { // Decompression specifically disabled. $compression_enabled = false; } elseif ( $args['stream'] ) { // Disable when streaming to file. $compression_enabled = false; } elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it. $compression_enabled = false; } if ( $compression_enabled ) { if ( function_exists( 'gzinflate' ) ) { $type[] = 'deflate;q=1.0'; } if ( function_exists( 'gzuncompress' ) ) { $type[] = 'compress;q=0.5'; } if ( function_exists( 'gzdecode' ) ) { $type[] = 'gzip;q=0.5'; } } /** * Filters the allowed encoding types. * * @since 3.6.0 * * @param string[] $type Array of what encoding types to accept and their priority values. * @param string $url URL of the HTTP request. * @param array $args HTTP request arguments. */ $type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args ); return implode( ', ', $type ); } /** * What encoding the content used when it was compressed to send in the headers. * * @since 2.8.0 * * @return string Content-Encoding string to send in the header. */ public static function content_encoding() { return 'deflate'; } /** * Whether the content be decoded based on the headers. * * @since 2.8.0 * * @param array|string $headers All of the available headers. * @return bool */ public static function should_decode( $headers ) { if ( is_array( $headers ) ) { if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) { return true; } } elseif ( is_string( $headers ) ) { return ( stripos( $headers, 'content-encoding:' ) !== false ); } return false; } /** * Whether decompression and compression are supported by the PHP version. * * Each function is tested instead of checking for the zlib extension, to * ensure that the functions all exist in the PHP version and aren't * disabled. * * @since 2.8.0 * * @return bool */ public static function is_available() { return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) ); } } HTTP/https-detection-20260605101004-20260610044952.php 0000666 00000013341 15226703613 0014123 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605100953-20260610213351.php 0000666 00000011205 15226703613 0014136 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605163309-20260606113048.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606010046-20260608221746.php 0000666 00000011205 15226703613 0014146 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605140004-20260607105925.php 0000666 00000011205 15226703613 0014142 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606030951-20260608072242.php 0000666 00000011205 15226703613 0014150 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606042005.php 0000666 00000011205 15226703613 0012553 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605101413.php 0000666 00000011205 15226703613 0012551 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260607100220-20260609025108.php 0000666 00000013341 15226703613 0014124 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606015806-20260608061356.php 0000666 00000011205 15226703613 0014156 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605211440.php 0000666 00000011205 15226703613 0012553 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605125235.php 0000666 00000013341 15226703613 0012551 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605070321.php 0000666 00000013341 15226703613 0012544 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606030927-20260610063059.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606154003.php 0000666 00000011205 15226703613 0012555 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605081235.php 0000666 00000011205 15226703613 0012562 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606105007-20260608092005.php 0000666 00000011205 15226703613 0014142 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606074445-20260608131023.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605171920-20260608042857.php 0000666 00000013341 15226703613 0014152 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Client.php 0000666 00000001137 15226703613 0007265 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Client interface * * @internal */ interface Client { public const METHOD_GET = 'GET'; /** * send a request and return the response * * @param Client::METHOD_* $method * @param array<string, string> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response; } HTTP/https-detection-20260606054002-20260607125725.php 0000666 00000013341 15226703613 0014135 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606052856-20260609034756.php 0000666 00000011205 15226703613 0014171 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605211544-20260609111947.php 0000666 00000013341 15226703613 0014145 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-oembed-controller.php 0000666 00000015371 15226703613 0013217 0 ustar 00 <?php /** * WP_oEmbed_Controller class, used to provide an oEmbed endpoint. * * @package WordPress * @subpackage Embeds * @since 4.4.0 */ /** * oEmbed API endpoint controller. * * Registers the REST API route and delivers the response data. * The output format (XML or JSON) is handled by the REST API. * * @since 4.4.0 */ #[AllowDynamicProperties] final class WP_oEmbed_Controller { /** * Register the oEmbed REST API route. * * @since 4.4.0 */ public function register_routes() { /** * Filters the maxwidth oEmbed parameter. * * @since 4.4.0 * * @param int $maxwidth Maximum allowed width. Default 600. */ $maxwidth = apply_filters( 'oembed_default_width', 600 ); register_rest_route( 'oembed/1.0', '/embed', array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_item' ), 'permission_callback' => '__return_true', 'args' => array( 'url' => array( 'description' => __( 'The URL of the resource for which to fetch oEmbed data.' ), 'required' => true, 'type' => 'string', 'format' => 'uri', ), 'format' => array( 'default' => 'json', 'sanitize_callback' => 'wp_oembed_ensure_format', ), 'maxwidth' => array( 'default' => $maxwidth, 'sanitize_callback' => 'absint', ), ), ), ) ); register_rest_route( 'oembed/1.0', '/proxy', array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_proxy_item' ), 'permission_callback' => array( $this, 'get_proxy_item_permissions_check' ), 'args' => array( 'url' => array( 'description' => __( 'The URL of the resource for which to fetch oEmbed data.' ), 'required' => true, 'type' => 'string', 'format' => 'uri', ), 'format' => array( 'description' => __( 'The oEmbed format to use.' ), 'type' => 'string', 'default' => 'json', 'enum' => array( 'json', 'xml', ), ), 'maxwidth' => array( 'description' => __( 'The maximum width of the embed frame in pixels.' ), 'type' => 'integer', 'default' => $maxwidth, 'sanitize_callback' => 'absint', ), 'maxheight' => array( 'description' => __( 'The maximum height of the embed frame in pixels.' ), 'type' => 'integer', 'sanitize_callback' => 'absint', ), 'discover' => array( 'description' => __( 'Whether to perform an oEmbed discovery request for unsanctioned providers.' ), 'type' => 'boolean', 'default' => true, ), ), ), ) ); } /** * Callback for the embed API endpoint. * * Returns the JSON object for the post. * * @since 4.4.0 * * @param WP_REST_Request $request Full data about the request. * @return array|WP_Error oEmbed response data or WP_Error on failure. */ public function get_item( $request ) { $post_id = url_to_postid( $request['url'] ); /** * Filters the determined post ID. * * @since 4.4.0 * * @param int $post_id The post ID. * @param string $url The requested URL. */ $post_id = apply_filters( 'oembed_request_post_id', $post_id, $request['url'] ); $data = get_oembed_response_data( $post_id, $request['maxwidth'] ); if ( ! $data ) { return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) ); } return $data; } /** * Checks if current user can make a proxy oEmbed request. * * @since 4.8.0 * * @return true|WP_Error True if the request has read access, WP_Error object otherwise. */ public function get_proxy_item_permissions_check() { if ( ! current_user_can( 'edit_posts' ) ) { return new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to make proxied oEmbed requests.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Callback for the proxy API endpoint. * * Returns the JSON object for the proxied item. * * @since 4.8.0 * * @see WP_oEmbed::get_html() * @global WP_Embed $wp_embed WordPress Embed object. * @global WP_Scripts $wp_scripts * * @param WP_REST_Request $request Full data about the request. * @return object|WP_Error oEmbed response data or WP_Error on failure. */ public function get_proxy_item( $request ) { global $wp_embed, $wp_scripts; $args = $request->get_params(); // Serve oEmbed data from cache if set. unset( $args['_wpnonce'] ); $cache_key = 'oembed_' . md5( serialize( $args ) ); $data = get_transient( $cache_key ); if ( ! empty( $data ) ) { return $data; } $url = $request['url']; unset( $args['url'] ); // Copy maxwidth/maxheight to width/height since WP_oEmbed::fetch() uses these arg names. if ( isset( $args['maxwidth'] ) ) { $args['width'] = $args['maxwidth']; } if ( isset( $args['maxheight'] ) ) { $args['height'] = $args['maxheight']; } // Short-circuit process for URLs belonging to the current site. $data = get_oembed_response_data_for_url( $url, $args ); if ( $data ) { return $data; } $data = _wp_oembed_get_object()->get_data( $url, $args ); if ( false === $data ) { // Try using a classic embed, instead. /* @var WP_Embed $wp_embed */ $html = $wp_embed->get_embed_handler_html( $args, $url ); if ( $html ) { // Check if any scripts were enqueued by the shortcode, and include them in the response. $enqueued_scripts = array(); foreach ( $wp_scripts->queue as $script ) { $enqueued_scripts[] = $wp_scripts->registered[ $script ]->src; } return (object) array( 'provider_name' => __( 'Embed Handler' ), 'html' => $html, 'scripts' => $enqueued_scripts, ); } return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) ); } /** This filter is documented in wp-includes/class-wp-oembed.php */ $data->html = apply_filters( 'oembed_result', _wp_oembed_get_object()->data2html( (object) $data, $url ), $url, $args ); /** * Filters the oEmbed TTL value (time to live). * * Similar to the {@see 'oembed_ttl'} filter, but for the REST API * oEmbed proxy endpoint. * * @since 4.8.0 * * @param int $time Time to live (in seconds). * @param string $url The attempted embed URL. * @param array $args An array of embed request arguments. */ $ttl = apply_filters( 'rest_oembed_ttl', DAY_IN_SECONDS, $url, $args ); set_transient( $cache_key, $data, $ttl ); return $data; } } HTTP/Client-20260605064003.php 0000666 00000001137 15226703613 0010644 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Client interface * * @internal */ interface Client { public const METHOD_GET = 'GET'; /** * send a request and return the response * * @param Client::METHOD_* $method * @param array<string, string> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response; } HTTP/https-detection-20260605101004.php 0000666 00000013341 15226703613 0012535 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605070331-20260610152823.php 0000666 00000013341 15226703613 0014130 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-editor-20260605071339.php 0000666 00000215217 15226703613 0012463 0 ustar 00 <?php /** * Facilitates adding of the WordPress editor as used on the Write and Edit screens. * * @package WordPress * @since 3.3.0 * * Private, not included by default. See wp_editor() in wp-includes/general-template.php. */ #[AllowDynamicProperties] final class _WP_Editors { public static $mce_locale; private static $mce_settings = array(); private static $qt_settings = array(); private static $plugins = array(); private static $qt_buttons = array(); private static $ext_plugins; private static $baseurl; private static $first_init; private static $this_tinymce = false; private static $this_quicktags = false; private static $has_tinymce = false; private static $has_quicktags = false; private static $has_medialib = false; private static $editor_buttons_css = true; private static $drag_drop_upload = false; private static $translation; private static $tinymce_scripts_printed = false; private static $link_dialog_printed = false; private function __construct() {} /** * Parse default arguments for the editor instance. * * @since 3.3.0 * * @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances. * Should not contain square brackets. * @param array $settings { * Array of editor arguments. * * @type bool $wpautop Whether to use wpautop(). Default true. * @type bool $media_buttons Whether to show the Add Media/other media buttons. * @type string $default_editor When both TinyMCE and Quicktags are used, set which * editor is shown on page load. Default empty. * @type bool $drag_drop_upload Whether to enable drag & drop on the editor uploading. Default false. * Requires the media modal. * @type string $textarea_name Give the textarea a unique name here. Square brackets * can be used here. Default $editor_id. * @type int $textarea_rows Number rows in the editor textarea. Default 20. * @type string|int $tabindex Tabindex value to use. Default empty. * @type string $tabfocus_elements The previous and next element ID to move the focus to * when pressing the Tab key in TinyMCE. Default ':prev,:next'. * @type string $editor_css Intended for extra styles for both Visual and Code editors. * Should include `<style>` tags, and can use "scoped". Default empty. * @type string $editor_class Extra classes to add to the editor textarea element. Default empty. * @type bool $teeny Whether to output the minimal editor config. Examples include * Press This and the Comment editor. Default false. * @type bool $dfw Deprecated in 4.1. Unused. * @type bool|array $tinymce Whether to load TinyMCE. Can be used to pass settings directly to * TinyMCE using an array. Default true. * @type bool|array $quicktags Whether to load Quicktags. Can be used to pass settings directly to * Quicktags using an array. Default true. * } * @return array Parsed arguments array. */ public static function parse_settings( $editor_id, $settings ) { /** * Filters the wp_editor() settings. * * @since 4.0.0 * * @see _WP_Editors::parse_settings() * * @param array $settings Array of editor arguments. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $settings = apply_filters( 'wp_editor_settings', $settings, $editor_id ); $set = wp_parse_args( $settings, array( // Disable autop if the current post has blocks in it. 'wpautop' => ! has_blocks(), 'media_buttons' => true, 'default_editor' => '', 'drag_drop_upload' => false, 'textarea_name' => $editor_id, 'textarea_rows' => 20, 'tabindex' => '', 'tabfocus_elements' => ':prev,:next', 'editor_css' => '', 'editor_class' => '', 'teeny' => false, '_content_editor_dfw' => false, 'tinymce' => true, 'quicktags' => true, ) ); self::$this_tinymce = ( $set['tinymce'] && user_can_richedit() ); if ( self::$this_tinymce ) { if ( str_contains( $editor_id, '[' ) ) { self::$this_tinymce = false; _deprecated_argument( 'wp_editor()', '3.9.0', 'TinyMCE editor IDs cannot have brackets.' ); } } self::$this_quicktags = (bool) $set['quicktags']; if ( self::$this_tinymce ) { self::$has_tinymce = true; } if ( self::$this_quicktags ) { self::$has_quicktags = true; } if ( empty( $set['editor_height'] ) ) { return $set; } if ( 'content' === $editor_id && empty( $set['tinymce']['wp_autoresize_on'] ) ) { // A cookie (set when a user resizes the editor) overrides the height. $cookie = (int) get_user_setting( 'ed_size' ); if ( $cookie ) { $set['editor_height'] = $cookie; } } if ( $set['editor_height'] < 50 ) { $set['editor_height'] = 50; } elseif ( $set['editor_height'] > 5000 ) { $set['editor_height'] = 5000; } return $set; } /** * Outputs the HTML for a single instance of the editor. * * @since 3.3.0 * * @global WP_Screen $current_screen WordPress current screen object. * * @param string $content Initial content for the editor. * @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances. * Should not contain square brackets. * @param array $settings See _WP_Editors::parse_settings() for description. */ public static function editor( $content, $editor_id, $settings = array() ) { $set = self::parse_settings( $editor_id, $settings ); $editor_class = ' class="' . trim( esc_attr( $set['editor_class'] ) . ' wp-editor-area' ) . '"'; $tabindex = $set['tabindex'] ? ' tabindex="' . (int) $set['tabindex'] . '"' : ''; $default_editor = 'html'; $buttons = ''; $autocomplete = ''; $editor_id_attr = esc_attr( $editor_id ); if ( $set['drag_drop_upload'] ) { self::$drag_drop_upload = true; } if ( ! empty( $set['editor_height'] ) ) { $height = ' style="height: ' . (int) $set['editor_height'] . 'px"'; } else { $height = ' rows="' . (int) $set['textarea_rows'] . '"'; } if ( ! current_user_can( 'upload_files' ) ) { $set['media_buttons'] = false; } if ( self::$this_tinymce ) { $autocomplete = ' autocomplete="off"'; if ( self::$this_quicktags ) { $default_editor = $set['default_editor'] ? $set['default_editor'] : wp_default_editor(); // 'html' is used for the "Code" editor tab. if ( 'html' !== $default_editor ) { $default_editor = 'tinymce'; } $tmce_active = ( 'html' === $default_editor ) ? ' aria-pressed="true"' : ''; $html_active = ( 'html' === $default_editor ) ? '' : ' aria-pressed="true"'; $buttons .= '<button type="button" id="' . $editor_id_attr . '-tmce"' . $html_active . ' class="wp-switch-editor switch-tmce"' . ' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Visual', 'Name for the Visual editor tab' ) . "</button>\n"; $buttons .= '<button type="button" id="' . $editor_id_attr . '-html"' . $tmce_active . ' class="wp-switch-editor switch-html"' . ' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Code', 'Name for the Code editor tab (formerly Text)' ) . "</button>\n"; } else { $default_editor = 'tinymce'; } } $switch_class = 'html' === $default_editor ? 'html-active' : 'tmce-active'; $wrap_class = 'wp-core-ui wp-editor-wrap ' . $switch_class; if ( $set['_content_editor_dfw'] ) { $wrap_class .= ' has-dfw'; } echo '<div id="wp-' . $editor_id_attr . '-wrap" class="' . $wrap_class . '">'; if ( self::$editor_buttons_css ) { wp_print_styles( 'editor-buttons' ); self::$editor_buttons_css = false; } if ( ! empty( $set['editor_css'] ) ) { echo $set['editor_css'] . "\n"; } if ( ! empty( $buttons ) || $set['media_buttons'] ) { echo '<div id="wp-' . $editor_id_attr . '-editor-tools" class="wp-editor-tools hide-if-no-js">'; if ( $set['media_buttons'] ) { self::$has_medialib = true; if ( ! function_exists( 'media_buttons' ) ) { require ABSPATH . 'wp-admin/includes/media.php'; } echo '<div id="wp-' . $editor_id_attr . '-media-buttons" class="wp-media-buttons">'; /** * Fires after the default media button(s) are displayed. * * @since 2.5.0 * * @param string $editor_id Unique editor identifier, e.g. 'content'. */ do_action( 'media_buttons', $editor_id ); echo "</div>\n"; } echo '<div class="wp-editor-tabs">' . $buttons . "</div>\n"; echo "</div>\n"; } $quicktags_toolbar = ''; if ( self::$this_quicktags ) { if ( 'content' === $editor_id && ! empty( $GLOBALS['current_screen'] ) && 'post' === $GLOBALS['current_screen']->base ) { $toolbar_id = 'ed_toolbar'; } else { $toolbar_id = 'qt_' . $editor_id_attr . '_toolbar'; } $quicktags_toolbar = '<div id="' . $toolbar_id . '" class="quicktags-toolbar hide-if-no-js"></div>'; } /** * Filters the HTML markup output that displays the editor. * * @since 2.1.0 * * @param string $output Editor's HTML markup. */ $the_editor = apply_filters( 'the_editor', '<div id="wp-' . $editor_id_attr . '-editor-container" class="wp-editor-container">' . $quicktags_toolbar . '<textarea' . $editor_class . $height . $tabindex . $autocomplete . ' cols="40" name="' . esc_attr( $set['textarea_name'] ) . '" ' . 'id="' . $editor_id_attr . '">%s</textarea></div>' ); // Prepare the content for the Visual or Code editor, only when TinyMCE is used (back-compat). if ( self::$this_tinymce ) { add_filter( 'the_editor_content', 'format_for_editor', 10, 2 ); } /** * Filters the default editor content. * * @since 2.1.0 * * @param string $content Default editor content. * @param string $default_editor The default editor for the current user. * Either 'html' or 'tinymce'. */ $content = apply_filters( 'the_editor_content', $content, $default_editor ); // Remove the filter as the next editor on the same page may not need it. if ( self::$this_tinymce ) { remove_filter( 'the_editor_content', 'format_for_editor' ); } // Back-compat for the `htmledit_pre` and `richedit_pre` filters. if ( 'html' === $default_editor && has_filter( 'htmledit_pre' ) ) { /** This filter is documented in wp-includes/deprecated.php */ $content = apply_filters_deprecated( 'htmledit_pre', array( $content ), '4.3.0', 'format_for_editor' ); } elseif ( 'tinymce' === $default_editor && has_filter( 'richedit_pre' ) ) { /** This filter is documented in wp-includes/deprecated.php */ $content = apply_filters_deprecated( 'richedit_pre', array( $content ), '4.3.0', 'format_for_editor' ); } if ( false !== stripos( $content, 'textarea' ) ) { $content = preg_replace( '%</textarea%i', '</textarea', $content ); } printf( $the_editor, $content ); echo "\n</div>\n\n"; self::editor_settings( $editor_id, $set ); } /** * @since 3.3.0 * * @param string $editor_id Unique editor identifier, e.g. 'content'. * @param array $set Array of editor arguments. */ public static function editor_settings( $editor_id, $set ) { if ( empty( self::$first_init ) ) { if ( is_admin() ) { add_action( 'admin_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 ); } else { add_action( 'wp_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 ); } } if ( self::$this_quicktags ) { $qt_init = array( 'id' => $editor_id, 'buttons' => '', ); if ( is_array( $set['quicktags'] ) ) { $qt_init = array_merge( $qt_init, $set['quicktags'] ); } if ( empty( $qt_init['buttons'] ) ) { $qt_init['buttons'] = 'strong,em,link,block,del,ins,img,ul,ol,li,code,more,close'; } if ( $set['_content_editor_dfw'] ) { $qt_init['buttons'] .= ',dfw'; } /** * Filters the Quicktags settings. * * @since 3.3.0 * * @param array $qt_init Quicktags settings. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $qt_init = apply_filters( 'quicktags_settings', $qt_init, $editor_id ); self::$qt_settings[ $editor_id ] = $qt_init; self::$qt_buttons = array_merge( self::$qt_buttons, explode( ',', $qt_init['buttons'] ) ); } if ( self::$this_tinymce ) { if ( empty( self::$first_init ) ) { $baseurl = self::get_baseurl(); $mce_locale = self::get_mce_locale(); $ext_plugins = ''; if ( $set['teeny'] ) { /** * Filters the list of teenyMCE plugins. * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $plugins An array of teenyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $plugins = apply_filters( 'teeny_mce_plugins', array( 'colorpicker', 'lists', 'fullscreen', 'image', 'wordpress', 'wpeditimage', 'wplink', ), $editor_id ); } else { /** * Filters the list of TinyMCE external plugins. * * The filter takes an associative array of external plugins for * TinyMCE in the form 'plugin_name' => 'url'. * * The url should be absolute, and should include the js filename * to be loaded. For example: * 'myplugin' => 'http://mysite.com/wp-content/plugins/myfolder/mce_plugin.js'. * * If the external plugin adds a button, it should be added with * one of the 'mce_buttons' filters. * * @since 2.5.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $external_plugins An array of external TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_external_plugins = apply_filters( 'mce_external_plugins', array(), $editor_id ); $plugins = array( 'charmap', 'colorpicker', 'hr', 'lists', 'media', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wpdialogs', 'wptextpattern', 'wpview', ); if ( ! self::$has_medialib ) { $plugins[] = 'image'; } /** * Filters the list of default TinyMCE plugins. * * The filter specifies which of the default plugins included * in WordPress should be added to the TinyMCE instance. * * @since 3.3.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $plugins An array of default TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $plugins = array_unique( apply_filters( 'tiny_mce_plugins', $plugins, $editor_id ) ); $key = array_search( 'spellchecker', $plugins, true ); if ( false !== $key ) { /* * Remove 'spellchecker' from the internal plugins if added with 'tiny_mce_plugins' filter to prevent errors. * It can be added with 'mce_external_plugins'. */ unset( $plugins[ $key ] ); } if ( ! empty( $mce_external_plugins ) ) { /** * Filters the translations loaded for external TinyMCE 3.x plugins. * * The filter takes an associative array ('plugin_name' => 'path') * where 'path' is the include path to the file. * * The language file should follow the same format as wp_mce_translation(), * and should define a variable ($strings) that holds all translated strings. * * @since 2.5.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $translations Translations for external TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_external_languages = apply_filters( 'mce_external_languages', array(), $editor_id ); $loaded_langs = array(); $strings = ''; if ( ! empty( $mce_external_languages ) ) { foreach ( $mce_external_languages as $name => $path ) { if ( @is_file( $path ) && @is_readable( $path ) ) { include_once $path; $ext_plugins .= $strings . "\n"; $loaded_langs[] = $name; } } } foreach ( $mce_external_plugins as $name => $url ) { if ( in_array( $name, $plugins, true ) ) { unset( $mce_external_plugins[ $name ] ); continue; } $url = set_url_scheme( $url ); $mce_external_plugins[ $name ] = $url; $plugurl = dirname( $url ); $strings = ''; // Try to load langs/[locale].js and langs/[locale]_dlg.js. if ( ! in_array( $name, $loaded_langs, true ) ) { $path = str_replace( content_url(), '', $plugurl ); $path = realpath( WP_CONTENT_DIR . $path . '/langs/' ); if ( ! $path ) { continue; } $path = trailingslashit( $path ); if ( @is_file( $path . $mce_locale . '.js' ) ) { $strings .= @file_get_contents( $path . $mce_locale . '.js' ) . "\n"; } if ( @is_file( $path . $mce_locale . '_dlg.js' ) ) { $strings .= @file_get_contents( $path . $mce_locale . '_dlg.js' ) . "\n"; } if ( 'en' !== $mce_locale && empty( $strings ) ) { if ( @is_file( $path . 'en.js' ) ) { $str1 = @file_get_contents( $path . 'en.js' ); $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 ) . "\n"; } if ( @is_file( $path . 'en_dlg.js' ) ) { $str2 = @file_get_contents( $path . 'en_dlg.js' ); $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 ) . "\n"; } } if ( ! empty( $strings ) ) { $ext_plugins .= "\n" . $strings . "\n"; } } $ext_plugins .= 'tinyMCEPreInit.load_ext("' . $plugurl . '", "' . $mce_locale . '");' . "\n"; } } } self::$plugins = $plugins; self::$ext_plugins = $ext_plugins; $settings = self::default_settings(); $settings['plugins'] = implode( ',', $plugins ); if ( ! empty( $mce_external_plugins ) ) { $settings['external_plugins'] = wp_json_encode( $mce_external_plugins ); } /** This filter is documented in wp-admin/includes/media.php */ if ( apply_filters( 'disable_captions', '' ) ) { $settings['wpeditimage_disable_captions'] = true; } $mce_css = $settings['content_css']; /* * The `editor-style.css` added by the theme is generally intended for the editor instance on the Edit Post screen. * Plugins that use wp_editor() on the front-end can decide whether to add the theme stylesheet * by using `get_editor_stylesheets()` and the `mce_css` or `tiny_mce_before_init` filters, see below. */ if ( is_admin() ) { $editor_styles = get_editor_stylesheets(); if ( ! empty( $editor_styles ) ) { // Force urlencoding of commas. foreach ( $editor_styles as $key => $url ) { if ( str_contains( $url, ',' ) ) { $editor_styles[ $key ] = str_replace( ',', '%2C', $url ); } } $mce_css .= ',' . implode( ',', $editor_styles ); } } /** * Filters the comma-delimited list of stylesheets to load in TinyMCE. * * @since 2.1.0 * * @param string $stylesheets Comma-delimited list of stylesheets. */ $mce_css = trim( apply_filters( 'mce_css', $mce_css ), ' ,' ); if ( ! empty( $mce_css ) ) { $settings['content_css'] = $mce_css; } else { unset( $settings['content_css'] ); } self::$first_init = $settings; } if ( $set['teeny'] ) { $mce_buttons = array( 'bold', 'italic', 'underline', 'blockquote', 'strikethrough', 'bullist', 'numlist', 'alignleft', 'aligncenter', 'alignright', 'undo', 'redo', 'link', 'fullscreen', ); /** * Filters the list of teenyMCE buttons (Code tab). * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons An array of teenyMCE buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_buttons = apply_filters( 'teeny_mce_buttons', $mce_buttons, $editor_id ); $mce_buttons_2 = array(); $mce_buttons_3 = array(); $mce_buttons_4 = array(); } else { $mce_buttons = array( 'formatselect', 'bold', 'italic', 'bullist', 'numlist', 'blockquote', 'alignleft', 'aligncenter', 'alignright', 'link', 'wp_more', 'spellchecker', ); if ( ! wp_is_mobile() ) { if ( $set['_content_editor_dfw'] ) { $mce_buttons[] = 'wp_adv'; $mce_buttons[] = 'dfw'; } else { $mce_buttons[] = 'fullscreen'; $mce_buttons[] = 'wp_adv'; } } else { $mce_buttons[] = 'wp_adv'; } /** * Filters the first-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons First-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons = apply_filters( 'mce_buttons', $mce_buttons, $editor_id ); $mce_buttons_2 = array( 'strikethrough', 'hr', 'forecolor', 'pastetext', 'removeformat', 'charmap', 'outdent', 'indent', 'undo', 'redo', ); if ( ! wp_is_mobile() ) { $mce_buttons_2[] = 'wp_help'; } /** * Filters the second-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_2 Second-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_2 = apply_filters( 'mce_buttons_2', $mce_buttons_2, $editor_id ); /** * Filters the third-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_3 Third-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_3 = apply_filters( 'mce_buttons_3', array(), $editor_id ); /** * Filters the fourth-row list of TinyMCE buttons (Visual tab). * * @since 2.5.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_4 Fourth-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_4 = apply_filters( 'mce_buttons_4', array(), $editor_id ); } $body_class = $editor_id; $post = get_post(); if ( $post ) { $body_class .= ' post-type-' . sanitize_html_class( $post->post_type ) . ' post-status-' . sanitize_html_class( $post->post_status ); if ( post_type_supports( $post->post_type, 'post-formats' ) ) { $post_format = get_post_format( $post ); if ( $post_format && ! is_wp_error( $post_format ) ) { $body_class .= ' post-format-' . sanitize_html_class( $post_format ); } else { $body_class .= ' post-format-standard'; } } $page_template = get_page_template_slug( $post ); if ( false !== $page_template ) { $page_template = empty( $page_template ) ? 'default' : str_replace( '.', '-', basename( $page_template, '.php' ) ); $body_class .= ' page-template-' . sanitize_html_class( $page_template ); } } $body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) ); if ( ! empty( $set['tinymce']['body_class'] ) ) { $body_class .= ' ' . $set['tinymce']['body_class']; unset( $set['tinymce']['body_class'] ); } $mce_init = array( 'selector' => "#$editor_id", 'wpautop' => (bool) $set['wpautop'], 'indent' => ! $set['wpautop'], 'toolbar1' => implode( ',', $mce_buttons ), 'toolbar2' => implode( ',', $mce_buttons_2 ), 'toolbar3' => implode( ',', $mce_buttons_3 ), 'toolbar4' => implode( ',', $mce_buttons_4 ), 'tabfocus_elements' => $set['tabfocus_elements'], 'body_class' => $body_class, ); // Merge with the first part of the init array. $mce_init = array_merge( self::$first_init, $mce_init ); if ( is_array( $set['tinymce'] ) ) { $mce_init = array_merge( $mce_init, $set['tinymce'] ); } /* * For people who really REALLY know what they're doing with TinyMCE * You can modify $mceInit to add, remove, change elements of the config * before tinyMCE.init. Setting "valid_elements", "invalid_elements" * and "extended_valid_elements" can be done through this filter. Best * is to use the default cleanup by not specifying valid_elements, * as TinyMCE checks against the full set of HTML 5.0 elements and attributes. */ if ( $set['teeny'] ) { /** * Filters the teenyMCE config before init. * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_init An array with teenyMCE config. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_init = apply_filters( 'teeny_mce_before_init', $mce_init, $editor_id ); } else { /** * Filters the TinyMCE config before init. * * @since 2.5.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_init An array with TinyMCE config. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_init = apply_filters( 'tiny_mce_before_init', $mce_init, $editor_id ); } if ( empty( $mce_init['toolbar3'] ) && ! empty( $mce_init['toolbar4'] ) ) { $mce_init['toolbar3'] = $mce_init['toolbar4']; $mce_init['toolbar4'] = ''; } self::$mce_settings[ $editor_id ] = $mce_init; } // End if self::$this_tinymce. } /** * @since 3.3.0 * * @param array $init * @return string */ private static function _parse_init( $init ) { $options = ''; foreach ( $init as $key => $value ) { if ( is_bool( $value ) ) { $val = $value ? 'true' : 'false'; $options .= $key . ':' . $val . ','; continue; } elseif ( ! empty( $value ) && is_string( $value ) && ( ( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) || ( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) || preg_match( '/^\(?function ?\(/', $value ) ) ) { $options .= $key . ':' . $value . ','; continue; } $options .= $key . ':"' . $value . '",'; } return '{' . trim( $options, ' ,' ) . '}'; } /** * @since 3.3.0 * * @param bool $default_scripts Optional. Whether default scripts should be enqueued. Default false. */ public static function enqueue_scripts( $default_scripts = false ) { if ( $default_scripts || self::$has_tinymce ) { wp_enqueue_script( 'editor' ); } if ( $default_scripts || self::$has_quicktags ) { wp_enqueue_script( 'quicktags' ); wp_enqueue_style( 'buttons' ); } if ( $default_scripts || in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) { wp_enqueue_script( 'wplink' ); wp_enqueue_script( 'jquery-ui-autocomplete' ); } if ( self::$has_medialib ) { add_thickbox(); wp_enqueue_script( 'media-upload' ); wp_enqueue_script( 'wp-embed' ); } elseif ( $default_scripts ) { wp_enqueue_script( 'media-upload' ); } /** * Fires when scripts and styles are enqueued for the editor. * * @since 3.9.0 * * @param array $to_load An array containing boolean values whether TinyMCE * and Quicktags are being loaded. */ do_action( 'wp_enqueue_editor', array( 'tinymce' => ( $default_scripts || self::$has_tinymce ), 'quicktags' => ( $default_scripts || self::$has_quicktags ), ) ); } /** * Enqueue all editor scripts. * For use when the editor is going to be initialized after page load. * * @since 4.8.0 */ public static function enqueue_default_editor() { // We are past the point where scripts can be enqueued properly. if ( did_action( 'wp_enqueue_editor' ) ) { return; } self::enqueue_scripts( true ); // Also add wp-includes/css/editor.css. wp_enqueue_style( 'editor-buttons' ); if ( is_admin() ) { add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 ); } else { add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 ); } } /** * Print (output) all editor scripts and default settings. * For use when the editor is going to be initialized after page load. * * @since 4.8.0 */ public static function print_default_editor_scripts() { $user_can_richedit = user_can_richedit(); if ( $user_can_richedit ) { $settings = self::default_settings(); $settings['toolbar1'] = 'bold,italic,bullist,numlist,link'; $settings['wpautop'] = false; $settings['indent'] = true; $settings['elementpath'] = false; if ( is_rtl() ) { $settings['directionality'] = 'rtl'; } /* * In production all plugins are loaded (they are in wp-editor.js.gz). * The 'wpview', 'wpdialogs', and 'media' TinyMCE plugins are not initialized by default. * Can be added from js by using the 'wp-before-tinymce-init' event. */ $settings['plugins'] = implode( ',', array( 'charmap', 'colorpicker', 'hr', 'lists', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wptextpattern', ) ); $settings = self::_parse_init( $settings ); } else { $settings = '{}'; } ?> <script type="text/javascript"> window.wp = window.wp || {}; window.wp.editor = window.wp.editor || {}; window.wp.editor.getDefaultSettings = function() { return { tinymce: <?php echo $settings; ?>, quicktags: { buttons: 'strong,em,link,ul,ol,li,code' } }; }; <?php if ( $user_can_richedit ) { $suffix = SCRIPT_DEBUG ? '' : '.min'; $baseurl = self::get_baseurl(); ?> var tinyMCEPreInit = { baseURL: "<?php echo $baseurl; ?>", suffix: "<?php echo $suffix; ?>", mceInit: {}, qtInit: {}, load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');} }; <?php } ?> </script> <?php if ( $user_can_richedit ) { self::print_tinymce_scripts(); } /** * Fires when the editor scripts are loaded for later initialization, * after all scripts and settings are printed. * * @since 4.8.0 */ do_action( 'print_default_editor_scripts' ); self::wp_link_dialog(); } /** * Returns the TinyMCE locale. * * @since 4.8.0 * * @return string */ public static function get_mce_locale() { if ( empty( self::$mce_locale ) ) { $mce_locale = get_user_locale(); self::$mce_locale = empty( $mce_locale ) ? 'en' : strtolower( substr( $mce_locale, 0, 2 ) ); // ISO 639-1. } return self::$mce_locale; } /** * Returns the TinyMCE base URL. * * @since 4.8.0 * * @return string */ public static function get_baseurl() { if ( empty( self::$baseurl ) ) { self::$baseurl = includes_url( 'js/tinymce' ); } return self::$baseurl; } /** * Returns the default TinyMCE settings. * Doesn't include plugins, buttons, editor selector. * * @since 4.8.0 * * @global string $tinymce_version * * @return array */ private static function default_settings() { global $tinymce_version; $shortcut_labels = array(); foreach ( self::get_translation() as $name => $value ) { if ( is_array( $value ) ) { $shortcut_labels[ $name ] = $value[1]; } } $settings = array( 'theme' => 'modern', 'skin' => 'lightgray', 'language' => self::get_mce_locale(), 'formats' => '{' . 'alignleft: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"left"}},' . '{selector: "img,table,dl.wp-caption", classes: "alignleft"}' . '],' . 'aligncenter: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"center"}},' . '{selector: "img,table,dl.wp-caption", classes: "aligncenter"}' . '],' . 'alignright: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"right"}},' . '{selector: "img,table,dl.wp-caption", classes: "alignright"}' . '],' . 'strikethrough: {inline: "del"}' . '}', 'relative_urls' => false, 'remove_script_host' => false, 'convert_urls' => false, 'browser_spellcheck' => true, 'fix_list_elements' => true, 'entities' => '38,amp,60,lt,62,gt', 'entity_encoding' => 'raw', 'keep_styles' => false, 'cache_suffix' => 'wp-mce-' . $tinymce_version, 'resize' => 'vertical', 'menubar' => false, 'branding' => false, // Limit the preview styles in the menu/toolbar. 'preview_styles' => 'font-family font-size font-weight font-style text-decoration text-transform', 'end_container_on_empty_block' => true, 'wpeditimage_html5_captions' => true, 'wp_lang_attr' => get_bloginfo( 'language' ), 'wp_shortcut_labels' => wp_json_encode( $shortcut_labels ), ); $suffix = SCRIPT_DEBUG ? '' : '.min'; $version = 'ver=' . get_bloginfo( 'version' ); // Default stylesheets. $settings['content_css'] = includes_url( "css/dashicons$suffix.css?$version" ) . ',' . includes_url( "js/tinymce/skins/wordpress/wp-content.css?$version" ); return $settings; } /** * @since 4.7.0 * * @return array */ private static function get_translation() { if ( empty( self::$translation ) ) { self::$translation = array( // Default TinyMCE strings. 'New document' => __( 'New document' ), 'Formats' => _x( 'Formats', 'TinyMCE' ), 'Headings' => _x( 'Headings', 'TinyMCE' ), 'Heading 1' => array( __( 'Heading 1' ), 'access1' ), 'Heading 2' => array( __( 'Heading 2' ), 'access2' ), 'Heading 3' => array( __( 'Heading 3' ), 'access3' ), 'Heading 4' => array( __( 'Heading 4' ), 'access4' ), 'Heading 5' => array( __( 'Heading 5' ), 'access5' ), 'Heading 6' => array( __( 'Heading 6' ), 'access6' ), /* translators: Block tags. */ 'Blocks' => _x( 'Blocks', 'TinyMCE' ), 'Paragraph' => array( __( 'Paragraph' ), 'access7' ), 'Blockquote' => array( __( 'Blockquote' ), 'accessQ' ), 'Div' => _x( 'Div', 'HTML tag' ), 'Pre' => _x( 'Pre', 'HTML tag' ), 'Preformatted' => _x( 'Preformatted', 'HTML tag' ), 'Address' => _x( 'Address', 'HTML tag' ), 'Inline' => _x( 'Inline', 'HTML elements' ), 'Underline' => array( __( 'Underline' ), 'metaU' ), 'Strikethrough' => array( __( 'Strikethrough' ), 'accessD' ), 'Subscript' => __( 'Subscript' ), 'Superscript' => __( 'Superscript' ), 'Clear formatting' => __( 'Clear formatting' ), 'Bold' => array( __( 'Bold' ), 'metaB' ), 'Italic' => array( __( 'Italic' ), 'metaI' ), 'Code' => array( __( 'Code' ), 'accessX' ), 'Source code' => __( 'Source code' ), 'Font Family' => __( 'Font Family' ), 'Font Sizes' => __( 'Font Sizes' ), 'Align center' => array( __( 'Align center' ), 'accessC' ), 'Align right' => array( __( 'Align right' ), 'accessR' ), 'Align left' => array( __( 'Align left' ), 'accessL' ), 'Justify' => array( __( 'Justify' ), 'accessJ' ), 'Increase indent' => __( 'Increase indent' ), 'Decrease indent' => __( 'Decrease indent' ), 'Cut' => array( __( 'Cut' ), 'metaX' ), 'Copy' => array( __( 'Copy' ), 'metaC' ), 'Paste' => array( __( 'Paste' ), 'metaV' ), 'Select all' => array( __( 'Select all' ), 'metaA' ), 'Undo' => array( __( 'Undo' ), 'metaZ' ), 'Redo' => array( __( 'Redo' ), 'metaY' ), 'Ok' => __( 'OK' ), 'Cancel' => __( 'Cancel' ), 'Close' => __( 'Close' ), 'Visual aids' => __( 'Visual aids' ), 'Bullet list' => array( __( 'Bulleted list' ), 'accessU' ), 'Numbered list' => array( __( 'Numbered list' ), 'accessO' ), 'Square' => _x( 'Square', 'list style' ), 'Default' => _x( 'Default', 'list style' ), 'Circle' => _x( 'Circle', 'list style' ), 'Disc' => _x( 'Disc', 'list style' ), 'Lower Greek' => _x( 'Lower Greek', 'list style' ), 'Lower Alpha' => _x( 'Lower Alpha', 'list style' ), 'Upper Alpha' => _x( 'Upper Alpha', 'list style' ), 'Upper Roman' => _x( 'Upper Roman', 'list style' ), 'Lower Roman' => _x( 'Lower Roman', 'list style' ), // Anchor plugin. 'Name' => _x( 'Name', 'Name of link anchor (TinyMCE)' ), 'Anchor' => _x( 'Anchor', 'Link anchor (TinyMCE)' ), 'Anchors' => _x( 'Anchors', 'Link anchors (TinyMCE)' ), 'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' => __( 'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' ), 'Id' => _x( 'Id', 'Id for link anchor (TinyMCE)' ), // Fullpage plugin. 'Document properties' => __( 'Document properties' ), 'Robots' => __( 'Robots' ), 'Title' => __( 'Title' ), 'Keywords' => __( 'Keywords' ), 'Encoding' => __( 'Encoding' ), 'Description' => __( 'Description' ), 'Author' => __( 'Author' ), // Media, image plugins. 'Image' => __( 'Image' ), 'Insert/edit image' => array( __( 'Insert/edit image' ), 'accessM' ), 'General' => __( 'General' ), 'Advanced' => __( 'Advanced' ), 'Source' => __( 'Source' ), 'Border' => __( 'Border' ), 'Constrain proportions' => __( 'Constrain proportions' ), 'Vertical space' => __( 'Vertical space' ), 'Image description' => __( 'Image description' ), 'Style' => __( 'Style' ), 'Dimensions' => __( 'Dimensions' ), 'Insert image' => __( 'Insert image' ), 'Date/time' => __( 'Date/time' ), 'Insert date/time' => __( 'Insert date/time' ), 'Table of Contents' => __( 'Table of Contents' ), 'Insert/Edit code sample' => __( 'Insert/edit code sample' ), 'Language' => __( 'Language' ), 'Media' => __( 'Media' ), 'Insert/edit media' => __( 'Insert/edit media' ), 'Poster' => __( 'Poster' ), 'Alternative source' => __( 'Alternative source' ), 'Paste your embed code below:' => __( 'Paste your embed code below:' ), 'Insert video' => __( 'Insert video' ), 'Embed' => __( 'Embed' ), // Each of these have a corresponding plugin. 'Special character' => __( 'Special character' ), 'Right to left' => _x( 'Right to left', 'editor button' ), 'Left to right' => _x( 'Left to right', 'editor button' ), 'Emoticons' => __( 'Emoticons' ), 'Nonbreaking space' => __( 'Nonbreaking space' ), 'Page break' => __( 'Page break' ), 'Paste as text' => __( 'Paste as text' ), 'Preview' => __( 'Preview' ), 'Print' => __( 'Print' ), 'Save' => __( 'Save' ), 'Fullscreen' => __( 'Fullscreen' ), 'Horizontal line' => __( 'Horizontal line' ), 'Horizontal space' => __( 'Horizontal space' ), 'Restore last draft' => __( 'Restore last draft' ), 'Insert/edit link' => array( __( 'Insert/edit link' ), 'metaK' ), 'Remove link' => array( __( 'Remove link' ), 'accessS' ), // Link plugin. 'Link' => __( 'Link' ), 'Insert link' => __( 'Insert link' ), 'Target' => __( 'Target' ), 'New window' => __( 'New window' ), 'Text to display' => __( 'Text to display' ), 'Url' => __( 'URL' ), 'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' => __( 'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' ), 'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' => __( 'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' ), 'Color' => __( 'Color' ), 'Custom color' => __( 'Custom color' ), 'Custom...' => _x( 'Custom...', 'label for custom color' ), // No ellipsis. 'No color' => __( 'No color' ), 'R' => _x( 'R', 'Short for red in RGB' ), 'G' => _x( 'G', 'Short for green in RGB' ), 'B' => _x( 'B', 'Short for blue in RGB' ), // Spelling, search/replace plugins. 'Could not find the specified string.' => __( 'Could not find the specified string.' ), 'Replace' => _x( 'Replace', 'find/replace' ), 'Next' => _x( 'Next', 'find/replace' ), /* translators: Previous. */ 'Prev' => _x( 'Prev', 'find/replace' ), 'Whole words' => _x( 'Whole words', 'find/replace' ), 'Find and replace' => __( 'Find and replace' ), 'Replace with' => _x( 'Replace with', 'find/replace' ), 'Find' => _x( 'Find', 'find/replace' ), 'Replace all' => _x( 'Replace all', 'find/replace' ), 'Match case' => __( 'Match case' ), 'Spellcheck' => __( 'Check Spelling' ), 'Finish' => _x( 'Finish', 'spellcheck' ), 'Ignore all' => _x( 'Ignore all', 'spellcheck' ), 'Ignore' => _x( 'Ignore', 'spellcheck' ), 'Add to Dictionary' => __( 'Add to Dictionary' ), // TinyMCE tables. 'Insert table' => __( 'Insert table' ), 'Delete table' => __( 'Delete table' ), 'Table properties' => __( 'Table properties' ), 'Row properties' => __( 'Table row properties' ), 'Cell properties' => __( 'Table cell properties' ), 'Border color' => __( 'Border color' ), 'Row' => __( 'Row' ), 'Rows' => __( 'Rows' ), 'Column' => __( 'Column' ), 'Cols' => __( 'Columns' ), 'Cell' => _x( 'Cell', 'table cell' ), 'Header cell' => __( 'Header cell' ), 'Header' => _x( 'Header', 'table header' ), 'Body' => _x( 'Body', 'table body' ), 'Footer' => _x( 'Footer', 'table footer' ), 'Insert row before' => __( 'Insert row before' ), 'Insert row after' => __( 'Insert row after' ), 'Insert column before' => __( 'Insert column before' ), 'Insert column after' => __( 'Insert column after' ), 'Paste row before' => __( 'Paste table row before' ), 'Paste row after' => __( 'Paste table row after' ), 'Delete row' => __( 'Delete row' ), 'Delete column' => __( 'Delete column' ), 'Cut row' => __( 'Cut table row' ), 'Copy row' => __( 'Copy table row' ), 'Merge cells' => __( 'Merge table cells' ), 'Split cell' => __( 'Split table cell' ), 'Height' => __( 'Height' ), 'Width' => __( 'Width' ), 'Caption' => __( 'Caption' ), 'Alignment' => __( 'Alignment' ), 'H Align' => _x( 'H Align', 'horizontal table cell alignment' ), 'Left' => __( 'Left' ), 'Center' => __( 'Center' ), 'Right' => __( 'Right' ), 'None' => _x( 'None', 'table cell alignment attribute' ), 'V Align' => _x( 'V Align', 'vertical table cell alignment' ), 'Top' => __( 'Top' ), 'Middle' => __( 'Middle' ), 'Bottom' => __( 'Bottom' ), 'Row group' => __( 'Row group' ), 'Column group' => __( 'Column group' ), 'Row type' => __( 'Row type' ), 'Cell type' => __( 'Cell type' ), 'Cell padding' => __( 'Cell padding' ), 'Cell spacing' => __( 'Cell spacing' ), 'Scope' => _x( 'Scope', 'table cell scope attribute' ), 'Insert template' => _x( 'Insert template', 'TinyMCE' ), 'Templates' => _x( 'Templates', 'TinyMCE' ), 'Background color' => __( 'Background color' ), 'Text color' => __( 'Text color' ), 'Show blocks' => _x( 'Show blocks', 'editor button' ), 'Show invisible characters' => __( 'Show invisible characters' ), /* translators: Word count. */ 'Words: {0}' => sprintf( __( 'Words: %s' ), '{0}' ), 'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' => __( 'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' ) . "\n\n" . __( 'If you are looking to paste rich content from Microsoft Word, try turning this option off. The editor will clean up text pasted from Word automatically.' ), 'Rich Text Area. Press ALT-F9 for menu. Press ALT-F10 for toolbar. Press ALT-0 for help' => __( 'Rich Text Area. Press Alt-Shift-H for help.' ), 'Rich Text Area. Press Control-Option-H for help.' => __( 'Rich Text Area. Press Control-Option-H for help.' ), 'You have unsaved changes are you sure you want to navigate away?' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'Your browser doesn\'t support direct access to the clipboard. Please use the Ctrl+X/C/V keyboard shortcuts instead.' => __( 'Your browser does not support direct access to the clipboard. Please use keyboard shortcuts or your browser’s edit menu instead.' ), // TinyMCE menus. 'Insert' => _x( 'Insert', 'TinyMCE menu' ), 'File' => _x( 'File', 'TinyMCE menu' ), 'Edit' => _x( 'Edit', 'TinyMCE menu' ), 'Tools' => _x( 'Tools', 'TinyMCE menu' ), 'View' => _x( 'View', 'TinyMCE menu' ), 'Table' => _x( 'Table', 'TinyMCE menu' ), 'Format' => _x( 'Format', 'TinyMCE menu' ), // WordPress strings. 'Toolbar Toggle' => array( __( 'Toolbar Toggle' ), 'accessZ' ), 'Insert Read More tag' => array( __( 'Insert Read More tag' ), 'accessT' ), 'Insert Page Break tag' => array( __( 'Insert Page Break tag' ), 'accessP' ), 'Read more...' => __( 'Read more...' ), // Title on the placeholder inside the editor (no ellipsis). 'Distraction-free writing mode' => array( __( 'Distraction-free writing mode' ), 'accessW' ), 'No alignment' => __( 'No alignment' ), // Tooltip for the 'alignnone' button in the image toolbar. 'Remove' => __( 'Remove' ), // Tooltip for the 'remove' button in the image toolbar. 'Edit|button' => __( 'Edit' ), // Tooltip for the 'edit' button in the image toolbar. 'Paste URL or type to search' => __( 'Paste URL or type to search' ), // Placeholder for the inline link dialog. 'Apply' => __( 'Apply' ), // Tooltip for the 'apply' button in the inline link dialog. 'Link options' => __( 'Link options' ), // Tooltip for the 'link options' button in the inline link dialog. 'Visual' => _x( 'Visual', 'Name for the Visual editor tab' ), // Editor switch tab label. 'Code|tab' => _x( 'Code', 'Name for the Code editor tab (formerly Text)' ), // Editor switch tab label. 'Add Media' => array( __( 'Add Media' ), 'accessM' ), // Tooltip for the 'Add Media' button in the block editor Classic block. // Shortcuts help modal. 'Keyboard Shortcuts' => array( __( 'Keyboard Shortcuts' ), 'accessH' ), 'Classic Block Keyboard Shortcuts' => __( 'Classic Block Keyboard Shortcuts' ), 'Default shortcuts,' => __( 'Default shortcuts,' ), 'Additional shortcuts,' => __( 'Additional shortcuts,' ), 'Focus shortcuts:' => __( 'Focus shortcuts:' ), 'Inline toolbar (when an image, link or preview is selected)' => __( 'Inline toolbar (when an image, link or preview is selected)' ), 'Editor menu (when enabled)' => __( 'Editor menu (when enabled)' ), 'Editor toolbar' => __( 'Editor toolbar' ), 'Elements path' => __( 'Elements path' ), 'Ctrl + Alt + letter:' => __( 'Ctrl + Alt + letter:' ), 'Shift + Alt + letter:' => __( 'Shift + Alt + letter:' ), 'Cmd + letter:' => __( 'Cmd + letter:' ), 'Ctrl + letter:' => __( 'Ctrl + letter:' ), 'Letter' => __( 'Letter' ), 'Action' => __( 'Action' ), 'Warning: the link has been inserted but may have errors. Please test it.' => __( 'Warning: the link has been inserted but may have errors. Please test it.' ), 'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' => __( 'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' ), 'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' => __( 'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' ), 'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' => __( 'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' ), 'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' => __( 'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' ), ); } /* Imagetools plugin (not included): 'Edit image' => __( 'Edit image' ), 'Image options' => __( 'Image options' ), 'Back' => __( 'Back' ), 'Invert' => __( 'Invert' ), 'Flip horizontally' => __( 'Flip horizontal' ), 'Flip vertically' => __( 'Flip vertical' ), 'Crop' => __( 'Crop' ), 'Orientation' => __( 'Orientation' ), 'Resize' => __( 'Resize' ), 'Rotate clockwise' => __( 'Rotate right' ), 'Rotate counterclockwise' => __( 'Rotate left' ), 'Sharpen' => __( 'Sharpen' ), 'Brightness' => __( 'Brightness' ), 'Color levels' => __( 'Color levels' ), 'Contrast' => __( 'Contrast' ), 'Gamma' => __( 'Gamma' ), 'Zoom in' => __( 'Zoom in' ), 'Zoom out' => __( 'Zoom out' ), */ return self::$translation; } /** * Translates the default TinyMCE strings and returns them as JSON encoded object ready to be loaded with tinymce.addI18n(), * or as JS snippet that should run after tinymce.js is loaded. * * @since 3.9.0 * * @param string $mce_locale The locale used for the editor. * @param bool $json_only Optional. Whether to include the JavaScript calls to tinymce.addI18n() and * tinymce.ScriptLoader.markDone(). Default false. * @return string Translation object, JSON encoded. */ public static function wp_mce_translation( $mce_locale = '', $json_only = false ) { if ( ! $mce_locale ) { $mce_locale = self::get_mce_locale(); } $mce_translation = self::get_translation(); foreach ( $mce_translation as $name => $value ) { if ( is_array( $value ) ) { $mce_translation[ $name ] = $value[0]; } } /** * Filters translated strings prepared for TinyMCE. * * @since 3.9.0 * * @param array $mce_translation Key/value pairs of strings. * @param string $mce_locale Locale. */ $mce_translation = apply_filters( 'wp_mce_translation', $mce_translation, $mce_locale ); foreach ( $mce_translation as $key => $value ) { // Remove strings that are not translated. if ( $key === $value ) { unset( $mce_translation[ $key ] ); continue; } if ( str_contains( $value, '&' ) ) { $mce_translation[ $key ] = html_entity_decode( $value, ENT_QUOTES, 'UTF-8' ); } } // Set direction. if ( is_rtl() ) { $mce_translation['_dir'] = 'rtl'; } if ( $json_only ) { return wp_json_encode( $mce_translation ); } $baseurl = self::get_baseurl(); return "tinymce.addI18n( '$mce_locale', " . wp_json_encode( $mce_translation ) . ");\n" . "tinymce.ScriptLoader.markDone( '$baseurl/langs/$mce_locale.js' );\n"; } /** * Force uncompressed TinyMCE when a custom theme has been defined. * * The compressed TinyMCE file cannot deal with custom themes, so this makes * sure that WordPress uses the uncompressed TinyMCE file if a theme is defined. * Even if the website is running on a production environment. * * @since 5.0.0 */ public static function force_uncompressed_tinymce() { $has_custom_theme = false; foreach ( self::$mce_settings as $init ) { if ( ! empty( $init['theme_url'] ) ) { $has_custom_theme = true; break; } } if ( ! $has_custom_theme ) { return; } $wp_scripts = wp_scripts(); $wp_scripts->remove( 'wp-tinymce' ); wp_register_tinymce_scripts( $wp_scripts, true ); } /** * Print (output) the main TinyMCE scripts. * * @since 4.8.0 * * @global bool $concatenate_scripts */ public static function print_tinymce_scripts() { global $concatenate_scripts; if ( self::$tinymce_scripts_printed ) { return; } self::$tinymce_scripts_printed = true; if ( ! isset( $concatenate_scripts ) ) { script_concat_settings(); } wp_print_scripts( array( 'wp-tinymce' ) ); echo "<script type='text/javascript'>\n" . self::wp_mce_translation() . "</script>\n"; } /** * Print (output) the TinyMCE configuration and initialization scripts. * * @since 3.3.0 * * @global string $tinymce_version */ public static function editor_js() { global $tinymce_version; $tmce_on = ! empty( self::$mce_settings ); $mce_init = ''; $qt_init = ''; if ( $tmce_on ) { foreach ( self::$mce_settings as $editor_id => $init ) { $options = self::_parse_init( $init ); $mce_init .= "'$editor_id':{$options},"; } $mce_init = '{' . trim( $mce_init, ',' ) . '}'; } else { $mce_init = '{}'; } if ( ! empty( self::$qt_settings ) ) { foreach ( self::$qt_settings as $editor_id => $init ) { $options = self::_parse_init( $init ); $qt_init .= "'$editor_id':{$options},"; } $qt_init = '{' . trim( $qt_init, ',' ) . '}'; } else { $qt_init = '{}'; } $ref = array( 'plugins' => implode( ',', self::$plugins ), 'theme' => 'modern', 'language' => self::$mce_locale, ); $suffix = SCRIPT_DEBUG ? '' : '.min'; $baseurl = self::get_baseurl(); $version = 'ver=' . $tinymce_version; /** * Fires immediately before the TinyMCE settings are printed. * * @since 3.2.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'before_wp_tiny_mce', self::$mce_settings ); ?> <script type="text/javascript"> tinyMCEPreInit = { baseURL: "<?php echo $baseurl; ?>", suffix: "<?php echo $suffix; ?>", <?php if ( self::$drag_drop_upload ) { echo 'dragDropUpload: true,'; } ?> mceInit: <?php echo $mce_init; ?>, qtInit: <?php echo $qt_init; ?>, ref: <?php echo self::_parse_init( $ref ); ?>, load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');} }; </script> <?php if ( $tmce_on ) { self::print_tinymce_scripts(); if ( self::$ext_plugins ) { // Load the old-format English strings to prevent unsightly labels in old style popups. echo "<script type='text/javascript' src='{$baseurl}/langs/wp-langs-en.js?$version'></script>\n"; } } /** * Fires after tinymce.js is loaded, but before any TinyMCE editor * instances are created. * * @since 3.9.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'wp_tiny_mce_init', self::$mce_settings ); ?> <script type="text/javascript"> <?php if ( self::$ext_plugins ) { echo self::$ext_plugins . "\n"; } if ( ! is_admin() ) { echo 'var ajaxurl = "' . admin_url( 'admin-ajax.php', 'relative' ) . '";'; } ?> ( function() { var initialized = []; var initialize = function() { var init, id, inPostbox, $wrap; var readyState = document.readyState; if ( readyState !== 'complete' && readyState !== 'interactive' ) { return; } for ( id in tinyMCEPreInit.mceInit ) { if ( initialized.indexOf( id ) > -1 ) { continue; } init = tinyMCEPreInit.mceInit[id]; $wrap = tinymce.$( '#wp-' + id + '-wrap' ); inPostbox = $wrap.parents( '.postbox' ).length > 0; if ( ! init.wp_skip_init && ( $wrap.hasClass( 'tmce-active' ) || ! tinyMCEPreInit.qtInit.hasOwnProperty( id ) ) && ( readyState === 'complete' || ( ! inPostbox && readyState === 'interactive' ) ) ) { tinymce.init( init ); initialized.push( id ); if ( ! window.wpActiveEditor ) { window.wpActiveEditor = id; } } } } if ( typeof tinymce !== 'undefined' ) { if ( tinymce.Env.ie && tinymce.Env.ie < 11 ) { tinymce.$( '.wp-editor-wrap ' ).removeClass( 'tmce-active' ).addClass( 'html-active' ); } else { if ( document.readyState === 'complete' ) { initialize(); } else { document.addEventListener( 'readystatechange', initialize ); } } } if ( typeof quicktags !== 'undefined' ) { for ( id in tinyMCEPreInit.qtInit ) { quicktags( tinyMCEPreInit.qtInit[id] ); if ( ! window.wpActiveEditor ) { window.wpActiveEditor = id; } } } }()); </script> <?php if ( in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) { self::wp_link_dialog(); } /** * Fires after any core TinyMCE editor instances are created. * * @since 3.2.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'after_wp_tiny_mce', self::$mce_settings ); } /** * Outputs the HTML for distraction-free writing mode. * * @since 3.2.0 * @deprecated 4.3.0 */ public static function wp_fullscreen_html() { _deprecated_function( __FUNCTION__, '4.3.0' ); } /** * Performs post queries for internal linking. * * @since 3.1.0 * * @param array $args { * Optional. Array of link query arguments. * * @type int $pagenum Page number. Default 1. * @type string $s Search keywords. * } * @return array|false $results { * An array of associative arrays of query results, false if there are none. * * @type array ...$0 { * @type int $ID Post ID. * @type string $title The trimmed, escaped post title. * @type string $permalink Post permalink. * @type string $info A 'Y/m/d'-formatted date for 'post' post type, * the 'singular_name' post type label otherwise. * } * } */ public static function wp_link_query( $args = array() ) { $pts = get_post_types( array( 'public' => true ), 'objects' ); $pt_names = array_keys( $pts ); $query = array( 'post_type' => $pt_names, 'suppress_filters' => true, 'update_post_term_cache' => false, 'update_post_meta_cache' => false, 'post_status' => 'publish', 'posts_per_page' => 20, ); $args['pagenum'] = isset( $args['pagenum'] ) ? absint( $args['pagenum'] ) : 1; if ( isset( $args['s'] ) ) { $query['s'] = $args['s']; } $query['offset'] = $args['pagenum'] > 1 ? $query['posts_per_page'] * ( $args['pagenum'] - 1 ) : 0; /** * Filters the link query arguments. * * Allows modification of the link query arguments before querying. * * @see WP_Query for a full list of arguments * * @since 3.7.0 * * @param array $query An array of WP_Query arguments. */ $query = apply_filters( 'wp_link_query_args', $query ); // Do main query. $get_posts = new WP_Query(); $posts = $get_posts->query( $query ); // Build results. $results = array(); foreach ( $posts as $post ) { if ( 'post' === $post->post_type ) { $info = mysql2date( __( 'Y/m/d' ), $post->post_date ); } else { $info = $pts[ $post->post_type ]->labels->singular_name; } $results[] = array( 'ID' => $post->ID, 'title' => trim( esc_html( strip_tags( get_the_title( $post ) ) ) ), 'permalink' => get_permalink( $post->ID ), 'info' => $info, ); } /** * Filters the link query results. * * Allows modification of the returned link query results. * * @since 3.7.0 * * @see 'wp_link_query_args' filter * * @param array $results { * An array of associative arrays of query results. * * @type array ...$0 { * @type int $ID Post ID. * @type string $title The trimmed, escaped post title. * @type string $permalink Post permalink. * @type string $info A 'Y/m/d'-formatted date for 'post' post type, * the 'singular_name' post type label otherwise. * } * } * @param array $query An array of WP_Query arguments. */ $results = apply_filters( 'wp_link_query', $results, $query ); return ! empty( $results ) ? $results : false; } /** * Dialog for internal linking. * * @since 3.1.0 */ public static function wp_link_dialog() { // Run once. if ( self::$link_dialog_printed ) { return; } self::$link_dialog_printed = true; // `display: none` is required here, see #WP27605. ?> <div id="wp-link-backdrop" style="display: none"></div> <div id="wp-link-wrap" class="wp-core-ui" style="display: none" role="dialog" aria-modal="true" aria-labelledby="link-modal-title"> <form id="wp-link" tabindex="-1"> <?php wp_nonce_field( 'internal-linking', '_ajax_linking_nonce', false ); ?> <h1 id="link-modal-title"><?php _e( 'Insert/edit link' ); ?></h1> <button type="button" id="wp-link-close"><span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Close' ); ?> </span></button> <div id="link-selector"> <div id="link-options"> <p class="howto" id="wplink-enter-url"><?php _e( 'Enter the destination URL' ); ?></p> <div> <label><span><?php _e( 'URL' ); ?></span> <input id="wp-link-url" type="text" aria-describedby="wplink-enter-url" /></label> </div> <div class="wp-link-text-field"> <label><span><?php _e( 'Link Text' ); ?></span> <input id="wp-link-text" type="text" /></label> </div> <div class="link-target"> <label><span></span> <input type="checkbox" id="wp-link-target" /> <?php _e( 'Open link in a new tab' ); ?></label> </div> </div> <p class="howto" id="wplink-link-existing-content"><?php _e( 'Or link to existing content' ); ?></p> <div id="search-panel"> <div class="link-search-wrapper"> <label> <span class="search-label"><?php _e( 'Search' ); ?></span> <input type="search" id="wp-link-search" class="link-search-field" autocomplete="off" aria-describedby="wplink-link-existing-content" /> <span class="spinner"></span> </label> </div> <div id="search-results" class="query-results" tabindex="0"> <ul></ul> <div class="river-waiting"> <span class="spinner"></span> </div> </div> <div id="most-recent-results" class="query-results" tabindex="0"> <div class="query-notice" id="query-notice-message"> <em class="query-notice-default"><?php _e( 'No search term specified. Showing recent items.' ); ?></em> <em class="query-notice-hint screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Search or use up and down arrow keys to select an item.' ); ?> </em> </div> <ul></ul> <div class="river-waiting"> <span class="spinner"></span> </div> </div> </div> </div> <div class="submitbox"> <div id="wp-link-cancel"> <button type="button" class="button"><?php _e( 'Cancel' ); ?></button> </div> <div id="wp-link-update"> <input type="submit" value="<?php esc_attr_e( 'Add Link' ); ?>" class="button button-primary" id="wp-link-submit" name="wp-link-submit"> </div> </div> </form> </div> <?php } } HTTP/https-migration-20260605124943-20260607002732.php 0000666 00000011205 15226703613 0014150 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605091014-20260615161150.php 0000666 00000011205 15226703613 0014137 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605092322-20260607002737.php 0000666 00000011205 15226703613 0014150 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Psr7Response-20260605023251.php 0000666 00000004201 15226703613 0011773 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use Psr\Http\Message\ResponseInterface; /** * HTTP Response based on a PSR-7 response * * This interface must be interoperable with Psr\Http\Message\ResponseInterface * @see https://www.php-fig.org/psr/psr-7/#33-psrhttpmessageresponseinterface * * @internal */ final class Psr7Response implements Response { /** * @var ResponseInterface */ private $response; /** * @var string */ private $permanent_url; /** * @var string */ private $requested_url; public function __construct(ResponseInterface $response, string $permanent_url, string $requested_url) { $this->response = $response; $this->permanent_url = $permanent_url; $this->requested_url = $requested_url; } public function get_permanent_uri(): string { return $this->permanent_url; } public function get_final_requested_uri(): string { return $this->requested_url; } public function get_status_code(): int { return $this->response->getStatusCode(); } public function get_headers(): array { // The filtering is probably redundant but let’s make PHPStan happy. return array_filter($this->response->getHeaders(), function (array $header): bool { return count($header) >= 1; }); } public function has_header(string $name): bool { return $this->response->hasHeader($name); } public function with_header(string $name, $value) { return new self($this->response->withHeader($name, $value), $this->permanent_url, $this->requested_url); } public function get_header(string $name): array { return $this->response->getHeader($name); } public function get_header_line(string $name): string { return $this->response->getHeaderLine($name); } public function get_body_content(): string { return $this->response->getBody()->__toString(); } } HTTP/https-detection-20260606100547-20260608112152.php 0000666 00000013341 15226703613 0014132 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260606024459.php 0000666 00000013341 15226703613 0012560 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605234727-20260608222141.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Exception-20260605104336.php 0000666 00000000543 15226703613 0011370 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie; use Exception as NativeException; /** * General SimplePie exception class */ class Exception extends NativeException { } class_alias('SimplePie\Exception', 'SimplePie_Exception'); HTTP/https-migration-20260606111420.php 0000666 00000011205 15226703613 0012551 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605100700.php 0000666 00000011205 15226703613 0012547 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/plugin-20260605041814.php 0000666 00000107225 15226703613 0010736 0 ustar 00 <?php /** * The plugin API is located in this file, which allows for creating actions * and filters and hooking functions, and methods. The functions or methods will * then be run when the action or filter is called. * * The API callback examples reference functions, but can be methods of classes. * To hook methods, you'll need to pass an array one of two ways. * * Any of the syntaxes explained in the PHP documentation for the * {@link https://www.php.net/manual/en/language.pseudo-types.php#language.types.callback 'callback'} * type are valid. * * Also see the {@link https://developer.wordpress.org/plugins/ Plugin API} for * more information and examples on how to use a lot of these functions. * * This file should have no external dependencies. * * @package WordPress * @subpackage Plugin * @since 1.5.0 */ // Initialize the filter globals. require __DIR__ . '/class-wp-hook.php'; /** @var WP_Hook[] $wp_filter */ global $wp_filter; /** @var int[] $wp_actions */ global $wp_actions; /** @var int[] $wp_filters */ global $wp_filters; /** @var string[] $wp_current_filter */ global $wp_current_filter; if ( $wp_filter ) { $wp_filter = WP_Hook::build_preinitialized_hooks( $wp_filter ); } else { $wp_filter = array(); } if ( ! isset( $wp_actions ) ) { $wp_actions = array(); } if ( ! isset( $wp_filters ) ) { $wp_filters = array(); } if ( ! isset( $wp_current_filter ) ) { $wp_current_filter = array(); } /** * Adds a callback function to a filter hook. * * WordPress offers filter hooks to allow plugins to modify * various types of internal data at runtime. * * A plugin can modify data by binding a callback to a filter hook. When the filter * is later applied, each bound callback is run in order of priority, and given * the opportunity to modify a value by returning a new value. * * The following example shows how a callback function is bound to a filter hook. * * Note that `$example` is passed to the callback, (maybe) modified, then returned: * * function example_callback( $example ) { * // Maybe modify $example in some way. * return $example; * } * add_filter( 'example_filter', 'example_callback' ); * * Bound callbacks can accept from none to the total number of arguments passed as parameters * in the corresponding apply_filters() call. * * In other words, if an apply_filters() call passes four total arguments, callbacks bound to * it can accept none (the same as 1) of the arguments or up to four. The important part is that * the `$accepted_args` value must reflect the number of arguments the bound callback *actually* * opted to accept. If no arguments were accepted by the callback that is considered to be the * same as accepting 1 argument. For example: * * // Filter call. * $value = apply_filters( 'hook', $value, $arg2, $arg3 ); * * // Accepting zero/one arguments. * function example_callback() { * ... * return 'some value'; * } * add_filter( 'hook', 'example_callback' ); // Where $priority is default 10, $accepted_args is default 1. * * // Accepting two arguments (three possible). * function example_callback( $value, $arg2 ) { * ... * return $maybe_modified_value; * } * add_filter( 'hook', 'example_callback', 10, 2 ); // Where $priority is 10, $accepted_args is 2. * * *Note:* The function will return true whether or not the callback is valid. * It is up to you to take care. This is done for optimization purposes, so * everything is as quick as possible. * * @since 0.71 * * @global WP_Hook[] $wp_filter A multidimensional array of all hooks and the callbacks hooked to them. * * @param string $hook_name The name of the filter to add the callback to. * @param callable $callback The callback to be run when the filter is applied. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular filter are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the filter. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_filter( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ] = new WP_Hook(); } $wp_filter[ $hook_name ]->add_filter( $hook_name, $callback, $priority, $accepted_args ); return true; } /** * Calls the callback functions that have been added to a filter hook. * * This function invokes all functions attached to filter hook `$hook_name`. * It is possible to create new filter hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * The function also allows for multiple additional arguments to be passed to hooks. * * Example usage: * * // The filter callback function. * function example_callback( $string, $arg1, $arg2 ) { * // (maybe) modify $string. * return $string; * } * add_filter( 'example_filter', 'example_callback', 10, 3 ); * * /* * * Apply the filters by calling the 'example_callback()' function * * that's hooked onto `example_filter` above. * * * * - 'example_filter' is the filter hook. * * - 'filter me' is the value being filtered. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * $value = apply_filters( 'example_filter', 'filter me', $arg1, $arg2 ); * * @since 0.71 * @since 6.0.0 Formalized the existing and already documented `...$args` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param mixed $value The value to filter. * @param mixed ...$args Optional. Additional parameters to pass to the callback functions. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters( $hook_name, $value, ...$args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $value; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } // Pass the value to WP_Hook. array_unshift( $args, $value ); $filtered = $wp_filter[ $hook_name ]->apply_filters( $value, $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Calls the callback functions that have been added to a filter hook, specifying arguments in an array. * * @since 3.0.0 * * @see apply_filters() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_filters Stores the number of times each filter was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the filter hook. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_ref_array( $hook_name, $args ) { global $wp_filter, $wp_filters, $wp_current_filter; if ( ! isset( $wp_filters[ $hook_name ] ) ) { $wp_filters[ $hook_name ] = 1; } else { ++$wp_filters[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return $args[0]; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $filtered = $wp_filter[ $hook_name ]->apply_filters( $args[0], $args ); array_pop( $wp_current_filter ); return $filtered; } /** * Checks if any filter has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The name of the filter hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_filter( $hook_name, $callback = false, $priority = false ) { global $wp_filter; if ( ! isset( $wp_filter[ $hook_name ] ) ) { return false; } return $wp_filter[ $hook_name ]->has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from a filter hook. * * This can be used to remove default functions attached to a specific filter * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter hook to which the function to be removed is hooked. * @param callable|string|array $callback The callback to be removed from running when the filter is applied. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * filter callback. Default 10. * @return bool Whether the function existed before it was removed. */ function remove_filter( $hook_name, $callback, $priority = 10 ) { global $wp_filter; $r = false; if ( isset( $wp_filter[ $hook_name ] ) ) { $r = $wp_filter[ $hook_name ]->remove_filter( $hook_name, $callback, $priority ); if ( ! $wp_filter[ $hook_name ]->callbacks ) { unset( $wp_filter[ $hook_name ] ); } } return $r; } /** * Removes all of the callback functions from a filter hook. * * @since 2.7.0 * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param string $hook_name The filter to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_filters( $hook_name, $priority = false ) { global $wp_filter; if ( isset( $wp_filter[ $hook_name ] ) ) { $wp_filter[ $hook_name ]->remove_all_filters( $priority ); if ( ! $wp_filter[ $hook_name ]->has_filters() ) { unset( $wp_filter[ $hook_name ] ); } } return true; } /** * Retrieves the name of the current filter hook. * * @since 2.5.0 * * @global string[] $wp_current_filter Stores the list of current filters with the current one last * * @return string|false Hook name of the current filter, false if no filter is running. */ function current_filter() { global $wp_current_filter; return end( $wp_current_filter ); } /** * Returns whether or not a filter hook is currently being processed. * * The function current_filter() only returns the most recent filter being executed. * did_filter() returns the number of times a filter has been applied during * the current request. * * This function allows detection for any filter currently being executed * (regardless of whether it's the most recent filter to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_filter() * @see did_filter() * @global string[] $wp_current_filter Current filter. * * @param string|null $hook_name Optional. Filter hook to check. Defaults to null, * which checks if any filter is currently being run. * @return bool Whether the filter is currently in the stack. */ function doing_filter( $hook_name = null ) { global $wp_current_filter; if ( null === $hook_name ) { return ! empty( $wp_current_filter ); } return in_array( $hook_name, $wp_current_filter, true ); } /** * Retrieves the number of times a filter has been applied during the current request. * * @since 6.1.0 * * @global int[] $wp_filters Stores the number of times each filter was triggered. * * @param string $hook_name The name of the filter hook. * @return int The number of times the filter hook has been applied. */ function did_filter( $hook_name ) { global $wp_filters; if ( ! isset( $wp_filters[ $hook_name ] ) ) { return 0; } return $wp_filters[ $hook_name ]; } /** * Adds a callback function to an action hook. * * Actions are the hooks that the WordPress core launches at specific points * during execution, or when specific events occur. Plugins can specify that * one or more of its PHP functions are executed at these points, using the * Action API. * * @since 1.2.0 * * @param string $hook_name The name of the action to add the callback to. * @param callable $callback The callback to be run when the action is called. * @param int $priority Optional. Used to specify the order in which the functions * associated with a particular action are executed. * Lower numbers correspond with earlier execution, * and functions with the same priority are executed * in the order in which they were added to the action. Default 10. * @param int $accepted_args Optional. The number of arguments the function accepts. Default 1. * @return true Always returns true. */ function add_action( $hook_name, $callback, $priority = 10, $accepted_args = 1 ) { return add_filter( $hook_name, $callback, $priority, $accepted_args ); } /** * Calls the callback functions that have been added to an action hook. * * This function invokes all functions attached to action hook `$hook_name`. * It is possible to create new action hooks by simply calling this function, * specifying the name of the new hook using the `$hook_name` parameter. * * You can pass extra arguments to the hooks, much like you can with `apply_filters()`. * * Example usage: * * // The action callback function. * function example_callback( $arg1, $arg2 ) { * // (maybe) do something with the args. * } * add_action( 'example_action', 'example_callback', 10, 2 ); * * /* * * Trigger the actions by calling the 'example_callback()' function * * that's hooked onto `example_action` above. * * * * - 'example_action' is the action hook. * * - $arg1 and $arg2 are the additional arguments passed to the callback. * do_action( 'example_action', $arg1, $arg2 ); * * @since 1.2.0 * @since 5.3.0 Formalized the existing and already documented `...$arg` parameter * by adding it to the function signature. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param mixed ...$arg Optional. Additional arguments which are passed on to the * functions hooked to the action. Default empty. */ function do_action( $hook_name, ...$arg ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } if ( empty( $arg ) ) { $arg[] = ''; } elseif ( is_array( $arg[0] ) && 1 === count( $arg[0] ) && isset( $arg[0][0] ) && is_object( $arg[0][0] ) ) { // Backward compatibility for PHP4-style passing of `array( &$this )` as action `$arg`. $arg[0] = $arg[0][0]; } $wp_filter[ $hook_name ]->do_action( $arg ); array_pop( $wp_current_filter ); } /** * Calls the callback functions that have been added to an action hook, specifying arguments in an array. * * @since 2.1.0 * * @see do_action() This function is identical, but the arguments passed to the * functions hooked to `$hook_name` are supplied using an array. * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * @global int[] $wp_actions Stores the number of times each action was triggered. * @global string[] $wp_current_filter Stores the list of current filters with the current one last. * * @param string $hook_name The name of the action to be executed. * @param array $args The arguments supplied to the functions hooked to `$hook_name`. */ function do_action_ref_array( $hook_name, $args ) { global $wp_filter, $wp_actions, $wp_current_filter; if ( ! isset( $wp_actions[ $hook_name ] ) ) { $wp_actions[ $hook_name ] = 1; } else { ++$wp_actions[ $hook_name ]; } // Do 'all' actions first. if ( isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; $all_args = func_get_args(); // phpcs:ignore PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection _wp_call_all_hook( $all_args ); } if ( ! isset( $wp_filter[ $hook_name ] ) ) { if ( isset( $wp_filter['all'] ) ) { array_pop( $wp_current_filter ); } return; } if ( ! isset( $wp_filter['all'] ) ) { $wp_current_filter[] = $hook_name; } $wp_filter[ $hook_name ]->do_action( $args ); array_pop( $wp_current_filter ); } /** * Checks if any action has been registered for a hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 2.5.0 * @since 6.9.0 Added the `$priority` parameter. * * @see has_filter() This function is an alias of has_filter(). * * @param string $hook_name The name of the action hook. * @param callable|string|array|false $callback Optional. The callback to check for. * This function can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ function has_action( $hook_name, $callback = false, $priority = false ) { return has_filter( $hook_name, $callback, $priority ); } /** * Removes a callback function from an action hook. * * This can be used to remove default functions attached to a specific action * hook and possibly replace them with a substitute. * * To remove a hook, the `$callback` and `$priority` arguments must match * when the hook was added. This goes for both filters and actions. No warning * will be given on removal failure. * * @since 1.2.0 * * @param string $hook_name The action hook to which the function to be removed is hooked. * @param callable|string|array $callback The name of the function which should be removed. * This function can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority Optional. The exact priority used when adding the original * action callback. Default 10. * @return bool Whether the function is removed. */ function remove_action( $hook_name, $callback, $priority = 10 ) { return remove_filter( $hook_name, $callback, $priority ); } /** * Removes all of the callback functions from an action hook. * * @since 2.7.0 * * @param string $hook_name The action to remove callbacks from. * @param int|false $priority Optional. The priority number to remove them from. * Default false. * @return true Always returns true. */ function remove_all_actions( $hook_name, $priority = false ) { return remove_all_filters( $hook_name, $priority ); } /** * Retrieves the name of the current action hook. * * @since 3.9.0 * * @return string|false Hook name of the current action, false if no action is running. */ function current_action() { return current_filter(); } /** * Returns whether or not an action hook is currently being processed. * * The function current_action() only returns the most recent action being executed. * did_action() returns the number of times an action has been fired during * the current request. * * This function allows detection for any action currently being executed * (regardless of whether it's the most recent action to fire, in the case of * hooks called from hook callbacks) to be verified. * * @since 3.9.0 * * @see current_action() * @see did_action() * * @param string|null $hook_name Optional. Action hook to check. Defaults to null, * which checks if any action is currently being run. * @return bool Whether the action is currently in the stack. */ function doing_action( $hook_name = null ) { return doing_filter( $hook_name ); } /** * Retrieves the number of times an action has been fired during the current request. * * @since 2.1.0 * * @global int[] $wp_actions Stores the number of times each action was triggered. * * @param string $hook_name The name of the action hook. * @return int The number of times the action hook has been fired. */ function did_action( $hook_name ) { global $wp_actions; if ( ! isset( $wp_actions[ $hook_name ] ) ) { return 0; } return $wp_actions[ $hook_name ]; } /** * Fires functions attached to a deprecated filter hook. * * When a filter hook is deprecated, the apply_filters() call is replaced with * apply_filters_deprecated(), which triggers a deprecation notice and then fires * the original filter hook. * * Note: the value and extra arguments passed to the original apply_filters() call * must be passed here to `$args` as an array. For example: * * // Old filter. * return apply_filters( 'wpdocs_filter', $value, $extra_arg ); * * // Deprecated. * return apply_filters_deprecated( 'wpdocs_filter', array( $value, $extra_arg ), '4.9.0', 'wpdocs_new_filter' ); * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the filter hook. * @param array $args Array of additional function arguments to be passed to apply_filters(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. * @return mixed The filtered value after all hooked functions are applied to it. */ function apply_filters_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_filter( $hook_name ) ) { return $args[0]; } _deprecated_hook( $hook_name, $version, $replacement, $message ); return apply_filters_ref_array( $hook_name, $args ); } /** * Fires functions attached to a deprecated action hook. * * When an action hook is deprecated, the do_action() call is replaced with * do_action_deprecated(), which triggers a deprecation notice and then fires * the original hook. * * @since 4.6.0 * * @see _deprecated_hook() * * @param string $hook_name The name of the action hook. * @param array $args Array of additional function arguments to be passed to do_action(). * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty. * @param string $message Optional. A message regarding the change. Default empty. */ function do_action_deprecated( $hook_name, $args, $version, $replacement = '', $message = '' ) { if ( ! has_action( $hook_name ) ) { return; } _deprecated_hook( $hook_name, $version, $replacement, $message ); do_action_ref_array( $hook_name, $args ); } // // Functions for handling plugins. // /** * Gets the basename of a plugin. * * This method extracts the name of a plugin from its filename. * * @since 1.5.0 * * @global array $wp_plugin_paths * * @param string $file The filename of plugin. * @return string The name of a plugin. */ function plugin_basename( $file ) { global $wp_plugin_paths; // $wp_plugin_paths contains normalized paths. $file = wp_normalize_path( $file ); arsort( $wp_plugin_paths ); foreach ( $wp_plugin_paths as $dir => $realdir ) { if ( str_starts_with( $file, $realdir ) ) { $file = $dir . substr( $file, strlen( $realdir ) ); } } $plugin_dir = wp_normalize_path( WP_PLUGIN_DIR ); $mu_plugin_dir = wp_normalize_path( WPMU_PLUGIN_DIR ); // Get relative path from plugins directory. $file = preg_replace( '#^' . preg_quote( $plugin_dir, '#' ) . '/|^' . preg_quote( $mu_plugin_dir, '#' ) . '/#', '', $file ); $file = trim( $file, '/' ); return $file; } /** * Register a plugin's real path. * * This is used in plugin_basename() to resolve symlinked paths. * * @since 3.9.0 * * @see wp_normalize_path() * * @global array $wp_plugin_paths * * @param string $file Known path to the file. * @return bool Whether the path was able to be registered. */ function wp_register_plugin_realpath( $file ) { global $wp_plugin_paths; // Normalize, but store as static to avoid recalculation of a constant value. static $wp_plugin_path = null, $wpmu_plugin_path = null; if ( ! isset( $wp_plugin_path ) ) { $wp_plugin_path = wp_normalize_path( WP_PLUGIN_DIR ); $wpmu_plugin_path = wp_normalize_path( WPMU_PLUGIN_DIR ); } $plugin_path = wp_normalize_path( dirname( $file ) ); $plugin_realpath = wp_normalize_path( dirname( realpath( $file ) ) ); if ( $plugin_path === $wp_plugin_path || $plugin_path === $wpmu_plugin_path ) { return false; } if ( $plugin_path !== $plugin_realpath ) { $wp_plugin_paths[ $plugin_path ] = $plugin_realpath; } return true; } /** * Get the filesystem directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the filesystem path of the directory that contains the plugin. */ function plugin_dir_path( $file ) { return trailingslashit( dirname( $file ) ); } /** * Get the URL directory path (with trailing slash) for the plugin __FILE__ passed in. * * @since 2.8.0 * * @param string $file The filename of the plugin (__FILE__). * @return string the URL path of the directory that contains the plugin. */ function plugin_dir_url( $file ) { return trailingslashit( plugins_url( '', $file ) ); } /** * Set the activation hook for a plugin. * * When a plugin is activated, the action 'activate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'activate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'activate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'activate_PLUGIN' action. */ function register_activation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'activate_' . $file, $callback ); } /** * Sets the deactivation hook for a plugin. * * When a plugin is deactivated, the action 'deactivate_PLUGINNAME' hook is * called. In the name of this hook, PLUGINNAME is replaced with the name * of the plugin, including the optional subdirectory. For example, when the * plugin is located in wp-content/plugins/sampleplugin/sample.php, then * the name of this hook will become 'deactivate_sampleplugin/sample.php'. * * When the plugin consists of only one file and is (as by default) located at * wp-content/plugins/sample.php the name of this hook will be * 'deactivate_sample.php'. * * @since 2.0.0 * * @param string $file The filename of the plugin including the path. * @param callable $callback The function hooked to the 'deactivate_PLUGIN' action. */ function register_deactivation_hook( $file, $callback ) { $file = plugin_basename( $file ); add_action( 'deactivate_' . $file, $callback ); } /** * Sets the uninstallation hook for a plugin. * * Registers the uninstall hook that will be called when the user clicks on the * uninstall link that calls for the plugin to uninstall itself. The link won't * be active unless the plugin hooks into the action. * * The plugin should not run arbitrary code outside of functions, when * registering the uninstall hook. In order to run using the hook, the plugin * will have to be included, which means that any code laying outside of a * function will be run during the uninstallation process. The plugin should not * hinder the uninstallation process. * * If the plugin can not be written without running code within the plugin, then * the plugin should create a file named 'uninstall.php' in the base plugin * folder. This file will be called, if it exists, during the uninstallation process * bypassing the uninstall hook. The plugin, when using the 'uninstall.php' * should always check for the 'WP_UNINSTALL_PLUGIN' constant, before * executing. * * @since 2.7.0 * * @param string $file Plugin file. * @param callable $callback The callback to run when the hook is called. Must be * a static method or function. */ function register_uninstall_hook( $file, $callback ) { if ( is_array( $callback ) && is_object( $callback[0] ) ) { _doing_it_wrong( __FUNCTION__, __( 'Only a static class method or function can be used in an uninstall hook.' ), '3.1.0' ); return; } /* * The option should not be autoloaded, because it is not needed in most * cases. Emphasis should be put on using the 'uninstall.php' way of * uninstalling the plugin. */ $uninstallable_plugins = (array) get_option( 'uninstall_plugins' ); $plugin_basename = plugin_basename( $file ); if ( ! isset( $uninstallable_plugins[ $plugin_basename ] ) || $uninstallable_plugins[ $plugin_basename ] !== $callback ) { $uninstallable_plugins[ $plugin_basename ] = $callback; update_option( 'uninstall_plugins', $uninstallable_plugins ); } } /** * Calls the 'all' hook, which will process the functions hooked into it. * * The 'all' hook passes all of the arguments or parameters that were used for * the hook, which this function was called for. * * This function is used internally for apply_filters(), do_action(), and * do_action_ref_array() and is not meant to be used from outside those * functions. This function does not check for the existence of the all hook, so * it will fail unless the all hook exists prior to this function call. * * @since 2.5.0 * @access private * * @global WP_Hook[] $wp_filter Stores all of the filters and actions. * * @param array $args The collected parameters from the hook that was called. */ function _wp_call_all_hook( $args ) { global $wp_filter; $wp_filter['all']->do_all_hook( $args ); } /** * Builds a unique string ID for a hook callback function. * * Functions and static method callbacks are just returned as strings and * shouldn't have any speed penalty. * * @link https://core.trac.wordpress.org/ticket/3875 * * @since 2.2.3 * @since 5.3.0 Removed workarounds for spl_object_hash(). * `$hook_name` and `$priority` are no longer used, * and the function always returns a string. * * @access private * * @param string $hook_name Unused. The name of the filter to build ID for. * @param callable|string|array $callback The callback to generate ID for. The callback may * or may not exist. * @param int $priority Unused. The order in which the functions * associated with a particular action are executed. * @return string|null Unique function ID for usage as array key. * Null if a valid `$callback` is not passed. */ function _wp_filter_build_unique_id( $hook_name, $callback, $priority ) { if ( is_string( $callback ) ) { return $callback; } if ( is_object( $callback ) ) { // Closures are currently implemented as objects. $callback = array( $callback, '' ); } else { $callback = (array) $callback; } if ( is_object( $callback[0] ) ) { // Object class calling. return spl_object_hash( $callback[0] ) . $callback[1]; } elseif ( is_string( $callback[0] ) ) { // Static calling. return $callback[0] . '::' . $callback[1]; } return null; } HTTP/https-migration-20260605171026.php 0000666 00000011205 15226703613 0012560 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606194024-20260609150304.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-block-processor-20260605063225.php 0000666 00000210507 15226703613 0014274 0 ustar 00 <?php /** * Efficiently scan through block structure in document without parsing * the entire block tree and all of its JSON attributes into memory. * * @package WordPress * @subpackage Blocks * @since 6.9.0 */ /** * Class for efficiently scanning through block structure in a document * without parsing the entire block tree and JSON attributes into memory. * * ## Overview * * This class is designed to help analyze and modify block structure in a * streaming fashion and to bridge the gap between parsed block trees and * the text representing them. * * Use-cases for this class include but are not limited to: * * - Counting block types in a document. * - Queuing stylesheets based on the presence of various block types. * - Modifying blocks of a given type, i.e. migrations, updates, and styling. * - Searching for content of specific kinds, e.g. checking for blocks * with certain theme support attributes, or block bindings. * - Adding CSS class names to the element wrapping a block’s inner blocks. * * > *Note!* If a fully-parsed block tree of a document is necessary, including * > all the parsed JSON attributes, nested blocks, and HTML, consider * > using {@see \parse_blocks()} instead which will parse the document * > in one swift pass. * * For typical usage, jump first to the methods {@see self::next_block()}, * {@see self::next_delimiter()}, or {@see self::next_token()}. * * ### Values * * As a lower-level interface than {@see parse_blocks()} this class follows * different performance-focused values: * * - Minimize allocations so that documents of any size may be processed * on a fixed or marginal amount of memory. * - Make hidden costs explicit so that calling code only has to pay the * performance penalty for features it needs. * - Operate with a streaming and re-entrant design to make it possible * to operate on chunks of a document and to resume after pausing. * * This means that some operations might appear more cumbersome than one * might expect. This design tradeoff opens up opportunity to wrap this in * a convenience class to add higher-level functionality. * * ## Concepts * * All text documents can be considered a block document containing a combination * of “freeform HTML” and explicit block structure. Block structure forms through * special HTML comments called _delimiters_ which include a block type and, * optionally, block attributes encoded as a JSON object payload. * * This processor is designed to scan through a block document from delimiter to * delimiter, tracking how the delimiters impact the structure of the document. * Spans of HTML appear between delimiters. If these spans exist at the top level * of the document, meaning there is no containing block around them, they are * considered freeform HTML content. If, however, they appear _inside_ block * structure they are interpreted as `innerHTML` for the containing block. * * ### Tokens and scanning * * As the processor scans through a document is reports information about the token * on which is pauses. Tokens represent spans of text in the input comprising block * delimiters and spans of HTML. * * - {@see self::next_token()} visits every contiguous subspan of text in the * input document. This includes all explicit block comment delimiters and spans * of HTML content (whether freeform or inner HTML). * - {@see self::next_delimiter()} visits every explicit block comment delimiter * unless passed a block type which covers freeform HTML content. In these cases * it will stop at top-level spans of HTML and report a `null` block type. * - {@see self::next_block()} visits every block delimiter which _opens_ a block. * This includes opening block delimiters as well as void block delimiters. With * the same exception as above for freeform HTML block types, this will visit * top-level spans of HTML content. * * When matched on a particular token, the following methods provide structural * and textual information about it: * * - {@see self::get_delimiter_type()} reports whether the delimiter is an opener, * a closer, or if it represents a whole void block. * - {@see self::get_block_type()} reports the fully-qualified block type which * the delimiter represents. * - {@see self::get_printable_block_type()} reports the fully-qualified block type, * but returns `core/freeform` instead of `null` for top-level freeform HTML content. * - {@see self::is_block_type()} indicates if the delimiter represents a block of * the given block type, or wildcard or pseudo-block type described below. * - {@see self::opens_block()} indicates if the delimiter opens a block of one * of the provided block types. Opening, void, and top-level freeform HTML content * all open blocks. * - {@see static::get_attributes()} is currently reserved for a future streaming * JSON parser class. * - {@see self::allocate_and_return_parsed_attributes()} extracts the JSON attributes * for delimiters which open blocks and return the fully-parsed attributes as an * associative array. {@see static::get_last_json_error()} for when this fails. * - {@see self::is_html()} indicates if the token is a span of HTML which might * be top-level freeform content or a block’s inner HTML. * - {@see self::get_html_content()} returns the span of HTML. * - {@see self::get_span()} for the byte offset and length into the input document * representing the token. * * It’s possible for the processor to fail to scan forward if the input document ends * in a proper prefix of an explicit block comment delimiter. For example, if the input * ends in `<!-- wp:` then it _might_ be the start of another delimiter. The parser * cannot know, however, and therefore refuses to proceed. {@see static::get_last_error()} * to distinguish between a failure to find the next token and an incomplete input. * * ### Block types * * A block’s “type” comprises an optional _namespace_ and _name_. If the namespace * isn’t provided it will be interpreted as the implicit `core` namespace. For example, * the type `gallery` is the name of the block in the `core` namespace, but the type * `abc/gallery` is the _fully-qualified_ block type for the block whose name is still * `gallery`, but in the `abc` namespace. * * Methods on this class are aware of this block naming semantic and anywhere a block * type is an argument to a method it will be normalized to account for implicit namespaces. * Passing `paragraph` is the same as passing `core/paragraph`. On the contrary, anywhere * this class returns a block type, it will return the fully-qualified and normalized form. * For example, for the `<!-- wp:group -->` delimiter it will return `core/group` as the * block type. * * There are two special block types that change the behavior of the processor: * * - The wildcard `*` represents _any block_. In addition to matching all block types, * it also represents top-level freeform HTML whose block type is reported as `null`. * * - The `core/freeform` block type is a pseudo-block type which explicitly matches * top-level freeform HTML. * * These special block types can be passed into any method which searches for blocks. * * There is one additional special block type which may be returned from * {@see self::get_printable_block_type()}. This is the `#innerHTML` type, which * indicates that the HTML span on which the processor is paused is inner HTML for * a containing block. * * ### Spans of HTML * * Non-block content plays a complicated role in processing block documents. This * processor exposes tools to help work with these spans of HTML. * * - {@see self::is_html()} indicates if the processor is paused at a span of * HTML but does not differentiate between top-level freeform content and inner HTML. * - {@see self::is_non_whitespace_html()} indicates not only if the processor * is paused at a span of HTML, but also whether that span incorporates more than * whitespace characters. Because block serialization often inserts newlines between * block comment delimiters, this is useful for distinguishing “real” freeform * content from purely aesthetic syntax. * - {@see self::is_block_type()} matches top-level freeform HTML content when * provided one of the special block types described above. * * ### Block structure * * As the processor traverses block delimiters it maintains a stack of which blocks are * open at the given place in the document where it’s paused. This stack represents the * block structure of a document and is used to determine where blocks end, which blocks * represent inner blocks, whether a span of HTML is top-level freeform content, and * more. Investigate the stack with {@see self::get_breadcrumbs()}, which returns an * array of block types starting at the outermost-open block and descending to the * currently-visited block. * * Unlike {@parse_blocks()}, spans of HTML appear in this structure as the special * reported block type `#html`. Such a span represents inner HTML for a block if the * depth reported by {@see self::get_depth()} is greater than one. * * It will generally not be necessary to inspect the stack of open blocks, though * depth may be important for finding where blocks end. When visiting a block opener, * the depth will have been increased before pausing; in contrast the depth is * decremented before visiting a closer. This makes the following an easy way to * determine if a block is still open. * * Example: * * $depth = $processor->get_depth(); * while ( $processor->next_token() && $processor->get_depth() > $depth ) { * continue * } * // Processor is now paused at the token immediately following the closed block. * * #### Extracting blocks * * A unique feature of this processor is the ability to return the same output as * {@see \parse_blocks()} would produce, but for a subset of the input document. * For example, it’s possible to extract an image block, manipulate that parsed * block, and re-serialize it into the original document. It’s possible to do so * while skipping over the parse of the rest of the document. * * {@see self::extract_full_block_and_advance()} will scan forward from the current block opener * and build the parsed block structure until the current block is closed. It will * include all inner HTML and inner blocks, and parse all of the inner blocks. It * can be used to extract a block at any depth in the document, helpful for operating * on blocks within nested structure. * * Example: * * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery_block = $processor->extract_full_block_and_advance(); * $after_gallery = $processor->get_span()->start; * return ( * substr( $post_content, 0, $gallery_at ) . * serialize_block( modify_gallery( $gallery_block ) . * substr( $post_content, $after_gallery ) * ); * * #### Handling of malformed structure * * There are situations where closing block delimiters appear for which no open block * exists, or where a document ends before a block is closed, or where a closing block * delimiter appears but references a different block type than the most-recently * opened block does. In all of these cases, the stack of open blocks should mirror * the behavior in {@see \parse_blocks()}. * * Unlike {@see \parse_blocks()}, however, this processor can still operate on the * invalid block delimiters. It provides a few functions which can be used for building * custom and non-spec-compliant error handling. * * - {@see self::has_closing_flag()} indicates if the block delimiter contains the * closing flag at the end. Some invalid block delimiters might contain both the * void and closing flag, in which case {@see self::get_delimiter_type()} will * report that it’s a void block. * - {@see static::get_last_error()} indicates if the processor reached an invalid * block closing. Depending on the context, {@see \parse_blocks()} might instead * ignore the token or treat it as freeform HTML content. * * ## Static helpers * * This class provides helpers for performing semantic block-related operations. * * - {@see self::normalize_block_type()} takes a block type with or without the * implicit `core` namespace and returns a fully-qualified block type. * - {@see self::are_equal_block_types()} indicates if two spans across one or * more input texts represent the same fully-qualified block type. * * ## Subclassing * * This processor is designed to accurately parse a block document. Therefore, many * of its methods are not meant for subclassing. However, overall this class supports * building higher-level convenience classes which may choose to subclass it. For those * classes, avoid re-implementing methods except for the list below. Instead, create * new names representing the higher-level concepts being introduced. For example, instead * of creating a new method named `next_block()` which only advances to blocks of a given * kind, consider creating a new method named something like `next_layout_block()` which * won’t interfere with the base class method. * * - {@see static::get_last_error()} may be reimplemented to report new errors in the subclass * which aren’t intrinsic to block parsing. * - {@see static::get_attributes()} may be reimplemented to provide a streaming interface * to reading and modifying a block’s JSON attributes. It should be fast and memory efficient. * - {@see static::get_last_json_error()} may be reimplemented to report new errors introduced * with a reimplementation of {@see static::get_attributes()}. * * @since 6.9.0 */ class WP_Block_Processor { /** * Indicates if the last operation failed, otherwise * will be `null` for success. * * @since 6.9.0 * * @var string|null */ private $last_error = null; /** * Indicates failures from decoding JSON attributes. * * @since 6.9.0 * * @see \json_last_error() * * @var int */ private $last_json_error = JSON_ERROR_NONE; /** * Source text provided to processor. * * @since 6.9.0 * * @var string */ protected $source_text; /** * Byte offset into source text where a matched delimiter starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰─ Starts at byte offset 17. * * @since 6.9.0 * * @var int */ private $matched_delimiter_at = 0; /** * Byte length of full span of a matched delimiter. * * Example: * * 5 10 15 20 25 30 35 40 45 50 * <!-- wp:group --><!-- wp:void /--><!-- /wp:group --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $matched_delimiter_length = 0; /** * First byte offset into source text following any previously-matched delimiter. * Used to indicate where an HTML span starts. * * Example: * * 5 10 15 20 25 30 35 40 45 50 55 * <!-- wp:paragraph --><p>Content</p><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨ * │ ╰─ This delimiter was matched, and after matching, * │ revealed the preceding HTML span. * │ * ╰─ The first byte offset after the previous matched delimiter * is 21. Because the matched delimiter starts at 55, which is after * this, a span of HTML must exist between these boundaries. * * @since 6.9.0 * * @var int */ private $after_previous_delimiter = 0; /** * Byte offset where namespace span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block name. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $namespace_at = 0; /** * Byte offset where block name span begins. * * When no namespace is present, this will be the same as the starting * byte offset for the block namespace. * * Example: * * <!-- wp:core/gallery --> * │ ╰─ Name starts here. * ╰─ Namespace starts here. * * <!-- wp:gallery --> * ├─ The namespace would start here but is implied as “core.” * ╰─ The name starts here. * * @since 6.9.0 * * @var int */ private $name_at = 0; /** * Byte length of block name span. * * Example: * * 5 10 15 20 25 * <!-- wp:core/gallery --> * ╰─────╯ * 7 bytes long. * * @since 6.9.0 * * @var int */ private $name_length = 0; /** * Whether the delimiter contains the block-closing flag. * * This may be erroneous if present within a void block, * therefore the {@see self::has_closing_flag()} can be used by * calling code to perform custom error-handling. * * @since 6.9.0 * * @var bool */ private $has_closing_flag = false; /** * Byte offset where JSON attributes span begins. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰─ Starts at byte offset 18. * * @since 6.9.0 * * @var int */ private $json_at; /** * Byte length of JSON attributes span, or 0 if none are present. * * Example: * * 5 10 15 20 25 30 35 40 * <!-- wp:paragraph {"dropCaps":true} --> * ╰───────────────╯ * 17 bytes long. * * @since 6.9.0 * * @var int */ private $json_length = 0; /** * Internal parser state, differentiating whether the instance is currently matched, * on an implicit freeform node, in error, or ready to begin parsing. * * @see self::READY * @see self::MATCHED * @see self::HTML_SPAN * @see self::INCOMPLETE_INPUT * @see self::COMPLETE * * @since 6.9.0 * * @var string */ protected $state = self::READY; /** * Indicates what kind of block comment delimiter was matched. * * One of: * * - {@see self::OPENER} If the delimiter is opening a block. * - {@see self::CLOSER} If the delimiter is closing an open block. * - {@see self::VOID} If the delimiter represents a void block with no inner content. * * If a parsed comment delimiter contains both the closing and the void * flags then it will be interpreted as a void block to match the behavior * of the official block parser, however, this is a syntax error and probably * the block ought to close an open block of the same name, if one is open. * * @since 6.9.0 * * @var string */ private $type; /** * Whether the last-matched delimiter acts like a void block and should be * popped from the stack of open blocks as soon as the parser advances. * * This applies to void block delimiters and to HTML spans. * * @since 6.9.0 * * @var bool */ private $was_void = false; /** * For every open block, in hierarchical order, this stores the byte offset * into the source text where the block type starts, including for HTML spans. * * To avoid allocating and normalizing block names when they aren’t requested, * the stack of open blocks is stored as the byte offsets and byte lengths of * each open block’s block type. This allows for minimal tracking and quick * reading or comparison of block types when requested. * * @since 6.9.0 * * @see self::$open_blocks_length * * @var int[] */ private $open_blocks_at = array(); /** * For every open block, in hierarchical order, this stores the byte length * of the block’s block type in the source text. For HTML spans this is 0. * * @since 6.9.0 * * @see self::$open_blocks_at * * @var int[] */ private $open_blocks_length = array(); /** * Indicates which operation should apply to the stack of open blocks after * processing any pending spans of HTML. * * Since HTML spans are discovered after matching block delimiters, those * delimiters need to defer modifying the stack of open blocks. This value, * if set, indicates what operation should be applied. The properties * associated with token boundaries still point to the delimiters even * when processing HTML spans, so there’s no need to track them independently. * * @var 'push'|'void'|'pop'|null */ private $next_stack_op = null; /** * Creates a new block processor. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( $processor->next_block( 'core/image' ) ) { * echo "Found an image!\n"; * } * * @see self::next_block() to advance to the start of the next block (skips closers). * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @since 6.9.0 * * @param string $source_text Input document potentially containing block content. */ public function __construct( string $source_text ) { $this->source_text = $source_text; } /** * Advance to the next block delimiter which opens a block, indicating if one was found. * * Delimiters which open blocks include opening and void block delimiters. To visit * freeform HTML content, pass the wildcard “*” as the block type. * * Use this function to walk through the blocks in a document, pausing where they open. * * Example blocks: * * // The first delimiter opens the paragraph block. * <⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨<p>Content</p><!-- /wp:paragraph--> * * // The void block is the first opener in this sequence of closers. * <!-- /wp:group --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨s⃨p⃨a⃨c⃨e⃨r⃨ ⃨{⃨"⃨h⃨e⃨i⃨g⃨h⃨t⃨"⃨:⃨"⃨2⃨0⃨0⃨p⃨x⃨"⃨}⃨ ⃨/⃨-⃨-⃨>⃨<!-- /wp:group --> * * // If, however, `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * <!-- /wp:list-item --></ul><!-- /wp:list --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨>⃨<p> * * Example: * * // Find all textual ranges of image block opening delimiters. * $images = array(); * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( 'core/image' ) ) { * $images[] = $processor->get_span(); * } * * In some cases it may be useful to conditionally visit the implicit freeform * blocks, such as when determining if a post contains freeform content that * isn’t purely whitespace. * * Example: * * $seen_block_types = []; * $block_type = '*'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_block( $block_type ) { * // Stop wasting time visiting freeform blocks after one has been found. * if ( * '*' === $block_type && * null === $processor->get_block_type() && * $processor->is_non_whitespace_html() * ) { * $block_type = null; * $seen_block_types['core/freeform'] = true; * continue; * } * * $seen_block_types[ $processor->get_block_type() ] = true; * } * * @since 6.9.0 * * @see self::next_delimiter() to advance to the next explicit block delimiter. * @see self::next_token() to advance to the next block delimiter or HTML span. * * @param string|null $block_type Optional. If provided, advance until a block of this type is found. * Default is to stop at any block regardless of its type. * @return bool Whether an opening delimiter for a block was found. */ public function next_block( ?string $block_type = null ): bool { while ( $this->next_delimiter( $block_type ) ) { if ( self::CLOSER !== $this->get_delimiter_type() ) { return true; } } return false; } /** * Advance to the next block delimiter in a document, indicating if one was found. * * Delimiters may include invalid JSON. This parser does not attempt to parse the * JSON attributes until requested; when invalid, the attributes will be null. This * matches the behavior of {@see \parse_blocks()}. To visit freeform HTML content, * pass the wildcard “*” as the block type. * * Use this function to walk through the block delimiters in a document. * * Example delimiters: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * * // If the wildcard `*` is provided as the block type, freeform content is matched. * <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /--> * * // Inner HTML is never freeform content, and will not be matched even with the wildcard. * ...</ul><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨l⃨i⃨s⃨t⃨ ⃨-⃨-⃨>⃨<!-- wp:paragraph --><p> * * Example: * * $html = '<!-- wp:void /-->\n<!-- wp:void /-->'; * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() { * // Runs twice, seeing both void blocks of type “core/void.” * } * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter( '*' ) ) { * // Runs thrice, seeing the void block, the newline span, and the void block. * } * * @since 6.9.0 * * @param string|null $block_name Optional. Keep searching until a block of this name is found. * Defaults to visit every block regardless of type. * @return bool Whether a block delimiter was matched. */ public function next_delimiter( ?string $block_name = null ): bool { if ( ! isset( $block_name ) ) { while ( $this->next_token() ) { if ( ! $this->is_html() ) { return true; } } return false; } while ( $this->next_token() ) { if ( $this->is_block_type( $block_name ) ) { return true; } } return false; } /** * Advance to the next block delimiter or HTML span in a document, indicating if one was found. * * This function steps through every syntactic chunk in a document. This includes explicit * block comment delimiters, freeform non-block content, and inner HTML segments. * * Example tokens: * * <!-- wp:paragraph {"dropCap": true} --> * <!-- wp:separator /--> * <!-- /wp:paragraph --> * <p>Normal HTML content</p> * Plaintext content too! * * Example: * * // Find span containing wrapping HTML element surrounding inner blocks. * $processor = new WP_Block_Processor( $html ); * if ( ! $processor->next_block( 'gallery' ) ) { * return null; * } * * $containing_span = null; * while ( $processor->next_token() && $processor->is_html() ) { * $containing_span = $processor->get_span(); * } * * This method will visit all HTML spans including those forming freeform non-block * content as well as those which are part of a block’s inner HTML. * * @since 6.9.0 * * @return bool Whether a token was matched or the end of the document was reached without finding any. */ public function next_token(): bool { if ( $this->last_error || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return false; } // Void tokens automatically pop off the stack of open blocks. if ( $this->was_void ) { array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); $this->was_void = false; } $text = $this->source_text; $end = strlen( $text ); /* * Because HTML spans are inferred after finding the next delimiter, it means that * the parser must transition out of that HTML state and reuse the token boundaries * it found after the HTML span. If those boundaries are before the end of the * document it implies that a real delimiter was found; otherwise this must be the * terminating HTML span and the parsing is complete. */ if ( self::HTML_SPAN === $this->state ) { if ( $this->matched_delimiter_at >= $end ) { $this->state = self::COMPLETE; return false; } switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'push': $this->open_blocks_at[] = $this->namespace_at; $this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; $this->state = self::MATCHED; return true; } $this->state = self::READY; $after_prev_delimiter = $this->matched_delimiter_at + $this->matched_delimiter_length; $at = $after_prev_delimiter; while ( $at < $end ) { /* * Find the next possible start of a delimiter. * * This follows the behavior in the official block parser, which segments a post * by the block comment delimiters. It is possible for an HTML attribute to contain * what looks like a block comment delimiter but which is actually an HTML attribute * value. In such a case, the parser here will break apart the HTML and create the * block boundary inside the HTML attribute. In other words, the block parser * isolates sections of HTML from each other, even if that leads to malformed markup. * * For a more robust parse, scan through the document with the HTML API and parse * comments once they are matched to see if they are also block delimiters. In * practice, this nuance has not caused any known problems since developing blocks. * * <⃨!⃨-⃨-⃨ /wp:core/paragraph {"dropCap":true} /--> */ $comment_opening_at = strpos( $text, '<!--', $at ); /* * Even if the start of a potential block delimiter is not found, the document * might end in a prefix of such, and in that case there is incomplete input. */ if ( false === $comment_opening_at ) { if ( str_ends_with( $text, '<!-' ) ) { $backup = 3; } elseif ( str_ends_with( $text, '<!' ) ) { $backup = 2; } elseif ( str_ends_with( $text, '<' ) ) { $backup = 1; } else { $backup = 0; } // Whether or not there is a potential delimiter, there might be an HTML span. if ( $after_prev_delimiter < ( $end - $backup ) ) { $this->state = self::HTML_SPAN; $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $end - $backup; $this->matched_delimiter_length = $backup; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } /* * In the case that there is the start of an HTML comment, it means that there * might be a block delimiter, but it’s not possible know, therefore it’s incomplete. */ if ( $backup > 0 ) { goto incomplete; } // Otherwise this is the end. $this->state = self::COMPLETE; return false; } // <!-- ⃨/wp:core/paragraph {"dropCap":true} /--> $opening_whitespace_at = $comment_opening_at + 4; if ( $opening_whitespace_at >= $end ) { goto incomplete; } $opening_whitespace_length = strspn( $text, " \t\f\r\n", $opening_whitespace_at ); /* * The `wp` prefix cannot come before this point, but it may come after it * depending on the presence of the closer. This is detected next. */ $wp_prefix_at = $opening_whitespace_at + $opening_whitespace_length; if ( $wp_prefix_at >= $end ) { goto incomplete; } if ( 0 === $opening_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /⃨wp:core/paragraph {"dropCap":true} /--> $has_closer = false; if ( '/' === $text[ $wp_prefix_at ] ) { $has_closer = true; ++$wp_prefix_at; } // <!-- /w⃨p⃨:⃨core/paragraph {"dropCap":true} /--> if ( $wp_prefix_at < $end && 0 !== substr_compare( $text, 'wp:', $wp_prefix_at, 3 ) ) { if ( ( $wp_prefix_at + 2 >= $end && str_ends_with( $text, 'wp' ) ) || ( $wp_prefix_at + 1 >= $end && str_ends_with( $text, 'w' ) ) ) { goto incomplete; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * If the block contains no namespace, this will end up masquerading with * the block name. It’s easier to first detect the span and then determine * if it’s a namespace of a name. * * <!-- /wp:c⃨o⃨r⃨e⃨/paragraph {"dropCap":true} /--> */ $namespace_at = $wp_prefix_at + 3; if ( $namespace_at >= $end ) { goto incomplete; } $start_of_namespace = $text[ $namespace_at ]; // The namespace must start with a-z. if ( 'a' > $start_of_namespace || 'z' < $start_of_namespace ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $namespace_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $namespace_at + 1 ); $separator_at = $namespace_at + $namespace_length; if ( $separator_at >= $end ) { goto incomplete; } // <!-- /wp:core/⃨paragraph {"dropCap":true} /--> $has_separator = '/' === $text[ $separator_at ]; if ( $has_separator ) { $name_at = $separator_at + 1; if ( $name_at >= $end ) { goto incomplete; } // <!-- /wp:core/p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ {"dropCap":true} /--> $start_of_name = $text[ $name_at ]; if ( 'a' > $start_of_name || 'z' < $start_of_name ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } $name_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $name_at + 1 ); } else { $name_at = $namespace_at; $name_length = $namespace_length; } if ( $name_at + $name_length >= $end ) { goto incomplete; } /* * For this next section of the delimiter, it could be the JSON attributes * or it could be the end of the comment. Assume that the JSON is there and * update if it’s not. */ // <!-- /wp:core/paragraph ⃨{"dropCap":true} /--> $after_name_whitespace_at = $name_at + $name_length; $after_name_whitespace_length = strspn( $text, " \t\f\r\n", $after_name_whitespace_at ); $json_at = $after_name_whitespace_at + $after_name_whitespace_length; if ( $json_at >= $end ) { goto incomplete; } if ( 0 === $after_name_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // <!-- /wp:core/paragraph {⃨"dropCap":true} /--> $has_json = '{' === $text[ $json_at ]; $json_length = 0; /* * For the final span of the delimiter it's most efficient to find the end of the * HTML comment and work backwards. This prevents complicated parsing inside the * JSON span, which is not allowed to contain the HTML comment terminator. * * This also matches the behavior in the official block parser, * even though it allows for matching invalid JSON content. * * <!-- /wp:core/paragraph {"dropCap":true} /-⃨-⃨>⃨ */ $comment_closing_at = strpos( $text, '-->', $json_at ); if ( false === $comment_closing_at ) { goto incomplete; } // <!-- /wp:core/paragraph {"dropCap":true} /⃨--> if ( '/' === $text[ $comment_closing_at - 1 ] ) { $has_void_flag = true; $void_flag_length = 1; } else { $has_void_flag = false; $void_flag_length = 0; } /* * If there's no JSON, then the span of text after the name * until the comment closing must be completely whitespace. * Otherwise it’s a normal HTML comment. */ if ( ! $has_json ) { if ( $after_name_whitespace_at + $after_name_whitespace_length === $comment_closing_at - $void_flag_length ) { // This must be a block delimiter! $this->state = self::MATCHED; break; } $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } /* * There's JSON, so attempt to find its boundary. * * @todo It’s likely faster to scan forward instead of in reverse. * * <!-- /wp:core/paragraph {"dropCap":true}⃨ ⃨/--> */ $after_json_whitespace_length = 0; for ( $char_at = $comment_closing_at - $void_flag_length - 1; $char_at > $json_at; $char_at-- ) { $char = $text[ $char_at ]; switch ( $char ) { case ' ': case "\t": case "\f": case "\r": case "\n": ++$after_json_whitespace_length; continue 2; case '}': $json_length = $char_at - $json_at + 1; break 2; default: ++$at; continue 3; } } /* * This covers cases where there is no terminating “}” or where * mandatory whitespace is missing. */ if ( 0 === $json_length || 0 === $after_json_whitespace_length ) { $at = $this->find_html_comment_end( $comment_opening_at, $end ); continue; } // This must be a block delimiter! $this->state = self::MATCHED; break; } // The end of the document was reached without a match. if ( self::MATCHED !== $this->state ) { $this->state = self::COMPLETE; return false; } /* * From this point forward, a delimiter has been matched. There * might also be an HTML span that appears before the delimiter. */ $this->after_previous_delimiter = $after_prev_delimiter; $this->matched_delimiter_at = $comment_opening_at; $this->matched_delimiter_length = $comment_closing_at + 3 - $comment_opening_at; $this->namespace_at = $namespace_at; $this->name_at = $name_at; $this->name_length = $name_length; $this->json_at = $json_at; $this->json_length = $json_length; /* * When delimiters contain both the void flag and the closing flag * they shall be interpreted as void blocks, per the spec parser. */ if ( $has_void_flag ) { $this->type = self::VOID; $this->next_stack_op = 'void'; } elseif ( $has_closer ) { $this->type = self::CLOSER; $this->next_stack_op = 'pop'; /* * @todo Check if the name matches and bail according to the spec parser. * The default parser doesn’t examine the names. */ } else { $this->type = self::OPENER; $this->next_stack_op = 'push'; } $this->has_closing_flag = $has_closer; // HTML spans are visited before the delimiter that follows them. if ( $comment_opening_at > $after_prev_delimiter ) { $this->state = self::HTML_SPAN; $this->open_blocks_at[] = $after_prev_delimiter; $this->open_blocks_length[] = 0; $this->was_void = true; return true; } // If there were no HTML spans then flush the enqueued stack operations immediately. switch ( $this->next_stack_op ) { case 'void': $this->was_void = true; $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'push': $this->open_blocks_at[] = $namespace_at; $this->open_blocks_length[] = $name_at + $name_length - $namespace_at; break; case 'pop': array_pop( $this->open_blocks_at ); array_pop( $this->open_blocks_length ); break; } $this->next_stack_op = null; return true; incomplete: $this->state = self::COMPLETE; $this->last_error = self::INCOMPLETE_INPUT; return false; } /** * Returns an array containing the names of the currently-open blocks, in order * from outermost to innermost, with HTML spans indicated as “#html”. * * Example: * * // Freeform HTML content is an HTML span. * $processor = new WP_Block_Processor( 'Just text' ); * $processor->next_token(); * array( '#text' ) === $processor->get_breadcrumbs(); * * $processor = new WP_Block_Processor( '<!-- wp:a --><!-- wp:b --><!-- wp:c /--><!-- /wp:b --><!-- /wp:a -->' ); * $processor->next_token(); * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array( 'core/a', 'core/b' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Void blocks are only open while visiting them. * array( 'core/a', 'core/b', 'core/c' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * // Blocks are closed before visiting their closing delimiter. * array( 'core/a' ) === $processor->get_breadcrumbs(); * $processor->next_token(); * array() === $processor->get_breadcrumbs(); * * // Inner HTML is also an HTML span. * $processor = new WP_Block_Processor( '<!-- wp:a -->Inner HTML<!-- /wp:a -->' ); * $processor->next_token(); * $processor->next_token(); * array( 'core/a', '#html' ) === $processor->get_breadcrumbs(); * * @since 6.9.0 * * @return string[] */ public function get_breadcrumbs(): array { $breadcrumbs = array_fill( 0, count( $this->open_blocks_at ), null ); /* * Since HTML spans can only be at the very end, set the normalized block name for * each open element and then work backwards after creating the array. This allows * for the elimination of a conditional on each iteration of the loop. */ foreach ( $this->open_blocks_at as $i => $at ) { $block_type = substr( $this->source_text, $at, $this->open_blocks_length[ $i ] ); $breadcrumbs[ $i ] = self::normalize_block_type( $block_type ); } if ( isset( $i ) && 0 === $this->open_blocks_length[ $i ] ) { $breadcrumbs[ $i ] = '#html'; } return $breadcrumbs; } /** * Returns the depth of the open blocks where the processor is currently matched. * * Depth increases before visiting openers and void blocks and decreases before * visiting closers. HTML spans behave like void blocks. * * @since 6.9.0 * * @return int */ public function get_depth(): int { return count( $this->open_blocks_at ); } /** * Extracts a block object, and all inner content, starting at a matched opening * block delimiter, or at a matched top-level HTML span as freeform HTML content. * * Use this function to extract some blocks within a document, but not all. For example, * one might want to find image galleries, parse them, modify them, and then reserialize * them in place. * * Once this function returns, the parser will be matched on token following the close * of the given block. * * The return type of this method is compatible with the return of {@see \parse_blocks()}. * * Example: * * $processor = new WP_Block_Processor( $post_content ); * if ( ! $processor->next_block( 'gallery' ) ) { * return $post_content; * } * * $gallery_at = $processor->get_span()->start; * $gallery = $processor->extract_full_block_and_advance(); * $ends_before = $processor->get_span(); * $ends_before = $ends_before->start ?? strlen( $post_content ); * * $new_gallery = update_gallery( $gallery ); * $new_gallery = serialize_block( $new_gallery ); * * return ( * substr( $post_content, 0, $gallery_at ) . * $new_gallery . * substr( $post_content, $ends_before ) * ); * * @since 6.9.0 * * @return array[]|null { * Array of block structures. * * @type array ...$0 { * An associative array of a single parsed block object. See WP_Block_Parser_Block. * * @type string|null $blockName Name of block. * @type array $attrs Attributes from block comment delimiters. * @type array[] $innerBlocks List of inner blocks. An array of arrays that * have the same structure as this one. * @type string $innerHTML HTML from inside block comment delimiters. * @type array $innerContent List of string fragments and null markers where * inner blocks were found. * } * } */ public function extract_full_block_and_advance(): ?array { if ( $this->is_html() ) { $chunk = $this->get_html_content(); return array( 'blockName' => null, 'attrs' => array(), 'innerBlocks' => array(), 'innerHTML' => $chunk, 'innerContent' => array( $chunk ), ); } $block = array( 'blockName' => $this->get_block_type(), 'attrs' => $this->allocate_and_return_parsed_attributes() ?? array(), 'innerBlocks' => array(), 'innerHTML' => '', 'innerContent' => array(), ); $depth = $this->get_depth(); while ( $this->next_token() && $this->get_depth() > $depth ) { if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; continue; } /** * Inner blocks. * * @todo This is a decent place to call {@link \render_block()} * @todo Use iteration instead of recursion, or at least refactor to tail-call form. */ if ( $this->opens_block() ) { $inner_block = $this->extract_full_block_and_advance(); $block['innerBlocks'][] = $inner_block; $block['innerContent'][] = null; } /* * Because the parser has advanced past the closing block token, it * may be matched on an HTML span. This needs to be processed before * moving on to the next token at the start of the next loop iteration. */ if ( $this->is_html() ) { $chunk = $this->get_html_content(); $block['innerHTML'] .= $chunk; $block['innerContent'][] = $chunk; } } return $block; } /** * Returns the byte-offset after the ending character of an HTML comment, * assuming the proper starting byte offset. * * @since 6.9.0 * * @param int $comment_starting_at Where the HTML comment started, the leading `<`. * @param int $search_end Last offset in which to search, for limiting search span. * @return int Offset after the current HTML comment ends, or `$search_end` if no end was found. */ private function find_html_comment_end( int $comment_starting_at, int $search_end ): int { $text = $this->source_text; // Find span-of-dashes comments which look like `<!----->`. $span_of_dashes = strspn( $text, '-', $comment_starting_at + 2 ); if ( $comment_starting_at + 2 + $span_of_dashes < $search_end && '>' === $text[ $comment_starting_at + 2 + $span_of_dashes ] ) { return $comment_starting_at + $span_of_dashes + 1; } // Otherwise, there are other characters inside the comment, find the first `-->` or `--!>`. $now_at = $comment_starting_at + 4; while ( $now_at < $search_end ) { $dashes_at = strpos( $text, '--', $now_at ); if ( false === $dashes_at ) { return $search_end; } $closer_must_be_at = $dashes_at + 2 + strspn( $text, '-', $dashes_at + 2 ); if ( $closer_must_be_at < $search_end && '!' === $text[ $closer_must_be_at ] ) { ++$closer_must_be_at; } if ( $closer_must_be_at < $search_end && '>' === $text[ $closer_must_be_at ] ) { return $closer_must_be_at + 1; } ++$now_at; } return $search_end; } /** * Indicates if the last attempt to parse a block comment delimiter * failed, if set, otherwise `null` if the last attempt succeeded. * * @since 6.9.0 * * @return string|null Error from last attempt at parsing next block delimiter, * or `null` if last attempt succeeded. */ public function get_last_error(): ?string { return $this->last_error; } /** * Indicates if the last attempt to parse a block’s JSON attributes failed. * * @see \json_last_error() * * @since 6.9.0 * * @return int JSON_ERROR_ code from last attempt to parse block JSON attributes. */ public function get_last_json_error(): int { return $this->last_json_error; } /** * Returns the type of the block comment delimiter. * * One of: * * - {@see self::OPENER} * - {@see self::CLOSER} * - {@see self::VOID} * - `null` * * @since 6.9.0 * * @return string|null type of the block comment delimiter, if currently matched. */ public function get_delimiter_type(): ?string { switch ( $this->state ) { case self::HTML_SPAN: return self::VOID; case self::MATCHED: return $this->type; default: return null; } } /** * Returns whether the delimiter contains the closing flag. * * This should be avoided except in cases of custom error-handling * with block closers containing the void flag. For normative use, * {@see self::get_delimiter_type()}. * * @since 6.9.0 * * @return bool Whether the currently-matched block delimiter contains the closing flag. */ public function has_closing_flag(): bool { return $this->has_closing_flag; } /** * Indicates if the block delimiter represents a block of the given type. * * Since the “core” namespace may be implicit, it’s allowable to pass * either the fully-qualified block type with namespace and block name * as well as the shorthand version only containing the block name, if * the desired block is in the “core” namespace. * * Since freeform HTML content is non-block content, it has no block type. * Passing the wildcard “*” will, however, return true for all block types, * even the implicit freeform content, though not for spans of inner HTML. * * Example: * * $is_core_paragraph = $processor->is_block_type( 'paragraph' ); * $is_core_paragraph = $processor->is_block_type( 'core/paragraph' ); * $is_formula = $processor->is_block_type( 'math-block/formula' ); * * @param string $block_type Block type name for the desired block. * E.g. "paragraph", "core/paragraph", "math-blocks/formula". * @return bool Whether this delimiter represents a block of the given type. */ public function is_block_type( string $block_type ): bool { if ( '*' === $block_type ) { return true; } if ( $this->is_html() ) { // This is a core/freeform text block, it’s special. if ( 0 === ( $this->open_blocks_length[0] ?? null ) ) { return ( 'core/freeform' === $block_type || 'freeform' === $block_type ); } // Otherwise this is innerHTML and not a block. return false; } return $this->are_equal_block_types( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length, $block_type, 0, strlen( $block_type ) ); } /** * Given two spans of text, indicate if they represent identical block types. * * This function normalizes block types to account for implicit core namespacing. * * Note! This function only returns valid results when the complete block types are * represented in the span offsets and lengths. This means that the full optional * namespace and block name must be represented in the input arguments. * * Example: * * 0 5 10 15 20 25 30 35 40 * $text = '<!-- wp:block --><!-- /wp:core/block -->'; * * true === WP_Block_Processor::are_equal_block_types( $text, 9, 5, $text, 27, 10 ); * false === WP_Block_Processor::are_equal_block_types( $text, 9, 5, 'my/block', 0, 8 ); * * @since 6.9.0 * * @param string $a_text Text in which first block type appears. * @param int $a_at Byte offset into text in which first block type starts. * @param int $a_length Byte length of first block type. * @param string $b_text Text in which second block type appears (may be the same as the first text). * @param int $b_at Byte offset into text in which second block type starts. * @param int $b_length Byte length of second block type. * @return bool Whether the spans of text represent identical block types, normalized for namespacing. */ public static function are_equal_block_types( string $a_text, int $a_at, int $a_length, string $b_text, int $b_at, int $b_length ): bool { $a_ns_length = strcspn( $a_text, '/', $a_at, $a_length ); $b_ns_length = strcspn( $b_text, '/', $b_at, $b_length ); $a_has_ns = $a_ns_length !== $a_length; $b_has_ns = $b_ns_length !== $b_length; // Both contain namespaces. if ( $a_has_ns && $b_has_ns ) { if ( $a_length !== $b_length ) { return false; } $a_block_type = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ); } if ( $a_has_ns ) { $b_block_type = 'core/' . substr( $b_text, $b_at, $b_length ); return ( strlen( $b_block_type ) === $a_length && 0 === substr_compare( $a_text, $b_block_type, $a_at, $a_length ) ); } if ( $b_has_ns ) { $a_block_type = 'core/' . substr( $a_text, $a_at, $a_length ); return ( strlen( $a_block_type ) === $b_length && 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length ) ); } // Neither contains a namespace. if ( $a_length !== $b_length ) { return false; } $a_name = substr( $a_text, $a_at, $a_length ); return 0 === substr_compare( $b_text, $a_name, $b_at, $b_length ); } /** * Indicates if the matched delimiter is an opening or void delimiter of the given type, * if a type is provided, otherwise if it opens any block or implicit freeform HTML content. * * This is a helper method to ease handling of code inspecting where blocks start, and for * checking if the blocks are of a given type. The function is variadic to allow for * checking if the delimiter opens one of many possible block types. * * To advance to the start of a block {@see self::next_block()}. * * Example: * * $processor = new WP_Block_Processor( $html ); * while ( $processor->next_delimiter() ) { * if ( $processor->opens_block( 'core/code', 'syntaxhighlighter/code' ) ) { * echo "Found code!"; * continue; * } * * if ( $processor->opens_block( 'core/image' ) ) { * echo "Found an image!"; * continue; * } * * if ( $processor->opens_block() ) { * echo "Found a new block!"; * } * } * * @since 6.9.0 * * @see self::is_block_type() * * @param string[] $block_type Optional. Is the matched block type one of these? * If none are provided, will not test block type. * @return bool Whether the matched block delimiter opens a block, and whether it * opens a block of one of the given block types, if provided. */ public function opens_block( string ...$block_type ): bool { // HTML spans only open implicit freeform content at the top level. if ( self::HTML_SPAN === $this->state && 1 !== count( $this->open_blocks_at ) ) { return false; } /* * Because HTML spans are discovered after the next delimiter is found, * the delimiter type when visiting HTML spans refers to the type of the * following delimiter. Therefore the HTML case is handled by checking * the state and depth of the stack of open block. */ if ( self::CLOSER === $this->type && ! $this->is_html() ) { return false; } if ( count( $block_type ) === 0 ) { return true; } foreach ( $block_type as $block ) { if ( $this->is_block_type( $block ) ) { return true; } } return false; } /** * Indicates if the matched delimiter is an HTML span. * * @since 6.9.0 * * @see self::is_non_whitespace_html() * * @return bool Whether the processor is matched on an HTML span. */ public function is_html(): bool { return self::HTML_SPAN === $this->state; } /** * Indicates if the matched delimiter is an HTML span and comprises more * than whitespace characters, i.e. contains real content. * * Many block serializers introduce newlines between block delimiters, * so the presence of top-level non-block content does not imply that * there are “real” freeform HTML blocks. Checking if there is content * beyond whitespace is a more certain check, such as for determining * whether to load CSS for the freeform or fallback block type. * * @since 6.9.0 * * @see self::is_html() * * @return bool Whether the currently-matched delimiter is an HTML * span containing non-whitespace text. */ public function is_non_whitespace_html(): bool { if ( ! $this->is_html() ) { return false; } $length = $this->matched_delimiter_at - $this->after_previous_delimiter; $whitespace_length = strspn( $this->source_text, " \t\f\r\n", $this->after_previous_delimiter, $length ); return $whitespace_length !== $length; } /** * Returns the string content of a matched HTML span, or `null` otherwise. * * @since 6.9.0 * * @return string|null Raw HTML content, or `null` if not currently matched on HTML. */ public function get_html_content(): ?string { if ( ! $this->is_html() ) { return null; } return substr( $this->source_text, $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); } /** * Allocates a substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter, otherwise `null`. * * This function is like {@see self::get_printable_block_type()} but when * paused on a freeform HTML block, will return `null` instead of “core/freeform”. * The `null` behavior matches what {@see \parse_blocks()} returns but may not * be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content has no block type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * null === $processor->get_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter, otherwise `null`. */ public function get_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return null; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Allocates a printable substring for the block type and returns the fully-qualified * name, including the namespace, if matched on a delimiter or freeform block, otherwise `null`. * * This function is like {@see self::get_block_type()} but when paused on a freeform * HTML block, will return “core/freeform” instead of `null`. The `null` behavior matches * what {@see \parse_blocks()} returns but may not be as useful as having a string value. * * This function allocates a substring for the given block type. This * allocation will be small and likely fine in most cases, but it's * preferable to call {@see self::is_block_type()} if only needing * to know whether the delimiter is for a given block type, as that * function is more efficient for this purpose and avoids the allocation. * * Example: * * // Avoid. * 'core/paragraph' = $processor->get_printable_block_type(); * * // Prefer. * $processor->is_block_type( 'core/paragraph' ); * $processor->is_block_type( 'paragraph' ); * $processor->is_block_type( 'core/freeform' ); * * // Freeform HTML content is given an implicit type. * $processor = new WP_Block_Processor( 'non-block content' ); * $processor->next_token(); * 'core/freeform' === $processor->get_printable_block_type(); * * @since 6.9.0 * * @see self::are_equal_block_types() * * @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph", * if matched on an explicit delimiter or freeform block, otherwise `null`. */ public function get_printable_block_type(): ?string { if ( self::READY === $this->state || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) { return null; } // This is a core/freeform text block, it’s special. if ( $this->is_html() ) { return 1 === count( $this->open_blocks_at ) ? 'core/freeform' : '#innerHTML'; } $block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length ); return self::normalize_block_type( $block_type ); } /** * Normalizes a block name to ensure that missing implicit “core” namespaces are present. * * Example: * * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'paragraph' ); * 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'core/paragraph' ); * 'my/paragraph' === WP_Block_Processor::normalize_block_byte( 'my/paragraph' ); * * @since 6.9.0 * * @param string $block_type Valid block name, potentially without a namespace. * @return string Fully-qualified block type including namespace. */ public static function normalize_block_type( string $block_type ): string { return false === strpos( $block_type, '/' ) ? "core/{$block_type}" : $block_type; } /** * Returns a lazy wrapper around the block attributes, which can be used * for efficiently interacting with the JSON attributes. * * This stub hints that there should be a lazy interface for parsing * block attributes but doesn’t define it. It serves both as a placeholder * for one to come as well as a guard against implementing an eager * function in its place. * * @throws Exception This function is a stub for subclasses to implement * when providing streaming attribute parsing. * * @since 6.9.0 * * @see self::allocate_and_return_parsed_attributes() * * @return never */ public function get_attributes() { throw new Exception( 'Lazy attribute parsing not yet supported' ); } /** * Attempts to parse and return the entire JSON attributes from the delimiter, * allocating memory and processing the JSON span in the process. * * This does not return any parsed attributes for a closing block delimiter * even if there is a span of JSON content; this JSON is a parsing error. * * Consider calling {@see static::get_attributes()} instead if it's not * necessary to read all the attributes at the same time, as that provides * a more efficient mechanism for typical use cases. * * Since the JSON span inside the comment delimiter may not be valid JSON, * this function will return `null` if it cannot parse the span and set the * {@see static::get_last_json_error()} to the appropriate JSON_ERROR_ constant. * * If the delimiter contains no JSON span, it will also return `null`, * but the last error will be set to {@see \JSON_ERROR_NONE}. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * $memory_hungry_and_slow_attributes = $processor->allocate_and_return_parsed_attributes(); * $memory_hungry_and_slow_attributes === array( 'url' => 'https://wordpress.org/favicon.ico' ); * * $processor = new WP_Block_Processor( '<!-- /wp:image {"url": "https://wordpress.org/favicon.ico"} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_NONE = $processor->get_last_json_error(); * * $processor = new WP_Block_Processor( '<!-- wp:separator {} /-->' ); * $processor->next_delimiter(); * array() === $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:separator /-->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * * $processor = new WP_Block_Processor( '<!-- wp:image {"url} -->' ); * $processor->next_delimiter(); * null = $processor->allocate_and_return_parsed_attributes(); * JSON_ERROR_CTRL_CHAR = $processor->get_last_json_error(); * * @since 6.9.0 * * @return array|null Parsed JSON attributes, if present and valid, otherwise `null`. */ public function allocate_and_return_parsed_attributes(): ?array { $this->last_json_error = JSON_ERROR_NONE; if ( self::CLOSER === $this->type || $this->is_html() || 0 === $this->json_length ) { return null; } $json_span = substr( $this->source_text, $this->json_at, $this->json_length ); $parsed = json_decode( $json_span, null, 512, JSON_OBJECT_AS_ARRAY | JSON_INVALID_UTF8_SUBSTITUTE ); $last_error = json_last_error(); $this->last_json_error = $last_error; return ( JSON_ERROR_NONE === $last_error && is_array( $parsed ) ) ? $parsed : null; } /** * Returns the span representing the currently-matched delimiter, if matched, otherwise `null`. * * Example: * * $processor = new WP_Block_Processor( '<!-- wp:void /-->' ); * null === $processor->get_span(); * * $processor->next_delimiter(); * WP_HTML_Span( 0, 17 ) === $processor->get_span(); * * @since 6.9.0 * * @return WP_HTML_Span|null Span of text in source text spanning matched delimiter. */ public function get_span(): ?WP_HTML_Span { switch ( $this->state ) { case self::HTML_SPAN: return new WP_HTML_Span( $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter ); case self::MATCHED: return new WP_HTML_Span( $this->matched_delimiter_at, $this->matched_delimiter_length ); default: return null; } } // // Constant declarations that would otherwise pollute the top of the class. // /** * Indicates that the block comment delimiter closes an open block. * * @see self::$type * * @since 6.9.0 */ const CLOSER = 'closer'; /** * Indicates that the block comment delimiter opens a block. * * @see self::$type * * @since 6.9.0 */ const OPENER = 'opener'; /** * Indicates that the block comment delimiter represents a void block * with no inner content of any kind. * * @see self::$type * * @since 6.9.0 */ const VOID = 'void'; /** * Indicates that the processor is ready to start parsing but hasn’t yet begun. * * @see self::$state * * @since 6.9.0 */ const READY = 'processor-ready'; /** * Indicates that the processor is matched on an explicit block delimiter. * * @see self::$state * * @since 6.9.0 */ const MATCHED = 'processor-matched'; /** * Indicates that the processor is matched on the opening of an implicit freeform delimiter. * * @see self::$state * * @since 6.9.0 */ const HTML_SPAN = 'processor-html-span'; /** * Indicates that the parser started parsing a block comment delimiter, but * the input document ended before it could finish. The document was likely truncated. * * @see self::$state * * @since 6.9.0 */ const INCOMPLETE_INPUT = 'incomplete-input'; /** * Indicates that the processor has finished parsing and has nothing left to scan. * * @see self::$state * * @since 6.9.0 */ const COMPLETE = 'processor-complete'; } HTTP/https-migration-20260605111705.php 0000666 00000011205 15226703613 0012556 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-block-parser-20260605082621.php 0000666 00000026374 15226703613 0013561 0 ustar 00 <?php /** * Block Serialization Parser * * @package WordPress */ /** * Class WP_Block_Parser * * Parses a document and constructs a list of parsed block objects * * @since 5.0.0 * @since 4.0.0 returns arrays not objects, all attributes are arrays */ class WP_Block_Parser { /** * Input document being parsed * * @example "Pre-text\n<!-- wp:paragraph -->This is inside a block!<!-- /wp:paragraph -->" * * @since 5.0.0 * @var string */ public $document; /** * Tracks parsing progress through document * * @since 5.0.0 * @var int */ public $offset; /** * List of parsed blocks * * @since 5.0.0 * @var array[] */ public $output; /** * Stack of partially-parsed structures in memory during parse * * @since 5.0.0 * @var WP_Block_Parser_Frame[] */ public $stack; /** * Parses a document and returns a list of block structures * * When encountering an invalid parse will return a best-effort * parse. In contrast to the specification parser this does not * return an error on invalid inputs. * * @since 5.0.0 * * @param string $document Input document being parsed. * @return array[] */ public function parse( $document ) { $this->document = $document; $this->offset = 0; $this->output = array(); $this->stack = array(); while ( $this->proceed() ) { continue; } return $this->output; } /** * Processes the next token from the input document * and returns whether to proceed eating more tokens * * This is the "next step" function that essentially * takes a token as its input and decides what to do * with that token before descending deeper into a * nested block tree or continuing along the document * or breaking out of a level of nesting. * * @internal * @since 5.0.0 * @return bool */ public function proceed() { $next_token = $this->next_token(); list( $token_type, $block_name, $attrs, $start_offset, $token_length ) = $next_token; $stack_depth = count( $this->stack ); // we may have some HTML soup before the next block. $leading_html_start = $start_offset > $this->offset ? $this->offset : null; switch ( $token_type ) { case 'no-more-tokens': // if not in a block then flush output. if ( 0 === $stack_depth ) { $this->add_freeform(); return false; } /* * Otherwise we have a problem * This is an error * * we have options * - treat it all as freeform text * - assume an implicit closer (easiest when not nesting) */ // for the easy case we'll assume an implicit closer. if ( 1 === $stack_depth ) { $this->add_block_from_stack(); return false; } /* * for the nested case where it's more difficult we'll * have to assume that multiple closers are missing * and so we'll collapse the whole stack piecewise */ while ( 0 < count( $this->stack ) ) { $this->add_block_from_stack(); } return false; case 'void-block': /* * easy case is if we stumbled upon a void block * in the top-level of the document */ if ( 0 === $stack_depth ) { if ( isset( $leading_html_start ) ) { $this->output[] = (array) $this->freeform( substr( $this->document, $leading_html_start, $start_offset - $leading_html_start ) ); } $this->output[] = (array) new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ); $this->offset = $start_offset + $token_length; return true; } // otherwise we found an inner block. $this->add_inner_block( new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ), $start_offset, $token_length ); $this->offset = $start_offset + $token_length; return true; case 'block-opener': // track all newly-opened blocks on the stack. array_push( $this->stack, new WP_Block_Parser_Frame( new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ), $start_offset, $token_length, $start_offset + $token_length, $leading_html_start ) ); $this->offset = $start_offset + $token_length; return true; case 'block-closer': /* * if we're missing an opener we're in trouble * This is an error */ if ( 0 === $stack_depth ) { /* * we have options * - assume an implicit opener * - assume _this_ is the opener * - give up and close out the document */ $this->add_freeform(); return false; } // if we're not nesting then this is easy - close the block. if ( 1 === $stack_depth ) { $this->add_block_from_stack( $start_offset ); $this->offset = $start_offset + $token_length; return true; } /* * otherwise we're nested and we have to close out the current * block and add it as a new innerBlock to the parent */ $stack_top = array_pop( $this->stack ); $html = substr( $this->document, $stack_top->prev_offset, $start_offset - $stack_top->prev_offset ); $stack_top->block->innerHTML .= $html; $stack_top->block->innerContent[] = $html; $stack_top->prev_offset = $start_offset + $token_length; $this->add_inner_block( $stack_top->block, $stack_top->token_start, $stack_top->token_length, $start_offset + $token_length ); $this->offset = $start_offset + $token_length; return true; default: // This is an error. $this->add_freeform(); return false; } } /** * Scans the document from where we last left off * and finds the next valid token to parse if it exists * * Returns the type of the find: kind of find, block information, attributes * * @internal * @since 5.0.0 * @since 4.6.1 fixed a bug in attribute parsing which caused catastrophic backtracking on invalid block comments * @return array */ public function next_token() { $matches = null; /* * aye the magic * we're using a single RegExp to tokenize the block comment delimiters * we're also using a trick here because the only difference between a * block opener and a block closer is the leading `/` before `wp:` (and * a closer has no attributes). we can trap them both and process the * match back in PHP to see which one it was. */ $has_match = preg_match( '/<!--\s+(?P<closer>\/)?wp:(?P<namespace>[a-z][a-z0-9_-]*\/)?(?P<name>[a-z][a-z0-9_-]*)\s+(?P<attrs>{(?:(?:[^}]+|}+(?=})|(?!}\s+\/?-->).)*+)?}\s+)?(?P<void>\/)?-->/s', $this->document, $matches, PREG_OFFSET_CAPTURE, $this->offset ); // if we get here we probably have catastrophic backtracking or out-of-memory in the PCRE. if ( false === $has_match ) { return array( 'no-more-tokens', null, null, null, null ); } // we have no more tokens. if ( 0 === $has_match ) { return array( 'no-more-tokens', null, null, null, null ); } list( $match, $started_at ) = $matches[0]; $length = strlen( $match ); $is_closer = isset( $matches['closer'] ) && -1 !== $matches['closer'][1]; $is_void = isset( $matches['void'] ) && -1 !== $matches['void'][1]; $namespace = $matches['namespace']; $namespace = ( isset( $namespace ) && -1 !== $namespace[1] ) ? $namespace[0] : 'core/'; $name = $namespace . $matches['name'][0]; $has_attrs = isset( $matches['attrs'] ) && -1 !== $matches['attrs'][1]; /* * Fun fact! It's not trivial in PHP to create "an empty associative array" since all arrays * are associative arrays. If we use `array()` we get a JSON `[]` */ $attrs = $has_attrs ? json_decode( $matches['attrs'][0], /* as-associative */ true ) : array(); /* * This state isn't allowed * This is an error */ if ( $is_closer && ( $is_void || $has_attrs ) ) { // we can ignore them since they don't hurt anything. } if ( $is_void ) { return array( 'void-block', $name, $attrs, $started_at, $length ); } if ( $is_closer ) { return array( 'block-closer', $name, null, $started_at, $length ); } return array( 'block-opener', $name, $attrs, $started_at, $length ); } /** * Returns a new block object for freeform HTML * * @internal * @since 5.0.0 * * @param string $inner_html HTML content of block. * @return WP_Block_Parser_Block freeform block object. */ public function freeform( $inner_html ) { return new WP_Block_Parser_Block( null, array(), array(), $inner_html, array( $inner_html ) ); } /** * Pushes a length of text from the input document * to the output list as a freeform block. * * @internal * @since 5.0.0 * @param null $length how many bytes of document text to output. */ public function add_freeform( $length = null ) { $length = $length ? $length : strlen( $this->document ) - $this->offset; if ( 0 === $length ) { return; } $this->output[] = (array) $this->freeform( substr( $this->document, $this->offset, $length ) ); } /** * Given a block structure from memory pushes * a new block to the output list. * * @internal * @since 5.0.0 * @param WP_Block_Parser_Block $block The block to add to the output. * @param int $token_start Byte offset into the document where the first token for the block starts. * @param int $token_length Byte length of entire block from start of opening token to end of closing token. * @param int|null $last_offset Last byte offset into document if continuing form earlier output. */ public function add_inner_block( WP_Block_Parser_Block $block, $token_start, $token_length, $last_offset = null ) { $parent = $this->stack[ count( $this->stack ) - 1 ]; $parent->block->innerBlocks[] = (array) $block; $html = substr( $this->document, $parent->prev_offset, $token_start - $parent->prev_offset ); if ( ! empty( $html ) ) { $parent->block->innerHTML .= $html; $parent->block->innerContent[] = $html; } $parent->block->innerContent[] = null; $parent->prev_offset = $last_offset ? $last_offset : $token_start + $token_length; } /** * Pushes the top block from the parsing stack to the output list. * * @internal * @since 5.0.0 * @param int|null $end_offset byte offset into document for where we should stop sending text output as HTML. */ public function add_block_from_stack( $end_offset = null ) { $stack_top = array_pop( $this->stack ); $prev_offset = $stack_top->prev_offset; $html = isset( $end_offset ) ? substr( $this->document, $prev_offset, $end_offset - $prev_offset ) : substr( $this->document, $prev_offset ); if ( ! empty( $html ) ) { $stack_top->block->innerHTML .= $html; $stack_top->block->innerContent[] = $html; } if ( isset( $stack_top->leading_html_start ) ) { $this->output[] = (array) $this->freeform( substr( $this->document, $stack_top->leading_html_start, $stack_top->token_start - $stack_top->leading_html_start ) ); } $this->output[] = (array) $stack_top->block; } } /** * WP_Block_Parser_Block class. * * Required for backward compatibility in WordPress Core. */ require_once __DIR__ . '/class-wp-block-parser-block.php'; /** * WP_Block_Parser_Frame class. * * Required for backward compatibility in WordPress Core. */ require_once __DIR__ . '/class-wp-block-parser-frame.php'; HTTP/https-migration-20260606032426-20260607110013.php 0000666 00000011205 15226703613 0014133 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605225728-20260606155712.php 0000666 00000011205 15226703613 0014161 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605125244.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605171850-20260606125102.php 0000666 00000011205 15226703613 0014143 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605124943-20260610034651.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605133803-20260610145658.php 0000666 00000013341 15226703613 0014144 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-detection-20260605201111.php 0000666 00000013341 15226703613 0012535 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606070836-20260608001535.php 0000666 00000011205 15226703613 0014153 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605170226-20260608132328.php 0000666 00000011205 15226703613 0014151 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606032217.php 0000666 00000011205 15226703613 0012557 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260606022324.php 0000666 00000011205 15226703613 0012555 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/http-20260605053349.php 0000666 00000062426 15226703613 0010430 0 ustar 00 <?php /** * Core HTTP Request API * * Standardizes the HTTP requests for WordPress. Handles cookies, gzip encoding and decoding, chunk * decoding, if HTTP 1.1 and various other difficult HTTP protocol implementations. * * @package WordPress * @subpackage HTTP */ /** * Returns the initialized WP_Http Object * * @since 2.7.0 * @access private * * @return WP_Http HTTP Transport object. */ function _wp_http_get_object() { static $http = null; if ( is_null( $http ) ) { $http = new WP_Http(); } return $http; } /** * Retrieves the raw response from a safe HTTP request. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_request( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->request( $url, $args ); } /** * Retrieves the raw response from a safe HTTP request using the GET method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_get( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->get( $url, $args ); } /** * Retrieves the raw response from a safe HTTP request using the POST method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_post( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->post( $url, $args ); } /** * Retrieves the raw response from a safe HTTP request using the HEAD method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() * to avoid Server Side Request Forgery attacks (SSRF). * * The only supported protocols are `http` and `https`. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * @see wp_http_validate_url() For more information about how the URL is validated. * * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_safe_remote_head( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->head( $url, $args ); } /** * Performs an HTTP request and returns its response. * * There are other API functions available which abstract away the HTTP method: * * - Default 'GET' for wp_remote_get() * - Default 'POST' for wp_remote_post() * - Default 'HEAD' for wp_remote_head() * * Important: If the URL is user-controlled, use `wp_safe_remote_request()` instead. * * @since 2.7.0 * * @see WP_Http::request() For information on default arguments. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response array or a WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_request( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->request( $url, $args ); } /** * Performs an HTTP request using the GET method and returns its response. * * Important: If the URL is user-controlled, use `wp_safe_remote_get()` instead. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_get( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->get( $url, $args ); } /** * Performs an HTTP request using the POST method and returns its response. * * Important: If the URL is user-controlled, use `wp_safe_remote_post()` instead. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_post( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->post( $url, $args ); } /** * Performs an HTTP request using the HEAD method and returns its response. * * Important: If the URL is user-controlled, use `wp_safe_remote_head()` instead. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * See WP_Http::request() for information on accepted arguments. * @return array|WP_Error The response or WP_Error on failure. * See WP_Http::request() for information on return value. */ function wp_remote_head( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->head( $url, $args ); } /** * Retrieves only the headers from the raw response. * * @since 2.7.0 * @since 4.6.0 Return value changed from an array to an WpOrg\Requests\Utility\CaseInsensitiveDictionary instance. * * @see \WpOrg\Requests\Utility\CaseInsensitiveDictionary * * @param array|WP_Error $response HTTP response. * @return \WpOrg\Requests\Utility\CaseInsensitiveDictionary|array The headers of the response, or empty array * if incorrect parameter given. */ function wp_remote_retrieve_headers( $response ) { if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return array(); } return $response['headers']; } /** * Retrieves a single header by name from the raw response. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @param string $header Header name to retrieve value from. * @return array|string The header(s) value(s). Array if multiple headers with the same name are retrieved. * Empty string if incorrect parameter given, or if the header doesn't exist. */ function wp_remote_retrieve_header( $response, $header ) { if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return ''; } if ( isset( $response['headers'][ $header ] ) ) { return $response['headers'][ $header ]; } return ''; } /** * Retrieves only the response code from the raw response. * * Will return an empty string if incorrect parameter value is given. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @return int|string The response code as an integer. Empty string if incorrect parameter given. */ function wp_remote_retrieve_response_code( $response ) { if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { return ''; } return $response['response']['code']; } /** * Retrieves only the response message from the raw response. * * Will return an empty string if incorrect parameter value is given. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @return string The response message. Empty string if incorrect parameter given. */ function wp_remote_retrieve_response_message( $response ) { if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { return ''; } return $response['response']['message']; } /** * Retrieves only the body from the raw response. * * @since 2.7.0 * * @param array|WP_Error $response HTTP response. * @return string The body of the response. Empty string if no body or incorrect parameter given. */ function wp_remote_retrieve_body( $response ) { if ( is_wp_error( $response ) || ! isset( $response['body'] ) ) { return ''; } return $response['body']; } /** * Retrieves only the cookies from the raw response. * * @since 4.4.0 * * @param array|WP_Error $response HTTP response. * @return WP_Http_Cookie[] An array of `WP_Http_Cookie` objects from the response. * Empty array if there are none, or the response is a WP_Error. */ function wp_remote_retrieve_cookies( $response ) { if ( is_wp_error( $response ) || empty( $response['cookies'] ) ) { return array(); } return $response['cookies']; } /** * Retrieves a single cookie by name from the raw response. * * @since 4.4.0 * * @param array|WP_Error $response HTTP response. * @param string $name The name of the cookie to retrieve. * @return WP_Http_Cookie|string The `WP_Http_Cookie` object, or empty string * if the cookie is not present in the response. */ function wp_remote_retrieve_cookie( $response, $name ) { $cookies = wp_remote_retrieve_cookies( $response ); if ( empty( $cookies ) ) { return ''; } foreach ( $cookies as $cookie ) { if ( $cookie->name === $name ) { return $cookie; } } return ''; } /** * Retrieves a single cookie's value by name from the raw response. * * @since 4.4.0 * * @param array|WP_Error $response HTTP response. * @param string $name The name of the cookie to retrieve. * @return string The value of the cookie, or empty string * if the cookie is not present in the response. */ function wp_remote_retrieve_cookie_value( $response, $name ) { $cookie = wp_remote_retrieve_cookie( $response, $name ); if ( ! ( $cookie instanceof WP_Http_Cookie ) ) { return ''; } return $cookie->value; } /** * Determines if there is an HTTP Transport that can process this request. * * @since 3.2.0 * * @param array $capabilities Array of capabilities to test or a wp_remote_request() $args array. * @param string $url Optional. If given, will check if the URL requires SSL and adds * that requirement to the capabilities array. * * @return bool */ function wp_http_supports( $capabilities = array(), $url = null ) { $capabilities = wp_parse_args( $capabilities ); $count = count( $capabilities ); // If we have a numeric $capabilities array, spoof a wp_remote_request() associative $args array. if ( $count && count( array_filter( array_keys( $capabilities ), 'is_numeric' ) ) === $count ) { $capabilities = array_combine( array_values( $capabilities ), array_fill( 0, $count, true ) ); } if ( $url && ! isset( $capabilities['ssl'] ) ) { $scheme = parse_url( $url, PHP_URL_SCHEME ); if ( 'https' === $scheme || 'ssl' === $scheme ) { $capabilities['ssl'] = true; } } return WpOrg\Requests\Requests::has_capabilities( $capabilities ); } /** * Gets the HTTP Origin of the current request. * * @since 3.4.0 * * @return string URL of the origin. Empty string if no origin. */ function get_http_origin() { $origin = ''; if ( ! empty( $_SERVER['HTTP_ORIGIN'] ) ) { $origin = $_SERVER['HTTP_ORIGIN']; } /** * Changes the origin of an HTTP request. * * @since 3.4.0 * * @param string $origin The HTTP origin for the request. */ return apply_filters( 'http_origin', $origin ); } /** * Retrieves list of allowed HTTP origins. * * @since 3.4.0 * * @return string[] Array of origin URLs. */ function get_allowed_http_origins() { $admin_origin = parse_url( admin_url() ); $home_origin = parse_url( home_url() ); // @todo Preserve port? $allowed_origins = array_unique( array( 'http://' . $admin_origin['host'], 'https://' . $admin_origin['host'], 'http://' . $home_origin['host'], 'https://' . $home_origin['host'], ) ); /** * Changes the origin types allowed for HTTP requests. * * @since 3.4.0 * * @param string[] $allowed_origins Array of allowed HTTP origins. */ return apply_filters( 'allowed_http_origins', $allowed_origins ); } /** * Determines if the HTTP origin is an authorized one. * * @since 3.4.0 * * @param string|null $origin Origin URL. If not provided, the value of get_http_origin() is used. * @return string Origin URL if allowed, empty string if not. */ function is_allowed_http_origin( $origin = null ) { $origin_arg = $origin; if ( null === $origin ) { $origin = get_http_origin(); } if ( $origin && ! in_array( $origin, get_allowed_http_origins(), true ) ) { $origin = ''; } /** * Changes the allowed HTTP origin result. * * @since 3.4.0 * * @param string $origin Origin URL if allowed, empty string if not. * @param string $origin_arg Original origin string passed into is_allowed_http_origin function. */ return apply_filters( 'allowed_http_origin', $origin, $origin_arg ); } /** * Sends Access-Control-Allow-Origin and related headers if the current request * is from an allowed origin. * * If the request is an OPTIONS request, the script exits with either access * control headers sent, or a 403 response if the origin is not allowed. For * other request methods, you will receive a return value. * * @since 3.4.0 * * @return string|false Returns the origin URL if headers are sent. Returns false * if headers are not sent. */ function send_origin_headers() { $origin = get_http_origin(); if ( is_allowed_http_origin( $origin ) ) { header( 'Access-Control-Allow-Origin: ' . $origin ); header( 'Access-Control-Allow-Credentials: true' ); if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { exit; } return $origin; } if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { status_header( 403 ); exit; } return false; } /** * Validates a URL as safe for use in the HTTP API. * * The only supported protocols are `http` and `https`. * * Examples of URLs that are considered unsafe: * * - `ftp://example.com/caniload.php` - Invalid protocol - only http and https are allowed. * - `http:///example.com/caniload.php` - Malformed URL. * - `http://user:pass@example.com/caniload.php` - Login information. * - `http://example.invalid/caniload.php` - Invalid hostname, as the IP cannot be looked up in DNS. * * Examples of URLs that are considered unsafe by default but can be allowed with filters: * * - `http://192.168.0.1/caniload.php` - IP address from LAN network. * This can be changed with the {@see 'http_request_host_is_external'} filter. * - `http://198.143.164.252:81/caniload.php` - By default, only ports 80, 443, and 8080 are allowed. * This can be changed with the {@see 'http_allowed_safe_ports'} filter. * * @since 3.5.2 * * @param string $url Request URL. * @return string|false Returns false if the URL is not safe, or the original URL if it is safe. */ function wp_http_validate_url( $url ) { if ( ! is_string( $url ) || '' === $url || is_numeric( $url ) ) { return false; } $original_url = $url; $url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) ); if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) ) { return false; } $parsed_url = parse_url( $url ); if ( ! $parsed_url || empty( $parsed_url['host'] ) ) { return false; } if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) ) { return false; } if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) ) { return false; } $parsed_home = parse_url( get_option( 'home' ) ); $same_host = isset( $parsed_home['host'] ) && strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ); $host = trim( $parsed_url['host'], '.' ); if ( ! $same_host ) { if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) { $ip = $host; } else { $ip = gethostbyname( $host ); if ( $ip === $host ) { // Error condition for gethostbyname(). return false; } } if ( $ip ) { $parts = array_map( 'intval', explode( '.', $ip ) ); if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0] || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) || ( 192 === $parts[0] && 168 === $parts[1] ) ) { // If host appears local, reject unless specifically allowed. /** * Checks if HTTP request is external or not. * * Allows to change and allow external requests for the HTTP request. * * @since 3.6.0 * * @param bool $external Whether HTTP request is external or not. * @param string $host Host name of the requested URL. * @param string $url Requested URL. */ if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) { return false; } } } } if ( empty( $parsed_url['port'] ) ) { return $url; } $port = $parsed_url['port']; /** * Controls the list of ports considered safe in HTTP API. * * Allows to change and allow external requests for the HTTP request. * * @since 5.9.0 * * @param int[] $allowed_ports Array of integers for valid ports. Default allowed ports * are 80, 443, and 8080. * @param string $host Host name of the requested URL. * @param string $url Requested URL. */ $allowed_ports = apply_filters( 'http_allowed_safe_ports', array( 80, 443, 8080 ), $host, $url ); if ( is_array( $allowed_ports ) && in_array( $port, $allowed_ports, true ) ) { return $url; } if ( $parsed_home && $same_host && isset( $parsed_home['port'] ) && $parsed_home['port'] === $port ) { return $url; } return false; } /** * Marks allowed redirect hosts safe for HTTP requests as well. * * Attached to the {@see 'http_request_host_is_external'} filter. * * @since 3.6.0 * * @param bool $is_external * @param string $host * @return bool */ function allowed_http_request_hosts( $is_external, $host ) { if ( ! $is_external && wp_validate_redirect( 'http://' . $host ) ) { $is_external = true; } return $is_external; } /** * Adds any domain in a multisite installation for safe HTTP requests to the * allowed list. * * Attached to the {@see 'http_request_host_is_external'} filter. * * @since 3.6.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param bool $is_external * @param string $host * @return bool */ function ms_allowed_http_request_hosts( $is_external, $host ) { global $wpdb; static $queried = array(); if ( $is_external ) { return $is_external; } if ( get_network()->domain === $host ) { return true; } if ( isset( $queried[ $host ] ) ) { return $queried[ $host ]; } $queried[ $host ] = (bool) $wpdb->get_var( $wpdb->prepare( "SELECT domain FROM $wpdb->blogs WHERE domain = %s LIMIT 1", $host ) ); return $queried[ $host ]; } /** * A wrapper for PHP's parse_url() function that handles consistency in the return values * across PHP versions. * * Across various PHP versions, schemeless URLs containing a ":" in the query * are being handled inconsistently. This function works around those differences. * * @since 4.4.0 * @since 4.7.0 The `$component` parameter was added for parity with PHP's `parse_url()`. * * @link https://www.php.net/manual/en/function.parse-url.php * * @param string $url The URL to parse. * @param int $component The specific component to retrieve. Use one of the PHP * predefined constants to specify which one. * Defaults to -1 (= return all parts as an array). * @return mixed False on parse failure; Array of URL components on success; * When a specific component has been requested: null if the component * doesn't exist in the given URL; a string or - in the case of * PHP_URL_PORT - integer when it does. See parse_url()'s return values. */ function wp_parse_url( $url, $component = -1 ) { $to_unset = array(); $url = (string) $url; if ( str_starts_with( $url, '//' ) ) { $to_unset[] = 'scheme'; $url = 'placeholder:' . $url; } elseif ( str_starts_with( $url, '/' ) ) { $to_unset[] = 'scheme'; $to_unset[] = 'host'; $url = 'placeholder://placeholder' . $url; } $parts = parse_url( $url ); if ( false === $parts ) { // Parsing failure. return $parts; } // Remove the placeholder values. foreach ( $to_unset as $key ) { unset( $parts[ $key ] ); } return _get_component_from_parsed_url_array( $parts, $component ); } /** * Retrieves a specific component from a parsed URL array. * * @internal * * @since 4.7.0 * @access private * * @link https://www.php.net/manual/en/function.parse-url.php * * @param array|false $url_parts The parsed URL. Can be false if the URL failed to parse. * @param int $component The specific component to retrieve. Use one of the PHP * predefined constants to specify which one. * Defaults to -1 (= return all parts as an array). * @return mixed False on parse failure; Array of URL components on success; * When a specific component has been requested: null if the component * doesn't exist in the given URL; a string or - in the case of * PHP_URL_PORT - integer when it does. See parse_url()'s return values. */ function _get_component_from_parsed_url_array( $url_parts, $component = -1 ) { if ( -1 === $component ) { return $url_parts; } $key = _wp_translate_php_url_constant_to_key( $component ); if ( false !== $key && is_array( $url_parts ) && isset( $url_parts[ $key ] ) ) { return $url_parts[ $key ]; } else { return null; } } /** * Translates a PHP_URL_* constant to the named array keys PHP uses. * * @internal * * @since 4.7.0 * @access private * * @link https://www.php.net/manual/en/url.constants.php * * @param int $constant PHP_URL_* constant. * @return string|false The named key or false. */ function _wp_translate_php_url_constant_to_key( $constant ) { $translation = array( PHP_URL_SCHEME => 'scheme', PHP_URL_HOST => 'host', PHP_URL_PORT => 'port', PHP_URL_USER => 'user', PHP_URL_PASS => 'pass', PHP_URL_PATH => 'path', PHP_URL_QUERY => 'query', PHP_URL_FRAGMENT => 'fragment', ); if ( isset( $translation[ $constant ] ) ) { return $translation[ $constant ]; } else { return false; } } HTTP/https-migration-20260605172018-20260607081054.php 0000666 00000011205 15226703613 0014150 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605234755.php 0000666 00000013341 15226703613 0012561 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605140004.php 0000666 00000011205 15226703613 0012550 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605133803.php 0000666 00000013341 15226703613 0012551 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/class-wp-editor-20260605071103.php 0000666 00000215217 15226703613 0012450 0 ustar 00 <?php /** * Facilitates adding of the WordPress editor as used on the Write and Edit screens. * * @package WordPress * @since 3.3.0 * * Private, not included by default. See wp_editor() in wp-includes/general-template.php. */ #[AllowDynamicProperties] final class _WP_Editors { public static $mce_locale; private static $mce_settings = array(); private static $qt_settings = array(); private static $plugins = array(); private static $qt_buttons = array(); private static $ext_plugins; private static $baseurl; private static $first_init; private static $this_tinymce = false; private static $this_quicktags = false; private static $has_tinymce = false; private static $has_quicktags = false; private static $has_medialib = false; private static $editor_buttons_css = true; private static $drag_drop_upload = false; private static $translation; private static $tinymce_scripts_printed = false; private static $link_dialog_printed = false; private function __construct() {} /** * Parse default arguments for the editor instance. * * @since 3.3.0 * * @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances. * Should not contain square brackets. * @param array $settings { * Array of editor arguments. * * @type bool $wpautop Whether to use wpautop(). Default true. * @type bool $media_buttons Whether to show the Add Media/other media buttons. * @type string $default_editor When both TinyMCE and Quicktags are used, set which * editor is shown on page load. Default empty. * @type bool $drag_drop_upload Whether to enable drag & drop on the editor uploading. Default false. * Requires the media modal. * @type string $textarea_name Give the textarea a unique name here. Square brackets * can be used here. Default $editor_id. * @type int $textarea_rows Number rows in the editor textarea. Default 20. * @type string|int $tabindex Tabindex value to use. Default empty. * @type string $tabfocus_elements The previous and next element ID to move the focus to * when pressing the Tab key in TinyMCE. Default ':prev,:next'. * @type string $editor_css Intended for extra styles for both Visual and Code editors. * Should include `<style>` tags, and can use "scoped". Default empty. * @type string $editor_class Extra classes to add to the editor textarea element. Default empty. * @type bool $teeny Whether to output the minimal editor config. Examples include * Press This and the Comment editor. Default false. * @type bool $dfw Deprecated in 4.1. Unused. * @type bool|array $tinymce Whether to load TinyMCE. Can be used to pass settings directly to * TinyMCE using an array. Default true. * @type bool|array $quicktags Whether to load Quicktags. Can be used to pass settings directly to * Quicktags using an array. Default true. * } * @return array Parsed arguments array. */ public static function parse_settings( $editor_id, $settings ) { /** * Filters the wp_editor() settings. * * @since 4.0.0 * * @see _WP_Editors::parse_settings() * * @param array $settings Array of editor arguments. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $settings = apply_filters( 'wp_editor_settings', $settings, $editor_id ); $set = wp_parse_args( $settings, array( // Disable autop if the current post has blocks in it. 'wpautop' => ! has_blocks(), 'media_buttons' => true, 'default_editor' => '', 'drag_drop_upload' => false, 'textarea_name' => $editor_id, 'textarea_rows' => 20, 'tabindex' => '', 'tabfocus_elements' => ':prev,:next', 'editor_css' => '', 'editor_class' => '', 'teeny' => false, '_content_editor_dfw' => false, 'tinymce' => true, 'quicktags' => true, ) ); self::$this_tinymce = ( $set['tinymce'] && user_can_richedit() ); if ( self::$this_tinymce ) { if ( str_contains( $editor_id, '[' ) ) { self::$this_tinymce = false; _deprecated_argument( 'wp_editor()', '3.9.0', 'TinyMCE editor IDs cannot have brackets.' ); } } self::$this_quicktags = (bool) $set['quicktags']; if ( self::$this_tinymce ) { self::$has_tinymce = true; } if ( self::$this_quicktags ) { self::$has_quicktags = true; } if ( empty( $set['editor_height'] ) ) { return $set; } if ( 'content' === $editor_id && empty( $set['tinymce']['wp_autoresize_on'] ) ) { // A cookie (set when a user resizes the editor) overrides the height. $cookie = (int) get_user_setting( 'ed_size' ); if ( $cookie ) { $set['editor_height'] = $cookie; } } if ( $set['editor_height'] < 50 ) { $set['editor_height'] = 50; } elseif ( $set['editor_height'] > 5000 ) { $set['editor_height'] = 5000; } return $set; } /** * Outputs the HTML for a single instance of the editor. * * @since 3.3.0 * * @global WP_Screen $current_screen WordPress current screen object. * * @param string $content Initial content for the editor. * @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances. * Should not contain square brackets. * @param array $settings See _WP_Editors::parse_settings() for description. */ public static function editor( $content, $editor_id, $settings = array() ) { $set = self::parse_settings( $editor_id, $settings ); $editor_class = ' class="' . trim( esc_attr( $set['editor_class'] ) . ' wp-editor-area' ) . '"'; $tabindex = $set['tabindex'] ? ' tabindex="' . (int) $set['tabindex'] . '"' : ''; $default_editor = 'html'; $buttons = ''; $autocomplete = ''; $editor_id_attr = esc_attr( $editor_id ); if ( $set['drag_drop_upload'] ) { self::$drag_drop_upload = true; } if ( ! empty( $set['editor_height'] ) ) { $height = ' style="height: ' . (int) $set['editor_height'] . 'px"'; } else { $height = ' rows="' . (int) $set['textarea_rows'] . '"'; } if ( ! current_user_can( 'upload_files' ) ) { $set['media_buttons'] = false; } if ( self::$this_tinymce ) { $autocomplete = ' autocomplete="off"'; if ( self::$this_quicktags ) { $default_editor = $set['default_editor'] ? $set['default_editor'] : wp_default_editor(); // 'html' is used for the "Code" editor tab. if ( 'html' !== $default_editor ) { $default_editor = 'tinymce'; } $tmce_active = ( 'html' === $default_editor ) ? ' aria-pressed="true"' : ''; $html_active = ( 'html' === $default_editor ) ? '' : ' aria-pressed="true"'; $buttons .= '<button type="button" id="' . $editor_id_attr . '-tmce"' . $html_active . ' class="wp-switch-editor switch-tmce"' . ' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Visual', 'Name for the Visual editor tab' ) . "</button>\n"; $buttons .= '<button type="button" id="' . $editor_id_attr . '-html"' . $tmce_active . ' class="wp-switch-editor switch-html"' . ' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Code', 'Name for the Code editor tab (formerly Text)' ) . "</button>\n"; } else { $default_editor = 'tinymce'; } } $switch_class = 'html' === $default_editor ? 'html-active' : 'tmce-active'; $wrap_class = 'wp-core-ui wp-editor-wrap ' . $switch_class; if ( $set['_content_editor_dfw'] ) { $wrap_class .= ' has-dfw'; } echo '<div id="wp-' . $editor_id_attr . '-wrap" class="' . $wrap_class . '">'; if ( self::$editor_buttons_css ) { wp_print_styles( 'editor-buttons' ); self::$editor_buttons_css = false; } if ( ! empty( $set['editor_css'] ) ) { echo $set['editor_css'] . "\n"; } if ( ! empty( $buttons ) || $set['media_buttons'] ) { echo '<div id="wp-' . $editor_id_attr . '-editor-tools" class="wp-editor-tools hide-if-no-js">'; if ( $set['media_buttons'] ) { self::$has_medialib = true; if ( ! function_exists( 'media_buttons' ) ) { require ABSPATH . 'wp-admin/includes/media.php'; } echo '<div id="wp-' . $editor_id_attr . '-media-buttons" class="wp-media-buttons">'; /** * Fires after the default media button(s) are displayed. * * @since 2.5.0 * * @param string $editor_id Unique editor identifier, e.g. 'content'. */ do_action( 'media_buttons', $editor_id ); echo "</div>\n"; } echo '<div class="wp-editor-tabs">' . $buttons . "</div>\n"; echo "</div>\n"; } $quicktags_toolbar = ''; if ( self::$this_quicktags ) { if ( 'content' === $editor_id && ! empty( $GLOBALS['current_screen'] ) && 'post' === $GLOBALS['current_screen']->base ) { $toolbar_id = 'ed_toolbar'; } else { $toolbar_id = 'qt_' . $editor_id_attr . '_toolbar'; } $quicktags_toolbar = '<div id="' . $toolbar_id . '" class="quicktags-toolbar hide-if-no-js"></div>'; } /** * Filters the HTML markup output that displays the editor. * * @since 2.1.0 * * @param string $output Editor's HTML markup. */ $the_editor = apply_filters( 'the_editor', '<div id="wp-' . $editor_id_attr . '-editor-container" class="wp-editor-container">' . $quicktags_toolbar . '<textarea' . $editor_class . $height . $tabindex . $autocomplete . ' cols="40" name="' . esc_attr( $set['textarea_name'] ) . '" ' . 'id="' . $editor_id_attr . '">%s</textarea></div>' ); // Prepare the content for the Visual or Code editor, only when TinyMCE is used (back-compat). if ( self::$this_tinymce ) { add_filter( 'the_editor_content', 'format_for_editor', 10, 2 ); } /** * Filters the default editor content. * * @since 2.1.0 * * @param string $content Default editor content. * @param string $default_editor The default editor for the current user. * Either 'html' or 'tinymce'. */ $content = apply_filters( 'the_editor_content', $content, $default_editor ); // Remove the filter as the next editor on the same page may not need it. if ( self::$this_tinymce ) { remove_filter( 'the_editor_content', 'format_for_editor' ); } // Back-compat for the `htmledit_pre` and `richedit_pre` filters. if ( 'html' === $default_editor && has_filter( 'htmledit_pre' ) ) { /** This filter is documented in wp-includes/deprecated.php */ $content = apply_filters_deprecated( 'htmledit_pre', array( $content ), '4.3.0', 'format_for_editor' ); } elseif ( 'tinymce' === $default_editor && has_filter( 'richedit_pre' ) ) { /** This filter is documented in wp-includes/deprecated.php */ $content = apply_filters_deprecated( 'richedit_pre', array( $content ), '4.3.0', 'format_for_editor' ); } if ( false !== stripos( $content, 'textarea' ) ) { $content = preg_replace( '%</textarea%i', '</textarea', $content ); } printf( $the_editor, $content ); echo "\n</div>\n\n"; self::editor_settings( $editor_id, $set ); } /** * @since 3.3.0 * * @param string $editor_id Unique editor identifier, e.g. 'content'. * @param array $set Array of editor arguments. */ public static function editor_settings( $editor_id, $set ) { if ( empty( self::$first_init ) ) { if ( is_admin() ) { add_action( 'admin_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 ); } else { add_action( 'wp_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 ); } } if ( self::$this_quicktags ) { $qt_init = array( 'id' => $editor_id, 'buttons' => '', ); if ( is_array( $set['quicktags'] ) ) { $qt_init = array_merge( $qt_init, $set['quicktags'] ); } if ( empty( $qt_init['buttons'] ) ) { $qt_init['buttons'] = 'strong,em,link,block,del,ins,img,ul,ol,li,code,more,close'; } if ( $set['_content_editor_dfw'] ) { $qt_init['buttons'] .= ',dfw'; } /** * Filters the Quicktags settings. * * @since 3.3.0 * * @param array $qt_init Quicktags settings. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $qt_init = apply_filters( 'quicktags_settings', $qt_init, $editor_id ); self::$qt_settings[ $editor_id ] = $qt_init; self::$qt_buttons = array_merge( self::$qt_buttons, explode( ',', $qt_init['buttons'] ) ); } if ( self::$this_tinymce ) { if ( empty( self::$first_init ) ) { $baseurl = self::get_baseurl(); $mce_locale = self::get_mce_locale(); $ext_plugins = ''; if ( $set['teeny'] ) { /** * Filters the list of teenyMCE plugins. * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $plugins An array of teenyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $plugins = apply_filters( 'teeny_mce_plugins', array( 'colorpicker', 'lists', 'fullscreen', 'image', 'wordpress', 'wpeditimage', 'wplink', ), $editor_id ); } else { /** * Filters the list of TinyMCE external plugins. * * The filter takes an associative array of external plugins for * TinyMCE in the form 'plugin_name' => 'url'. * * The url should be absolute, and should include the js filename * to be loaded. For example: * 'myplugin' => 'http://mysite.com/wp-content/plugins/myfolder/mce_plugin.js'. * * If the external plugin adds a button, it should be added with * one of the 'mce_buttons' filters. * * @since 2.5.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $external_plugins An array of external TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_external_plugins = apply_filters( 'mce_external_plugins', array(), $editor_id ); $plugins = array( 'charmap', 'colorpicker', 'hr', 'lists', 'media', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wpdialogs', 'wptextpattern', 'wpview', ); if ( ! self::$has_medialib ) { $plugins[] = 'image'; } /** * Filters the list of default TinyMCE plugins. * * The filter specifies which of the default plugins included * in WordPress should be added to the TinyMCE instance. * * @since 3.3.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $plugins An array of default TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $plugins = array_unique( apply_filters( 'tiny_mce_plugins', $plugins, $editor_id ) ); $key = array_search( 'spellchecker', $plugins, true ); if ( false !== $key ) { /* * Remove 'spellchecker' from the internal plugins if added with 'tiny_mce_plugins' filter to prevent errors. * It can be added with 'mce_external_plugins'. */ unset( $plugins[ $key ] ); } if ( ! empty( $mce_external_plugins ) ) { /** * Filters the translations loaded for external TinyMCE 3.x plugins. * * The filter takes an associative array ('plugin_name' => 'path') * where 'path' is the include path to the file. * * The language file should follow the same format as wp_mce_translation(), * and should define a variable ($strings) that holds all translated strings. * * @since 2.5.0 * @since 5.3.0 The `$editor_id` parameter was added. * * @param array $translations Translations for external TinyMCE plugins. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_external_languages = apply_filters( 'mce_external_languages', array(), $editor_id ); $loaded_langs = array(); $strings = ''; if ( ! empty( $mce_external_languages ) ) { foreach ( $mce_external_languages as $name => $path ) { if ( @is_file( $path ) && @is_readable( $path ) ) { include_once $path; $ext_plugins .= $strings . "\n"; $loaded_langs[] = $name; } } } foreach ( $mce_external_plugins as $name => $url ) { if ( in_array( $name, $plugins, true ) ) { unset( $mce_external_plugins[ $name ] ); continue; } $url = set_url_scheme( $url ); $mce_external_plugins[ $name ] = $url; $plugurl = dirname( $url ); $strings = ''; // Try to load langs/[locale].js and langs/[locale]_dlg.js. if ( ! in_array( $name, $loaded_langs, true ) ) { $path = str_replace( content_url(), '', $plugurl ); $path = realpath( WP_CONTENT_DIR . $path . '/langs/' ); if ( ! $path ) { continue; } $path = trailingslashit( $path ); if ( @is_file( $path . $mce_locale . '.js' ) ) { $strings .= @file_get_contents( $path . $mce_locale . '.js' ) . "\n"; } if ( @is_file( $path . $mce_locale . '_dlg.js' ) ) { $strings .= @file_get_contents( $path . $mce_locale . '_dlg.js' ) . "\n"; } if ( 'en' !== $mce_locale && empty( $strings ) ) { if ( @is_file( $path . 'en.js' ) ) { $str1 = @file_get_contents( $path . 'en.js' ); $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 ) . "\n"; } if ( @is_file( $path . 'en_dlg.js' ) ) { $str2 = @file_get_contents( $path . 'en_dlg.js' ); $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 ) . "\n"; } } if ( ! empty( $strings ) ) { $ext_plugins .= "\n" . $strings . "\n"; } } $ext_plugins .= 'tinyMCEPreInit.load_ext("' . $plugurl . '", "' . $mce_locale . '");' . "\n"; } } } self::$plugins = $plugins; self::$ext_plugins = $ext_plugins; $settings = self::default_settings(); $settings['plugins'] = implode( ',', $plugins ); if ( ! empty( $mce_external_plugins ) ) { $settings['external_plugins'] = wp_json_encode( $mce_external_plugins ); } /** This filter is documented in wp-admin/includes/media.php */ if ( apply_filters( 'disable_captions', '' ) ) { $settings['wpeditimage_disable_captions'] = true; } $mce_css = $settings['content_css']; /* * The `editor-style.css` added by the theme is generally intended for the editor instance on the Edit Post screen. * Plugins that use wp_editor() on the front-end can decide whether to add the theme stylesheet * by using `get_editor_stylesheets()` and the `mce_css` or `tiny_mce_before_init` filters, see below. */ if ( is_admin() ) { $editor_styles = get_editor_stylesheets(); if ( ! empty( $editor_styles ) ) { // Force urlencoding of commas. foreach ( $editor_styles as $key => $url ) { if ( str_contains( $url, ',' ) ) { $editor_styles[ $key ] = str_replace( ',', '%2C', $url ); } } $mce_css .= ',' . implode( ',', $editor_styles ); } } /** * Filters the comma-delimited list of stylesheets to load in TinyMCE. * * @since 2.1.0 * * @param string $stylesheets Comma-delimited list of stylesheets. */ $mce_css = trim( apply_filters( 'mce_css', $mce_css ), ' ,' ); if ( ! empty( $mce_css ) ) { $settings['content_css'] = $mce_css; } else { unset( $settings['content_css'] ); } self::$first_init = $settings; } if ( $set['teeny'] ) { $mce_buttons = array( 'bold', 'italic', 'underline', 'blockquote', 'strikethrough', 'bullist', 'numlist', 'alignleft', 'aligncenter', 'alignright', 'undo', 'redo', 'link', 'fullscreen', ); /** * Filters the list of teenyMCE buttons (Code tab). * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons An array of teenyMCE buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_buttons = apply_filters( 'teeny_mce_buttons', $mce_buttons, $editor_id ); $mce_buttons_2 = array(); $mce_buttons_3 = array(); $mce_buttons_4 = array(); } else { $mce_buttons = array( 'formatselect', 'bold', 'italic', 'bullist', 'numlist', 'blockquote', 'alignleft', 'aligncenter', 'alignright', 'link', 'wp_more', 'spellchecker', ); if ( ! wp_is_mobile() ) { if ( $set['_content_editor_dfw'] ) { $mce_buttons[] = 'wp_adv'; $mce_buttons[] = 'dfw'; } else { $mce_buttons[] = 'fullscreen'; $mce_buttons[] = 'wp_adv'; } } else { $mce_buttons[] = 'wp_adv'; } /** * Filters the first-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons First-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons = apply_filters( 'mce_buttons', $mce_buttons, $editor_id ); $mce_buttons_2 = array( 'strikethrough', 'hr', 'forecolor', 'pastetext', 'removeformat', 'charmap', 'outdent', 'indent', 'undo', 'redo', ); if ( ! wp_is_mobile() ) { $mce_buttons_2[] = 'wp_help'; } /** * Filters the second-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_2 Second-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_2 = apply_filters( 'mce_buttons_2', $mce_buttons_2, $editor_id ); /** * Filters the third-row list of TinyMCE buttons (Visual tab). * * @since 2.0.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_3 Third-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_3 = apply_filters( 'mce_buttons_3', array(), $editor_id ); /** * Filters the fourth-row list of TinyMCE buttons (Visual tab). * * @since 2.5.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_buttons_4 Fourth-row list of buttons. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_buttons_4 = apply_filters( 'mce_buttons_4', array(), $editor_id ); } $body_class = $editor_id; $post = get_post(); if ( $post ) { $body_class .= ' post-type-' . sanitize_html_class( $post->post_type ) . ' post-status-' . sanitize_html_class( $post->post_status ); if ( post_type_supports( $post->post_type, 'post-formats' ) ) { $post_format = get_post_format( $post ); if ( $post_format && ! is_wp_error( $post_format ) ) { $body_class .= ' post-format-' . sanitize_html_class( $post_format ); } else { $body_class .= ' post-format-standard'; } } $page_template = get_page_template_slug( $post ); if ( false !== $page_template ) { $page_template = empty( $page_template ) ? 'default' : str_replace( '.', '-', basename( $page_template, '.php' ) ); $body_class .= ' page-template-' . sanitize_html_class( $page_template ); } } $body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) ); if ( ! empty( $set['tinymce']['body_class'] ) ) { $body_class .= ' ' . $set['tinymce']['body_class']; unset( $set['tinymce']['body_class'] ); } $mce_init = array( 'selector' => "#$editor_id", 'wpautop' => (bool) $set['wpautop'], 'indent' => ! $set['wpautop'], 'toolbar1' => implode( ',', $mce_buttons ), 'toolbar2' => implode( ',', $mce_buttons_2 ), 'toolbar3' => implode( ',', $mce_buttons_3 ), 'toolbar4' => implode( ',', $mce_buttons_4 ), 'tabfocus_elements' => $set['tabfocus_elements'], 'body_class' => $body_class, ); // Merge with the first part of the init array. $mce_init = array_merge( self::$first_init, $mce_init ); if ( is_array( $set['tinymce'] ) ) { $mce_init = array_merge( $mce_init, $set['tinymce'] ); } /* * For people who really REALLY know what they're doing with TinyMCE * You can modify $mceInit to add, remove, change elements of the config * before tinyMCE.init. Setting "valid_elements", "invalid_elements" * and "extended_valid_elements" can be done through this filter. Best * is to use the default cleanup by not specifying valid_elements, * as TinyMCE checks against the full set of HTML 5.0 elements and attributes. */ if ( $set['teeny'] ) { /** * Filters the teenyMCE config before init. * * @since 2.7.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_init An array with teenyMCE config. * @param string $editor_id Unique editor identifier, e.g. 'content'. */ $mce_init = apply_filters( 'teeny_mce_before_init', $mce_init, $editor_id ); } else { /** * Filters the TinyMCE config before init. * * @since 2.5.0 * @since 3.3.0 The `$editor_id` parameter was added. * * @param array $mce_init An array with TinyMCE config. * @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block' * when called from block editor's Classic block. */ $mce_init = apply_filters( 'tiny_mce_before_init', $mce_init, $editor_id ); } if ( empty( $mce_init['toolbar3'] ) && ! empty( $mce_init['toolbar4'] ) ) { $mce_init['toolbar3'] = $mce_init['toolbar4']; $mce_init['toolbar4'] = ''; } self::$mce_settings[ $editor_id ] = $mce_init; } // End if self::$this_tinymce. } /** * @since 3.3.0 * * @param array $init * @return string */ private static function _parse_init( $init ) { $options = ''; foreach ( $init as $key => $value ) { if ( is_bool( $value ) ) { $val = $value ? 'true' : 'false'; $options .= $key . ':' . $val . ','; continue; } elseif ( ! empty( $value ) && is_string( $value ) && ( ( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) || ( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) || preg_match( '/^\(?function ?\(/', $value ) ) ) { $options .= $key . ':' . $value . ','; continue; } $options .= $key . ':"' . $value . '",'; } return '{' . trim( $options, ' ,' ) . '}'; } /** * @since 3.3.0 * * @param bool $default_scripts Optional. Whether default scripts should be enqueued. Default false. */ public static function enqueue_scripts( $default_scripts = false ) { if ( $default_scripts || self::$has_tinymce ) { wp_enqueue_script( 'editor' ); } if ( $default_scripts || self::$has_quicktags ) { wp_enqueue_script( 'quicktags' ); wp_enqueue_style( 'buttons' ); } if ( $default_scripts || in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) { wp_enqueue_script( 'wplink' ); wp_enqueue_script( 'jquery-ui-autocomplete' ); } if ( self::$has_medialib ) { add_thickbox(); wp_enqueue_script( 'media-upload' ); wp_enqueue_script( 'wp-embed' ); } elseif ( $default_scripts ) { wp_enqueue_script( 'media-upload' ); } /** * Fires when scripts and styles are enqueued for the editor. * * @since 3.9.0 * * @param array $to_load An array containing boolean values whether TinyMCE * and Quicktags are being loaded. */ do_action( 'wp_enqueue_editor', array( 'tinymce' => ( $default_scripts || self::$has_tinymce ), 'quicktags' => ( $default_scripts || self::$has_quicktags ), ) ); } /** * Enqueue all editor scripts. * For use when the editor is going to be initialized after page load. * * @since 4.8.0 */ public static function enqueue_default_editor() { // We are past the point where scripts can be enqueued properly. if ( did_action( 'wp_enqueue_editor' ) ) { return; } self::enqueue_scripts( true ); // Also add wp-includes/css/editor.css. wp_enqueue_style( 'editor-buttons' ); if ( is_admin() ) { add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'admin_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 ); } else { add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 ); add_action( 'wp_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 ); } } /** * Print (output) all editor scripts and default settings. * For use when the editor is going to be initialized after page load. * * @since 4.8.0 */ public static function print_default_editor_scripts() { $user_can_richedit = user_can_richedit(); if ( $user_can_richedit ) { $settings = self::default_settings(); $settings['toolbar1'] = 'bold,italic,bullist,numlist,link'; $settings['wpautop'] = false; $settings['indent'] = true; $settings['elementpath'] = false; if ( is_rtl() ) { $settings['directionality'] = 'rtl'; } /* * In production all plugins are loaded (they are in wp-editor.js.gz). * The 'wpview', 'wpdialogs', and 'media' TinyMCE plugins are not initialized by default. * Can be added from js by using the 'wp-before-tinymce-init' event. */ $settings['plugins'] = implode( ',', array( 'charmap', 'colorpicker', 'hr', 'lists', 'paste', 'tabfocus', 'textcolor', 'fullscreen', 'wordpress', 'wpautoresize', 'wpeditimage', 'wpemoji', 'wpgallery', 'wplink', 'wptextpattern', ) ); $settings = self::_parse_init( $settings ); } else { $settings = '{}'; } ?> <script type="text/javascript"> window.wp = window.wp || {}; window.wp.editor = window.wp.editor || {}; window.wp.editor.getDefaultSettings = function() { return { tinymce: <?php echo $settings; ?>, quicktags: { buttons: 'strong,em,link,ul,ol,li,code' } }; }; <?php if ( $user_can_richedit ) { $suffix = SCRIPT_DEBUG ? '' : '.min'; $baseurl = self::get_baseurl(); ?> var tinyMCEPreInit = { baseURL: "<?php echo $baseurl; ?>", suffix: "<?php echo $suffix; ?>", mceInit: {}, qtInit: {}, load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');} }; <?php } ?> </script> <?php if ( $user_can_richedit ) { self::print_tinymce_scripts(); } /** * Fires when the editor scripts are loaded for later initialization, * after all scripts and settings are printed. * * @since 4.8.0 */ do_action( 'print_default_editor_scripts' ); self::wp_link_dialog(); } /** * Returns the TinyMCE locale. * * @since 4.8.0 * * @return string */ public static function get_mce_locale() { if ( empty( self::$mce_locale ) ) { $mce_locale = get_user_locale(); self::$mce_locale = empty( $mce_locale ) ? 'en' : strtolower( substr( $mce_locale, 0, 2 ) ); // ISO 639-1. } return self::$mce_locale; } /** * Returns the TinyMCE base URL. * * @since 4.8.0 * * @return string */ public static function get_baseurl() { if ( empty( self::$baseurl ) ) { self::$baseurl = includes_url( 'js/tinymce' ); } return self::$baseurl; } /** * Returns the default TinyMCE settings. * Doesn't include plugins, buttons, editor selector. * * @since 4.8.0 * * @global string $tinymce_version * * @return array */ private static function default_settings() { global $tinymce_version; $shortcut_labels = array(); foreach ( self::get_translation() as $name => $value ) { if ( is_array( $value ) ) { $shortcut_labels[ $name ] = $value[1]; } } $settings = array( 'theme' => 'modern', 'skin' => 'lightgray', 'language' => self::get_mce_locale(), 'formats' => '{' . 'alignleft: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"left"}},' . '{selector: "img,table,dl.wp-caption", classes: "alignleft"}' . '],' . 'aligncenter: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"center"}},' . '{selector: "img,table,dl.wp-caption", classes: "aligncenter"}' . '],' . 'alignright: [' . '{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"right"}},' . '{selector: "img,table,dl.wp-caption", classes: "alignright"}' . '],' . 'strikethrough: {inline: "del"}' . '}', 'relative_urls' => false, 'remove_script_host' => false, 'convert_urls' => false, 'browser_spellcheck' => true, 'fix_list_elements' => true, 'entities' => '38,amp,60,lt,62,gt', 'entity_encoding' => 'raw', 'keep_styles' => false, 'cache_suffix' => 'wp-mce-' . $tinymce_version, 'resize' => 'vertical', 'menubar' => false, 'branding' => false, // Limit the preview styles in the menu/toolbar. 'preview_styles' => 'font-family font-size font-weight font-style text-decoration text-transform', 'end_container_on_empty_block' => true, 'wpeditimage_html5_captions' => true, 'wp_lang_attr' => get_bloginfo( 'language' ), 'wp_shortcut_labels' => wp_json_encode( $shortcut_labels ), ); $suffix = SCRIPT_DEBUG ? '' : '.min'; $version = 'ver=' . get_bloginfo( 'version' ); // Default stylesheets. $settings['content_css'] = includes_url( "css/dashicons$suffix.css?$version" ) . ',' . includes_url( "js/tinymce/skins/wordpress/wp-content.css?$version" ); return $settings; } /** * @since 4.7.0 * * @return array */ private static function get_translation() { if ( empty( self::$translation ) ) { self::$translation = array( // Default TinyMCE strings. 'New document' => __( 'New document' ), 'Formats' => _x( 'Formats', 'TinyMCE' ), 'Headings' => _x( 'Headings', 'TinyMCE' ), 'Heading 1' => array( __( 'Heading 1' ), 'access1' ), 'Heading 2' => array( __( 'Heading 2' ), 'access2' ), 'Heading 3' => array( __( 'Heading 3' ), 'access3' ), 'Heading 4' => array( __( 'Heading 4' ), 'access4' ), 'Heading 5' => array( __( 'Heading 5' ), 'access5' ), 'Heading 6' => array( __( 'Heading 6' ), 'access6' ), /* translators: Block tags. */ 'Blocks' => _x( 'Blocks', 'TinyMCE' ), 'Paragraph' => array( __( 'Paragraph' ), 'access7' ), 'Blockquote' => array( __( 'Blockquote' ), 'accessQ' ), 'Div' => _x( 'Div', 'HTML tag' ), 'Pre' => _x( 'Pre', 'HTML tag' ), 'Preformatted' => _x( 'Preformatted', 'HTML tag' ), 'Address' => _x( 'Address', 'HTML tag' ), 'Inline' => _x( 'Inline', 'HTML elements' ), 'Underline' => array( __( 'Underline' ), 'metaU' ), 'Strikethrough' => array( __( 'Strikethrough' ), 'accessD' ), 'Subscript' => __( 'Subscript' ), 'Superscript' => __( 'Superscript' ), 'Clear formatting' => __( 'Clear formatting' ), 'Bold' => array( __( 'Bold' ), 'metaB' ), 'Italic' => array( __( 'Italic' ), 'metaI' ), 'Code' => array( __( 'Code' ), 'accessX' ), 'Source code' => __( 'Source code' ), 'Font Family' => __( 'Font Family' ), 'Font Sizes' => __( 'Font Sizes' ), 'Align center' => array( __( 'Align center' ), 'accessC' ), 'Align right' => array( __( 'Align right' ), 'accessR' ), 'Align left' => array( __( 'Align left' ), 'accessL' ), 'Justify' => array( __( 'Justify' ), 'accessJ' ), 'Increase indent' => __( 'Increase indent' ), 'Decrease indent' => __( 'Decrease indent' ), 'Cut' => array( __( 'Cut' ), 'metaX' ), 'Copy' => array( __( 'Copy' ), 'metaC' ), 'Paste' => array( __( 'Paste' ), 'metaV' ), 'Select all' => array( __( 'Select all' ), 'metaA' ), 'Undo' => array( __( 'Undo' ), 'metaZ' ), 'Redo' => array( __( 'Redo' ), 'metaY' ), 'Ok' => __( 'OK' ), 'Cancel' => __( 'Cancel' ), 'Close' => __( 'Close' ), 'Visual aids' => __( 'Visual aids' ), 'Bullet list' => array( __( 'Bulleted list' ), 'accessU' ), 'Numbered list' => array( __( 'Numbered list' ), 'accessO' ), 'Square' => _x( 'Square', 'list style' ), 'Default' => _x( 'Default', 'list style' ), 'Circle' => _x( 'Circle', 'list style' ), 'Disc' => _x( 'Disc', 'list style' ), 'Lower Greek' => _x( 'Lower Greek', 'list style' ), 'Lower Alpha' => _x( 'Lower Alpha', 'list style' ), 'Upper Alpha' => _x( 'Upper Alpha', 'list style' ), 'Upper Roman' => _x( 'Upper Roman', 'list style' ), 'Lower Roman' => _x( 'Lower Roman', 'list style' ), // Anchor plugin. 'Name' => _x( 'Name', 'Name of link anchor (TinyMCE)' ), 'Anchor' => _x( 'Anchor', 'Link anchor (TinyMCE)' ), 'Anchors' => _x( 'Anchors', 'Link anchors (TinyMCE)' ), 'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' => __( 'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' ), 'Id' => _x( 'Id', 'Id for link anchor (TinyMCE)' ), // Fullpage plugin. 'Document properties' => __( 'Document properties' ), 'Robots' => __( 'Robots' ), 'Title' => __( 'Title' ), 'Keywords' => __( 'Keywords' ), 'Encoding' => __( 'Encoding' ), 'Description' => __( 'Description' ), 'Author' => __( 'Author' ), // Media, image plugins. 'Image' => __( 'Image' ), 'Insert/edit image' => array( __( 'Insert/edit image' ), 'accessM' ), 'General' => __( 'General' ), 'Advanced' => __( 'Advanced' ), 'Source' => __( 'Source' ), 'Border' => __( 'Border' ), 'Constrain proportions' => __( 'Constrain proportions' ), 'Vertical space' => __( 'Vertical space' ), 'Image description' => __( 'Image description' ), 'Style' => __( 'Style' ), 'Dimensions' => __( 'Dimensions' ), 'Insert image' => __( 'Insert image' ), 'Date/time' => __( 'Date/time' ), 'Insert date/time' => __( 'Insert date/time' ), 'Table of Contents' => __( 'Table of Contents' ), 'Insert/Edit code sample' => __( 'Insert/edit code sample' ), 'Language' => __( 'Language' ), 'Media' => __( 'Media' ), 'Insert/edit media' => __( 'Insert/edit media' ), 'Poster' => __( 'Poster' ), 'Alternative source' => __( 'Alternative source' ), 'Paste your embed code below:' => __( 'Paste your embed code below:' ), 'Insert video' => __( 'Insert video' ), 'Embed' => __( 'Embed' ), // Each of these have a corresponding plugin. 'Special character' => __( 'Special character' ), 'Right to left' => _x( 'Right to left', 'editor button' ), 'Left to right' => _x( 'Left to right', 'editor button' ), 'Emoticons' => __( 'Emoticons' ), 'Nonbreaking space' => __( 'Nonbreaking space' ), 'Page break' => __( 'Page break' ), 'Paste as text' => __( 'Paste as text' ), 'Preview' => __( 'Preview' ), 'Print' => __( 'Print' ), 'Save' => __( 'Save' ), 'Fullscreen' => __( 'Fullscreen' ), 'Horizontal line' => __( 'Horizontal line' ), 'Horizontal space' => __( 'Horizontal space' ), 'Restore last draft' => __( 'Restore last draft' ), 'Insert/edit link' => array( __( 'Insert/edit link' ), 'metaK' ), 'Remove link' => array( __( 'Remove link' ), 'accessS' ), // Link plugin. 'Link' => __( 'Link' ), 'Insert link' => __( 'Insert link' ), 'Target' => __( 'Target' ), 'New window' => __( 'New window' ), 'Text to display' => __( 'Text to display' ), 'Url' => __( 'URL' ), 'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' => __( 'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' ), 'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' => __( 'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' ), 'Color' => __( 'Color' ), 'Custom color' => __( 'Custom color' ), 'Custom...' => _x( 'Custom...', 'label for custom color' ), // No ellipsis. 'No color' => __( 'No color' ), 'R' => _x( 'R', 'Short for red in RGB' ), 'G' => _x( 'G', 'Short for green in RGB' ), 'B' => _x( 'B', 'Short for blue in RGB' ), // Spelling, search/replace plugins. 'Could not find the specified string.' => __( 'Could not find the specified string.' ), 'Replace' => _x( 'Replace', 'find/replace' ), 'Next' => _x( 'Next', 'find/replace' ), /* translators: Previous. */ 'Prev' => _x( 'Prev', 'find/replace' ), 'Whole words' => _x( 'Whole words', 'find/replace' ), 'Find and replace' => __( 'Find and replace' ), 'Replace with' => _x( 'Replace with', 'find/replace' ), 'Find' => _x( 'Find', 'find/replace' ), 'Replace all' => _x( 'Replace all', 'find/replace' ), 'Match case' => __( 'Match case' ), 'Spellcheck' => __( 'Check Spelling' ), 'Finish' => _x( 'Finish', 'spellcheck' ), 'Ignore all' => _x( 'Ignore all', 'spellcheck' ), 'Ignore' => _x( 'Ignore', 'spellcheck' ), 'Add to Dictionary' => __( 'Add to Dictionary' ), // TinyMCE tables. 'Insert table' => __( 'Insert table' ), 'Delete table' => __( 'Delete table' ), 'Table properties' => __( 'Table properties' ), 'Row properties' => __( 'Table row properties' ), 'Cell properties' => __( 'Table cell properties' ), 'Border color' => __( 'Border color' ), 'Row' => __( 'Row' ), 'Rows' => __( 'Rows' ), 'Column' => __( 'Column' ), 'Cols' => __( 'Columns' ), 'Cell' => _x( 'Cell', 'table cell' ), 'Header cell' => __( 'Header cell' ), 'Header' => _x( 'Header', 'table header' ), 'Body' => _x( 'Body', 'table body' ), 'Footer' => _x( 'Footer', 'table footer' ), 'Insert row before' => __( 'Insert row before' ), 'Insert row after' => __( 'Insert row after' ), 'Insert column before' => __( 'Insert column before' ), 'Insert column after' => __( 'Insert column after' ), 'Paste row before' => __( 'Paste table row before' ), 'Paste row after' => __( 'Paste table row after' ), 'Delete row' => __( 'Delete row' ), 'Delete column' => __( 'Delete column' ), 'Cut row' => __( 'Cut table row' ), 'Copy row' => __( 'Copy table row' ), 'Merge cells' => __( 'Merge table cells' ), 'Split cell' => __( 'Split table cell' ), 'Height' => __( 'Height' ), 'Width' => __( 'Width' ), 'Caption' => __( 'Caption' ), 'Alignment' => __( 'Alignment' ), 'H Align' => _x( 'H Align', 'horizontal table cell alignment' ), 'Left' => __( 'Left' ), 'Center' => __( 'Center' ), 'Right' => __( 'Right' ), 'None' => _x( 'None', 'table cell alignment attribute' ), 'V Align' => _x( 'V Align', 'vertical table cell alignment' ), 'Top' => __( 'Top' ), 'Middle' => __( 'Middle' ), 'Bottom' => __( 'Bottom' ), 'Row group' => __( 'Row group' ), 'Column group' => __( 'Column group' ), 'Row type' => __( 'Row type' ), 'Cell type' => __( 'Cell type' ), 'Cell padding' => __( 'Cell padding' ), 'Cell spacing' => __( 'Cell spacing' ), 'Scope' => _x( 'Scope', 'table cell scope attribute' ), 'Insert template' => _x( 'Insert template', 'TinyMCE' ), 'Templates' => _x( 'Templates', 'TinyMCE' ), 'Background color' => __( 'Background color' ), 'Text color' => __( 'Text color' ), 'Show blocks' => _x( 'Show blocks', 'editor button' ), 'Show invisible characters' => __( 'Show invisible characters' ), /* translators: Word count. */ 'Words: {0}' => sprintf( __( 'Words: %s' ), '{0}' ), 'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' => __( 'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' ) . "\n\n" . __( 'If you are looking to paste rich content from Microsoft Word, try turning this option off. The editor will clean up text pasted from Word automatically.' ), 'Rich Text Area. Press ALT-F9 for menu. Press ALT-F10 for toolbar. Press ALT-0 for help' => __( 'Rich Text Area. Press Alt-Shift-H for help.' ), 'Rich Text Area. Press Control-Option-H for help.' => __( 'Rich Text Area. Press Control-Option-H for help.' ), 'You have unsaved changes are you sure you want to navigate away?' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'Your browser doesn\'t support direct access to the clipboard. Please use the Ctrl+X/C/V keyboard shortcuts instead.' => __( 'Your browser does not support direct access to the clipboard. Please use keyboard shortcuts or your browser’s edit menu instead.' ), // TinyMCE menus. 'Insert' => _x( 'Insert', 'TinyMCE menu' ), 'File' => _x( 'File', 'TinyMCE menu' ), 'Edit' => _x( 'Edit', 'TinyMCE menu' ), 'Tools' => _x( 'Tools', 'TinyMCE menu' ), 'View' => _x( 'View', 'TinyMCE menu' ), 'Table' => _x( 'Table', 'TinyMCE menu' ), 'Format' => _x( 'Format', 'TinyMCE menu' ), // WordPress strings. 'Toolbar Toggle' => array( __( 'Toolbar Toggle' ), 'accessZ' ), 'Insert Read More tag' => array( __( 'Insert Read More tag' ), 'accessT' ), 'Insert Page Break tag' => array( __( 'Insert Page Break tag' ), 'accessP' ), 'Read more...' => __( 'Read more...' ), // Title on the placeholder inside the editor (no ellipsis). 'Distraction-free writing mode' => array( __( 'Distraction-free writing mode' ), 'accessW' ), 'No alignment' => __( 'No alignment' ), // Tooltip for the 'alignnone' button in the image toolbar. 'Remove' => __( 'Remove' ), // Tooltip for the 'remove' button in the image toolbar. 'Edit|button' => __( 'Edit' ), // Tooltip for the 'edit' button in the image toolbar. 'Paste URL or type to search' => __( 'Paste URL or type to search' ), // Placeholder for the inline link dialog. 'Apply' => __( 'Apply' ), // Tooltip for the 'apply' button in the inline link dialog. 'Link options' => __( 'Link options' ), // Tooltip for the 'link options' button in the inline link dialog. 'Visual' => _x( 'Visual', 'Name for the Visual editor tab' ), // Editor switch tab label. 'Code|tab' => _x( 'Code', 'Name for the Code editor tab (formerly Text)' ), // Editor switch tab label. 'Add Media' => array( __( 'Add Media' ), 'accessM' ), // Tooltip for the 'Add Media' button in the block editor Classic block. // Shortcuts help modal. 'Keyboard Shortcuts' => array( __( 'Keyboard Shortcuts' ), 'accessH' ), 'Classic Block Keyboard Shortcuts' => __( 'Classic Block Keyboard Shortcuts' ), 'Default shortcuts,' => __( 'Default shortcuts,' ), 'Additional shortcuts,' => __( 'Additional shortcuts,' ), 'Focus shortcuts:' => __( 'Focus shortcuts:' ), 'Inline toolbar (when an image, link or preview is selected)' => __( 'Inline toolbar (when an image, link or preview is selected)' ), 'Editor menu (when enabled)' => __( 'Editor menu (when enabled)' ), 'Editor toolbar' => __( 'Editor toolbar' ), 'Elements path' => __( 'Elements path' ), 'Ctrl + Alt + letter:' => __( 'Ctrl + Alt + letter:' ), 'Shift + Alt + letter:' => __( 'Shift + Alt + letter:' ), 'Cmd + letter:' => __( 'Cmd + letter:' ), 'Ctrl + letter:' => __( 'Ctrl + letter:' ), 'Letter' => __( 'Letter' ), 'Action' => __( 'Action' ), 'Warning: the link has been inserted but may have errors. Please test it.' => __( 'Warning: the link has been inserted but may have errors. Please test it.' ), 'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' => __( 'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' ), 'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' => __( 'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' ), 'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' => __( 'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' ), 'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' => __( 'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' ), ); } /* Imagetools plugin (not included): 'Edit image' => __( 'Edit image' ), 'Image options' => __( 'Image options' ), 'Back' => __( 'Back' ), 'Invert' => __( 'Invert' ), 'Flip horizontally' => __( 'Flip horizontal' ), 'Flip vertically' => __( 'Flip vertical' ), 'Crop' => __( 'Crop' ), 'Orientation' => __( 'Orientation' ), 'Resize' => __( 'Resize' ), 'Rotate clockwise' => __( 'Rotate right' ), 'Rotate counterclockwise' => __( 'Rotate left' ), 'Sharpen' => __( 'Sharpen' ), 'Brightness' => __( 'Brightness' ), 'Color levels' => __( 'Color levels' ), 'Contrast' => __( 'Contrast' ), 'Gamma' => __( 'Gamma' ), 'Zoom in' => __( 'Zoom in' ), 'Zoom out' => __( 'Zoom out' ), */ return self::$translation; } /** * Translates the default TinyMCE strings and returns them as JSON encoded object ready to be loaded with tinymce.addI18n(), * or as JS snippet that should run after tinymce.js is loaded. * * @since 3.9.0 * * @param string $mce_locale The locale used for the editor. * @param bool $json_only Optional. Whether to include the JavaScript calls to tinymce.addI18n() and * tinymce.ScriptLoader.markDone(). Default false. * @return string Translation object, JSON encoded. */ public static function wp_mce_translation( $mce_locale = '', $json_only = false ) { if ( ! $mce_locale ) { $mce_locale = self::get_mce_locale(); } $mce_translation = self::get_translation(); foreach ( $mce_translation as $name => $value ) { if ( is_array( $value ) ) { $mce_translation[ $name ] = $value[0]; } } /** * Filters translated strings prepared for TinyMCE. * * @since 3.9.0 * * @param array $mce_translation Key/value pairs of strings. * @param string $mce_locale Locale. */ $mce_translation = apply_filters( 'wp_mce_translation', $mce_translation, $mce_locale ); foreach ( $mce_translation as $key => $value ) { // Remove strings that are not translated. if ( $key === $value ) { unset( $mce_translation[ $key ] ); continue; } if ( str_contains( $value, '&' ) ) { $mce_translation[ $key ] = html_entity_decode( $value, ENT_QUOTES, 'UTF-8' ); } } // Set direction. if ( is_rtl() ) { $mce_translation['_dir'] = 'rtl'; } if ( $json_only ) { return wp_json_encode( $mce_translation ); } $baseurl = self::get_baseurl(); return "tinymce.addI18n( '$mce_locale', " . wp_json_encode( $mce_translation ) . ");\n" . "tinymce.ScriptLoader.markDone( '$baseurl/langs/$mce_locale.js' );\n"; } /** * Force uncompressed TinyMCE when a custom theme has been defined. * * The compressed TinyMCE file cannot deal with custom themes, so this makes * sure that WordPress uses the uncompressed TinyMCE file if a theme is defined. * Even if the website is running on a production environment. * * @since 5.0.0 */ public static function force_uncompressed_tinymce() { $has_custom_theme = false; foreach ( self::$mce_settings as $init ) { if ( ! empty( $init['theme_url'] ) ) { $has_custom_theme = true; break; } } if ( ! $has_custom_theme ) { return; } $wp_scripts = wp_scripts(); $wp_scripts->remove( 'wp-tinymce' ); wp_register_tinymce_scripts( $wp_scripts, true ); } /** * Print (output) the main TinyMCE scripts. * * @since 4.8.0 * * @global bool $concatenate_scripts */ public static function print_tinymce_scripts() { global $concatenate_scripts; if ( self::$tinymce_scripts_printed ) { return; } self::$tinymce_scripts_printed = true; if ( ! isset( $concatenate_scripts ) ) { script_concat_settings(); } wp_print_scripts( array( 'wp-tinymce' ) ); echo "<script type='text/javascript'>\n" . self::wp_mce_translation() . "</script>\n"; } /** * Print (output) the TinyMCE configuration and initialization scripts. * * @since 3.3.0 * * @global string $tinymce_version */ public static function editor_js() { global $tinymce_version; $tmce_on = ! empty( self::$mce_settings ); $mce_init = ''; $qt_init = ''; if ( $tmce_on ) { foreach ( self::$mce_settings as $editor_id => $init ) { $options = self::_parse_init( $init ); $mce_init .= "'$editor_id':{$options},"; } $mce_init = '{' . trim( $mce_init, ',' ) . '}'; } else { $mce_init = '{}'; } if ( ! empty( self::$qt_settings ) ) { foreach ( self::$qt_settings as $editor_id => $init ) { $options = self::_parse_init( $init ); $qt_init .= "'$editor_id':{$options},"; } $qt_init = '{' . trim( $qt_init, ',' ) . '}'; } else { $qt_init = '{}'; } $ref = array( 'plugins' => implode( ',', self::$plugins ), 'theme' => 'modern', 'language' => self::$mce_locale, ); $suffix = SCRIPT_DEBUG ? '' : '.min'; $baseurl = self::get_baseurl(); $version = 'ver=' . $tinymce_version; /** * Fires immediately before the TinyMCE settings are printed. * * @since 3.2.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'before_wp_tiny_mce', self::$mce_settings ); ?> <script type="text/javascript"> tinyMCEPreInit = { baseURL: "<?php echo $baseurl; ?>", suffix: "<?php echo $suffix; ?>", <?php if ( self::$drag_drop_upload ) { echo 'dragDropUpload: true,'; } ?> mceInit: <?php echo $mce_init; ?>, qtInit: <?php echo $qt_init; ?>, ref: <?php echo self::_parse_init( $ref ); ?>, load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');} }; </script> <?php if ( $tmce_on ) { self::print_tinymce_scripts(); if ( self::$ext_plugins ) { // Load the old-format English strings to prevent unsightly labels in old style popups. echo "<script type='text/javascript' src='{$baseurl}/langs/wp-langs-en.js?$version'></script>\n"; } } /** * Fires after tinymce.js is loaded, but before any TinyMCE editor * instances are created. * * @since 3.9.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'wp_tiny_mce_init', self::$mce_settings ); ?> <script type="text/javascript"> <?php if ( self::$ext_plugins ) { echo self::$ext_plugins . "\n"; } if ( ! is_admin() ) { echo 'var ajaxurl = "' . admin_url( 'admin-ajax.php', 'relative' ) . '";'; } ?> ( function() { var initialized = []; var initialize = function() { var init, id, inPostbox, $wrap; var readyState = document.readyState; if ( readyState !== 'complete' && readyState !== 'interactive' ) { return; } for ( id in tinyMCEPreInit.mceInit ) { if ( initialized.indexOf( id ) > -1 ) { continue; } init = tinyMCEPreInit.mceInit[id]; $wrap = tinymce.$( '#wp-' + id + '-wrap' ); inPostbox = $wrap.parents( '.postbox' ).length > 0; if ( ! init.wp_skip_init && ( $wrap.hasClass( 'tmce-active' ) || ! tinyMCEPreInit.qtInit.hasOwnProperty( id ) ) && ( readyState === 'complete' || ( ! inPostbox && readyState === 'interactive' ) ) ) { tinymce.init( init ); initialized.push( id ); if ( ! window.wpActiveEditor ) { window.wpActiveEditor = id; } } } } if ( typeof tinymce !== 'undefined' ) { if ( tinymce.Env.ie && tinymce.Env.ie < 11 ) { tinymce.$( '.wp-editor-wrap ' ).removeClass( 'tmce-active' ).addClass( 'html-active' ); } else { if ( document.readyState === 'complete' ) { initialize(); } else { document.addEventListener( 'readystatechange', initialize ); } } } if ( typeof quicktags !== 'undefined' ) { for ( id in tinyMCEPreInit.qtInit ) { quicktags( tinyMCEPreInit.qtInit[id] ); if ( ! window.wpActiveEditor ) { window.wpActiveEditor = id; } } } }()); </script> <?php if ( in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) { self::wp_link_dialog(); } /** * Fires after any core TinyMCE editor instances are created. * * @since 3.2.0 * * @param array $mce_settings TinyMCE settings array. */ do_action( 'after_wp_tiny_mce', self::$mce_settings ); } /** * Outputs the HTML for distraction-free writing mode. * * @since 3.2.0 * @deprecated 4.3.0 */ public static function wp_fullscreen_html() { _deprecated_function( __FUNCTION__, '4.3.0' ); } /** * Performs post queries for internal linking. * * @since 3.1.0 * * @param array $args { * Optional. Array of link query arguments. * * @type int $pagenum Page number. Default 1. * @type string $s Search keywords. * } * @return array|false $results { * An array of associative arrays of query results, false if there are none. * * @type array ...$0 { * @type int $ID Post ID. * @type string $title The trimmed, escaped post title. * @type string $permalink Post permalink. * @type string $info A 'Y/m/d'-formatted date for 'post' post type, * the 'singular_name' post type label otherwise. * } * } */ public static function wp_link_query( $args = array() ) { $pts = get_post_types( array( 'public' => true ), 'objects' ); $pt_names = array_keys( $pts ); $query = array( 'post_type' => $pt_names, 'suppress_filters' => true, 'update_post_term_cache' => false, 'update_post_meta_cache' => false, 'post_status' => 'publish', 'posts_per_page' => 20, ); $args['pagenum'] = isset( $args['pagenum'] ) ? absint( $args['pagenum'] ) : 1; if ( isset( $args['s'] ) ) { $query['s'] = $args['s']; } $query['offset'] = $args['pagenum'] > 1 ? $query['posts_per_page'] * ( $args['pagenum'] - 1 ) : 0; /** * Filters the link query arguments. * * Allows modification of the link query arguments before querying. * * @see WP_Query for a full list of arguments * * @since 3.7.0 * * @param array $query An array of WP_Query arguments. */ $query = apply_filters( 'wp_link_query_args', $query ); // Do main query. $get_posts = new WP_Query(); $posts = $get_posts->query( $query ); // Build results. $results = array(); foreach ( $posts as $post ) { if ( 'post' === $post->post_type ) { $info = mysql2date( __( 'Y/m/d' ), $post->post_date ); } else { $info = $pts[ $post->post_type ]->labels->singular_name; } $results[] = array( 'ID' => $post->ID, 'title' => trim( esc_html( strip_tags( get_the_title( $post ) ) ) ), 'permalink' => get_permalink( $post->ID ), 'info' => $info, ); } /** * Filters the link query results. * * Allows modification of the returned link query results. * * @since 3.7.0 * * @see 'wp_link_query_args' filter * * @param array $results { * An array of associative arrays of query results. * * @type array ...$0 { * @type int $ID Post ID. * @type string $title The trimmed, escaped post title. * @type string $permalink Post permalink. * @type string $info A 'Y/m/d'-formatted date for 'post' post type, * the 'singular_name' post type label otherwise. * } * } * @param array $query An array of WP_Query arguments. */ $results = apply_filters( 'wp_link_query', $results, $query ); return ! empty( $results ) ? $results : false; } /** * Dialog for internal linking. * * @since 3.1.0 */ public static function wp_link_dialog() { // Run once. if ( self::$link_dialog_printed ) { return; } self::$link_dialog_printed = true; // `display: none` is required here, see #WP27605. ?> <div id="wp-link-backdrop" style="display: none"></div> <div id="wp-link-wrap" class="wp-core-ui" style="display: none" role="dialog" aria-modal="true" aria-labelledby="link-modal-title"> <form id="wp-link" tabindex="-1"> <?php wp_nonce_field( 'internal-linking', '_ajax_linking_nonce', false ); ?> <h1 id="link-modal-title"><?php _e( 'Insert/edit link' ); ?></h1> <button type="button" id="wp-link-close"><span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Close' ); ?> </span></button> <div id="link-selector"> <div id="link-options"> <p class="howto" id="wplink-enter-url"><?php _e( 'Enter the destination URL' ); ?></p> <div> <label><span><?php _e( 'URL' ); ?></span> <input id="wp-link-url" type="text" aria-describedby="wplink-enter-url" /></label> </div> <div class="wp-link-text-field"> <label><span><?php _e( 'Link Text' ); ?></span> <input id="wp-link-text" type="text" /></label> </div> <div class="link-target"> <label><span></span> <input type="checkbox" id="wp-link-target" /> <?php _e( 'Open link in a new tab' ); ?></label> </div> </div> <p class="howto" id="wplink-link-existing-content"><?php _e( 'Or link to existing content' ); ?></p> <div id="search-panel"> <div class="link-search-wrapper"> <label> <span class="search-label"><?php _e( 'Search' ); ?></span> <input type="search" id="wp-link-search" class="link-search-field" autocomplete="off" aria-describedby="wplink-link-existing-content" /> <span class="spinner"></span> </label> </div> <div id="search-results" class="query-results" tabindex="0"> <ul></ul> <div class="river-waiting"> <span class="spinner"></span> </div> </div> <div id="most-recent-results" class="query-results" tabindex="0"> <div class="query-notice" id="query-notice-message"> <em class="query-notice-default"><?php _e( 'No search term specified. Showing recent items.' ); ?></em> <em class="query-notice-hint screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Search or use up and down arrow keys to select an item.' ); ?> </em> </div> <ul></ul> <div class="river-waiting"> <span class="spinner"></span> </div> </div> </div> </div> <div class="submitbox"> <div id="wp-link-cancel"> <button type="button" class="button"><?php _e( 'Cancel' ); ?></button> </div> <div id="wp-link-update"> <input type="submit" value="<?php esc_attr_e( 'Add Link' ); ?>" class="button button-primary" id="wp-link-submit" name="wp-link-submit"> </div> </div> </form> </div> <?php } } HTTP/https-migration-20260605121529-20260608184148.php 0000666 00000011205 15226703613 0014162 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-encoding-20260605104648.php 0000666 00000015041 15226703613 0013731 0 ustar 00 <?php /** * HTTP API: WP_Http_Encoding class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement deflate and gzip transfer encoding support for HTTP requests. * * Includes RFC 1950, RFC 1951, and RFC 1952. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Http_Encoding { /** * Compress raw string using the deflate format. * * Supports the RFC 1951 standard. * * @since 2.8.0 * * @param string $raw String to compress. * @param int $level Optional. Compression level, 9 is highest. Default 9. * @param string $supports Optional, not used. When implemented it will choose * the right compression based on what the server supports. * @return string|false Compressed string on success, false on failure. */ public static function compress( $raw, $level = 9, $supports = null ) { return gzdeflate( $raw, $level ); } /** * Decompression of deflated string. * * Will attempt to decompress using the RFC 1950 standard, and if that fails * then the RFC 1951 standard deflate will be attempted. Finally, the RFC * 1952 standard gzip decode will be attempted. If all fail, then the * original compressed string will be returned. * * @since 2.8.0 * * @param string $compressed String to decompress. * @param int $length The optional length of the compressed data. * @return string|false Decompressed string on success, false on failure. */ public static function decompress( $compressed, $length = null ) { if ( empty( $compressed ) ) { return $compressed; } $decompressed = @gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = self::compatible_gzinflate( $compressed ); if ( false !== $decompressed ) { return $decompressed; } $decompressed = @gzuncompress( $compressed ); if ( false !== $decompressed ) { return $decompressed; } if ( function_exists( 'gzdecode' ) ) { $decompressed = @gzdecode( $compressed ); if ( false !== $decompressed ) { return $decompressed; } } return $compressed; } /** * Decompression of deflated string while staying compatible with the majority of servers. * * Certain Servers will return deflated data with headers which PHP's gzinflate() * function cannot handle out of the box. The following function has been created from * various snippets on the gzinflate() PHP documentation. * * Warning: Magic numbers within. Due to the potential different formats that the compressed * data may be returned in, some "magic offsets" are needed to ensure proper decompression * takes place. For a simple pragmatic way to determine the magic offset in use, see: * https://core.trac.wordpress.org/ticket/18273 * * @since 2.8.1 * * @link https://core.trac.wordpress.org/ticket/18273 * @link https://www.php.net/manual/en/function.gzinflate.php#70875 * @link https://www.php.net/manual/en/function.gzinflate.php#77336 * * @param string $gz_data String to decompress. * @return string|false Decompressed string on success, false on failure. */ public static function compatible_gzinflate( $gz_data ) { // Compressed data might contain a full header, if so strip it for gzinflate(). if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) { $i = 10; $flg = ord( substr( $gz_data, 3, 1 ) ); if ( $flg > 0 ) { if ( $flg & 4 ) { list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) ); $i = $i + 2 + $xlen; } if ( $flg & 8 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 16 ) { $i = strpos( $gz_data, "\0", $i ) + 1; } if ( $flg & 2 ) { $i = $i + 2; } } $decompressed = @gzinflate( substr( $gz_data, $i, -8 ) ); if ( false !== $decompressed ) { return $decompressed; } } // Compressed data from java.util.zip.Deflater amongst others. $decompressed = @gzinflate( substr( $gz_data, 2 ) ); if ( false !== $decompressed ) { return $decompressed; } return false; } /** * What encoding types to accept and their priority values. * * @since 2.8.0 * * @param string $url * @param array $args * @return string Types of encoding to accept. */ public static function accept_encoding( $url, $args ) { $type = array(); $compression_enabled = self::is_available(); if ( ! $args['decompress'] ) { // Decompression specifically disabled. $compression_enabled = false; } elseif ( $args['stream'] ) { // Disable when streaming to file. $compression_enabled = false; } elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it. $compression_enabled = false; } if ( $compression_enabled ) { if ( function_exists( 'gzinflate' ) ) { $type[] = 'deflate;q=1.0'; } if ( function_exists( 'gzuncompress' ) ) { $type[] = 'compress;q=0.5'; } if ( function_exists( 'gzdecode' ) ) { $type[] = 'gzip;q=0.5'; } } /** * Filters the allowed encoding types. * * @since 3.6.0 * * @param string[] $type Array of what encoding types to accept and their priority values. * @param string $url URL of the HTTP request. * @param array $args HTTP request arguments. */ $type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args ); return implode( ', ', $type ); } /** * What encoding the content used when it was compressed to send in the headers. * * @since 2.8.0 * * @return string Content-Encoding string to send in the header. */ public static function content_encoding() { return 'deflate'; } /** * Whether the content be decoded based on the headers. * * @since 2.8.0 * * @param array|string $headers All of the available headers. * @return bool */ public static function should_decode( $headers ) { if ( is_array( $headers ) ) { if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) { return true; } } elseif ( is_string( $headers ) ) { return ( stripos( $headers, 'content-encoding:' ) !== false ); } return false; } /** * Whether decompression and compression are supported by the PHP version. * * Each function is tested instead of checking for the zlib extension, to * ensure that the functions all exist in the PHP version and aren't * disabled. * * @since 2.8.0 * * @return bool */ public static function is_available() { return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) ); } } HTTP/class-wp-customize-setting-20260605041351.php 0000666 00000072412 15226703613 0014657 0 ustar 00 <?php /** * WordPress Customize Setting classes * * @package WordPress * @subpackage Customize * @since 3.4.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } /** * Customize Setting class. * * Handles saving and sanitizing of settings. * * @since 3.4.0 * * @see WP_Customize_Manager * @link https://developer.wordpress.org/themes/customize-api */ #[AllowDynamicProperties] class WP_Customize_Setting { /** * Customizer bootstrap instance. * * @since 3.4.0 * @var WP_Customize_Manager */ public $manager; /** * Unique string identifier for the setting. * * @since 3.4.0 * @var string */ public $id; /** * Type of customize settings. * * @since 3.4.0 * @var string */ public $type = 'theme_mod'; /** * Capability required to edit this setting. * * @since 3.4.0 * @var string|array */ public $capability = 'edit_theme_options'; /** * Theme features required to support the setting. * * @since 3.4.0 * @var string|string[] */ public $theme_supports = ''; /** * The default value for the setting. * * @since 3.4.0 * @var string */ public $default = ''; /** * Options for rendering the live preview of changes in Customizer. * * Set this value to 'postMessage' to enable a custom JavaScript handler to render changes to this setting * as opposed to reloading the whole page. * * @since 3.4.0 * @var string */ public $transport = 'refresh'; /** * Server-side validation callback for the setting's value. * * @since 4.6.0 * @var callable */ public $validate_callback = ''; /** * Callback to filter a Customize setting value in un-slashed form. * * @since 3.4.0 * @var callable */ public $sanitize_callback = ''; /** * Callback to convert a Customize PHP setting value to a value that is JSON serializable. * * @since 3.4.0 * @var callable */ public $sanitize_js_callback = ''; /** * Whether or not the setting is initially dirty when created. * * This is used to ensure that a setting will be sent from the pane to the * preview when loading the Customizer. Normally a setting only is synced to * the preview if it has been changed. This allows the setting to be sent * from the start. * * @since 4.2.0 * @var bool */ public $dirty = false; /** * ID Data. * * @since 3.4.0 * @var array */ protected $id_data = array(); /** * Whether or not preview() was called. * * @since 4.4.0 * @var bool */ protected $is_previewed = false; /** * Cache of multidimensional values to improve performance. * * @since 4.4.0 * @var array */ protected static $aggregated_multidimensionals = array(); /** * Whether the multidimensional setting is aggregated. * * @since 4.4.0 * @var bool */ protected $is_multidimensional_aggregated = false; /** * Constructor. * * Any supplied $args override class property defaults. * * @since 3.4.0 * * @param WP_Customize_Manager $manager Customizer bootstrap instance. * @param string $id A specific ID of the setting. * Can be a theme mod or option name. * @param array $args { * Optional. Array of properties for the new Setting object. Default empty array. * * @type string $type Type of the setting. Default 'theme_mod'. * @type string $capability Capability required for the setting. Default 'edit_theme_options' * @type string|string[] $theme_supports Theme features required to support the panel. Default is none. * @type string $default Default value for the setting. Default is empty string. * @type string $transport Options for rendering the live preview of changes in Customizer. * Using 'refresh' makes the change visible by reloading the whole preview. * Using 'postMessage' allows a custom JavaScript to handle live changes. * Default is 'refresh'. * @type callable $validate_callback Server-side validation callback for the setting's value. * @type callable $sanitize_callback Callback to filter a Customize setting value in un-slashed form. * @type callable $sanitize_js_callback Callback to convert a Customize PHP setting value to a value that is * JSON serializable. * @type bool $dirty Whether or not the setting is initially dirty when created. * } */ public function __construct( $manager, $id, $args = array() ) { $keys = array_keys( get_object_vars( $this ) ); foreach ( $keys as $key ) { if ( isset( $args[ $key ] ) ) { $this->$key = $args[ $key ]; } } $this->manager = $manager; $this->id = $id; // Parse the ID for array keys. $this->id_data['keys'] = preg_split( '/\[/', str_replace( ']', '', $this->id ) ); $this->id_data['base'] = array_shift( $this->id_data['keys'] ); // Rebuild the ID. $this->id = $this->id_data['base']; if ( ! empty( $this->id_data['keys'] ) ) { $this->id .= '[' . implode( '][', $this->id_data['keys'] ) . ']'; } if ( $this->validate_callback ) { add_filter( "customize_validate_{$this->id}", $this->validate_callback, 10, 3 ); } if ( $this->sanitize_callback ) { add_filter( "customize_sanitize_{$this->id}", $this->sanitize_callback, 10, 2 ); } if ( $this->sanitize_js_callback ) { add_filter( "customize_sanitize_js_{$this->id}", $this->sanitize_js_callback, 10, 2 ); } if ( 'option' === $this->type || 'theme_mod' === $this->type ) { // Other setting types can opt-in to aggregate multidimensional explicitly. $this->aggregate_multidimensional(); // Allow option settings to indicate whether they should be autoloaded. if ( 'option' === $this->type && isset( $args['autoload'] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] = $args['autoload']; } } } /** * Get parsed ID data for multidimensional setting. * * @since 4.4.0 * * @return array { * ID data for multidimensional setting. * * @type string $base ID base * @type array $keys Keys for multidimensional array. * } */ final public function id_data() { return $this->id_data; } /** * Set up the setting for aggregated multidimensional values. * * When a multidimensional setting gets aggregated, all of its preview and update * calls get combined into one call, greatly improving performance. * * @since 4.4.0 */ protected function aggregate_multidimensional() { $id_base = $this->id_data['base']; if ( ! isset( self::$aggregated_multidimensionals[ $this->type ] ) ) { self::$aggregated_multidimensionals[ $this->type ] = array(); } if ( ! isset( self::$aggregated_multidimensionals[ $this->type ][ $id_base ] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $id_base ] = array( 'previewed_instances' => array(), // Calling preview() will add the $setting to the array. 'preview_applied_instances' => array(), // Flags for which settings have had their values applied. 'root_value' => $this->get_root_value( array() ), // Root value for initial state, manipulated by preview and update calls. ); } if ( ! empty( $this->id_data['keys'] ) ) { // Note the preview-applied flag is cleared at priority 9 to ensure it is cleared before a deferred-preview runs. add_action( "customize_post_value_set_{$this->id}", array( $this, '_clear_aggregated_multidimensional_preview_applied_flag' ), 9 ); $this->is_multidimensional_aggregated = true; } } /** * Reset `$aggregated_multidimensionals` static variable. * * This is intended only for use by unit tests. * * @since 4.5.0 * @ignore */ public static function reset_aggregated_multidimensionals() { self::$aggregated_multidimensionals = array(); } /** * The ID for the current site when the preview() method was called. * * @since 4.2.0 * @var int */ protected $_previewed_blog_id; /** * Return true if the current site is not the same as the previewed site. * * @since 4.2.0 * * @return bool If preview() has been called. */ public function is_current_blog_previewed() { if ( ! isset( $this->_previewed_blog_id ) ) { return false; } return ( get_current_blog_id() === $this->_previewed_blog_id ); } /** * Original non-previewed value stored by the preview method. * * @see WP_Customize_Setting::preview() * @since 4.1.1 * @var mixed */ protected $_original_value; /** * Add filters to supply the setting's value when accessed. * * If the setting already has a pre-existing value and there is no incoming * post value for the setting, then this method will short-circuit since * there is no change to preview. * * @since 3.4.0 * @since 4.4.0 Added boolean return value. * * @return bool False when preview short-circuits due no change needing to be previewed. */ public function preview() { if ( ! isset( $this->_previewed_blog_id ) ) { $this->_previewed_blog_id = get_current_blog_id(); } // Prevent re-previewing an already-previewed setting. if ( $this->is_previewed ) { return true; } $id_base = $this->id_data['base']; $is_multidimensional = ! empty( $this->id_data['keys'] ); $multidimensional_filter = array( $this, '_multidimensional_preview_filter' ); /* * Check if the setting has a pre-existing value (an isset check), * and if doesn't have any incoming post value. If both checks are true, * then the preview short-circuits because there is nothing that needs * to be previewed. */ $undefined = new stdClass(); $needs_preview = ( $undefined !== $this->post_value( $undefined ) ); $value = null; // Since no post value was defined, check if we have an initial value set. if ( ! $needs_preview ) { if ( $this->is_multidimensional_aggregated ) { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root, $this->id_data['keys'], $undefined ); } else { $default = $this->default; $this->default = $undefined; // Temporarily set default to undefined so we can detect if existing value is set. $value = $this->value(); $this->default = $default; } $needs_preview = ( $undefined === $value ); // Because the default needs to be supplied. } // If the setting does not need previewing now, defer to when it has a value to preview. if ( ! $needs_preview ) { if ( ! has_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ) ) { add_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ); } return false; } switch ( $this->type ) { case 'theme_mod': if ( ! $is_multidimensional ) { add_filter( "theme_mod_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add this filter once for this ID base. add_filter( "theme_mod_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; case 'option': if ( ! $is_multidimensional ) { add_filter( "pre_option_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add these filters once for this ID base. add_filter( "option_{$id_base}", $multidimensional_filter ); add_filter( "default_option_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; default: /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->id}", $this ); /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the setting type. * * @since 4.1.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->type}", $this ); } $this->is_previewed = true; return true; } /** * Clear out the previewed-applied flag for a multidimensional-aggregated value whenever its post value is updated. * * This ensures that the new value will get sanitized and used the next time * that `WP_Customize_Setting::_multidimensional_preview_filter()` * is called for this setting. * * @since 4.4.0 * * @see WP_Customize_Manager::set_post_value() * @see WP_Customize_Setting::_multidimensional_preview_filter() */ final public function _clear_aggregated_multidimensional_preview_applied_flag() { unset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['preview_applied_instances'][ $this->id ] ); } /** * Callback function to filter non-multidimensional theme mods and options. * * If switch_to_blog() was called after the preview() method, and the current * site is now not the same site, then this method does a no-op and returns * the original value. * * @since 3.4.0 * * @param mixed $original Old value. * @return mixed New or old value. */ public function _preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $undefined = new stdClass(); // Symbol hack. $post_value = $this->post_value( $undefined ); if ( $undefined !== $post_value ) { $value = $post_value; } else { /* * Note that we don't use $original here because preview() will * not add the filter in the first place if it has an initial value * and there is no post value. */ $value = $this->default; } return $value; } /** * Callback function to filter multidimensional theme mods and options. * * For all multidimensional settings of a given type, the preview filter for * the first setting previewed will be used to apply the values for the others. * * @since 4.4.0 * * @see WP_Customize_Setting::$aggregated_multidimensionals * @param mixed $original Original root value. * @return mixed New or old value. */ final public function _multidimensional_preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $id_base = $this->id_data['base']; // If no settings have been previewed yet (which should not be the case, since $this is), just pass through the original value. if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { return $original; } foreach ( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] as $previewed_setting ) { // Skip applying previewed value for any settings that have already been applied. if ( ! empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] ) ) { continue; } // Do the replacements of the posted/default sub value into the root value. $value = $previewed_setting->post_value( $previewed_setting->default ); $root = self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value']; $root = $previewed_setting->multidimensional_replace( $root, $previewed_setting->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value'] = $root; // Mark this setting having been applied so that it will be skipped when the filter is called again. self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] = true; } return self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; } /** * Checks user capabilities and theme supports, and then saves * the value of the setting. * * @since 3.4.0 * * @return void|false Void on success, false if cap check fails * or value isn't set or is invalid. */ final public function save() { $value = $this->post_value(); if ( ! $this->check_capabilities() || ! isset( $value ) ) { return false; } $id_base = $this->id_data['base']; /** * Fires when the WP_Customize_Setting::save() method is called. * * The dynamic portion of the hook name, `$id_base` refers to * the base slug of the setting name. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_save_{$id_base}", $this ); $this->update( $value ); } /** * Fetch and sanitize the $_POST value for the setting. * * During a save request prior to save, post_value() provides the new value while value() does not. * * @since 3.4.0 * * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The default value on failure, otherwise the sanitized and validated value. */ final public function post_value( $default_value = null ) { return $this->manager->post_value( $this, $default_value ); } /** * Sanitize an input. * * @since 3.4.0 * * @param string|array $value The value to sanitize. * @return string|array|null|WP_Error Sanitized value, or `null`/`WP_Error` if invalid. */ public function sanitize( $value ) { /** * Filters a Customize setting value in un-slashed form. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ return apply_filters( "customize_sanitize_{$this->id}", $value, $this ); } /** * Validates an input. * * @since 4.6.0 * * @see WP_REST_Request::has_valid_params() * * @param mixed $value Value to validate. * @return true|WP_Error True if the input was validated, otherwise WP_Error. */ public function validate( $value ) { if ( is_wp_error( $value ) ) { return $value; } if ( is_null( $value ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value.' ) ); } $validity = new WP_Error(); /** * Validates a Customize setting value. * * Plugins should amend the `$validity` object via its `WP_Error::add()` method. * * The dynamic portion of the hook name, `$this->ID`, refers to the setting ID. * * @since 4.6.0 * * @param WP_Error $validity Filtered from `true` to `WP_Error` when invalid. * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $validity = apply_filters( "customize_validate_{$this->id}", $validity, $value, $this ); if ( is_wp_error( $validity ) && ! $validity->has_errors() ) { $validity = true; } return $validity; } /** * Get the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $default_value Value to return if root does not exist. * @return mixed */ protected function get_root_value( $default_value = null ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { return get_option( $id_base, $default_value ); } elseif ( 'theme_mod' === $this->type ) { return get_theme_mod( $id_base, $default_value ); } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return $default_value; } } /** * Set the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $value Value to set as root of multidimensional setting. * @return bool Whether the multidimensional root was updated successfully. */ protected function set_root_value( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { $autoload = true; if ( isset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] ) ) { $autoload = self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload']; } return update_option( $id_base, $value, $autoload ); } elseif ( 'theme_mod' === $this->type ) { set_theme_mod( $id_base, $value ); return true; } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return false; } } /** * Save the value of the setting, using the related API. * * @since 3.4.0 * * @param mixed $value The value to update. * @return bool The result of saving the value. */ protected function update( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type || 'theme_mod' === $this->type ) { if ( ! $this->is_multidimensional_aggregated ) { return $this->set_root_value( $value ); } else { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $root = $this->multidimensional_replace( $root, $this->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value'] = $root; return $this->set_root_value( $root ); } } else { /** * Fires when the WP_Customize_Setting::update() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the type of setting. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_update_{$this->type}", $value, $this ); return has_action( "customize_update_{$this->type}" ); } } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_theme_mod() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_option() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Fetch the value of the setting. * * @since 3.4.0 * * @return mixed The value. */ public function value() { $id_base = $this->id_data['base']; $is_core_type = ( 'option' === $this->type || 'theme_mod' === $this->type ); if ( ! $is_core_type && ! $this->is_multidimensional_aggregated ) { // Use post value if previewed and a post value is present. if ( $this->is_previewed ) { $value = $this->post_value( null ); if ( null !== $value ) { return $value; } } $value = $this->get_root_value( $this->default ); /** * Filters a Customize setting value not handled as a theme_mod or option. * * The dynamic portion of the hook name, `$id_base`, refers to * the base slug of the setting name, initialized from `$this->id_data['base']`. * * For settings handled as theme_mods or options, see those corresponding * functions for available hooks. * * @since 3.4.0 * @since 4.6.0 Added the `$this` setting instance as the second parameter. * * @param mixed $default_value The setting default value. Default empty. * @param WP_Customize_Setting $setting The setting instance. */ $value = apply_filters( "customize_value_{$id_base}", $value, $this ); } elseif ( $this->is_multidimensional_aggregated ) { $root_value = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root_value, $this->id_data['keys'], $this->default ); // Ensure that the post value is used if the setting is previewed, since preview filters aren't applying on cached $root_value. if ( $this->is_previewed ) { $value = $this->post_value( $value ); } } else { $value = $this->get_root_value( $this->default ); } return $value; } /** * Sanitize the setting's value for use in JavaScript. * * @since 3.4.0 * * @return mixed The requested escaped value. */ public function js_value() { /** * Filters a Customize setting value for use in JavaScript. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param mixed $value The setting value. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $value = apply_filters( "customize_sanitize_js_{$this->id}", $this->value(), $this ); if ( is_string( $value ) ) { return html_entity_decode( $value, ENT_QUOTES, 'UTF-8' ); } return $value; } /** * Retrieves the data to export to the client via JSON. * * @since 4.6.0 * * @return array Array of parameters passed to JavaScript. */ public function json() { return array( 'value' => $this->js_value(), 'transport' => $this->transport, 'dirty' => $this->dirty, 'type' => $this->type, ); } /** * Validate user capabilities whether the theme supports the setting. * * @since 3.4.0 * * @return bool False if theme doesn't support the setting or user can't change setting, otherwise true. */ final public function check_capabilities() { if ( $this->capability && ! current_user_can( $this->capability ) ) { return false; } if ( $this->theme_supports && ! current_theme_supports( ...(array) $this->theme_supports ) ) { return false; } return true; } /** * Multidimensional helper function. * * @since 3.4.0 * * @param array $root * @param array $keys * @param bool $create Default false. * @return array|void Keys are 'root', 'node', and 'key'. */ final protected function multidimensional( &$root, $keys, $create = false ) { if ( $create && empty( $root ) ) { $root = array(); } if ( ! isset( $root ) || empty( $keys ) ) { return; } $last = array_pop( $keys ); $node = &$root; foreach ( $keys as $key ) { if ( $create && ! isset( $node[ $key ] ) ) { $node[ $key ] = array(); } if ( ! is_array( $node ) || ! isset( $node[ $key ] ) ) { return; } $node = &$node[ $key ]; } if ( $create ) { if ( ! is_array( $node ) ) { // Account for an array overriding a string or object value. $node = array(); } if ( ! isset( $node[ $last ] ) ) { $node[ $last ] = array(); } } if ( ! isset( $node[ $last ] ) ) { return; } return array( 'root' => &$root, 'node' => &$node, 'key' => $last, ); } /** * Will attempt to replace a specific value in a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $value The value to update. * @return mixed */ final protected function multidimensional_replace( $root, $keys, $value ) { if ( ! isset( $value ) ) { return $root; } elseif ( empty( $keys ) ) { // If there are no keys, we're replacing the root. return $value; } $result = $this->multidimensional( $root, $keys, true ); if ( isset( $result ) ) { $result['node'][ $result['key'] ] = $value; } return $root; } /** * Will attempt to fetch a specific value from a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The requested value or the default value. */ final protected function multidimensional_get( $root, $keys, $default_value = null ) { if ( empty( $keys ) ) { // If there are no keys, test the root. return isset( $root ) ? $root : $default_value; } $result = $this->multidimensional( $root, $keys ); return isset( $result ) ? $result['node'][ $result['key'] ] : $default_value; } /** * Will attempt to check if a specific value in a multidimensional array is set. * * @since 3.4.0 * * @param array $root * @param array $keys * @return bool True if value is set, false if not. */ final protected function multidimensional_isset( $root, $keys ) { $result = $this->multidimensional_get( $root, $keys ); return isset( $result ); } } /** * WP_Customize_Filter_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-filter-setting.php'; /** * WP_Customize_Header_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-setting.php'; /** * WP_Customize_Background_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-setting.php'; /** * WP_Customize_Nav_Menu_Item_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-setting.php'; /** * WP_Customize_Nav_Menu_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-setting.php'; HTTP/https-detection-20260606081222-20260609192004.php 0000666 00000013341 15226703613 0014135 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/Psr18Client-20260605075128.php 0000666 00000010537 15226703613 0011520 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use Psr\Http\Client\ClientExceptionInterface; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use Psr\Http\Message\UriFactoryInterface; use Throwable; /** * HTTP Client based on PSR-18 and PSR-17 implementations * * @internal */ final class Psr18Client implements Client { /** * @var ClientInterface */ private $httpClient; /** * @var RequestFactoryInterface */ private $requestFactory; /** * @var UriFactoryInterface */ private $uriFactory; /** * @var int */ private $allowedRedirects = 5; public function __construct(ClientInterface $httpClient, RequestFactoryInterface $requestFactory, UriFactoryInterface $uriFactory) { $this->httpClient = $httpClient; $this->requestFactory = $requestFactory; $this->uriFactory = $uriFactory; } public function getHttpClient(): ClientInterface { return $this->httpClient; } public function getRequestFactory(): RequestFactoryInterface { return $this->requestFactory; } public function getUriFactory(): UriFactoryInterface { return $this->uriFactory; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param string $url * @param array<string,string|string[]> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } if (preg_match('/^http(s)?:\/\//i', $url)) { return $this->requestUrl($method, $url, $headers); } return $this->requestLocalFile($url); } /** * @param array<string,string|string[]> $headers */ private function requestUrl(string $method, string $url, array $headers): Response { $permanentUrl = $url; $requestedUrl = $url; $remainingRedirects = $this->allowedRedirects; $request = $this->requestFactory->createRequest( $method, $this->uriFactory->createUri($requestedUrl) ); foreach ($headers as $name => $value) { $request = $request->withHeader($name, $value); } do { $followRedirect = false; try { $response = $this->httpClient->sendRequest($request); } catch (ClientExceptionInterface $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } $statusCode = $response->getStatusCode(); // If we have a redirect if (in_array($statusCode, [300, 301, 302, 303, 307]) && $response->hasHeader('Location')) { // Prevent infinity redirect loops if ($remainingRedirects <= 0) { break; } $remainingRedirects--; $followRedirect = true; $requestedUrl = $response->getHeaderLine('Location'); if ($statusCode === 301) { $permanentUrl = $requestedUrl; } $request = $request->withUri($this->uriFactory->createUri($requestedUrl)); } } while ($followRedirect); return new Psr7Response($response, $permanentUrl, $requestedUrl); } private function requestLocalFile(string $path): Response { if (!is_readable($path)) { throw new ClientException(sprintf('file "%s" is not readable', $path)); } try { $raw = file_get_contents($path); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($raw === false) { throw new ClientException('file_get_contents() could not read the file', 1); } return new RawTextResponse($raw, $path); } } HTTP/https-detection-20260605145758-20260610104127.php 0000666 00000013341 15226703613 0014142 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606162754-20260608183807.php 0000666 00000011205 15226703613 0014171 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605101028-20260609183424.php 0000666 00000011205 15226703613 0014147 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605100735-20260608080308.php 0000666 00000013341 15226703613 0014137 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605222822.php 0000666 00000011205 15226703613 0012561 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605145451.php 0000666 00000013341 15226703613 0012553 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260605100953-20260610205431.php 0000666 00000011205 15226703613 0014136 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/class-wp-http-20260605063732.php 0000666 00000121142 15226703613 0012143 0 ustar 00 <?php /** * HTTP API: WP_Http class * * @package WordPress * @subpackage HTTP * @since 2.7.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) { require ABSPATH . WPINC . '/Requests/src/Autoload.php'; WpOrg\Requests\Autoload::register(); WpOrg\Requests\Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' ); } /** * Core class used for managing HTTP transports and making HTTP requests. * * This class is used to consistently make outgoing HTTP requests easy for developers * while still being compatible with the many PHP configurations under which * WordPress runs. * * Debugging includes several actions, which pass different variables for debugging the HTTP API. * * @since 2.7.0 */ #[AllowDynamicProperties] class WP_Http { // Aliases for HTTP response codes. const HTTP_CONTINUE = 100; const SWITCHING_PROTOCOLS = 101; const PROCESSING = 102; const EARLY_HINTS = 103; const OK = 200; const CREATED = 201; const ACCEPTED = 202; const NON_AUTHORITATIVE_INFORMATION = 203; const NO_CONTENT = 204; const RESET_CONTENT = 205; const PARTIAL_CONTENT = 206; const MULTI_STATUS = 207; const IM_USED = 226; const MULTIPLE_CHOICES = 300; const MOVED_PERMANENTLY = 301; const FOUND = 302; const SEE_OTHER = 303; const NOT_MODIFIED = 304; const USE_PROXY = 305; const RESERVED = 306; const TEMPORARY_REDIRECT = 307; const PERMANENT_REDIRECT = 308; const BAD_REQUEST = 400; const UNAUTHORIZED = 401; const PAYMENT_REQUIRED = 402; const FORBIDDEN = 403; const NOT_FOUND = 404; const METHOD_NOT_ALLOWED = 405; const NOT_ACCEPTABLE = 406; const PROXY_AUTHENTICATION_REQUIRED = 407; const REQUEST_TIMEOUT = 408; const CONFLICT = 409; const GONE = 410; const LENGTH_REQUIRED = 411; const PRECONDITION_FAILED = 412; const REQUEST_ENTITY_TOO_LARGE = 413; const REQUEST_URI_TOO_LONG = 414; const UNSUPPORTED_MEDIA_TYPE = 415; const REQUESTED_RANGE_NOT_SATISFIABLE = 416; const EXPECTATION_FAILED = 417; const IM_A_TEAPOT = 418; const MISDIRECTED_REQUEST = 421; const UNPROCESSABLE_ENTITY = 422; const LOCKED = 423; const FAILED_DEPENDENCY = 424; const TOO_EARLY = 425; const UPGRADE_REQUIRED = 426; const PRECONDITION_REQUIRED = 428; const TOO_MANY_REQUESTS = 429; const REQUEST_HEADER_FIELDS_TOO_LARGE = 431; const UNAVAILABLE_FOR_LEGAL_REASONS = 451; const INTERNAL_SERVER_ERROR = 500; const NOT_IMPLEMENTED = 501; const BAD_GATEWAY = 502; const SERVICE_UNAVAILABLE = 503; const GATEWAY_TIMEOUT = 504; const HTTP_VERSION_NOT_SUPPORTED = 505; const VARIANT_ALSO_NEGOTIATES = 506; const INSUFFICIENT_STORAGE = 507; const NOT_EXTENDED = 510; const NETWORK_AUTHENTICATION_REQUIRED = 511; /** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', 'PUT', 'DELETE', * 'TRACE', 'OPTIONS', or 'PATCH'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type float $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports. * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through wp_http_validate_url(). * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string $sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be dropped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error { * Array of response data, or a WP_Error instance upon error. * * @type \WpOrg\Requests\Utility\CaseInsensitiveDictionary $headers Response headers keyed by name. * @type string $body Response body. * @type array $response { * Array of HTTP response data. * * @type int|false $code HTTP response status code. * @type string|false $message HTTP response message. * } * @type WP_HTTP_Cookie[] $cookies Array of cookies set by the server. * @type string|null $filename Optional. Filename of the response. * @type WP_HTTP_Requests_Response|null $http_response Response object. * } */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', /** * Filters the timeout value for an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param float $timeout_value Time in seconds until a request times out. Default 5. * @param string $url The request URL. */ 'timeout' => apply_filters( 'http_request_timeout', 5, $url ), /** * Filters the number of redirects allowed during an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param int $redirect_count Number of redirects allowed. Default 5. * @param string $url The request URL. */ 'redirection' => apply_filters( 'http_request_redirection_count', 5, $url ), /** * Filters the version of the HTTP protocol used in a request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $version Version of HTTP used. Accepts '1.0' and '1.1'. Default '1.0'. * @param string $url The request URL. */ 'httpversion' => apply_filters( 'http_request_version', '1.0', $url ), /** * Filters the user agent value sent with an HTTP request. * * @since 2.7.0 * @since 5.1.0 The `$url` parameter was added. * * @param string $user_agent WordPress user agent string. * @param string $url The request URL. */ 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $url ), /** * Filters whether to pass URLs through wp_http_validate_url() in an HTTP request. * * @since 3.6.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $pass_url Whether to pass URLs through wp_http_validate_url(). Default false. * @param string $url The request URL. */ 'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false, $url ), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null, ); // Pre-parse for the HEAD checks. $args = wp_parse_args( $args ); // By default, HEAD requests do not cause redirections. if ( isset( $args['method'] ) && 'HEAD' === $args['method'] ) { $defaults['redirection'] = 0; } $parsed_args = wp_parse_args( $args, $defaults ); /** * Filters the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $parsed_args An array of HTTP request arguments. * @param string $url The request URL. */ $parsed_args = apply_filters( 'http_request_args', $parsed_args, $url ); // The transports decrement this, store a copy of the original value for loop purposes. if ( ! isset( $parsed_args['_redirection'] ) ) { $parsed_args['_redirection'] = $parsed_args['redirection']; } /** * Filters the preemptive return value of an HTTP request. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return one of: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - Boolean false to avoid short-circuiting the response * * Returning any other value may result in unexpected behavior. * * @since 2.9.0 * * @param false|array|WP_Error $response A preemptive return value of an HTTP request. Default false. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters( 'pre_http_request', false, $parsed_args, $url ); if ( false !== $pre ) { return $pre; } if ( function_exists( 'wp_kses_bad_protocol' ) ) { if ( $parsed_args['reject_unsafe_urls'] ) { $url = wp_http_validate_url( $url ); } if ( $url ) { $url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) ); } } $parsed_url = parse_url( $url ); if ( empty( $url ) || empty( $parsed_url['scheme'] ) ) { $response = new WP_Error( 'http_request_failed', __( 'A valid URL was not provided.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } if ( $this->block_request( $url ) ) { $response = new WP_Error( 'http_request_not_executed', __( 'User has blocked requests through HTTP.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } // If we are streaming to a file but no filename was given drop it in the WP temp dir // and pick its name using the basename of the $url. if ( $parsed_args['stream'] ) { if ( empty( $parsed_args['filename'] ) ) { $parsed_args['filename'] = get_temp_dir() . basename( $url ); } // Force some settings if we are streaming to a file and check for existence // and perms of destination directory. $parsed_args['blocking'] = true; if ( ! wp_is_writable( dirname( $parsed_args['filename'] ) ) ) { $response = new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); return $response; } } if ( is_null( $parsed_args['headers'] ) ) { $parsed_args['headers'] = array(); } // WP allows passing in headers as a string, weirdly. if ( ! is_array( $parsed_args['headers'] ) ) { $processed_headers = self::processHeaders( $parsed_args['headers'] ); $parsed_args['headers'] = $processed_headers['headers']; } // Setup arguments. $headers = $parsed_args['headers']; $data = $parsed_args['body']; $type = $parsed_args['method']; $options = array( 'timeout' => $parsed_args['timeout'], 'useragent' => $parsed_args['user-agent'], 'blocking' => $parsed_args['blocking'], 'hooks' => new WP_HTTP_Requests_Hooks( $url, $parsed_args ), ); // Ensure redirects follow browser behavior. $options['hooks']->register( 'requests.before_redirect', array( static::class, 'browser_redirect_compatibility' ) ); // Validate redirected URLs. if ( function_exists( 'wp_kses_bad_protocol' ) && $parsed_args['reject_unsafe_urls'] ) { $options['hooks']->register( 'requests.before_redirect', array( static::class, 'validate_redirects' ) ); } if ( $parsed_args['stream'] ) { $options['filename'] = $parsed_args['filename']; } if ( empty( $parsed_args['redirection'] ) ) { $options['follow_redirects'] = false; } else { $options['redirects'] = $parsed_args['redirection']; } // Use byte limit, if we can. if ( isset( $parsed_args['limit_response_size'] ) ) { $options['max_bytes'] = $parsed_args['limit_response_size']; } // If we've got cookies, use and convert them to WpOrg\Requests\Cookie. if ( ! empty( $parsed_args['cookies'] ) ) { $options['cookies'] = self::normalize_cookies( $parsed_args['cookies'] ); } // SSL certificate handling. if ( ! $parsed_args['sslverify'] ) { $options['verify'] = false; $options['verifyname'] = false; } else { $options['verify'] = $parsed_args['sslcertificates']; } // All non-GET/HEAD requests should put the arguments in the form body. if ( 'HEAD' !== $type && 'GET' !== $type ) { $options['data_format'] = 'body'; } /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection * or path to an SSL certificate. * @param string $url The request URL. */ $options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'], $url ); // Check for proxies. $proxy = new WP_HTTP_Proxy(); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $options['proxy'] = new WpOrg\Requests\Proxy\Http( $proxy->host() . ':' . $proxy->port() ); if ( $proxy->use_authentication() ) { $options['proxy']->use_authentication = true; $options['proxy']->user = $proxy->username(); $options['proxy']->pass = $proxy->password(); } } // Avoid issues where mbstring.func_overload is enabled. mbstring_binary_safe_encoding(); try { $requests_response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options ); // Convert the response into an array. $http_response = new WP_HTTP_Requests_Response( $requests_response, $parsed_args['filename'] ); $response = $http_response->to_array(); // Add the original object to the array. $response['http_response'] = $http_response; } catch ( WpOrg\Requests\Exception $e ) { $response = new WP_Error( 'http_request_failed', $e->getMessage() ); } reset_mbstring_encoding(); /** * Fires after an HTTP API response is received and before the response is returned. * * @since 2.8.0 * * @param array|WP_Error $response HTTP response or WP_Error object. * @param string $context Context under which the hook is fired. * @param string $class HTTP transport used. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url ); if ( is_wp_error( $response ) ) { return $response; } if ( ! $parsed_args['blocking'] ) { return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), 'http_response' => null, ); } /** * Filters a successful HTTP API response immediately before the response is returned. * * @since 2.9.0 * * @param array $response HTTP response. * @param array $parsed_args HTTP request arguments. * @param string $url The request URL. */ return apply_filters( 'http_response', $response, $parsed_args, $url ); } /** * Normalizes cookies for using in Requests. * * @since 4.6.0 * * @param array $cookies Array of cookies to send with the request. * @return WpOrg\Requests\Cookie\Jar Cookie holder object. */ public static function normalize_cookies( $cookies ) { $cookie_jar = new WpOrg\Requests\Cookie\Jar(); foreach ( $cookies as $name => $value ) { if ( $value instanceof WP_Http_Cookie ) { $attributes = array_filter( $value->get_attributes(), static function ( $attr ) { return null !== $attr; } ); $cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) ); } elseif ( is_scalar( $value ) ) { $cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value ); } } return $cookie_jar; } /** * Match redirect behavior to browser handling. * * Changes 302 redirects from POST to GET to match browser handling. Per * RFC 7231, user agents can deviate from the strict reading of the * specification for compatibility purposes. * * @since 4.6.0 * * @param string $location URL to redirect to. * @param array $headers Headers for the redirect. * @param string|array $data Body to send with the request. * @param array $options Redirect request options. * @param WpOrg\Requests\Response $original Response object. */ public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) { // Browser compatibility. if ( 302 === $original->status_code ) { $options['type'] = WpOrg\Requests\Requests::GET; } } /** * Validate redirected URLs. * * @since 4.7.5 * * @throws WpOrg\Requests\Exception On unsuccessful URL validation. * @param string $location URL to redirect to. */ public static function validate_redirects( $location ) { if ( ! wp_http_validate_url( $location ) ) { throw new WpOrg\Requests\Exception( __( 'A valid URL was not provided.' ), 'wp_http.redirect_failed_validation' ); } } /** * Tests which transports are capable of supporting the request. * * @since 3.2.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * @see WpOrg\Requests\Requests::get_transport_class() * * @param array $args Request arguments. * @param string $url URL to request. * @return string|false Class name for the first transport that claims to support the request. * False if no transport claims to support the request. */ public function _get_first_available_transport( $args, $url = null ) { $transports = array( 'curl', 'streams' ); /** * Filters which HTTP transports are available and in what order. * * @since 3.7.0 * @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class() * * @param string[] $transports Array of HTTP transports to check. Default array contains * 'curl' and 'streams', in that order. * @param array $args HTTP request arguments. * @param string $url The URL to request. */ $request_order = apply_filters_deprecated( 'http_api_transports', array( $transports, $args, $url ), '6.4.0' ); // Loop over each transport on each HTTP request looking for one which will serve this request's needs. foreach ( $request_order as $transport ) { if ( in_array( $transport, $transports, true ) ) { $transport = ucfirst( $transport ); } $class = 'WP_Http_' . $transport; // Check to see if this transport is a possibility, calls the transport statically. if ( ! call_user_func( array( $class, 'test' ), $args, $url ) ) { continue; } return $class; } return false; } /** * Dispatches a HTTP request to a supporting transport. * * Tests each transport in order to find a transport which matches the request arguments. * Also caches the transport instance to be used later. * * The order for requests is cURL, and then PHP Streams. * * @since 3.2.0 * @deprecated 5.1.0 Use WP_Http::request() * @see WP_Http::request() * * @param string $url URL to request. * @param array $args Request arguments. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ private function _dispatch_request( $url, $args ) { static $transports = array(); $class = $this->_get_first_available_transport( $args, $url ); if ( ! $class ) { return new WP_Error( 'http_failure', __( 'There are no HTTP transports available which can complete the requested request.' ) ); } // Transport claims to support request, instantiate it and give it a whirl. if ( empty( $transports[ $class ] ) ) { $transports[ $class ] = new $class(); } $response = $transports[ $class ]->request( $url, $args ); /** This action is documented in wp-includes/class-wp-http.php */ do_action( 'http_api_debug', $response, 'response', $class, $args, $url ); if ( is_wp_error( $response ) ) { return $response; } /** This filter is documented in wp-includes/class-wp-http.php */ return apply_filters( 'http_response', $response, $args, $url ); } /** * Uses the POST HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function post( $url, $args = array() ) { $defaults = array( 'method' => 'POST' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the GET HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function get( $url, $args = array() ) { $defaults = array( 'method' => 'GET' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Uses the HEAD HTTP method. * * Used for sending data that is expected to be in the body. * * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. See WP_Http::response() for details. */ public function head( $url, $args = array() ) { $defaults = array( 'method' => 'HEAD' ); $parsed_args = wp_parse_args( $args, $defaults ); return $this->request( $url, $parsed_args ); } /** * Parses the responses and splits the parts into headers and body. * * @since 2.7.0 * * @param string $response The full response string. * @return array { * Array with response headers and body. * * @type string $headers HTTP response headers. * @type string $body HTTP response body. * } */ public static function processResponse( $response ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid $response = explode( "\r\n\r\n", $response, 2 ); return array( 'headers' => $response[0], 'body' => isset( $response[1] ) ? $response[1] : '', ); } /** * Transforms header string into an array. * * @since 2.7.0 * * @param string|array $headers The original headers. If a string is passed, it will be converted * to an array. If an array is passed, then it is assumed to be * raw header data with numeric keys with the headers as the values. * No headers must be passed that were already processed. * @param string $url Optional. The URL that was requested. Default empty. * @return array { * Processed string headers. If duplicate headers are encountered, * then a numbered array is returned as the value of that header-key. * * @type array $response { * @type int $code The response status code. Default 0. * @type string $message The response message. Default empty. * } * @type array $newheaders The processed header data as a multidimensional array. * @type WP_Http_Cookie[] $cookies If the original headers contain the 'Set-Cookie' key, * an array containing `WP_Http_Cookie` objects is returned. * } */ public static function processHeaders( $headers, $url = '' ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // Split headers, one per array element. if ( is_string( $headers ) ) { // Tolerate line terminator: CRLF = LF (RFC 2616 19.3). $headers = str_replace( "\r\n", "\n", $headers ); /* * Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>, * <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2). */ $headers = preg_replace( '/\n[ \t]/', ' ', $headers ); // Create the headers array. $headers = explode( "\n", $headers ); } $response = array( 'code' => 0, 'message' => '', ); /* * If a redirection has taken place, The headers for each page request may have been passed. * In this case, determine the final HTTP header and parse from there. */ for ( $i = count( $headers ) - 1; $i >= 0; $i-- ) { if ( ! empty( $headers[ $i ] ) && ! str_contains( $headers[ $i ], ':' ) ) { $headers = array_splice( $headers, $i ); break; } } $cookies = array(); $newheaders = array(); foreach ( (array) $headers as $tempheader ) { if ( empty( $tempheader ) ) { continue; } if ( ! str_contains( $tempheader, ':' ) ) { $stack = explode( ' ', $tempheader, 3 ); $stack[] = ''; list( , $response['code'], $response['message']) = $stack; continue; } list($key, $value) = explode( ':', $tempheader, 2 ); $key = strtolower( $key ); $value = trim( $value ); if ( isset( $newheaders[ $key ] ) ) { if ( ! is_array( $newheaders[ $key ] ) ) { $newheaders[ $key ] = array( $newheaders[ $key ] ); } $newheaders[ $key ][] = $value; } else { $newheaders[ $key ] = $value; } if ( 'set-cookie' === $key ) { $cookies[] = new WP_Http_Cookie( $value, $url ); } } // Cast the Response Code to an int. $response['code'] = (int) $response['code']; return array( 'response' => $response, 'headers' => $newheaders, 'cookies' => $cookies, ); } /** * Takes the arguments for a ::request() and checks for the cookie array. * * If it's found, then it upgrades any basic name => value pairs to WP_Http_Cookie instances, * which are each parsed into strings and added to the Cookie: header (within the arguments array). * Edits the array by reference. * * @since 2.8.0 * * @param array $r Full array of args passed into ::request() */ public static function buildCookieHeader( &$r ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid if ( ! empty( $r['cookies'] ) ) { // Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances. foreach ( $r['cookies'] as $name => $value ) { if ( ! is_object( $value ) ) { $r['cookies'][ $name ] = new WP_Http_Cookie( array( 'name' => $name, 'value' => $value, ) ); } } $cookies_header = ''; foreach ( (array) $r['cookies'] as $cookie ) { $cookies_header .= $cookie->getHeaderValue() . '; '; } $cookies_header = substr( $cookies_header, 0, -2 ); $r['headers']['cookie'] = $cookies_header; } } /** * Decodes chunk transfer-encoding, based off the HTTP 1.1 specification. * * Based off the HTTP http_encoding_dechunk function. * * @link https://tools.ietf.org/html/rfc2616#section-19.4.6 Process for chunked decoding. * * @since 2.7.0 * * @param string $body Body content. * @return string Chunked decoded body on success or raw body on failure. */ public static function chunkTransferDecode( $body ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid // The body is not chunked encoded or is malformed. if ( ! preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', trim( $body ) ) ) { return $body; } $parsed_body = ''; // We'll be altering $body, so need a backup in case of error. $body_original = $body; while ( true ) { $has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match ); if ( ! $has_chunk || empty( $match[1] ) ) { return $body_original; } $length = hexdec( $match[1] ); $chunk_length = strlen( $match[0] ); // Parse out the chunk of data. $parsed_body .= substr( $body, $chunk_length, $length ); // Remove the chunk from the raw data. $body = substr( $body, $length + $chunk_length ); // End of the document. if ( '0' === trim( $body ) ) { return $parsed_body; } } } /** * Determines whether an HTTP API request to the given URL should be blocked. * * Those who are behind a proxy and want to prevent access to certain hosts may do so. This will * prevent plugins from working and core functionality, if you don't include `api.wordpress.org`. * * You block external URL requests by defining `WP_HTTP_BLOCK_EXTERNAL` as true in your `wp-config.php` * file and this will only allow localhost and your site to make requests. The constant * `WP_ACCESSIBLE_HOSTS` will allow additional hosts to go through for requests. The format of the * `WP_ACCESSIBLE_HOSTS` constant is a comma separated list of hostnames to allow, wildcard domains * are supported, eg `*.wordpress.org` will allow for all subdomains of `wordpress.org` to be contacted. * * @since 2.8.0 * * @link https://core.trac.wordpress.org/ticket/8927 Allow preventing external requests. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_ACCESSIBLE_HOSTS * * @param string $uri URI of url. * @return bool True to block, false to allow. */ public function block_request( $uri ) { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) { return false; } $check = parse_url( $uri ); if ( ! $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * * A local request is one to `localhost` or to the same host as the site itself. * * @since 2.8.0 * * @param bool $block Whether to block local requests. Default false. */ return apply_filters( 'block_local_requests', false ); } if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) { return true; } static $accessible_hosts = null; static $wildcard_regex = array(); if ( null === $accessible_hosts ) { $accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS ); if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $accessible_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it. } } /** * Used as a wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7. * * @deprecated 4.4.0 Use wp_parse_url() * @see wp_parse_url() * * @param string $url The URL to parse. * @return bool|array False on failure; Array of URL components on success; * See parse_url()'s return values. */ protected static function parse_url( $url ) { _deprecated_function( __METHOD__, '4.4.0', 'wp_parse_url()' ); return wp_parse_url( $url ); } /** * Converts a relative URL to an absolute URL relative to a given URL. * * If an Absolute URL is provided, no processing of that URL is done. * * @since 3.4.0 * * @param string $maybe_relative_path The URL which might be relative. * @param string $url The URL which $maybe_relative_path is relative to. * @return string An Absolute URL, in a failure condition where the URL cannot be parsed, the relative URL will be returned. */ public static function make_absolute_url( $maybe_relative_path, $url ) { if ( empty( $url ) ) { return $maybe_relative_path; } $url_parts = wp_parse_url( $url ); if ( ! $url_parts ) { return $maybe_relative_path; } $relative_url_parts = wp_parse_url( $maybe_relative_path ); if ( ! $relative_url_parts ) { return $maybe_relative_path; } // Check for a scheme on the 'relative' URL. if ( ! empty( $relative_url_parts['scheme'] ) ) { return $maybe_relative_path; } $absolute_path = $url_parts['scheme'] . '://'; // Schemeless URLs will make it this far, so we check for a host in the relative URL // and convert it to a protocol-URL. if ( isset( $relative_url_parts['host'] ) ) { $absolute_path .= $relative_url_parts['host']; if ( isset( $relative_url_parts['port'] ) ) { $absolute_path .= ':' . $relative_url_parts['port']; } } else { $absolute_path .= $url_parts['host']; if ( isset( $url_parts['port'] ) ) { $absolute_path .= ':' . $url_parts['port']; } } // Start off with the absolute URL path. $path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/'; // If it's a root-relative path, then great. if ( ! empty( $relative_url_parts['path'] ) && '/' === $relative_url_parts['path'][0] ) { $path = $relative_url_parts['path']; // Else it's a relative path. } elseif ( ! empty( $relative_url_parts['path'] ) ) { // Strip off any file components from the absolute path. $path = substr( $path, 0, strrpos( $path, '/' ) + 1 ); // Build the new path. $path .= $relative_url_parts['path']; // Strip all /path/../ out of the path. while ( strpos( $path, '../' ) > 1 ) { $path = preg_replace( '![^/]+/\.\./!', '', $path ); } // Strip any final leading ../ from the path. $path = preg_replace( '!^/(\.\./)+!', '', $path ); } // Add the query string. if ( ! empty( $relative_url_parts['query'] ) ) { $path .= '?' . $relative_url_parts['query']; } // Add the fragment. if ( ! empty( $relative_url_parts['fragment'] ) ) { $path .= '#' . $relative_url_parts['fragment']; } return $absolute_path . '/' . ltrim( $path, '/' ); } /** * Handles an HTTP redirect and follows it if appropriate. * * @since 3.7.0 * * @param string $url The URL which was requested. * @param array $args The arguments which were used to make the request. * @param array $response The response of the HTTP request. * @return array|false|WP_Error An HTTP API response array if the redirect is successfully followed, * false if no redirect is present, or a WP_Error object if there's an error. */ public static function handle_redirects( $url, $args, $response ) { // If no redirects are present, or, redirects were not requested, perform no action. if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) { return false; } // Only perform redirections on redirection http codes. if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) { return false; } // Don't redirect if we've run out of redirects. if ( $args['redirection']-- <= 0 ) { return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) ); } $redirect_location = $response['headers']['location']; // If there were multiple Location headers, use the last header specified. if ( is_array( $redirect_location ) ) { $redirect_location = array_pop( $redirect_location ); } $redirect_location = self::make_absolute_url( $redirect_location, $url ); // POST requests should not POST to a redirected location. if ( 'POST' === $args['method'] ) { if ( in_array( $response['response']['code'], array( 302, 303 ), true ) ) { $args['method'] = 'GET'; } } // Include valid cookies in the redirect process. if ( ! empty( $response['cookies'] ) ) { foreach ( $response['cookies'] as $cookie ) { if ( $cookie->test( $redirect_location ) ) { $args['cookies'][] = $cookie; } } } return wp_remote_request( $redirect_location, $args ); } /** * Determines if a specified string represents an IP address or not. * * This function also detects the type of the IP address, returning either * '4' or '6' to represent an IPv4 and IPv6 address respectively. * This does not verify if the IP is a valid IP, only that it appears to be * an IP address. * * @link http://home.deds.nl/~aeron/regex/ for IPv6 regex. * * @since 3.7.0 * * @param string $maybe_ip A suspected IP address. * @return int|false Upon success, '4' or '6' to represent an IPv4 or IPv6 address, false upon failure. */ public static function is_ip_address( $maybe_ip ) { if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $maybe_ip ) ) { return 4; } if ( str_contains( $maybe_ip, ':' ) && preg_match( '/^(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})$/i', trim( $maybe_ip, ' []' ) ) ) { return 6; } return false; } } HTTP/https-migration-20260606030233.php 0000666 00000011205 15226703613 0012553 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-detection-20260605212936-20260607234918.php 0000666 00000013341 15226703613 0014155 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260608085736-20260610005338.php 0000666 00000011205 15226703613 0014160 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/https-migration-20260605170751-20260606181853.php 0000666 00000011205 15226703613 0014161 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Client-20260605071453.php 0000666 00000001137 15226703613 0010653 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; /** * HTTP Client interface * * @internal */ interface Client { public const METHOD_GET = 'GET'; /** * send a request and return the response * * @param Client::METHOD_* $method * @param array<string, string> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response; } HTTP/https-migration-20260606030233-20260608165204.php 0000666 00000011205 15226703613 0014142 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/Psr18Client-20260605063811.php 0000666 00000010537 15226703613 0011514 0 ustar 00 <?php // SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue // SPDX-License-Identifier: BSD-3-Clause declare(strict_types=1); namespace SimplePie\HTTP; use InvalidArgumentException; use Psr\Http\Client\ClientExceptionInterface; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use Psr\Http\Message\UriFactoryInterface; use Throwable; /** * HTTP Client based on PSR-18 and PSR-17 implementations * * @internal */ final class Psr18Client implements Client { /** * @var ClientInterface */ private $httpClient; /** * @var RequestFactoryInterface */ private $requestFactory; /** * @var UriFactoryInterface */ private $uriFactory; /** * @var int */ private $allowedRedirects = 5; public function __construct(ClientInterface $httpClient, RequestFactoryInterface $requestFactory, UriFactoryInterface $uriFactory) { $this->httpClient = $httpClient; $this->requestFactory = $requestFactory; $this->uriFactory = $uriFactory; } public function getHttpClient(): ClientInterface { return $this->httpClient; } public function getRequestFactory(): RequestFactoryInterface { return $this->requestFactory; } public function getUriFactory(): UriFactoryInterface { return $this->uriFactory; } /** * send a request and return the response * * @param Client::METHOD_* $method * @param string $url * @param array<string,string|string[]> $headers * * @throws ClientException if anything goes wrong requesting the data */ public function request(string $method, string $url, array $headers = []): Response { if ($method !== self::METHOD_GET) { throw new InvalidArgumentException(sprintf( '%s(): Argument #1 ($method) only supports method "%s".', __METHOD__, self::METHOD_GET ), 1); } if (preg_match('/^http(s)?:\/\//i', $url)) { return $this->requestUrl($method, $url, $headers); } return $this->requestLocalFile($url); } /** * @param array<string,string|string[]> $headers */ private function requestUrl(string $method, string $url, array $headers): Response { $permanentUrl = $url; $requestedUrl = $url; $remainingRedirects = $this->allowedRedirects; $request = $this->requestFactory->createRequest( $method, $this->uriFactory->createUri($requestedUrl) ); foreach ($headers as $name => $value) { $request = $request->withHeader($name, $value); } do { $followRedirect = false; try { $response = $this->httpClient->sendRequest($request); } catch (ClientExceptionInterface $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } $statusCode = $response->getStatusCode(); // If we have a redirect if (in_array($statusCode, [300, 301, 302, 303, 307]) && $response->hasHeader('Location')) { // Prevent infinity redirect loops if ($remainingRedirects <= 0) { break; } $remainingRedirects--; $followRedirect = true; $requestedUrl = $response->getHeaderLine('Location'); if ($statusCode === 301) { $permanentUrl = $requestedUrl; } $request = $request->withUri($this->uriFactory->createUri($requestedUrl)); } } while ($followRedirect); return new Psr7Response($response, $permanentUrl, $requestedUrl); } private function requestLocalFile(string $path): Response { if (!is_readable($path)) { throw new ClientException(sprintf('file "%s" is not readable', $path)); } try { $raw = file_get_contents($path); } catch (Throwable $th) { throw new ClientException($th->getMessage(), $th->getCode(), $th); } if ($raw === false) { throw new ClientException('file_get_contents() could not read the file', 1); } return new RawTextResponse($raw, $path); } } HTTP/https-detection-20260605183345.php 0000666 00000013341 15226703613 0012557 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } HTTP/https-migration-20260606035847.php 0000666 00000011205 15226703613 0012573 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } HTTP/widgets-20260605065239.php 0000666 00000212731 15226703613 0011114 0 ustar 00 <?php /** * Core Widgets API * * This API is used for creating dynamic sidebar without hardcoding functionality into * themes. * * Includes both internal WordPress routines and theme-use routines. * * This functionality was found in a plugin before the WordPress 2.2 release, which * included it in the core from that point on. * * @link https://wordpress.org/documentation/article/manage-wordpress-widgets/ * @link https://developer.wordpress.org/themes/functionality/widgets/ * * @package WordPress * @subpackage Widgets * @since 2.2.0 */ // // Global Variables. // /** @ignore */ global $wp_registered_sidebars, $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates; /** * Stores the sidebars, since many themes can have more than one. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. */ $wp_registered_sidebars = array(); /** * Stores the registered widgets. * * @since 2.2.0 * * @global array $wp_